Fix for startup problem in masq processing

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1125 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/actions.std

@@ -28,7 +28,8 @@ AllowPOP3	#Allow reading mail via POP3
 AllowIMAP	#Allow reading mail via IMAP
 AllowTelnet	#Allow Telnet Access (not recommended for use over the
 		#Internet)
-AllowVNC	#Allow VNC, Displays 0-9
+AllowVNC	#Allow VNC viewer->server, Displays 0-9
+AllowVNCL	#Allow VNC server->viewer in listening mode
 AllowNTP	#Allow Network Time Protocol (ntpd)
 AllowRdate	#Allow remote time (rdate).
 AllowNNTP	#Allow network news (Usenet).

Shorewall2/firewall

@@ -2800,7 +2800,7 @@ add_a_rule()
 		fatal_error "Only DNAT and REDIRECT rules may specify destination mapping; rule \"$rule\""
 	    fi
 
-	    if [ -z "$dnat_only" -a $chain != ${FW}2${FW} ]; then
+	    if [ -z "$dnat_only" ]; then
 		if [ -n "$serv" ]; then
 		    for serv1 in $(separate_list $serv); do
 			for srv in $(ip_range $serv1); do
@@ -3793,10 +3793,10 @@ setup_masq()
 		;;
 	esac
 
+	addrlist=
 	if [ -n "$addresses" ]; then
-	    temp=
 	    for address in $(separate_list $addresses); do
-		temp="$temp --to-source $address"
+		addrlist="$addrlist --to-source $address"
 	    done
 	fi
 
@@ -3804,7 +3804,7 @@ setup_masq()
 	    for s in $subnet; do
 		if [ -n "$addresses" ]; then
 		    for destnet in $(separate_list $destnets); do
-			addnatrule $chain -s $s -d $destnet -j SNAT $temp
+			addnatrule $chain -s $s -d $destnet -j SNAT $addrlist
 		    done
 		    echo "   To $destination from $s through ${interface} using $addresses"
 		else
@@ -3814,9 +3814,9 @@ setup_masq()
 		    echo "   To $destination from $s through ${interface}"
 		fi
 	    done
-	elif [ -n "$address" ]; then
+	elif [ -n "$addresses" ]; then
 	    for destnet in $(separate_list $destnets); do
-		addnatrule $chain -d $destnet -j SNAT $temp
+		addnatrule $chain -d $destnet -j SNAT $addrlist
 	    done
 	    echo "   To $destination from $source through ${interface} using $addresses"
 	else

Shorewall2/releasenotes.txt

@@ -135,8 +135,13 @@ Issues when migrating from Shorewall to Shorewall2:
 
       Mirrors         #Accept traffic from Shorewall Mirrors
 
-      Drop:DROP
+      MyDrop:DROP
-      Reject:REJECT
+      MyReject:REJECT
+
+   At any rate, if you have an existing /etc/shorewall/actions file,
+   then you MUST either add "INCLUDE /etc/shorewall/actions.std" to
+   that file or you must include the definitions similar to mine above
+   in your /etc/shorewall/actions file.
 
 5) The /etc/shorewall2 directory no longer contains a 'users' file or a
    'usersets' file. Similar functionality is now available using
@@ -150,14 +155,14 @@ Issues when migrating from Shorewall to Shorewall2:
    The last column in /etc/shorewall2/rules is now labeled USER/GROUP
    and may contain:
 
-       [!]<user id>[:]
+       [!]<user number>[:]
        [!]<user name>[:]
-       [!]:<group id>
        [!]:<group number>
-       [!]<user id>:<group id>
+       [!]:<group name>
-       [!]<user number>:<group id>
-       [!]<user id>:<group number>
        [!]<user number>:<group number>
+       [!]<user number>:<group name>
+       [!]<user name>:<group number>
+       [!]<user name>:<group name>
 
 6) It is no longer possible to specify rate limiting in the ACTION
    column of /etc/shorewall2/rules -- you must use the RATE LIMIT

Shorewall2/rules

@@ -36,6 +36,7 @@
 #					    Like REDIRET but only generates the
 #					    REDIRECT iptables rule and not
 #					    the companion ACCEPT rule.
+#
 #				CONTINUE -- (For experts only). Do not process
 #					    any of the following rules for this
 #					    (source zone,destination zone). If