More changes to avoid crashing with very old kernels

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3797 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-01-10 23:58:14 +01:00 · 2006-04-17 19:59:51 +00:00 · 2006-04-17 19:59:51 +00:00 · 009d710cc5
commit 009d710cc5
parent 78fb4c4ffd
3 changed files with 21 additions and 4 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -13,6 +13,8 @@ Changes in 3.2.0 Beta 5

 6)  Fix deletion of SNAT ip addresses.

+7)  Accomodate ancient kernel's with no FORWARD or POSTROUTING in mangle.
+
 Changes in 3.2.0 Beta 4

 1)  Fix 'routeback' with bridge ports.
--- a/Shorewall/compiler
+++ b/Shorewall/compiler
@ -3470,9 +3470,13 @@ setup_tc1() {
    #

    createmanglechain tcpre
-    [ -n "$MANGLE_FORWARD" ] && createmanglechain tcfor
-    createmanglechain tcout
+
+    if [ -n "$MANGLE_FORWARD" ]; then
+	createmanglechain tcfor
 	createmanglechain tcpost
+    fi
+
+    createmanglechain tcout
    #
    # Process the TC Rules File
    #
@ -3498,8 +3502,10 @@ setup_tc1() {
    run_iptables -t mangle -A PREROUTING $mark_part -j tcpre
    run_iptables -t mangle -A OUTPUT     $mark_part -j tcout

-    [ -n "$MANGLE_FORWARD" ] && run_iptables -t mangle -A FORWARD -j tcfor
+    if [ -n "$MANGLE_FORWARD" ]; then
+	run_iptables -t mangle -A FORWARD -j tcfor
 	run_iptables -t mangle -A POSTROUTING -j tcpost
+    fi

    if [ -n "$HIGH_ROUTE_MARKS" ]; then
 	for chain in INPUT FORWARD; do
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -46,6 +46,15 @@ Problems Corrected in 3.2.0 Beta 5
 4)  Regardless of the setting of ADD_SNAT_IPADDRS, Shorewall will delete
    the ADDRESS in an SNAT rule (/etc/shorewall/masq) during [re]start.

+5)  Previously, if your kernel did not supply the mangle table FORWARD chain
+    then "shorewall [re]start" would fail. Now, if your mangle table does
+    not supply this chain, Shorewall will avoid using that either that chain or
+    the mangle table POSTROUTING chain. This change is strictly to stop Shorewall
+    from blowing up during [re]start on very old kernels (such as 2.4.17
+    running on a PS2); if your kernel does not support these chains and you
+    try to mark packets in either of them using entries in
+    /etc/shorewall/tcrules, [re]start will fail.
+
 Other changes in 3.2.0 Beta 5

 1)  The "shorewall refresh" command no longer refreshes traffic shaping.