From 781d1fe3b442ad5bd724970ab7576dd2d50a8717 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Tue, 20 Feb 2007 17:05:25 +0000
Subject: [PATCH] Fix to dynamic rules restoration change

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5424 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/compiler         | 8 ++++++--
 Shorewall/lib.cli          | 2 +-
 Shorewall/releasenotes.txt | 5 +++++
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/Shorewall/compiler b/Shorewall/compiler
index e99437518..787643db7 100755
--- a/Shorewall/compiler
+++ b/Shorewall/compiler
@@ -5358,10 +5358,14 @@ if [ -f \${VARDIR}/save ]; then
             DROP|reject|logdrop|logreject)
                 case \$rest in
                     \$rangematch*)
-                        run_iptables -A dynamic -m iprange --src-range \${rest#source IP range}
+                        run_iptables -A dynamic -m iprange --src-range \${rest#source IP range} -j \$target
                         ;;
                     *)
-                        run_iptables -A dynamic -s \$address -j \$target
+                        if [ -z "\$rest" ]; then
+                            run_iptables -A dynamic -s \$address -j \$target
+                        else
+                            error_message "WARNING: Unable to restore dynamic rule \"\$target \$ignore1 \$ignore2 \$address \$ignore3 \$rest\""
+                        fi
                         ;;
                 esac
                 ;;
diff --git a/Shorewall/lib.cli b/Shorewall/lib.cli
index cf8a9a305..f612b32f3 100644
--- a/Shorewall/lib.cli
+++ b/Shorewall/lib.cli
@@ -842,7 +842,7 @@ make_verbose() {
 #
 # Executor for drop,reject,... commands
 #
-block() # $1 = command, $2 = Finished, $3 = Original Command $4 - $n addresses
+block() # $1 = command, $2 = Finished, $3 - $n addresses
 {
     local chain=$1 finished=$2
 
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 44a75e784..d21b87b46 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -32,6 +32,11 @@ Problems Corrected in 3.4.0 Final
 
 1)  The route_rules file was being ignored. This has been corrected.
 
+2)  If an IP range was specified in a 'drop' or 'reject' (including the
+    logging forms) and a 'shorewall save' was performed, then the next
+    time that Shorewall was restarted, new connections from outside the
+    firewall were totally blocked.
+
 Other Changes in 3.4.0 Final
 
 1)  A warning is now issued when 'loose' and 'balance' are specified together