Stage handles Shorewall6; fix IPv6 ENHANCED_REJECT handling in -perl

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8979 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-perl/Shorewall/Config.pm

@@ -1752,7 +1752,7 @@ sub determine_capabilities( $ ) {
 
     $capabilities{IPP2P_MATCH}     = qt1( "$iptables -A $sillyname -p tcp -m ipp2p --edk -j ACCEPT" );
     $capabilities{LENGTH_MATCH}    = qt1( "$iptables -A $sillyname -m length --length 10:20 -j ACCEPT" );
-    $capabilities{ENHANCED_REJECT} = qt1( "$iptables -A $sillyname -j REJECT --reject-with icmp-host-prohibited" );
+    $capabilities{ENHANCED_REJECT} = qt1( "$iptables -A $sillyname -j REJECT --reject-with icmp6-admt-prohibited" );
     $capabilities{COMMENTS}        = qt1( qq($iptables -A $sillyname -j ACCEPT -m comment --comment "This is a comment" ) );
 
     if  ( $capabilities{MANGLE_ENABLED} ) {

Shorewall-perl/Shorewall/Rules.pm

@@ -581,8 +581,14 @@ sub add_common_rules() {
 
     if ( $capabilities{ENHANCED_REJECT} ) {
 	add_rule $rejectref , '-p 17 -j REJECT';
-	add_rule $rejectref, '-p 1 -j REJECT --reject-with icmp-host-unreachable';
-	add_rule $rejectref, '-j REJECT --reject-with icmp-host-prohibited';
+	
+	if ( $family == F_IPV4 ) {
+	    add_rule $rejectref, '-p 1 -j REJECT --reject-with icmp-host-unreachable';
+	    add_rule $rejectref, '-j REJECT --reject-with icmp-host-prohibited';
+	} else {
+	    add_rule $rejectref, '-p 58 -j REJECT --reject-with icmp6-addr-unreachable';
+	    add_rule $rejectref, '-j REJECT --reject-with icmp6-adm-prohibited'; 
+	}
     } else {
 	add_rule $rejectref , '-j REJECT';
     }

Shorewall6/lib.base

@@ -805,7 +805,7 @@ determine_capabilities() {
 
     qt $IP6TABLES -A $chain -p tcp -m ipp2p --edk -j ACCEPT              && IPP2P_MATCH=Yes
     qt $IP6TABLES -A $chain -m length --length 10:20 -j ACCEPT           && LENGTH_MATCH=Yes
-    qt $IP6TABLES -A $chain -j REJECT --reject-with icmp-host-prohibited && ENHANCED_REJECT=Yes
+    qt $IP6TABLES -A $chain -j REJECT --reject-with icmp6-adm-prohibited && ENHANCED_REJECT=Yes
 
     qt $IP6TABLES -A $chain -j ACCEPT -m comment --comment "This is a comment" && COMMENTS=Yes
 

tools/build/stage

@@ -30,7 +30,9 @@ usage() {
 }
 
 rpm=
+rpm6=
 literpm=
+lite6rpm=
 perlrpm=
 shellrpm=
 
@@ -45,6 +47,8 @@ UPLOADSHELL=
 UPLOADLITE=
 UPLOADXML=
 UPLOADHTML=
+UPLOAD6=
+UPLOAD6LITE=
 PARTIAL=Yes
 BASE=
 
@@ -101,6 +105,14 @@ while [ -z "$done" ]; do
 			UPLOADHTML=Yes
 			option=${option#h}
 			;;
+		    6*)
+			UPLOAD6=Yes
+			option=${option#6}
+			;;
+		    L*)
+			UPLOAD6LITE=Yes
+			option=${option#L}
+			;;
 	    	    *)
 			usage
 			;;
@@ -153,6 +165,17 @@ case $1 in
 	shellrpm=shorewall-shell-${1}-0base.noarch.rpm
 	BASE=Yes
 	;;
+    4.3.*)
+	DEST="/srv/ftp/pub/shorewall/development/staging/${1%.*}/shorewall-$1"
+	SHOREWALL=shorewall-common
+	rpm=shorewall-common-${1}-0base.noarch.rpm
+	literpm=shorewall-lite-${1}-0base.noarch.rpm
+	perlrpm=shorewall-perl-${1}-0base.noarch.rpm
+	shellrpm=shorewall-shell-${1}-0base.noarch.rpm
+	rpm6=shorewall6-${1}-0base.noarch.rpm
+	lite6rpm=shorewall6-lite-${1}-0base.noarch.rpm
+	BASE=Yes
+	;;
     3.*[13579].*)
 	DEST="/srv/ftp/pub/shorewall/development/staging/${1%.*}/shorewall-$1"
 	rpm=shorewall-${1}-1.noarch.rpm
@@ -215,10 +238,12 @@ fi
 files="errata known_problems.txt releasenotes.txt patch-*-$1 ${1}.*"
 base=
 
+[ -n "$UPLOAD6" ]      && base="shorewall6-${1}.tar.*"                && files="$files shorewall6-${1}.*          $rpm6"
 [ -n "$UPLOADPERL" ]   && base="shorewall-perl-${1}.tar.*"            && files="$files shorewall-perl-${1}.*      $perlrpm"
 [ -n "$UPLOADCOMMON" ] && base="$base shorewall-common-${1}.tar.*"    && files="$files shorewall-common-${1}.*    $rpm"
 [ -n "$UPLOADSHELL" ]  && base="$base shorewall-shell-${1}.tar.*"     && files="$files shorewall-shell-${1}.*     $shellrpm"
 [ -n "$UPLOADLITE" ]   && base="$base shorewall-lite-${1}.tar.*"      && files="$files shorewall-lite-${1}.*      $literpm"
+[ -n "$UPLOAD6LITE" ]  && base="$base shorewall6-lite-${1}.tar.*"     && files="$files shorewall6-lite-${1}.*     $lite6rpm"
 [ -n "$UPLOADXML" ]    && base="$base shorewall-docs-xml-${1}.tar.*"  && files="$files shorewall-docs-xml-${1}.*  $literpm"
 [ -n "$UPLOADHTML" ]   && base="$base shorewall-docs-html-${1}.tar.*" && files="$files shorewall-docs-html-${1}.* $literpm"