From a3d8eb9d5bfb3891ede0cf85a9f65c963a6e9dfc Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Fri, 19 Mar 2004 22:15:22 +0000
Subject: [PATCH] Fix yet another <zone>_frwd problem

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1213 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall2/changelog.txt    |  4 +++-
 Shorewall2/firewall         | 16 ++++++++++------
 Shorewall2/releasenotes.txt |  4 ++++
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt
index 1933fe75a..919f02a87 100644
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@@ -8,4 +8,6 @@ Changes since 2.0.0
 
 4) Add 'nobogons'
 
-4) Add 'netmap'
+5) Add 'netmap'
+
+6) Fix another <zone>_frwd problem.
diff --git a/Shorewall2/firewall b/Shorewall2/firewall
index 1ca4a16ff..85b16de98 100755
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@@ -5026,6 +5026,13 @@ activate_rules()
 
 	    if [ $zone = $zone1 ]; then
 		eval routeback=\"\$${zone}_routeback\"
+		eval interfaces=\"${zone}_interfaces\"
+
+		num_ifaces=$(list_count1 $interfaces)
+
+		if [ $num_ifaces -lt 2 -a -z "$routeback" ] ; then
+		    continue
+		fi
 	    else
 		routeback=
 	    fi
@@ -5034,12 +5041,9 @@ activate_rules()
 		for host1 in $dest_hosts; do
 		    interface1=${host1%%:*}
 		    subnet1=${host1#*:}
-		    if [ $(list_count1 $source_hosts) -eq 1 -a "$source_hosts" = "$host1" ]; then
-			if list_search $host1 $routeback; then
-			    run_iptables -A $frwd_chain -o $interface1 $(match_dest_hosts $subnet1) -j $chain
-			fi
-		    else
-			run_iptables -A $frwd_chain -o $interface1 $(match_dest_hosts $subnet1) -j $chain
+
+		    if [ $zone != $zone1 -o $num_ifaces -gt 1 ] || list_search $host1 $routeback ; then
+			run_iptables -A $frwd_chain -o $interface1 $(match_dest_hosts $subnet1) -j $chain			
 		    fi
 		done
 	    else
diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt
index 835e2e9dc..c463957dc 100755
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@@ -6,6 +6,10 @@ Problems Corrected since 2.0.0
 1) Using actions in the manner recommended in the documentation
    results in a Warning that the rule is a policy.
 
+2) When a zone on a single interface is defined using
+   /etc/shorewall/hosts, superfluous rules are generated in the
+   <zone>_frwd chain.
+
 Problems Corrected since 2.0.1 Beta 1
 
 1) The BOGON_LOG_LEVEL variable is now included in shorewall.conf. It