Simplify IP_FORWARDING handling

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5313 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/compiler

@@ -660,14 +660,14 @@ setup_forwarding() {
     progress_message2 "Compiling IP Forwarding..."
 
     case "$IP_FORWARDING" in
-    [Oo][Nn])
+	On|on)
-	save_progress_message "IP Forwarding Enabled"
+	    save_progress_message "IP Forwarding Enabled"
-	save_command "echo 1 > /proc/sys/net/ipv4/ip_forward"
+	    save_command "echo 1 > /proc/sys/net/ipv4/ip_forward"
-	;;
+	    ;;
-    [Oo][Ff][Ff])
+	Off|off)
-	save_progress_message "IP Forwarding Disabled!"
+	    save_progress_message "IP Forwarding Disabled!"
-	save_command "echo 0 > /proc/sys/net/ipv4/ip_forward"
+	    save_command "echo 0 > /proc/sys/net/ipv4/ip_forward"
-	;;
+	    ;;
     esac
 }
 
@@ -4701,14 +4701,14 @@ __EOF__
     save_command
 
     case "$IP_FORWARDING" in
-    [Oo][Nn])
+	On|on|ON)
-	save_command "echo 1 > /proc/sys/net/ipv4/ip_forward"
+	    save_command "echo 1 > /proc/sys/net/ipv4/ip_forward"
-	save_command "progress_message2 IP Forwarding Enabled"
+	    save_command "progress_message2 IP Forwarding Enabled"
-	;;
+	    ;;
-    [Oo][Ff][Ff])
+	Off|off|OFF)
-	save_command "echo 0 > /proc/sys/net/ipv4/ip_forward"
+	    save_command "echo 0 > /proc/sys/net/ipv4/ip_forward"
-	save_command "progress_message2 IP Forwarding Disabled!"
+	    save_command "progress_message2 IP Forwarding Disabled!"
-	;;
+	    ;;
     esac
 
     append_file stopped

Shorewall/firewall

@@ -378,14 +378,14 @@ stop_firewall() {
     done
 
     case "$IP_FORWARDING" in
-    [Oo][Nn])
+	On|on|ON)
-	echo 1 > /proc/sys/net/ipv4/ip_forward
+	    echo 1 > /proc/sys/net/ipv4/ip_forward
-	progress_message2 "IP Forwarding Enabled"
+	    progress_message2 "IP Forwarding Enabled"
-	;;
+	    ;;
-    [Oo][Ff][Ff])
+	Off|off|OFF)
-	echo 0 > /proc/sys/net/ipv4/ip_forward
+	    echo 0 > /proc/sys/net/ipv4/ip_forward
-	progress_message2 "IP Forwarding Disabled!"
+	    progress_message2 "IP Forwarding Disabled!"
-	;;
+	    ;;
     esac
 
     run_user_exit stopped

Shorewall/lib.config

@@ -1906,7 +1906,6 @@ do_initialize() {
 
 	if [ -z "$IPTABLES" ]; then
 	    IPTABLES=$(mywhich iptables 2> /dev/null)
-
 	    [ -z "$IPTABLES" ] && startup_error "Can't find iptables executable"
 	else
 	    [ -e "$IPTABLES" ] || startup_error "\$IPTABLES=$IPTABLES does not exist or is not executable"
@@ -1918,7 +1917,6 @@ do_initialize() {
 
     else
 	f=$(find_file capabilities)
-
 	[ -f $f ] && . $f || startup_error "The -e flag requires a capabilities file"
     fi
 
@@ -1934,11 +1932,11 @@ do_initialize() {
 
     if [ -n "$IP_FORWARDING" ]; then
 	case "$IP_FORWARDING" in
-	[Oo][Nn]|[Oo][Ff][Ff]|[Kk][Ee][Ee][Pp])
+	    On|Off|Keep|on|off|keep|ON|OFF|KEEP)
-	    ;;
+		;;
-	*)
+	    *)
-	    startup_error "Invalid value ($IP_FORWARDING) for IP_FORWARDING"
+		startup_error "Invalid value ($IP_FORWARDING) for IP_FORWARDING"
-	    ;;
+		;;
 	esac
     else
 	IP_FORWARDING=On

Shorewall/releasenotes.txt

@@ -43,13 +43,13 @@ Problems Corrected in 3.4.0 RC 1
 
     The LITEDIR setting is the location where the compiled script
     should be placed. Unfortunately, the "shorewall [re]load" command
-    uses the setting on the administrative system rather than the one
+    prefiously used the setting on the administrative system rather
-    from the firewall system so it is possible for that command to
+    than the one from the firewall system so it was possible for that
-    upload the compiled script to the wrong directory.
+    command to upload the compiled script to the wrong directory.
 
     To work around this problem, Shorewall now determines the LITEDIR
     setting on the firewall system and uses that setting for uploading
-    the compiled script.
+    the compiled script and its companion .conf file.
 
 2)  Previously, IP ranges and ipset names were handled incorrectly in
     the last column of the maclist file with the result that run-time