From 6126ae67e6895c365f1400daf5f2835f1ce5b4b9 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 24 Dec 2012 13:50:26 -0800
Subject: [PATCH 1/5] Don't apply AUTOCOMMENT or comment continuation to inline
 actions.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Rules.pm | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 26fe6e173..e02fac432 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -1781,8 +1781,6 @@ sub process_macro ($$$$$$$$$$$$$$$$$$$) {
 sub process_inline ($$$$$$$$$$$$$$$$$$$$) {
     my ($inline, $chainref, $loglevel, $target, $param, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper, $wildcard ) = @_;
 
-    my $nocomment = no_comment;
-
     my $generated = 0;
 
     my ( $level, $tag ) = split( ':', $loglevel, 2 );
@@ -1799,7 +1797,7 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$) {
 
     push_open $inlinefile, 2, 1, 1;
 
-    macro_comment $inline;
+    push_comment('');
 
     while ( read_a_line( NORMAL_READ ) ) {
 	my  ( $mtarget,
@@ -1821,7 +1819,7 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$) {
 	fatal_error 'TARGET must be specified' if $mtarget eq '-';
 
 	if ( $mtarget eq 'COMMENT' ) {
-	    process_comment unless $nocomment;
+	    process_comment;
 	    next;
 	}
 
@@ -1895,14 +1893,14 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$) {
 	progress_message "   Rule \"$currentline\" $done";
     }
 
+    pop_comment;
+
     pop_open;
 
     progress_message "..End inline action $inlinefile";
 
     pop_action_params( $oldparms );
 
-    clear_comment unless $nocomment;
-
     return $generated;
 }
 

From 100e03cf93900767e74085e27270602a169fd499 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 26 Dec 2012 07:06:29 -0800
Subject: [PATCH 2/5] Don't set $nocomment in in-line action

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Rules.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index e02fac432..a81a2c9bd 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -1795,7 +1795,7 @@ sub process_inline ($$$$$$$$$$$$$$$$$$$$) {
 
     progress_message "..Expanding inline action $inlinefile...";
 
-    push_open $inlinefile, 2, 1, 1;
+    push_open $inlinefile, 2, 1;
 
     push_comment('');
 

From bfeea76cf2dec3277d89c2aa060c8bbce96eae51 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 25 Dec 2012 08:10:48 -0800
Subject: [PATCH 3/5] Disallow ?FORMAT when $max_format == 1

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/Perl/Shorewall/Config.pm
---
 Shorewall/Perl/Shorewall/Config.pm | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 6305555ad..bdfe39b43 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -2250,6 +2250,7 @@ sub process_compiler_directive( $$$$ ) {
 
 		       FORMAT => sub() {
 			   unless ( $omitting ) {
+			       directive_error( "?FORMAT is not allowed in this file",      $filename, $linenumber ) unless $max_format > 1;
 			       directive_error( "Missing format",                           $filename, $linenumber ) unless supplied $expression;
 			       directive_error( "Invalid format ($expression)",             $filename, $linenumber ) unless $expression =~ /^\d+$/;
 			       directive_error( "Format must be between 1 and $max_format", $filename, $linenumber ) unless $expression && $expression <= $max_format;

From 62406e261d87bdab878e16f3eca8dd2b1229999e Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 26 Dec 2012 07:43:06 -0800
Subject: [PATCH 4/5] Correct typo in shorewall-masq(5)

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/manpages/shorewall-masq.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Shorewall/manpages/shorewall-masq.xml b/Shorewall/manpages/shorewall-masq.xml
index b4e1be66d..1220304f4 100644
--- a/Shorewall/manpages/shorewall-masq.xml
+++ b/Shorewall/manpages/shorewall-masq.xml
@@ -49,7 +49,7 @@
         role="bold">+</emphasis>]<emphasis>interfacelist</emphasis>[<emphasis
         role="bold">:</emphasis>[<emphasis>digit</emphasis>]][<emphasis
         role="bold">:</emphasis>[<emphasis>dest-address</emphasis>[<emphasis
-        role="bold">,</emphasis><emphasis>dest-address</emphasis>]...[<emphasis>exclusion</emphasis>]]|{?}COMMENT}</term>
+        role="bold">,</emphasis><emphasis>dest-address</emphasis>]...[<emphasis>exclusion</emphasis>]]|[?]COMMENT}</term>
 
         <listitem>
           <para>Outgoing <emphasis>interfacelist</emphasis>. This may be a

From 2009a66bb546a1cd3fd57c3437671af5b64dd1f5 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 28 Dec 2012 08:04:06 -0800
Subject: [PATCH 5/5] Avoid invalid function name for starting an optional
 interface

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Providers.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index c57710b71..410b0779f 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -1281,8 +1281,8 @@ sub process_providers( $ ) {
     #
     for ( grep interface_is_optional( $_ ) && ! $provider_interfaces{ $_ }, all_real_interfaces ) {
 	#
-	#               TABLE NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
-	$currentline = "$_    0      -    -         $_        -       -       -";
+	#               TABLE             NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
+	$currentline =  chain_base($_) ." 0      -    -         $_        -       -       -";
 	#
 	$pseudoproviders += process_a_provider(1);
     }