Merge branch '4.4.23'

2011-09-10 08:34:45 -07:00 · 2011-09-10 08:34:45 -07:00 · fb6d4ffaf9
commit fb6d4ffaf9
parent 6f2fd75a8c 8ce60ce825
4 changed files with 18 additions and 5 deletions
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -3373,13 +3373,22 @@ sub export_params() {
 	#
 	# Don't export pairs from %ENV
 	#
-	if ( exists $ENV{$param} && defined $ENV{$param} ) {
+	if ( exists $ENV{$param} ) {
+	    next unless defined $ENV{$param};
 	    next if $value eq $ENV{$param};
+	    #
+	    # Don't export anything from %ENV that contains quotes. 
+	    # We don't know that $SHOREWALL_SHELL was used to
+	    # process the params file (may even be processed on a
+	    # different system) so we don't know $SHOREWALL_SHELL's
+	    # convention for escaping quotes 
+	    #
+	    next if $value =~ /[\n'"]/;	
 	}

 	emit "#\n# From the params file\n#" unless $count++;

-	if ( $value =~ /[\s()[]/ ) {
+	if ( $value =~ /[\s()[`]/ ) {
 	    emit "$param='$value'";
 	} else {
 	    emit "$param=$value";
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@ -557,7 +557,11 @@ sub add_common_rules() {
 		$interfaceref->{options}{use_forward_chain} = 1;
 	    } elsif ( $interfaceref->{bridge} eq $interface ) {
 		add_ijump( $chainref , @ipsec ? 'j' : 'g' => $target1, imatch_dest_dev( $interface ), @ipsec ), $chainref->{filtered}++
-		    unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter} || $interfaceref->{physical} eq '+';
+		    unless( $config{ROUTE_FILTER} eq 'on' ||
+			    $interfaceref->{options}{routeback} ||
+			    $interfaceref->{options}{routefilter} ||
+			    $interfaceref->{physical} eq '+' );
+
 		$interfaceref->{options}{use_forward_chain} = 1;
 	    }

--- a/manpages/shorewall-interfaces.xml
+++ b/manpages/shorewall-interfaces.xml
@ -521,7 +521,7 @@ loc     eth2            -</programlisting>

                <para>Beginning with Shorewall 4.4.20, if you specify this
                option, then you should also specify either
-                <option>sfilter</option> (see above) or
+                <option>sfilter</option> (see below) or
                <option>routefilter</option> on all interfaces (see
                below).</para>
              </listitem>
--- a/manpages6/shorewall6-interfaces.xml
+++ b/manpages6/shorewall6-interfaces.xml
@ -319,7 +319,7 @@ loc     eth2            -</programlisting>

                <para>Beginning with Shorewall 4.4.20, if you specify this
                option, then you should also specify <option>sfilter</option>
-                (see above).</para>
+                (see below).</para>
              </listitem>
            </varlistentry>