From 3803870081595a03cc742847a988615e71a81c54 Mon Sep 17 00:00:00 2001 From: teastep Date: Sat, 16 Jun 2007 15:24:17 +0000 Subject: [PATCH] Fixes from 3.4 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6566 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall-common/lib.config | 4 ++- Shorewall-common/shorewall | 54 +++++++++++++++++++++++++++++------ Shorewall-lite/shorewall-lite | 12 ++++---- Shorewall-shell/compiler | 2 ++ 4 files changed, 56 insertions(+), 16 deletions(-) diff --git a/Shorewall-common/lib.config b/Shorewall-common/lib.config index cd51b4187..2ff3b8ae0 100644 --- a/Shorewall-common/lib.config +++ b/Shorewall-common/lib.config @@ -413,7 +413,9 @@ setup_ipsec() { if [ "$policy" != NONE ]; then ensurechain $1 - run_iptables -I $1 -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $2: -j TCPMSS --set-mss $2 + local match= + [ "$TCPMSS_MATCH" ] && match="-m tcpmss --mss $2: " + run_iptables -I $1 -p tcp --tcp-flags SYN,RST SYN ${match}-j TCPMSS --set-mss $2 fi } # diff --git a/Shorewall-common/shorewall b/Shorewall-common/shorewall index abf8ff955..771f59415 100755 --- a/Shorewall-common/shorewall +++ b/Shorewall-common/shorewall @@ -1400,6 +1400,49 @@ while [ $finished -eq 0 ]; do esac done +version_command() { + local finished=0 all= + + while [ $finished -eq 0 -a $# -gt 0 ]; do + option=$1 + case $option in + -*) + option=${option#-} + + while [ -n "$option" ]; do + case $option in + -) + finished=1 + option= + ;; + a*) + all=Yes + option=${option#a} + ;; + *) + usage 1 + ;; + esac + done + shift + ;; + *) + finished=1 + ;; + esac + done + + [ $# -gt 0 ] && usage 1 + + echo $version + + if [ -n "$all" ]; then + if [ -f /usr/share/shorewall-perl/version ]; then + echo "Shorewall-perl $(cat /usr/share/shorewall-perl/version)" + fi + fi +} + if [ $# -eq 0 ]; then usage 1 fi @@ -1560,15 +1603,8 @@ case "$COMMAND" in hits_command ;; version) - echo $version - - if [ -f /usr/share/shorewall-shell/version ]; then - echo "Shorewall-shell $(cat /usr/share/shorewall-shell/version)" - fi - - if [ -f /usr/share/shorewall-perl/version ]; then - echo "Shorewall-perl $(cat /usr/share/shorewall-perl/version)" - fi + shift + version_command $@ ;; try) get_config diff --git a/Shorewall-lite/shorewall-lite b/Shorewall-lite/shorewall-lite index f121b4c94..3ad1577b5 100755 --- a/Shorewall-lite/shorewall-lite +++ b/Shorewall-lite/shorewall-lite @@ -605,9 +605,9 @@ case "$COMMAND" in [ -n "$debugging" ] && set -x [ $# -eq 1 ] && usage 1 if shorewall_is_started ; then - mutex_on + [ -n "$nolock" ] || mutex_on block DROP Dropped $* - mutex_off + [ -n "$nolock" ] || mutex_off else error_message "ERROR: Shorewall Lite is not started" exit 2 @@ -617,9 +617,9 @@ case "$COMMAND" in [ -n "$debugging" ] && set -x [ $# -eq 1 ] && usage 1 if shorewall_is_started ; then - mutex_on + [ -n "$nolock" ] || mutex_on block logdrop Dropped $* - mutex_off + [ -n "$nolock" ] || mutex_off else error_message "ERROR: Shorewall Lite is not started" exit 2 @@ -629,9 +629,9 @@ case "$COMMAND" in [ -n "$debugging" ] && set -x [ $# -eq 1 ] && usage 1 if shorewall_is_started ; then - mutex_on + [ -n "$nolock" ] || mutex_on block $COMMAND Rejected $* - mutex_off + [ -n "$nolock" ] || mutex_off else error_message "ERROR: Shorewall Lite is not started" exit 2 diff --git a/Shorewall-shell/compiler b/Shorewall-shell/compiler index c017a29c7..49ad022d6 100755 --- a/Shorewall-shell/compiler +++ b/Shorewall-shell/compiler @@ -4865,6 +4865,7 @@ compile_firewall() # $1 = File Name local IPTABLES_COMMAND=run_iptables local INDENT="" local checking= outfile=$1 dir= + local match= setup_mss() { @@ -4874,6 +4875,7 @@ compile_firewall() # $1 = File Name ;; *) option="--set-mss $CLAMPMSS" + [ "$TCPMSS_MATCH" ] && match="-m tcpmss --mss $CLAMPMSS: " ;; esac