Improve error message when a non-root user types 'shorewall show capabilities'

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7921 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-common/changelog.txt

@@ -10,6 +10,8 @@ Changes in 4.1.3
 
 5)  Fix mis-handling of <interface>:<mac>
 
+6)  Add better diagnostic when not running as root.
+
 Changes in 4.1.2
 
 1)  Enhanced Operational Logging

Shorewall-common/lib.base

@@ -1009,7 +1009,15 @@ determine_capabilities() {
     NFQUEUE_TARGET=
     REALM_MATCH=
 
-    qt $IPTABLES -N fooX1234
+    [ -n "$IPTABLES" ] || IPTABLES=$(mywhich iptables)
+
+    qt $IPTABLES -F fooX1234
+    qt $IPTABLES -X fooX1234
+    if ! $IPTABLES -N fooX1234; then
+	echo "   ERROR: The command \"$IPTABLES -N fooX1234\" failed" >&2
+	exit 1;
+    fi
+
     qt $IPTABLES -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT && CONNTRACK_MATCH=Yes
 
     if qt $IPTABLES -A fooX1234 -p tcp -m multiport --dports 21,22 -j ACCEPT; then

Shorewall-common/releasenotes.txt

@@ -37,6 +37,9 @@ Other changes in Shorewall 4.1.3.
     /bin/sh after issuing a warning message. Previously, both
     terminated with a fatal error.
 
+2)  The error message has been improved when a non-root user attempts
+    "shorewall show capabilities".
+
 Migration Issues.
 
 1)  Previously, when HIGH_ROUTE_MARKS=Yes, Shorewall allowed non-zero