Shorewall users - Mar 2013 - shorewall6 calculates incorrect network

We have a single-interface firewall with one zone defined for UW ipv6
address block and one for the rest of the world.

zones:
host	firewall
uw	ipv6
net	ipv6

hosts:
net	enet:<::/0>
uw	enet:<[2607:4000::/32]>

When this is compiled and loaded shorewall6 turns the 2607:4000::/32
into 2607:4000::/128 so it doesn''t pass ipv6 traffic from the uw zone
correctly.

$ shorewall show enet_in
Shorewall6 4.5.14 Chain enet_in at skimmer.s.uw.edu - Thu Mar 21
10:09:59 PDT 2013

Counters reset Wed Mar 20 15:02:58 PDT 2013

Chain enet_in (1 references)
 pkts bytes target     prot opt in     out     source
destination
    0     0      uw2host    all      *      *       2607:4000::/128
  ::/0
 1183 88080 net2host   all      *      *       ::/0
::/0


I think this is a bug. I don''t know when this broke but I''ve
validated
that it was working correctly in Shorewall6 4.4.25.2.

I''ve attached a shorewall6 trace check.

-Eric


------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar

On 03/21/2013 10:24 AM, Eric Horst wrote:
> 
> I think this is a bug. I don''t know when this broke but
I''ve validated
> that it was working correctly in Shorewall6 4.4.25.2.
> 
> I''ve attached a shorewall6 trace check.
It''s definitely a bug. Patch attached.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar

On 03/21/2013 10:24 AM, Eric Horst wrote:
> 
> I think this is a bug. I don''t know when this broke but
I''ve validated
> that it was working correctly in Shorewall6 4.4.25.2.
It was broken by a change in 4.5.8.

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar