Corrections to WORKAROUNDS implementation

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-21 23:23:13 +01:00 · 2015-06-06 12:15:03 -07:00 · 2015-06-06 12:15:03 -07:00 · 2956698298
commit 2956698298
parent 7c9155a6e8
3 changed files with 15 additions and 6 deletions
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@ -442,6 +442,7 @@ do_save() {
 			    rm -f ${VARDIR}/restore-$$
 			fi
 		    fi
+		fi
 	    else
 		case "$ARPTABLES" in
 		    */*)
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -301,7 +301,7 @@ our %renamed = ( AUTO_COMMENT => 'AUTOCOMMENT', BLACKLIST_LOGLEVEL => 'BLACKLIST
 #
 # Config options and global settings that are to be copied to output script
 #
-our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY LOCKFILE SUBSYSLOCK LOG_VERBOSITY WORKAROUNDS/;
+our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY LOCKFILE SUBSYSLOCK LOG_VERBOSITY/;
 #
 # From parsing the capabilities file or detecting capabilities
 #
@ -5718,7 +5718,7 @@ sub get_configuration( $$$$$ ) {
    default_yes_no 'TRACK_RULES'                , '';
    default_yes_no 'INLINE_MATCHES'             , '';
    default_yes_no 'BASIC_FILTERS'              , '';
-    default_yes_no 'WORKAROUNDS'                , '';
+    default_yes_no 'WORKAROUNDS'                , 'Yes';

    require_capability( 'BASIC_EMATCH', 'BASIC_FILTERS=Yes', 's' ) if $config{BASIC_FILTERS};

@ -6263,7 +6263,7 @@ sub generate_aux_config() {

    emit "#\n# Shorewall auxiliary configuration file created by Shorewall version $globals{VERSION} - $date\n#";

-    for my $option ( qw(VERBOSITY LOGFILE LOGFORMAT ARPTABLES IPTABLES IP6TABLES IP TC IPSET PATH SHOREWALL_SHELL SUBSYSLOCK LOCKFILE RESTOREFILE) ) {
+    for my $option ( qw(VERBOSITY LOGFILE LOGFORMAT ARPTABLES IPTABLES IP6TABLES IP TC IPSET PATH SHOREWALL_SHELL SUBSYSLOCK LOCKFILE RESTOREFILE WORKAROUNDS) ) {
 	conditionally_add_option $option;
    }

--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@ -2397,14 +2397,22 @@ sub compile_stop_firewall( $$$ ) {
    my $output  = $filter_table->{OUTPUT};
    my $forward = $filter_table->{FORWARD};

-    emit <<'EOF';
+    if ( $config{WORKAROUNDS} ) {
+	emit <<'EOF';
+#
+# Stop/restore the firewall after an error or because of a 'stop' or 'clear' command
+#
+stop_firewall() {
+    local hack
+EOF
+    } else {
+	emit <<'EOF';
 #
 # Stop/restore the firewall after an error or because of a 'stop' or 'clear' command
 #
 stop_firewall() {
 EOF
-
-    emit ( '    local hack' ) if $config{WORKAROUNDS};
+    }

    $output->{policy} = 'ACCEPT' if $config{ADMINISABSENTMINDED};