Reverse the way the mss= works

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1706 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-10-20 15:28:47 +00:00 · 2004-10-20 15:28:47 +00:00 · 532a2d0990
commit 532a2d0990
parent ccf56bcf74
2 changed files with 7 additions and 2 deletions
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@ -1768,10 +1768,10 @@ setup_ipsec() {
 	    for z in $zones; do
 		case $2 in
 		    _in)
-			set_mss1 ${z}2${zone} $1
+			set_mss1 ${zone}2${z} $1
 			;;
 		    _out)			
-			set_mss1 ${zone}2${z} $1
+			set_mss1 ${z}2${zone} $1
 			;;
 		    *)
 			set_mss1 ${z}2${zone} $1
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@ -89,6 +89,11 @@ Problems corrected since 2.1.11
    Shorewall will now issue an error message and terminate during
    "shorewall [re]start" or "shorewall check".

+2)  If a configuration has two or more "complex" zones (zones having
+    IPSEC hosts or zones having more than one subnet on an interface)
+    then an incorrect ruleset is generated. This problem was introduced
+    in 2.1.11. 
+
 -----------------------------------------------------------------------
 Issues when migrating from Shorewall 2.0 to Shorewall 2.1: