From fedc99ecb6b736f1d2af53c78821e4daee308a7c Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sun, 18 Mar 2007 21:57:39 +0000
Subject: [PATCH] More fixes for 'detect'

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5571 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 New/Shorewall/Chains.pm | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/New/Shorewall/Chains.pm b/New/Shorewall/Chains.pm
index 6071b1566..bfca21fe8 100644
--- a/New/Shorewall/Chains.pm
+++ b/New/Shorewall/Chains.pm
@@ -978,9 +978,11 @@ sub expand_rule( $$$$$$$$$$ )
     #
     if ( $iiface ) {
 	fatal_error "Unknown Interface ($iiface): \"$line\"" unless known_interface $iiface;
+
 	if ( $restriction == POSTROUTE_RESTRICT ) {
-	    add_command( $chainref , ('   ' x $detectcount) . "sources=\$(get_routed_networks $iiface)" );
-	    add_command( $chainref , ('   ' x $detectcount) . 'for source in $sources; do' );
+	    add_command( $chainref , ('    ' x $detectcount) . "sources=\$(get_routed_networks $iiface)" );
+	    add_command( $chainref , ('    ' x $detectcount) . qq([ -z "\$sourcess" ] && fatal_error "Unable to determine the routes through interface \"$iiface\"") );
+	    add_command( $chainref , ('    ' x $detectcount) . 'for source in $sources; do' );
 	    $rule .= '-s $source';
 	    $detectcount++;
 	} else {
@@ -1010,9 +1012,12 @@ sub expand_rule( $$$$$$$$$$ )
     #
     if ( $diface ) {
 	fatal_error "Unknown Interface ($diface) in rule \"$line\"" unless known_interface $diface;
+
 	if ( $restriction == PREROUTE_RESTRICT ) {
-	    add_command( $chainref , ('   ' x $detectcount) . "dests=\$(find_interface_addresses $diface)" );
-	    add_command( $chainref , ('   ' x $detectcount) . 'for dest in $dests; do' );
+	    add_command( $chainref , ('    ' x $detectcount) . "dests=\$(find_interface_addresses $diface)" );
+	    add_command( $chainref , ('    ' x $detectcount) . qq([ -z "\$dests" ] && fatal_error "Unable to determine the address(es) of interface \"$diface\"") );
+
+	    add_command( $chainref , ('    ' x $detectcount) . 'for dest in $dests; do' );
 	    $rule .= '-d $dest';
 	    $detectcount++;
 	} else {
@@ -1025,10 +1030,10 @@ sub expand_rule( $$$$$$$$$$ )
     if ( $detectcount ) {
 	my $newchainref = new_anon_chain( $chainref );
 
-	add_command $chainref, ('   ' x $detectcount) . qq(emit "-A $chain $rule -j $newchainref->{name}");
+	add_command $chainref, ('    ' x $detectcount) . qq(emit "-A $chain $rule -j $newchainref->{name}");
 
 	while ( $detectcount-- ) { 
-	    add_command( $chainref, ('   ' x $detectcount) . 'done' ); 
+	    add_command( $chainref, ('    ' x $detectcount) . 'done' ); 
 	}
 
 	$chainref = $newchainref;