From 4ec47783f168d8ff1810b1ae43ef47f752e67d19 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 5 Dec 2012 07:51:21 -0800
Subject: [PATCH 1/5] Detect missing target in merge_levels()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Rules.pm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 45126b58a..ffb87c262 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -1128,6 +1128,8 @@ sub merge_levels ($$) {
 
     my $target   = $subparts[0];
 
+    fatal_error "Missing ACTION" unless supplied $target;
+
     push @subparts, '' while @subparts < 3;   #Avoid undefined values
 
     my $sublevel = $subparts[1];

From 61d67a47410f88efc5a4b20c62a49294c2e0bdcf Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 6 Dec 2012 15:10:53 -0800
Subject: [PATCH 2/5] Remove extraneous comment from the rule generated by
 action.RST

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/action.RST | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Shorewall/action.RST b/Shorewall/action.RST
index 37aee7ed4..0f7641ee6 100644
--- a/Shorewall/action.RST
+++ b/Shorewall/action.RST
@@ -47,7 +47,7 @@ my ( $level, $tag )  = get_action_logging;
 my $target           = require_audit ( $action , $audit );
 
 log_rule_limit $level, $chainref, 'RST' , $action, '', $tag, 'add', '-p 6 --tcp-flags RST RST ' if $level ne '';
-add_jump $chainref , $target, 0, '-p 6 --tcp-flags RST RST, ';
+add_jump $chainref , $target, 0, '-p 6 --tcp-flags RST RST ';
 
 allow_optimize( $chainref );
 

From 7190cd1265afa64eae632aa0258e99e3b279932f Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 6 Dec 2012 15:20:10 -0800
Subject: [PATCH 3/5] Handle nested parens when pushing action parameters.

- Add an optional argument to split_list1 that causes parens to be retained.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:

	Shorewall/Perl/Shorewall/Config.pm
---
 Shorewall/Perl/Shorewall/Config.pm | 12 ++++++------
 Shorewall/Perl/Shorewall/Rules.pm  |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 29ff0f928..1e0b31f71 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -1652,8 +1652,8 @@ sub split_list( $$;$ ) {
     split /,/, $list;
 }
 
-sub split_list1( $$ ) {
-    my ($list, $type ) = @_;
+sub split_list1( $$;$ ) {
+    my ($list, $type, $keepparens ) = @_;
 
     fatal_error "Invalid $type list ($list)" if $list =~ /^,|,$|,,|!,|,!$/;
 
@@ -1666,17 +1666,17 @@ sub split_list1( $$ ) {
 
 	if ( ( $count = tr/(/(/ ) > 0 ) {
 	    fatal_error "Invalid $type list ($list)" if $element || $count > 1;
-	    s/\(//;
+	    s/\(// unless $keepparens;
 	    if ( ( $count = tr/)/)/ ) > 0 ) {
 		fatal_error "Invalid $type list ($list)" if $count > 1;
-		s/\)//;
+		s/\)// unless $keepparens;
 		push @list2 , $_;
 	    } else {
 		$element = $_;
 	    }
 	} elsif ( ( $count =  tr/)/)/ ) > 0 ) {
 	    fatal_error "Invalid $type list ($list)" unless $element && $count == 1;
-	    s/\)//;
+	    s/\)// unless $keepparens;
 	    push @list2, join ',', $element, $_;
 	    $element = '';
 	} elsif ( $element ) {
@@ -2470,7 +2470,7 @@ sub embedded_perl( $ ) {
 # Push/pop action params
 #
 sub push_action_params( $$ ) {
-    my @params = split /,/, $_[1];
+    my @params = split_list1 $_[1], 'parameter', 1;
     my @oldparams = @actparms;
 
     @actparms = ();
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index ffb87c262..52c13e360 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -1987,7 +1987,7 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) {
 	return $generated;
 
     } elsif ( $actiontype & ( ACTION | INLINE ) ) {
-	split_list $param, 'Action parameter';
+	split_list1 $param, 'Action parameter';
     } elsif ( $actiontype & NFQ ) {
 	require_capability( 'NFQUEUE_TARGET', 'NFQUEUE Rules', '' );
 	my $paramval = $param eq '' ? 0 : numeric_value( $param );

From 6ab5cfd63acccb70340891531fca1a23c582bb15 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 6 Dec 2012 19:12:44 -0800
Subject: [PATCH 4/5] Use split_list2 in isolate_basic_target()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Rules.pm | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 52c13e360..a21d32b1f 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -1228,7 +1228,13 @@ sub merge_macro_column( $$ ) {
 # Get Macro Name -- strips away trailing /*, :* and (*) from the first column in a rule, macro or action.
 #
 sub isolate_basic_target( $ ) {
-    my $target = ( split '[/:]', $_[0])[0];
+    my $target = $_[0];
+
+    if ( $target =~ /[\/]/ ) {
+	( $target ) = split( '/', $target);
+    } else {
+	( $target ) = split_list2( $target, 'parameter' );
+    } 
 
     $target =~ /^(\w+)[(].*[)]$/ ? $1 : $target;
 }

From 4d064d6713c47f4b69b682b087aed1dee8fcd478 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 7 Dec 2012 16:48:55 -0800
Subject: [PATCH 5/5] Replace spaces with tabs in rules files.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Samples/Universal/rules          | 4 ++--
 Shorewall/Samples/one-interface/rules      | 4 ++--
 Shorewall/Samples/three-interfaces/rules   | 4 ++--
 Shorewall/Samples/two-interfaces/rules     | 4 ++--
 Shorewall/configfiles/rules                | 2 +-
 Shorewall6/Samples6/Universal/rules        | 4 ++--
 Shorewall6/Samples6/one-interface/rules    | 4 ++--
 Shorewall6/Samples6/three-interfaces/rules | 4 ++--
 Shorewall6/Samples6/two-interfaces/rules   | 4 ++--
 Shorewall6/configfiles/rules               | 4 ++--
 10 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/Shorewall/Samples/Universal/rules b/Shorewall/Samples/Universal/rules
index d9516429a..03ab1fe7d 100644
--- a/Shorewall/Samples/Universal/rules
+++ b/Shorewall/Samples/Universal/rules
@@ -6,8 +6,8 @@
 # The manpage is also online at
 # http://www.shorewall.net/manpages/shorewall-rules.html
 #
-##############################################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME         HEADERS         SWITCH     HELPER
+#################################################################################################################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME		HEADERS	 SWITCH		 HELPER
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
 #SECTION ALL
 #SECTION ESTABLISHED
diff --git a/Shorewall/Samples/one-interface/rules b/Shorewall/Samples/one-interface/rules
index bfd4f6775..eeb1ef23c 100644
--- a/Shorewall/Samples/one-interface/rules
+++ b/Shorewall/Samples/one-interface/rules
@@ -10,8 +10,8 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------------------------------------
 # For information on entries in this file, type "man shorewall-rules"
-##############################################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME         HEADERS         SWITCH     HELPER
+#################################################################################################################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME		HEADERS	 SWITCH		 HELPER
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
 #SECTION ALL
 #SECTION ESTABLISHED
diff --git a/Shorewall/Samples/three-interfaces/rules b/Shorewall/Samples/three-interfaces/rules
index 8bb4c71f4..44fd19671 100644
--- a/Shorewall/Samples/three-interfaces/rules
+++ b/Shorewall/Samples/three-interfaces/rules
@@ -10,8 +10,8 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-rules"
-##############################################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME         HEADERS         SWITCH     HELPER
+#################################################################################################################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME		HEADERS	 SWITCH		 HELPER
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
 #SECTION ALL
 #SECTION ESTABLISHED
diff --git a/Shorewall/Samples/two-interfaces/rules b/Shorewall/Samples/two-interfaces/rules
index ecd59e907..90c8d7372 100644
--- a/Shorewall/Samples/two-interfaces/rules
+++ b/Shorewall/Samples/two-interfaces/rules
@@ -10,8 +10,8 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall-rules"
-##############################################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME         HEADERS         SWITCH     HELPER
+#################################################################################################################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME		HEADERS	 SWITCH		 HELPER
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
 #SECTION ALL
 #SECTION ESTABLISHED
diff --git a/Shorewall/configfiles/rules b/Shorewall/configfiles/rules
index 37b0395a1..2e4d792b3 100644
--- a/Shorewall/configfiles/rules
+++ b/Shorewall/configfiles/rules
@@ -7,7 +7,7 @@
 # http://www.shorewall.net/manpages/shorewall-rules.html
 #
 #################################################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME         HEADERS         SWITCH        HELPER
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME		HEADERS	 SWITCH		 HELPER
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
 #SECTION ALL
 #SECTION ESTABLISHED
diff --git a/Shorewall6/Samples6/Universal/rules b/Shorewall6/Samples6/Universal/rules
index 36daf6acd..db9361ac8 100644
--- a/Shorewall6/Samples6/Universal/rules
+++ b/Shorewall6/Samples6/Universal/rules
@@ -6,8 +6,8 @@
 # The manpage is also online at
 # http://www.shorewall.net/manpages/shorewall-rules.html
 #
-######################################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME       HEADERS   SWITCH     HELPER
+#######################################################################################################################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME		HEADERS		 SWITCH		 HELPER
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
 #SECTION ALL
 #SECTION ESTABLISHED
diff --git a/Shorewall6/Samples6/one-interface/rules b/Shorewall6/Samples6/one-interface/rules
index 73b19a329..0911997f5 100644
--- a/Shorewall6/Samples6/one-interface/rules
+++ b/Shorewall6/Samples6/one-interface/rules
@@ -10,8 +10,8 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------------------------------------
 # For information on entries in this file, type "man shorewall6-rules"
-######################################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME       HEADERS   SWITCH     HELPER
+#######################################################################################################################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME		HEADERS		 SWITCH		 HELPER
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
 #SECTION ALL
 #SECTION ESTABLISHED
diff --git a/Shorewall6/Samples6/three-interfaces/rules b/Shorewall6/Samples6/three-interfaces/rules
index 1233fb451..46b154b9e 100644
--- a/Shorewall6/Samples6/three-interfaces/rules
+++ b/Shorewall6/Samples6/three-interfaces/rules
@@ -10,8 +10,8 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall6-rules"
-######################################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME       HEADERS   SWITCH     HELPER
+#######################################################################################################################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME		HEADERS		 SWITCH		 HELPER
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
 #SECTION ALL
 #SECTION ESTABLISHED
diff --git a/Shorewall6/Samples6/two-interfaces/rules b/Shorewall6/Samples6/two-interfaces/rules
index 0fc7a1a74..f31aa6ee7 100644
--- a/Shorewall6/Samples6/two-interfaces/rules
+++ b/Shorewall6/Samples6/two-interfaces/rules
@@ -10,8 +10,8 @@
 # See the file README.txt for further details.
 #------------------------------------------------------------------------------
 # For information about entries in this file, type "man shorewall6-rules"
-######################################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME       HEADERS   SWITCH     HELPER
+#######################################################################################################################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME		HEADERS		 SWITCH		 HELPER
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
 #SECTION ALL
 #SECTION ESTABLISHED
diff --git a/Shorewall6/configfiles/rules b/Shorewall6/configfiles/rules
index d9cd60a11..85f3426a9 100644
--- a/Shorewall6/configfiles/rules
+++ b/Shorewall6/configfiles/rules
@@ -6,8 +6,8 @@
 # The manpage is also online at
 # http://www.shorewall.net/manpages6/shorewall6-rules.html
 #
-#####################################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME       HEADERS   SWITCH    HELPER
+#######################################################################################################################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME		HEADERS		 SWITCH		 HELPER
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
 #SECTION ALL
 #SECTION ESTABLISHED