mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-17 03:40:53 +01:00
Don't fail if fooX1234 already exists
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1800 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
e73d3149d9
commit
8927e62047
@ -171,3 +171,4 @@ Changes since 2.0.3
|
||||
|
||||
84) Log drops due to policy rate limiting.
|
||||
|
||||
85) Continue determining capabilities when fooX1234 already exists.
|
||||
|
@ -5484,21 +5484,20 @@ determine_capabilities() {
|
||||
PHYSDEV_MATCH=
|
||||
IPRANGE_MATCH=
|
||||
|
||||
if qt $IPTABLES -N fooX1234 ; then
|
||||
qt $IPTABLES -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT && CONNTRACK_MATCH=Yes
|
||||
qt $IPTABLES -A fooX1234 -p tcp -m multiport --dports 21,22 -j ACCEPT && MULTIPORT=Yes
|
||||
qt $IPTABLES -A fooX1234 -m policy --pol ipsec --dir in -j ACCEPT && POLICY_MATCH=Yes
|
||||
qt $IPTABLES -A fooX1234 -m physdev --physdev-in eth0 -j ACCEPT && PHYSDEV_MATCH=Yes
|
||||
qt $IPTABLES -A fooX1234 -m iprange --src-range 192.168.1.5-192.168.1.124 -j ACCEPT && IPRANGE_MATCH=Yes
|
||||
qt $IPTABLES -N fooX1234
|
||||
qt $IPTABLES -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT && CONNTRACK_MATCH=Yes
|
||||
qt $IPTABLES -A fooX1234 -p tcp -m multiport --dports 21,22 -j ACCEPT && MULTIPORT=Yes
|
||||
qt $IPTABLES -A fooX1234 -m policy --pol ipsec --dir in -j ACCEPT && POLICY_MATCH=Yes
|
||||
qt $IPTABLES -A fooX1234 -m physdev --physdev-in eth0 -j ACCEPT && PHYSDEV_MATCH=Yes
|
||||
qt $IPTABLES -A fooX1234 -m iprange --src-range 192.168.1.5-192.168.1.124 -j ACCEPT && IPRANGE_MATCH=Yes
|
||||
|
||||
|
||||
if [ -n "$PKTTYPE" ]; then
|
||||
qt $IPTABLES -A fooX1234 -m pkttype --pkt-type broadcast -j ACCEPT || PKTTYPE=
|
||||
fi
|
||||
|
||||
qt $IPTABLES -F fooX1234
|
||||
qt $IPTABLES -X fooX1234
|
||||
if [ -n "$PKTTYPE" ]; then
|
||||
qt $IPTABLES -A fooX1234 -m pkttype --pkt-type broadcast -j ACCEPT || PKTTYPE=
|
||||
fi
|
||||
|
||||
qt $IPTABLES -F fooX1234
|
||||
qt $IPTABLES -X fooX1234
|
||||
}
|
||||
|
||||
report_capability() # $1 = Capability Name, $2 Capability Setting (if any)
|
||||
|
@ -175,6 +175,11 @@ Problems corrected since 2.2.0 Beta 6:
|
||||
zone Z then traffic out of any firewall interface to 1.2.3.4 will
|
||||
obey the fw->Z policies and rules. This has been corrected.
|
||||
|
||||
4) Shorewall uses the temporary chain 'fooX1234' to probe iptables for
|
||||
detrmining which features are supported. Previously, if that chain
|
||||
happened to exist when Shorewall was run, capabilities were
|
||||
mis-detected.
|
||||
|
||||
-----------------------------------------------------------------------
|
||||
Issues when migrating from Shorewall 2.0 to Shorewall 2.1:
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user