Sanitize confusing code; don't give zones and shorewall.conf execute permission

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1474 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-07-13 13:15:11 +00:00 · 2004-07-13 13:15:11 +00:00 · 812f927d70
commit 812f927d70
parent 978b47bd43
4 changed files with 28 additions and 8 deletions
--- a/STABLE2/changelog.txt
+++ b/STABLE2/changelog.txt
@ -13,4 +13,21 @@ Change in 2.0.6
 1) Add PKTTYPE option.

       shorewall.conf
-       firewall
+       firewall
+
+2) Sanitized some correct but confusing code in determine_hosts().
+
+   There was a loop:
+
+	 for networks in $networks
+	 ...
+
+   It now reads:
+
+	 for network in $networks
+	 ... 
+
+
+3) Don't give shorewall.conf and zones execute permission.
+
+  
--- a/STABLE2/firewall
+++ b/STABLE2/firewall
@ -670,15 +670,15 @@ determine_hosts() {
 		networks=0.0.0.0/0
 	    fi

-	    for networks in $networks; do
+	    for network in $networks; do
 		if [ -z "$hosts" ]; then
-		    hosts=$interface:$networks
+		    hosts=$interface:$network
 		else
-		    hosts="$hosts $interface:$networks"
+		    hosts="$hosts $interface:$network"
 		fi

 		if interface_has_option $interface routeback; then
-		    eval ${zone}_routeback=\"$interface:$networks \$${zone}_routeback\"
+		    eval ${zone}_routeback=\"$interface:$network \$${zone}_routeback\"
 		fi
 	    done
 	done
--- a/STABLE2/install.sh
+++ b/STABLE2/install.sh
@ -185,7 +185,7 @@ mkdir -p ${PREFIX}/var/lib/shorewall     && chmod 700 ${PREFIX}/var/lib/shorewal
 if [ -f ${PREFIX}/etc/shorewall/shorewall.conf ]; then
   backup_file /etc/shorewall/shorewall.conf
 else
-   run_install -o $OWNER -g $GROUP -m 0744 shorewall.conf ${PREFIX}/etc/shorewall/shorewall.conf
+   run_install -o $OWNER -g $GROUP -m 0600 shorewall.conf ${PREFIX}/etc/shorewall/shorewall.conf
   echo
   echo "Config file installed as ${PREFIX}/etc/shorewall/shorewall.conf"
 fi
@ -195,7 +195,7 @@ fi
 if [ -f ${PREFIX}/etc/shorewall/zones ]; then
    backup_file /etc/shorewall/zones
 else
-    run_install -o $OWNER -g $GROUP -m 0744 zones ${PREFIX}/etc/shorewall/zones
+    run_install -o $OWNER -g $GROUP -m 0600 zones ${PREFIX}/etc/shorewall/zones
    echo
    echo "Zones file installed as ${PREFIX}/etc/shorewall/zones"
 fi
--- a/STABLE2/releasenotes.txt
+++ b/STABLE2/releasenotes.txt
@ -25,4 +25,7 @@ Problems Corrected in version 2.0.6

   Users experiencing this problem can use PKTTYPE=No in
   shorewall.conf to cause Shorewall to use IP address filtering of 
-   broadcasts rather than packet type.
+   broadcasts rather than packet type.
+
+2) The shorewall.conf and zones file are no longer given execute
+   permission by the installer script.