fix <if>:: handling in setup_masq()

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1868 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-12-29 00:06:02 +00:00 · 2004-12-29 00:06:02 +00:00 · 86bd2afd97
commit 86bd2afd97
parent eba3a8f095
3 changed files with 10 additions and 7 deletions
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@ -196,3 +196,5 @@ Changes since 2.0.3
 95) Change encryption to blowfish in 'ipsecvpn' script.

 96) Correct rate limiting rule example.
+
+97) Fix <if>:: handling in setup_masq().
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@ -4905,7 +4905,7 @@ setup_masq()
    }

    setup_one() {
-	local add_snat_aliases=$ADD_SNAT_ALIASES, pre_nat= policy=
+	local add_snat_aliases=$ADD_SNAT_ALIASES, pre_nat= policy= destnets=

 	[ "x$ipsec" = x- ] && ipsec=

@ -4946,7 +4946,6 @@ setup_masq()
 	    *:)
 		add_snat_aliases=
 	        fullinterface=${fullinterface%:}
-		destnets="0.0.0.0/0"
 		;;
 	    *:*)
 		# Alias name OR networks
@ -4958,12 +4957,10 @@ setup_masq()
 			;;
 		    *)
 			#it's an alias name
-			destnets="0.0.0.0/0"
 			;;
 		esac
 		;;
 	    *)
-		destnets="0.0.0.0/0"
 		;;
 	esac

@ -5003,7 +5000,7 @@ setup_masq()
 			if ! list_search $addr $aliases_to_add; then
 			    [ -n "$RETAIN_ALIASES" ] || save_command qt ip addr del $addr dev $interface 
 			    aliases_to_add="$aliases_to_add $addr $fullinterface"
-			    case $fullinterface in 
+			    case $fullinterface in
 				*:*)
 				    fullinterface=${fullinterface%:*}:$((${fullinterface#*:} + 1 ))
 				    ;;
@ -5058,7 +5055,7 @@ setup_masq()
 	    [ -n "$ports" ] && fatal_error "Ports only allowed with UDP or TCP ($ports)"
 	fi	

-	destination=$destnets
+	destination=${destnets:=0.0.0.0/0}

 	[ -z "$pre_nat" ] && chain=$(masq_chain $interface) || chain=$(snat_chain $interface)

--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@ -200,7 +200,11 @@ Problems corrected since 2.2.0 RC2
 	      local: lo:: bad variable name

 2) The rate limiting example in /etc/shorewall/rules has been changed
-   to use the RATE LIMIT column. 
+   to use the RATE LIMIT column.
+
+3) Entries in /etc/shorewall/masq with the INTERFACE column containing
+   <ifname>:: would generate a progress message but would not generate
+   an iptables rule. 
 -----------------------------------------------------------------------
 Issues when migrating from Shorewall 2.0 to Shorewall 2.2: