Correct typo in process_mangle_inline()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
Correct .conf manpages
2016-10-17 09:29:32 -07:00 · 2016-10-16 15:07:34 -07:00 · 2016-10-16 13:29:00 -07:00 · 2016-10-16 12:27:45 -07:00
6 changed files with 13 additions and 10 deletions
--- a/Shorewall/Perl/Shorewall/IPAddrs.pm
+++ b/Shorewall/Perl/Shorewall/IPAddrs.pm
@@ -436,7 +436,7 @@ sub validate_portpair( $$ ) {
    #
    # Accept '-' as a port-range separator
    #
-    $pair =~ tr/-/:/;
+    $pair =~ tr/-/:/ if $pair =~ /^[-0-9]+$/;

    fatal_error "Invalid port range ($portpair)" if $pair =~ tr/:/:/ > 1;

--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -134,12 +134,12 @@ sub setup_ecn()
 	    for my $interface ( @interfaces ) {
 		my $chainref = ensure_chain 'mangle', ecn_chain( $interface );

-		add_ijump $mangle_table->{POSTROUTING} , j => $chainref, $interfaces{$interface}, p => 'tcp', imatch_dest_dev( $interface ) if have_capability 'MANGLE_FORWARD';
-		add_ijump $mangle_table->{OUTPUT},       j => $chainref, $interfaces{$interface}, p => 'tcp', imatch_dest_dev( $interface );
+		add_ijump_extended $mangle_table->{POSTROUTING} , j => $chainref, $interfaces{$interface}, p => 'tcp', imatch_dest_dev( $interface ) if have_capability 'MANGLE_FORWARD';
+		add_ijump_extended $mangle_table->{OUTPUT},       j => $chainref, $interfaces{$interface}, p => 'tcp', imatch_dest_dev( $interface );
 	    }

 	    for my $host ( @hosts ) {
-		add_ijump( $mangle_table->{ecn_chain $host->[0]}, j => 'ECN', $host->[1], targetopts => '--ecn-tcp-remove', p => 'tcp',  imatch_dest_net( $host->[2] ) );
+		add_ijump_extended( $mangle_table->{ecn_chain $host->[0]}, j => 'ECN', $host->[1], targetopts => '--ecn-tcp-remove', p => 'tcp',  imatch_dest_net( $host->[2] ) );
 	    }
 	}
    }
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -3965,7 +3965,7 @@ sub process_mangle_inline( $$$$$$$$$$$$$$$$$$$ ) {
 	    process_mangle_rule1( $chainref,
 				  $moriginalmark,
 				  $msource,
-				  $dest,
+				  $mdest,
 				  $proto,
 				  merge_macro_column( $mports,          $ports ),
 				  merge_macro_column( $msports,         $sports ),
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@@ -798,7 +798,7 @@
                <para>Normally, only packets whose source address matches an
                entry in the ipset are dropped. If <option>src-dst</option> is
                included, then packets whose destination address matches an
-                entry in the ipset are also dropped. </para>
+                entry in the ipset are also dropped.</para>
              </listitem>
            </varlistentry>

@@ -920,7 +920,8 @@ net     all  DROP   info</programlisting>then the chain name is 'net-all'
          an administrative system in directories containing the
          configurations of remote firewalls. The contents of the variable are
          the default value for the <replaceable>system</replaceable>
-          parameter to the <command>remote-reload</command> and
+          parameter to the <command>remote-start</command>,
+          <command>remote-reload</command> and
          <command>remote-restart</command> commands.</para>
        </listitem>
      </varlistentry>
--- a/Shorewall6/manpages/shorewall6.conf.xml
+++ b/Shorewall6/manpages/shorewall6.conf.xml
@@ -647,7 +647,7 @@
          is SW_DBL6 and the default log level is <option>none</option> (no
          logging). if <option>ipset-only</option> is given, then chain-based
          dynamic blacklisting is disabled just as if DYNAMIC_BLACKLISTING=No
-          had been specified. </para>
+          had been specified.</para>

          <para>Possible <replaceable>option</replaceable>s are:</para>

@@ -781,7 +781,8 @@ net     all  DROP   info</programlisting>then the chain name is 'net-all'
          an administrative system in directories containing the
          configurations of remote firewalls. The contents of the variable are
          the default value for the <replaceable>system</replaceable>
-          parameter to the <command>remote-reload</command> and
+          parameter to the <command>remote-start</command>,
+          <command>remote-reload</command> and
          <command>remote-restart</command> commands.</para>
        </listitem>
      </varlistentry>
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@@ -2621,7 +2621,8 @@ DNAT       net        loc:192.168.1.3 tcp       <emphasis role="bold">4000:4100<
    "!4000:4100").</para>

    <para>Beginning with Shorewall 5.0.14, a hyphen ("-") may also be used to
-    separate the two port numbers.</para>
+    separate the two port numbers; when using service names, the colon must
+    still be used.</para>

    <programlisting>#ACTION    SOURCE     DESTINATION     PROTO     DPORT
 DNAT       net        loc:192.168.1.3 tcp       <emphasis role="bold">4000-4100</emphasis></programlisting>
Author	SHA1	Message	Date
Tom Eastep	9fc56bb896	Correct typo in process_mangle_inline() Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-10-17 09:29:32 -07:00
Tom Eastep	2c191bf595	Correct .conf manpages Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-10-16 15:07:34 -07:00
Tom Eastep	4bb942f1f9	Restrict hypen as range separator to use with integers Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-10-16 13:29:00 -07:00
Tom Eastep	04051454bf	Reverse bad ECN handling patch Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-10-16 12:27:45 -07:00