Update dev path

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4379 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-23 08:03:11 +01:00 · 2006-08-18 15:34:57 +00:00 · 2006-08-18 15:34:57 +00:00 · 234aa082e5
commit 234aa082e5
parent b151225aff
5 changed files with 23 additions and 8 deletions
--- a/Shorewall/compiler
+++ b/Shorewall/compiler
@ -924,7 +924,7 @@ determine_hosts() {

 	for interface in $interfaces; do
 	    if interface_has_option $interface detectnets; then
-		networks=$(get_routed_networks $interface)
+		networks=$(get_routed_networks $interface "detectnets not allowed on interface with default route - $interface" )
 	    else
 		networks=0.0.0.0/0
 	    fi
@ -8068,7 +8068,7 @@ compile_firewall() # $1 = File Name
 	[ -h $dir ] && fatal_error "$dir is a Symbolic Link"
 	[ -d $outfile ] && fatal_error "$outfile is a Directory"
 	[ -h $outfile ] && fatal_error "$outfile is a Symbolic Link"
-	[ -f $outfile -a ! -x $outfile ] && fatal_error "$outfile exists and is not a restore file"
+	[ -f $outfile -a ! -x $outfile ] && fatal_error "$outfile exists and is not a compiled script"

 	DOING=Compiling
 	DONE=compiled
@ -8114,7 +8114,7 @@ __EOF__

    compile_stop_firewall

-cat >&3 << __EOF__
+    cat >&3 << __EOF__

 #
 # Set policy of chain \$1 to \$2
--- a/Shorewall/functions
+++ b/Shorewall/functions
@ -1150,7 +1150,12 @@ get_routed_networks() # $1 = interface name
    ip route show dev $1 2> /dev/null |
 	while read address rest; do
 	    if [ "x$address" = xdefault ]; then
-		error_message "WARNING: default route ignored on interface $1"
+		if [ $# -gt 1 ]; then
+		    shift
+		    fatal_error "$@"
+		else
+		    "WARNING: default route ignored on interface $1"
+		fi
 	    else
 		[ "$address" = "${address%/*}" ] && address="${address}/32"
 		echo $address
--- a/Shorewall/prog.footer
+++ b/Shorewall/prog.footer
@ -11,9 +11,9 @@ usage() {
 initialize

 #
-# Start trace if first arg is "debug"
+# Start trace if first arg is "debug" or "trace"
 #
-[ $# -gt 1 ] && [ "$1" = "debug" ] && { set -x ; shift ; }
+[ $# -gt 1 ] && [ "$1" = "debug" -o "$1" = "trace" ] && { set -x ; shift ; }

 finished=0

@ -69,6 +69,7 @@ case "$COMMAND" in
 	    progress_message3 "Starting $PRODUCT...."
 	    define_firewall
 	    status=$?
+	    [ -n "$SUBSYSLOCK" -a $status -eq 0 ] && touch $SUBSYSLOCK
 	    progress_message3 "done."
 	fi
 	;;
@ -76,6 +77,7 @@ case "$COMMAND" in
 	progress_message3 "Stopping $PRODUCT...."
 	stop_firewall
 	status=0
+	[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
 	progress_message3 "done."
 	;;
    reset)
@ -101,16 +103,23 @@ case "$COMMAND" in

 	define_firewall
 	status=$?
+	if [ -n "$SUBSYSLOCK" ]; then
+ 	    [ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
+        fi	
 	progress_message3 "done."
 	;;
    restore)
 	restore_firewall
 	status=$?
+	if [ -n "$SUBSYSLOCK" ]; then
+ 	    [ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
+        fi	
 	;;
    clear)
 	progress_message3 "Clearing $PRODUCT...."
 	clear_firewall
 	status=0
+	[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
 	progress_message3 "done."
 	;;
    status)
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@ -1225,7 +1225,6 @@ safe_commands() {
    fi

    mutex_off
-    [ $? -eq 0 ] && [ -n "$SUBSYSLOCK" ] && touch $SUBSYSLOCK
 }

 #
--- a/Shorewall/tcrules
+++ b/Shorewall/tcrules
@ -69,7 +69,9 @@
 #				- htb
 #				- prio
 #
-#			   Classify always occurs in the POSTROUTING chain.
+#			   Classification occurs in the POSTROUTING chain except
+#			   when the SOURCE is $FW[:<address>] in which case
+#			   marking occurs in the OUTPUT chain.
 #
 #			c) RESTORE[/mask] -- restore the packet's mark from the
 #			   connection's mark using the supplied mask if any.