From 2ab8bd3040eb251384386d8a9430359710b4eb98 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 9 Aug 2015 14:31:47 -0700
Subject: [PATCH] More update fixes

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Compiler.pm |  1 +
 Shorewall/Perl/Shorewall/Misc.pm     | 24 +++++++++++++++++++++---
 Shorewall/Perl/Shorewall/Raw.pm      | 14 +++++++++++---
 Shorewall/Perl/Shorewall/Tc.pm       | 14 +++++++++++++-
 4 files changed, 46 insertions(+), 7 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm
index 529c887f2..357dc0d12 100644
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@@ -635,6 +635,7 @@ sub compiler {
 		  directives    => { store => \$directives,    validate=> \&validate_boolean    } ,
 		  tcrules       => { store => \$tcrules,       validate=> \&validate_boolean    } ,
 		  routestopped  => { store => \$routestopped,  validate=> \&validate_boolean    } ,
+		  notrack       => { store => \$notrack,       validate=> \&validate_boolean    } ,
 		  config_path   => { store => \$config_path } ,
 		  shorewallrc   => { store => \$shorewallrc } ,
 		  shorewallrc1  => { store => \$shorewallrc1 } ,
diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index 39fd22fef..2092ccced 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -247,7 +247,7 @@ sub remove_blacklist( $ ) {
 }
 
 #
-# Convert a pre-4.4.25 blacklist to a 4.4.25 blacklist
+# Convert a pre-4.4.25 blacklist to a 4.4.25 blrules file
 #
 sub convert_blacklist() {
     my $zones  = find_zones_by_option 'blacklist', 'in';
@@ -265,7 +265,19 @@ sub convert_blacklist() {
 	    $target = verify_audit( $disposition );
 	}
 
-	my $fn = open_file 'blacklist';
+	my $fn = open_file( 'blacklist' );
+
+	unless ( $fn ) {
+	    if ( -f ( $fn = find_file( 'blacklist' ) ) ) {
+		if ( unlink( $fn ) ) {
+		    warning_message "Empty blacklist file ($fn) removed";
+		} else {
+		    warning_message "Unable to remove empty blacklist file $fn: $!";
+		}
+	    }
+
+	    return 0;
+	}
 
 	first_entry "Converting $fn...";
 
@@ -558,6 +570,12 @@ EOF
 	rename $fn, "$fn.bak";
 	progress_message2 "Routestopped file $fn saved in $fn.bak";
 	close $stoppedrules;
+    } elsif ( -f ( my $fn1 = find_file( 'routestopped' ) ) ) {
+	if ( unlink( $fn1 ) ) {
+	    warning_message "Empty routestopped file ($fn1) removed";
+	} else {
+	    warning_message "Unable to remove empty routestopped file $fn1: $!";
+	}
     }
 }
 
@@ -826,7 +844,7 @@ sub add_common_rules ( $$$ ) {
 
     if ( $upgrade_blacklist ) {
 	exit 0 unless convert_blacklist || $upgrade_tcrules || $upgrade_routestopped;
-    } elsif ( my $fn = find_file 'blacklist' ) {
+    } elsif ( -f ( my $fn = find_file 'blacklist' ) ) {
 	warning_message "The blacklist file is no longer supported -- use '$product update -b' to convert $fn to the equivalent blrules file";
     }
 
diff --git a/Shorewall/Perl/Shorewall/Raw.pm b/Shorewall/Perl/Shorewall/Raw.pm
index b73cdf808..b5af8fe80 100644
--- a/Shorewall/Perl/Shorewall/Raw.pm
+++ b/Shorewall/Perl/Shorewall/Raw.pm
@@ -280,7 +280,7 @@ sub setup_conntrack($) {
     my $fn;
     my @files = $convert ? ( qw/notrack conntrack/ ) : ( 'conntrack' );
 
-    for my $name ( qw/notrack conntrack/ ) {
+    for my $name ( @files ) {
 
 	$fn = open_file( $name, 3 , 1 );
 
@@ -349,6 +349,14 @@ sub setup_conntrack($) {
 	    }
 	} elsif ( $name eq 'notrack' ) {
 	    $convert = undef;
+
+	    if ( -f ( my $fn1 = find_file( $name ) ) ) {
+		if ( unlink( $fn1 ) ) {
+		    warning_message "Empty notrack file ($fn1) removed";
+		} else {
+		    warning_message "Unable to remove empty notrack file ($fn1): $!";
+		}
+	    }
 	}
     }
 
@@ -369,7 +377,7 @@ sub setup_conntrack($) {
 #
 ##############################################################################################################
 EOF
-	    print $conntrack '?' . "FORMAT 3";
+	    print $conntrack '?' . "FORMAT 3\n";
 	    
 	    print $conntrack <<'EOF';
 #ACTION                 SOURCE          DESTINATION     PROTO   DEST            SOURCE  USER/           SWITCH
@@ -391,7 +399,7 @@ EOF
 		#
 		$empty = undef;
 
-		print $conntrack '?' . "format 1\n" unless $currentline =~ /^\s*\??FORMAT/i;
+		print $conntrack '?' . "FORMAT 1\n" unless $currentline =~ /^\s*\??FORMAT/i;
 	    }
 
 	    print $conntrack "$currentline\n";
diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index 59a6f5da5..be91e9d6c 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -3218,11 +3218,23 @@ sub setup_tc( $ ) {
 		    } else {
 			fatal_error "Cannot Rename $fn to $fn.bak: $!";
 		    }
+		} else {
+		    if ( unlink $fn ) {
+			warning_message "Empty tcrules file ($fn) removed";
+		    } else {
+			warning_message "Unable to remove empty tcrules file $fn: $!";
+		    }
 		}
 
 		close $mangle, directive_callback( 0 );
+	    } elsif ( -f ( my $fn = find_file( 'tcrules' ) ) ) {
+		if ( unlink $fn ) {
+		    warning_message "Empty tcrules file ($fn) removed";
+		} else {
+		    warning_message "Unable to remove empty tcrules file $fn: $!";
+		}
 	    }
-	} elsif ( my $fn = find_file( 'tcrules' ) ) {
+	} elsif ( -f ( my $fn = find_file( 'tcrules' ) ) ) {
 	    warning_message "The tcrules file is no longer supported -- use the '$product update -t' to convert $fn to an equivalent 'mangle' file";
 	}