From e6e9fccab480b6da049cb0eb8c74d62577fbf9a7 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Thu, 31 Mar 2005 23:24:42 +0000
Subject: [PATCH] Fix '\!' in hosts file

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2017 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 STABLE/changelog.txt    |  2 ++
 STABLE/fallback.sh      |  2 +-
 STABLE/firewall         | 14 +++++++-------
 STABLE/install.sh       |  2 +-
 STABLE/releasenotes.txt |  4 ++++
 STABLE/shorewall.spec   |  4 +++-
 STABLE/uninstall.sh     |  2 +-
 7 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/STABLE/changelog.txt b/STABLE/changelog.txt
index 79ae7e89d..1144e0d63 100644
--- a/STABLE/changelog.txt
+++ b/STABLE/changelog.txt
@@ -125,3 +125,5 @@ Changes in 2.0.17
 1)  Fix rejNotSyn.
 
 2)  Fix port numbers in action.AllowPCA
+
+3)  Fix "!" in hosts file's HOST column.
diff --git a/STABLE/fallback.sh b/STABLE/fallback.sh
index 8fe84b6b6..55d2faa21 100755
--- a/STABLE/fallback.sh
+++ b/STABLE/fallback.sh
@@ -28,7 +28,7 @@
 #       shown below. Simply run this script to revert to your prior version of
 #       Shoreline Firewall.
 
-VERSION=2.0.16
+VERSION=2.0.17
 
 usage() # $1 = exit status
 {
diff --git a/STABLE/firewall b/STABLE/firewall
index 4018a7750..b7d4ad47d 100755
--- a/STABLE/firewall
+++ b/STABLE/firewall
@@ -5323,7 +5323,7 @@ activate_rules()
 	shift
 
 	if havenatchain $destchain ; then
-	    run_iptables -t nat -A $sourcechain $@ -j $destchain
+	    run_iptables2 -t nat -A $sourcechain $@ -j $destchain
 	elif [ -n "$BRIDGING" -a -f $TMP_DIR/physdev ]; then
 	    rm -f #TMP_DIR/physdev
 	fi
@@ -5340,7 +5340,7 @@ activate_rules()
 	shift
 
 	if havenatchain $destchain; then
-	    eval run_iptables -t nat -I $sourcechain \
+	    eval run_iptables2 -t nat -I $sourcechain \
 		\$${sourcechain}_rule $@ -j $destchain
 	    eval ${sourcechain}_rule=\$\(\(\$${sourcechain}_rule + 1\)\)
 	elif [ -n "$BRIDGING" -a -f $TMP_DIR/physdev ]; then
@@ -5393,7 +5393,7 @@ activate_rules()
 	    interface=${host%%:*}
 	    networks=${host#*:}
 
-	    run_iptables -A OUTPUT -o $interface $(match_dest_hosts $networks) -j $chain1
+	    run_iptables2 -A OUTPUT -o $interface $(match_dest_hosts $networks) -j $chain1
 
 	    #
 	    # Add jumps from the builtin chains for DNAT and SNAT rules
@@ -5401,10 +5401,10 @@ activate_rules()
 	    addrulejump PREROUTING  $(dnat_chain $zone) -i $interface $(match_source_hosts $networks)
 	    addrulejump POSTROUTING $(snat_chain $zone) -o $interface $(match_dest_hosts $networks)
 
-	    run_iptables -A $(input_chain $interface) $(match_source_hosts $networks) -j $chain2
+	    run_iptables2 -A $(input_chain $interface) $(match_source_hosts $networks) -j $chain2
 
 	    [ -n "$complex" ] && \
-		run_iptables -A $(forward_chain $interface) $(match_source_hosts $networks) -j $frwd_chain
+		run_iptables2 -A $(forward_chain $interface) $(match_source_hosts $networks) -j $frwd_chain
 
 	    case $networks in
 		*.*.*.*)
@@ -5469,7 +5469,7 @@ activate_rules()
 		    # routeback was specified for this host group
 		    #
 		    if [ $zone != $zone1 -o $num_ifaces -gt 1 ] || list_search $host1 $routeback ; then
-			run_iptables -A $frwd_chain -o $interface1 $(match_dest_hosts $networks1) -j $chain			
+			run_iptables2 -A $frwd_chain -o $interface1 $(match_dest_hosts $networks1) -j $chain			
 		    fi
 		done
 	    else
@@ -5484,7 +5484,7 @@ activate_rules()
 			networks1=${host1#*:}
 
 			if [ "$host" != "$host1" ] || list_search $host $routeback; then
-			    run_iptables -A $chain1 $(match_source_hosts $networks) -o $interface1 $(match_dest_hosts $networks1) -j $chain
+			    run_iptables2 -A $chain1 $(match_source_hosts $networks) -o $interface1 $(match_dest_hosts $networks1) -j $chain
 			fi
 		    done
 		done
diff --git a/STABLE/install.sh b/STABLE/install.sh
index eab116a69..b8d6c5238 100755
--- a/STABLE/install.sh
+++ b/STABLE/install.sh
@@ -22,7 +22,7 @@
 #       Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
 #
 
-VERSION=2.0.16
+VERSION=2.0.17
 
 usage() # $1 = exit status
 {
diff --git a/STABLE/releasenotes.txt b/STABLE/releasenotes.txt
index d5de20a54..c06f91479 100644
--- a/STABLE/releasenotes.txt
+++ b/STABLE/releasenotes.txt
@@ -306,4 +306,8 @@ Problems corrected in 2.0.17
 
 2) The UDP and TCP port numbers in /usr/share/shorewall/action.AllowPCA
    were reversed.
+
+3)  If a zone is defined in /etc/shorewall/hosts using
+   <interface>:!<network> in the HOSTS column then startup errors occur
+   on "shorewall [re]start".
  
diff --git a/STABLE/shorewall.spec b/STABLE/shorewall.spec
index 4babd73e2..fa3c27bc8 100644
--- a/STABLE/shorewall.spec
+++ b/STABLE/shorewall.spec
@@ -1,5 +1,5 @@
 %define name shorewall
-%define version 2.0.16
+%define version 2.0.17
 %define release 1
 %define prefix /usr
 
@@ -141,6 +141,8 @@ fi
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
 
 %changelog
+* Thu Mar 31 2005 Tom Eastep tom@shorewall.net
+- Updated to 2.0.17-1
 * Tue Feb 01 2005 Tom Eastep tom@shorewall.net
 - Updated to 2.0.16-1
 * Wed Jan 12 2005 Tom Eastep tom@shorewall.net
diff --git a/STABLE/uninstall.sh b/STABLE/uninstall.sh
index fa30c12fa..2218e6dd7 100755
--- a/STABLE/uninstall.sh
+++ b/STABLE/uninstall.sh
@@ -26,7 +26,7 @@
 #       You may only use this script to uninstall the version
 #       shown below. Simply run this script to remove Seattle Firewall
 
-VERSION=2.0.16
+VERSION=2.0.17
 
 usage() # $1 = exit status
 {