Correct defects found while unit testing IPv6 Dynamic Zones

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Chains.pm

@@ -385,6 +385,8 @@ my  %builtin_target = ( ACCEPT      => 1,
 			ULOG        => 1,
 		        );
 
+my %ipset_exists;
+
 #
 # Rather than initializing globals in an INIT block or during declaration,
 # we initialize them in a function. This is done for two reasons:
@@ -437,6 +439,8 @@ sub initialize( $$$ ) {
     $warningcount       = 0;
     $hashlimitset       = 0;
     $ipset_rules        = 0 if $hard;
+
+    %ipset_exists       = ();
     #
     # The chain table is initialized via a call to initialize_chain_table() after the configuration and capabilities have been determined.
     #
@@ -2906,7 +2910,11 @@ sub get_set_flags( $$ ) {
     $setname =~ s/^\+//;
 
     unless ( $export || $> != 0 ) {
-	warning_message "Ipset $setname does not exist" unless qt "ipset -L $setname";
+	unless ( $ipset_exists{$setname} ) {
+	    warning_message "Ipset $setname does not exist" unless qt "ipset -L $setname";
+	}
+
+	$ipset_exists{$setname} = 1; # Suppress subsequent checks/warnings
     }
 
     fatal_error "Invalid ipset name ($setname)" unless $setname =~ /^[a-zA-Z]\w*/;
@@ -4532,34 +4540,38 @@ sub load_ipsets() {
 	       '        IPSET="$(mywhich $IPSET)"',
 	       '        [ -n "$IPSET" ] || startup_error "The ipset utility cannot be located"' ,
 	       '        ;;',
-	       'esac',
+	       'esac' ,
-	       '',
+	       '' ,
-	       'if [ "$COMMAND" = start ]; then' ,
+	       'if [ "$COMMAND" = start ]; then' );
-	       '    if [ -f ${VARDIR}/ipsets.save ]; then' ,
+	
-	       '        $IPSET -F' ,
+	if ( $config{SAVE_IPSETS} ) {
-	       '        $IPSET -X' ,
+	    emit ( '    if [ -f ${VARDIR}/ipsets.save ]; then' ,
-	       '        $IPSET -R < ${VARDIR}/ipsets.save' ,
+		   '        $IPSET -F' ,
-	       '    fi' );
+		   '        $IPSET -X' ,
+		   '        $IPSET -R < ${VARDIR}/ipsets.save' ,
+		   '    fi' );
+	}
 
 	if ( @ipsets ) {
 	    emit ( '' );
-
 	    ensure_ipset( $_ ) for @ipsets;
-
 	    emit ( '' );
 	}
 
-	emit ( 'elif [ "$COMMAND" = restore -a -z "$g_recovering" ]; then' ,
+	emit ( 'elif [ "$COMMAND" = restore -a -z "$g_recovering" ]; then' );
-	       '    if [ -f $(my_pathname)-ipsets ]; then' ,
+
-	       '        if chain_exists shorewall; then' ,
+	if ( $config{SAVE_IPSETS} ) {
-	       '            startup_error "Cannot restore $(my_pathname)-ipsets with Shorewall running"' ,
+	    emit( '    if [ -f $(my_pathname)-ipsets ]; then' ,
-	       '        else' ,
+		  '        if chain_exists shorewall; then' ,
-	       '            $IPSET -F' ,
+		  '            startup_error "Cannot restore $(my_pathname)-ipsets with Shorewall running"' ,
-	       '            $IPSET -X' ,
+		  '        else' ,
-	       '            $IPSET -R < $(my_pathname)-ipsets' ,
+		  '            $IPSET -F' ,
-	       '        fi' ,
+		  '            $IPSET -X' ,
-	       '    fi' ,
+		  '            $IPSET -R < $(my_pathname)-ipsets' ,
-	     );
+		  '        fi' ,
+		  '    fi' ,
+		);
+	}
 
 	if ( @ipsets ) {
 	    emit '';

Shorewall6/lib.cli

@@ -1291,7 +1291,7 @@ add_command() {
     zone=$1
 
     for host in $hostlist; do
-	interface=${host%:*}
+	interface=${host%%:*}
 
 	ipset=${zone}_${interface};
 
@@ -1315,7 +1315,7 @@ add_command() {
 #
 delete_command() {
     local interface host hostent hostlist zone ipset
-    if ! shorewall_is_started ; then
+    if ! shorewall6_is_started ; then
 	echo "Shorewall6 Not Started" >&2
 	exit 2;
     fi
@@ -1350,7 +1350,7 @@ delete_command() {
     zone=$1
 
     for hostent in $hostlist; do
-	interface=${hostent%:*}
+	interface=${hostent%%:*}
 
 	ipset=${zone}_${interface};
 
@@ -1361,7 +1361,7 @@ delete_command() {
 	host=${hostent#*:}
 
 	if $IPSET -D $ipset $host; then
-	    echo "Host $hostend deleted from zone $zone"
+	    echo "Host $hostent deleted from zone $zone"
 	else
 	    echo "   WARNING: Unable to delete host $hostent to zone $zone" >&2
 	fi