From 990a9f0fdc33eadbb48786cb95d32c935bff1ff7 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 13 Oct 2009 14:36:47 -0700
Subject: [PATCH] Fix RETAIN_ALIASES

---
 Shorewall/Perl/Shorewall/Nat.pm   | 33 +++++++++++++++++++++++++------
 Shorewall/Perl/Shorewall/Rules.pm |  3 +++
 Shorewall/changelog.txt           |  2 ++
 Shorewall/releasenotes.txt        |  5 ++++-
 4 files changed, 36 insertions(+), 7 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm
index bc0d58e7a..46ab38a3e 100644
--- a/Shorewall/Perl/Shorewall/Nat.pm
+++ b/Shorewall/Perl/Shorewall/Nat.pm
@@ -35,8 +35,8 @@ use strict;
 
 our @ISA = qw(Exporter);
 our @EXPORT = qw( setup_masq setup_nat setup_netmap add_addresses );
-our @EXPORT_OK = ();
-our $VERSION = '4.4_2';
+our @EXPORT_OK = qw(delete_addresses);
+our $VERSION = '4.4_3';
 
 our @addresses_to_add;
 our %addresses_to_add;
@@ -290,7 +290,6 @@ sub process_one_masq( )
 		next if $addrs eq 'detect';
 		for my $addr ( ip_range_explicit $addrs ) {
 		    unless ( $addresses_to_add{$addr} ) {
-			emit "del_ip_addr $addr $interface" unless $config{RETAIN_ALIASES};
 			$addresses_to_add{$addr} = 1;
 			if ( defined $alias ) {
 			    push @addresses_to_add, $addr, "$interface:$alias";
@@ -482,12 +481,13 @@ sub setup_netmap() {
 
 sub add_addresses () {
     if ( @addresses_to_add ) {
+	my @addrs = @addresses_to_add;
 	my $arg = '';
 	my $addresses = 0;
 
-	while ( @addresses_to_add ) {
-	    my $addr      = shift @addresses_to_add;
-	    my $interface = shift @addresses_to_add;
+	while ( @addrs ) {
+	    my $addr      = shift @addrs;
+	    my $interface = shift @addrs;
 	    $arg = "$arg $addr $interface";
 	    unless ( $config{RETAIN_ALIASES} ) {
 		emit '' unless $addresses++;
@@ -500,4 +500,25 @@ sub add_addresses () {
     }
 }
 
+sub delete_addresses () {
+    if ( @addresses_to_add ) {
+	unless ( $config{RETAIN_ALIASES} ) {
+	    my @addrs = @addresses_to_add;
+
+	    emit '';
+
+	    while ( @addrs ) {
+		my $addr      = shift @addrs;
+		my $interface = shift @addrs;
+
+		$interface =~ s/:.*//;
+
+		emit "del_ip_addr $addr $interface";
+	    }
+
+	    emit '';
+	}
+    }
+}
+
 1;
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index fa34dad03..5a1458eb7 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -31,6 +31,7 @@ use Shorewall::Chains qw(:DEFAULT :internal);
 use Shorewall::Actions;
 use Shorewall::Policy;
 use Shorewall::Proc;
+use Shorewall::Nat qw(delete_addresses);
 
 use strict;
 
@@ -2227,6 +2228,8 @@ EOF
 
     emit 'delete_tc1' if $config{CLEAR_TC};
 
+    delete_addresses;
+
     emit( 'undo_routing',
 	  'restore_default_route'
 	  );
diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 7cb003637..e28ff8eb5 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -6,6 +6,8 @@ Changes in Shorewall 4.4.3
 
 3)  Rename 'object' to 'script' in compiler and config modules.
 
+4)  Correct RETAIN_ALIASES=No.
+
 Changes in Shorewall 4.4.2
 
 1)  BUGFIX: Correct detection of Persistent SNAT support
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 8ee15e1ca..90870800d 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -176,7 +176,10 @@ Shorewall 4.4.3
 1.  Previously, if 'routeback' was specified in /etc/shorewall/routestopped:
 
     a) 'shorewall check' produced an internal error
-    b) The 'routeback' option didn't work.
+    b) The 'routeback' option didn't work
+
+2)  If an alias IP address was added and RETAIN_ALIASES=No in
+    shorewall.conf, then a compiler internal error resulted.
 
 ----------------------------------------------------------------------------
              K N O W N   P R O B L E M S   R E M A I N I N G