From c5ae67869af10ce4f583f44e5a2326e208f7cf6e Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Fri, 7 Jan 2005 04:15:58 +0000
Subject: [PATCH] Shorewall 2.2.0 RC4

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1889 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 LrpN/etc/shorewall/masq           |  4 ++++
 LrpN/sbin/shorewall               |  7 +++++++
 LrpN/usr/share/shorewall/firewall | 16 ++++++++++------
 LrpN/usr/share/shorewall/version  |  2 +-
 4 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/LrpN/etc/shorewall/masq b/LrpN/etc/shorewall/masq
index 0074c901a..34e81d93d 100644
--- a/LrpN/etc/shorewall/masq
+++ b/LrpN/etc/shorewall/masq
@@ -116,6 +116,10 @@
 #				matches these options will have their source address
 #				changed.
 #
+#					Yes or yes -- must be the only option listed
+#					and matches all outbound traffic that will be
+#					encrypted.
+#
 #					reqid=<number> where <number> is specified
 #					using setkey(8) using the 'unique:<number>
 #					option for the SPD level.
diff --git a/LrpN/sbin/shorewall b/LrpN/sbin/shorewall
index 266d8be17..fd1d8ac0c 100755
--- a/LrpN/sbin/shorewall
+++ b/LrpN/sbin/shorewall
@@ -1018,6 +1018,13 @@ case "$1" in
 	    echo
 	    ip route ls table $table
 	done
+
+	if qt which lsmod; then
+	    echo
+	    echo "Modules"
+	    echo
+	    lsmod | grep -E '^ip_|^ipt_'
+	fi
 	;;
     hits)
     	[ -n "$debugging" ] && set -x
diff --git a/LrpN/usr/share/shorewall/firewall b/LrpN/usr/share/shorewall/firewall
index b3aaa719d..66cd438a1 100755
--- a/LrpN/usr/share/shorewall/firewall
+++ b/LrpN/usr/share/shorewall/firewall
@@ -2162,7 +2162,7 @@ setup_nat() {
     }
 
     do_one_nat() {
-	local add_ip_aliases=$ADD_IP_ALIASES, iface=${interface%:*}
+	local add_ip_aliases=$ADD_IP_ALIASES iface=${interface%:*}
 	
 	if [ -n "$add_ip_aliases" ]; then
 	    case $interface in
@@ -4879,12 +4879,12 @@ get_routed_networks() # $1 = interface name
 setup_masq()
 {
     do_ipsec_options() {
-	local options=$(separate_list $ipsec) option 
-	policy ="-m policy --pol ipsec --dir out"
+	local options="$(separate_list $ipsec)" option 
+	policy="-m policy --pol ipsec --dir out"
 
-	options=$(separate_list $options)
 	for option in $options; do
 	    case $option in
+		[Yy]es)         ;;
 		strict)         policy="$policy --strict" ;;
 		next)           policy="$policy --next" ;;
 		reqid=*)        policy="$policy --reqid ${option#*=}" ;;
@@ -4905,7 +4905,7 @@ setup_masq()
     }
 
     setup_one() {
-	local add_snat_aliases=$ADD_SNAT_ALIASES, pre_nat= policy= destnets=
+	local add_snat_aliases=$ADD_SNAT_ALIASES pre_nat= policy= destnets=
 
 	[ "x$ipsec" = x- ] && ipsec=
 
@@ -4921,7 +4921,11 @@ setup_masq()
 		policy="-m policy --pol none --dir out"
 		;;
 	    *)
-		[ -n "$ipsec" ] && do_ipsec_options || [ -n "$POLICY_MATCH" ] && policy="-m policy --pol none --dir out"
+		if [ -n "$ipsec" ]; then
+		    do_ipsec_options
+		elif [ -n "$POLICY_MATCH" ]; then
+		    policy="-m policy --pol none --dir out"
+		fi
 		;;
 	esac
 
diff --git a/LrpN/usr/share/shorewall/version b/LrpN/usr/share/shorewall/version
index 89cc14980..d8044ac71 100644
--- a/LrpN/usr/share/shorewall/version
+++ b/LrpN/usr/share/shorewall/version
@@ -1 +1 @@
-2.2.0-RC3
+2.2.0-RC4