More cleansing of the compiler

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3355 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/compiler

@@ -152,17 +152,6 @@ qt_iptables() {
     save_command qt \$IPTABLES $@
 }
 
-#
-# Run ip and if an error occurs, issue a message and quit
-#
-run_ip() {
-    if ! ip $@ ; then
-	error_message "ERROR: Command \"ip $@\" Failed"
-	rm -rf $TMP_DIR
-	exit 2
-    fi
-}
-
 #
 # Generate a command to run tc
 #
@@ -6952,30 +6941,6 @@ validate_blacklist() {
     done < $TMP_DIR/blacklist
 }
 
-#
-# Verify that kernel has netfilter support
-#
-verify_os_version() {
-
-    osversion=$(uname -r)
-
-    case $osversion in
-    2.4.*|2.5.*|2.6.*)
-	;;
-    *)
-	startup_error "Shorewall version $VERSION does not work with kernel version $osversion"
-	;;
-    esac
-
-}
-
-# Verify that the 'ip' program is installed
-
-verify_ip() {
-    qt ip link ls ||\
-	startup_error "Shorewall $VERSION requires the iproute package ('ip' utility)"
-}
-
 #
 # Perform Initialization
 #	- Delete all old rules
@@ -7180,23 +7145,18 @@ initialize_netfilter () {
     createchain dynamic no
     createchain smurfs no
 
-    if [ -f /var/lib/shorewall/save ]; then
+    echo >> $RESTOREBASE << __EOF__
-	progress_message2 "Setting up dynamic rules..."
+${INDENT}if [ -f /var/lib/shorewall/save ]; then
-
+${INDENT}    progress_message2 "Setting up dynamic rules..."
-	save_progress_message "Restoring dynamic rules..."
+${INDENT}    while read target ignore1 ignore2 address rest; do
-
+${INDENT}        case \$target in
-	if [ -f /var/lib/shorewall/save ]; then
+${INDENT}            DROP|reject)
-	    while read target ignore1 ignore2 address rest; do
+${INDENT}                run_iptables -A dynamic -s \$address -j \$target
-		case $target in
+${INDENT}                ;;
-		    DROP|reject)
+${INDENT}        esac
-			run_iptables -A dynamic -s $address -j $target
+${INDENT}    done < /var/lib/shorewall/save
-			;;
+${INDENT}fi
-		    *)
+__EOF__
-			;;
-		esac
-	    done < /var/lib/shorewall/save
-	fi
-    fi
 
     [ -n "$BLACKLISTNEWONLY" ] && state="-m state --state NEW,INVALID" || state=
 
@@ -7862,8 +7822,8 @@ activate_rules()
 	echo $zone $type $source_hosts >> $STATEDIR/zones
 
 	if [ -n "$DYNAMIC_ZONES" ]; then
-	    echo "$FW $zone $chain1" >> /var/lib/shorewall/chains
+	    echo "$FW $zone $chain1" >> $STATEDIR/chains
-	    echo "$zone $FW $chain2" >> /var/lib/shorewall/chains
+	    echo "$zone $FW $chain2" >> $STATEDIR/chains
 	fi
 
 	need_broadcast=
@@ -7915,7 +7875,7 @@ activate_rules()
 
 	    [ -z "$chain" ] && continue # CONTINUE policy and there is no canonical chain.
 
-	    [ -n "$DYNAMIC_ZONES" ] && echo "$zone $zone1 $chain" >> /var/lib/shorewall/chains
+	    [ -n "$DYNAMIC_ZONES" ] && echo "$zone $zone1 $chain" >> $STATEDIR/chains
 
 	    if [ $zone = $zone1 ]; then
 		#
@@ -8307,11 +8267,6 @@ compile_firewall() # $1 = File Name
     # END OVERLOADED FUNCTIONS
     #
 
-    verify_os_version
-    verify_ip
-
-    [ -d /var/lib/shorewall ] || { mkdir -p /var/lib/shorewall ; chmod 700 /var/lib/shorewall; }
-
     if [ $COMMAND = compile ]; then
 	dir=$(dirname $1)
 	[ -d $dir ] || startup_error "Directory $dir does not exist"
@@ -8806,8 +8761,6 @@ do_initialize() {
 	fi
 	determine_capabilities
 
-	[ -d /var/lib/shorewall ] || mkdir -p /var/lib/shorewall
-
     else
 	f=$(find_file capabilities)