From 71bec3c0b10d07a07eb791ad9028bd02a8cfbdd8 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Thu, 12 Jan 2006 23:45:33 +0000
Subject: [PATCH] Clean up remote compilation

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3271 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/firewall  | 56 ++++++++++++++++-----------------------------
 Shorewall/functions | 14 ++++++------
 2 files changed, 27 insertions(+), 43 deletions(-)

diff --git a/Shorewall/firewall b/Shorewall/firewall
index 100843bd5..a91217caf 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -1237,8 +1237,6 @@ validate_interfaces_file() {
 		    if [ $COMMAND = generate ]; then
 			cat >> $RESTOREBASE << __EOF__
 
-progress_message "Verifying 'norfc1918' on $interface"
-
 addr=\$(ip -f inet addr show $interface 2> /dev/null | grep inet | head -n1)
 if [ -n "\$addr" ]; then
     addr=\$(echo \$addr | sed 's/inet //;s/\/.*//;s/ peer.*//')
@@ -1498,7 +1496,7 @@ __EOF__
         qt ip rule del from \$address
         pref=\$((20000 + \$rulenum * 1000 + $number ))
         rulenum=\$((\$rulenum + 1))
-        ip rule add from \$address pref \$pref table $number"
+        ip rule add from \$address pref \$pref table $number
     done
 
 __EOF__
@@ -2023,25 +2021,6 @@ setup_forwarding() {
     esac
 }
 
-disable_ipv6_1() {
-    local foo="$(ip -f inet6 addr ls 2> /dev/null)"
-
-    if [ -n "$foo" ]; then
-	if qt mywhich ip6tables; then
-	    progress_message "Disabling IPV6..."
-	    ip6tables -P FORWARD DROP
-	    ip6tables -P INPUT DROP
-	    ip6tables -P OUTPUT DROP
-	    ip6tables -F
-	    ip6tables -X
-	    ip6tables -A OUTPUT -o lo -j ACCEPT
-	    ip6tables -A INPUT -i lo -j ACCEPT
-	else
-	    error_message "WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not appear to have ip6tables"
-	fi
-    fi
-}
-
 #
 # Process the routestopped file either adding or deleting rules
 #
@@ -2273,7 +2252,7 @@ stop_firewall() {
     delete_proxy_arp
     [ -n "$CLEAR_TC" ] && delete_tc1
 
-    [ -n "$DISABLE_IPV6" ] && disable_ipv6_1
+    [ -n "$DISABLE_IPV6" ] && disable_ipv6
 
     process_criticalhosts
 
@@ -7734,7 +7713,7 @@ verify_os_version() {
     2.4.*|2.5.*|2.6.*)
 	;;
     *)
-	startup_error "Shorewall version $version does not work with kernel version $osversion"
+	startup_error "Shorewall version $VERSION does not work with kernel version $osversion"
 	;;
     esac
 
@@ -7746,7 +7725,7 @@ verify_os_version() {
 
 verify_ip() {
     qt ip link ls ||\
-	startup_error "Shorewall $version requires the iproute package ('ip' utility)"
+	startup_error "Shorewall $VERSION requires the iproute package ('ip' utility)"
 }
 
 #
@@ -8798,7 +8777,7 @@ define_firewall() # $1 = Command (Start or Restart)
 
     echo '#bin/sh' >> $RESTOREBASE
     save_command "#"
-    save_command "# Restore base file generated by Shorewall $version - $(date)"
+    save_command "# Restore base file generated by Shorewall $VERSION - $(date)"
     save_command "#"
     save_command ". /usr/share/shorewall/functions"
 
@@ -8878,7 +8857,7 @@ define_firewall() # $1 = Command (Start or Restart)
     > $RESTOREBASE
 
     save_command "#"
-    save_command "# Restore tail file generated by Shorewall $version - $(date)"
+    save_command "# Restore tail file generated by Shorewall $VERSION - $(date)"
     save_command "#"
     save_command "date > /var/lib/shorewall/restarted"
 
@@ -9018,9 +8997,20 @@ compile_firewall() # $1 = File Name
 
     cat >> $RESTOREBASE << __EOF__
 #
-# Compiled startup file generated by Shorewall $version - $(date)"
+# Compiled startup file generated by Shorewall $VERSION - $(date)"
 #
 . /usr/share/shorewall/functions
+
+fatal_error()
+{
+    echo "   ERROR: \$@" >&2
+    exit 2
+}
+
+if [ ! -f /usr/share/shorewall/version ] || [ \$(cat /usr/share/shorewall/version) != $VERSION ]; then
+    fatal_error "This script requires Shorewall version $VERSION"
+fi
+
 __EOF__
     f=$(find_file params)
 
@@ -9033,12 +9023,6 @@ COMMAND=restore
 MODULESDIR="$MODULESDIR"
 MODULE_SUFFIX="$MODULE_SUFFIX"
 
-fatal_error()
-{
-    echo "   ERROR: \$@" >&2
-    exit 2
-}
-
 load_kernel_modules
 
 __EOF__
@@ -9632,7 +9616,7 @@ do_initialize() {
     #
     # Clear all configuration variables
     #
-    version=
+    VERSION=
     IPTABLES=
     FW=
     SUBSYSLOCK=
@@ -9720,7 +9704,7 @@ do_initialize() {
 
     VERSION_FILE=$SHARED_DIR/version
 
-    [ -f $VERSION_FILE ] && version=$(cat $VERSION_FILE)
+    [ -f $VERSION_FILE ] && VERSION=$(cat $VERSION_FILE)
 
     run_user_exit params
 
diff --git a/Shorewall/functions b/Shorewall/functions
index 66ce8c351..b1ca29201 100755
--- a/Shorewall/functions
+++ b/Shorewall/functions
@@ -1116,13 +1116,13 @@ disable_ipv6() {
 
     if [ -n "$foo" ]; then
 	if qt mywhich ip6tables; then
-	    ip6tables -P FORWARD DROP           && save_command ip6tables -P FORWARD DROP
-	    ip6tables -P INPUT DROP             && save_command ip6tables -P INPUT DROP
-	    ip6tables -P OUTPUT DROP            && save_command ip6tables -P OUTPUT DROP
-	    ip6tables -F                        && save_command ip6tables -F
-	    ip6tables -X                        && save_command ip6tables -X
-	    ip6tables -A OUTPUT -o lo -j ACCEPT && save_command ip6tables -A OUTPUT -o lo -j ACCEPT
-	    ip6tables -A INPUT -i lo -j ACCEPT  && save_command ip6tables -A INPUT -i lo -j ACCEPT
+	    ip6tables -P FORWARD DROP
+	    ip6tables -P INPUT DROP
+	    ip6tables -P OUTPUT DROP
+	    ip6tables -F
+	    ip6tables -X
+	    ip6tables -A OUTPUT -o lo -j ACCEPT
+	    ip6tables -A INPUT -i lo -j ACCEPT
 	else
 	    error_message "WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not appear to have ip6tables"
 	fi