Use '-m addrtype' in 'detectnets' output rules

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6256 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-common/changelog.txt

@@ -2,6 +2,10 @@ Changes in 3.9.7
 
 1)  Clean up release notes.
 
+2)  Fix several bugs having to do with exclusion in the hosts file.
+
+3)  Use '-m addrtype' in detectnet interface output rules.
+
 Changes in 3.9.6
 
 1)  Fix parsing problems in protocol handling.

Shorewall-common/releasenotes.txt

@@ -17,7 +17,13 @@ You must install Shorewall and at least one of the compiler packages
 
 Problems corrected in 3.9.7.
 
-None.
+1)  Several problems relating to exclusion in the hosts file have been
+    corrected.
+
+    Symptoms included:
+
+        Access to an undefined value at Rules.pm line 1656.
+	Incorrect rule generation.
 
 Other changes in Shorewall 3.9.6.
 

Shorewall-perl/Shorewall/Rules.pm

@@ -1507,8 +1507,8 @@ sub generate_matrix() {
 
 	if ( $chain1 ) {
 	    for my $interface ( keys %needbroadcast ) {
-		add_rule $filter_table->{output_chain $interface} , "-d 255.255.255.255 -j $chain1";
-		add_rule $filter_table->{output_chain $interface} , "-d 224.0.0.0/4     -j $chain1";
+		add_rule $filter_table->{output_chain $interface} , "-m addrtype --dst-type BROADCAST -j $chain1";
+		add_rule $filter_table->{output_chain $interface} , "-m addrtype --dst-type MULTICAST -j $chain1";
 	    }
 	}