From 532a2d09904a0d80eed04f425cbe7da21fcaf402 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Wed, 20 Oct 2004 15:28:47 +0000
Subject: [PATCH] Reverse the way the mss= works

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1706 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall2/firewall         | 4 ++--
 Shorewall2/releasenotes.txt | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/Shorewall2/firewall b/Shorewall2/firewall
index 1e4a94e0b..c8ffe8a21 100755
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@@ -1768,10 +1768,10 @@ setup_ipsec() {
 	    for z in $zones; do
 		case $2 in
 		    _in)
-			set_mss1 ${z}2${zone} $1
+			set_mss1 ${zone}2${z} $1
 			;;
 		    _out)			
-			set_mss1 ${zone}2${z} $1
+			set_mss1 ${z}2${zone} $1
 			;;
 		    *)
 			set_mss1 ${z}2${zone} $1
diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt
index ca5f1f087..d0b633b82 100755
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@@ -89,6 +89,11 @@ Problems corrected since 2.1.11
     Shorewall will now issue an error message and terminate during
     "shorewall [re]start" or "shorewall check".
 
+2)  If a configuration has two or more "complex" zones (zones having
+    IPSEC hosts or zones having more than one subnet on an interface)
+    then an incorrect ruleset is generated. This problem was introduced
+    in 2.1.11. 
+
 -----------------------------------------------------------------------
 Issues when migrating from Shorewall 2.0 to Shorewall 2.1: