From 59ca220c0b29faa30767915d88f3555cb7e187f3 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sun, 6 May 2007 16:10:00 +0000
Subject: [PATCH] Use '-m addrtype' in 'detectnets' output rules

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6256 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-common/changelog.txt    | 4 ++++
 Shorewall-common/releasenotes.txt | 8 +++++++-
 Shorewall-perl/Shorewall/Rules.pm | 4 ++--
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt
index 0c7ef4a98..b222c3d8b 100644
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@@ -2,6 +2,10 @@ Changes in 3.9.7
 
 1)  Clean up release notes.
 
+2)  Fix several bugs having to do with exclusion in the hosts file.
+
+3)  Use '-m addrtype' in detectnet interface output rules.
+
 Changes in 3.9.6
 
 1)  Fix parsing problems in protocol handling.
diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt
index b21875e53..f04df2a76 100644
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@@ -17,7 +17,13 @@ You must install Shorewall and at least one of the compiler packages
 
 Problems corrected in 3.9.7.
 
-None.
+1)  Several problems relating to exclusion in the hosts file have been
+    corrected.
+
+    Symptoms included:
+
+        Access to an undefined value at Rules.pm line 1656.
+	Incorrect rule generation.
 
 Other changes in Shorewall 3.9.6.
 
diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm
index 639bfa00a..230e9809c 100644
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@@ -1507,8 +1507,8 @@ sub generate_matrix() {
 
 	if ( $chain1 ) {
 	    for my $interface ( keys %needbroadcast ) {
-		add_rule $filter_table->{output_chain $interface} , "-d 255.255.255.255 -j $chain1";
-		add_rule $filter_table->{output_chain $interface} , "-d 224.0.0.0/4     -j $chain1";
+		add_rule $filter_table->{output_chain $interface} , "-m addrtype --dst-type BROADCAST -j $chain1";
+		add_rule $filter_table->{output_chain $interface} , "-m addrtype --dst-type MULTICAST -j $chain1";
 	    }
 	}