Fix adding addresses to P-T-P devices

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@683 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-05 15:05:45 +00:00 · 2003-08-05 15:05:45 +00:00 · b2729de062
commit b2729de062
parent 3d9d913b4b
4 changed files with 34 additions and 19 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -14,3 +14,5 @@ Changes since 1.4.6
 6) Don't allow 'stop' when startup is disabled
 7) Added ADMINISABSENTMINDED option.
 8) Fixed adding addresses to ppp interfaces.
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -3246,10 +3246,14 @@ add_ip_aliases()
 	# Get all of the lines that contain inet addresses 
 	#
 	ip addr show $interface 2> /dev/null | grep 'inet' | while read inet cidr rest ; do
-	    if in_subnet $external $cidr; then
+	    case $cidr in
-		echo "/${cidr#*/} brd `broadcastaddress $cidr`"
+		*/*)
-		break
+		    if in_subnet $external $cidr; then
-	    fi
+			echo "/${cidr#*/} brd `broadcastaddress $cidr`"
 			break
 		    fi
 		    ;;
 	    esac
 	done
    }
--- a/Shorewall/masq
+++ b/Shorewall/masq
@ -1,4 +1,4 @@
-#
+\#
 # Shorewall 1.4 - Masquerade file
 #
 # /etc/shorewall/masq
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -9,6 +9,19 @@ Problems Corrected since version 1.4.6:
   tcrules file. Previously, these addresses resulted in an invalid
   iptables command.
 3) The "shorewall stop" command is now disabled when
   /etc/shorewall/startup_disabled exists. This prevents people from
   shooting themselves in the foot prior to having configured
   Shorewall.
 4) A change introduced in version 1.4.6 caused error messages during
   "shorewall [re]start" when ADD_IP_ALIASES=Yes and ip addresses were
   being added to a PPP interface; the addresses were successfully
   added in spite of the messages.
   The firewall script has been modified to eliminate the error
   messages.
 Migration Issues:
 1) Once you have installed this version of Shorewall, you must 
@ -34,23 +47,21 @@ New Features:
 2) Thanks to Steve Herber, the help command can now give
   command-specific help.
-3) The "shorewall stop" command is now disabled when
+3) A new option "ADMINISABSENTMINDED" has been added to
   /etc/shorewall/startup_disabled exists. This prevents people from
   shooting themselves in the foot prior to having configured
   Shorewall.
 4) A new option "ADMINISABSENTMINDED" has been added to
   /etc/shorewall/shorewall.conf. This option has a default value of
-   "No" in which case Shorewall's 'stopped' state continues as it has
+   "No" for existing Shorewall users who are upgrading to this release.
   With this setting, Shorewall's 'stopped' state continues as it has
   been; namely, in the stopped state only traffic to/from hosts listed
   in /etc/shorewall/routestopped is accepted.
-   With ADMINISABSENTMINDED=Yes, in addition to traffic to/from the
+   The default for new users installing Shorewall for the first time is
-   hosts listed in /etc/shorewall/routestopped, Shorewall will allow:
+   ADMINISABSENTMINDED=Yes.With that setting, in addition to traffic
   to/from the hosts listed in /etc/shorewall/routestopped, Shorewall
   will allow:
-   a) All traffic originating from the firewall itself; and
+	a) All traffic originating from the firewall itself; and
-   b) All traffic that is part of or related to an already-existing
+	b) All traffic that is part of or related to an already-existing
-   connection.
+           connection.
   In particular, with ADMINISABSENTMINDED=Yes, a "shorewall stop"
   entered through an ssh session will not kill the session.
@ -75,5 +86,3 @@ New Features:
   stop". As part of stopping, Shorewall removes eth0:0 which kills my
   SSH connection to 192.168.1.5!!!