Don't fail if fooX1234 already exists

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1800 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/changelog.txt

@@ -171,3 +171,4 @@ Changes since 2.0.3
 
 84) Log drops due to policy rate limiting.
 
+85) Continue determining capabilities when fooX1234 already exists.

Shorewall2/firewall

@@ -5484,7 +5484,7 @@ determine_capabilities() {
     PHYSDEV_MATCH=
     IPRANGE_MATCH=
 
-    if qt $IPTABLES -N fooX1234 ; then
+    qt $IPTABLES -N fooX1234
     qt $IPTABLES -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT             && CONNTRACK_MATCH=Yes
     qt $IPTABLES -A fooX1234 -p tcp -m multiport --dports 21,22 -j ACCEPT               && MULTIPORT=Yes
     qt $IPTABLES -A fooX1234 -m policy --pol ipsec --dir in -j ACCEPT                   && POLICY_MATCH=Yes
@@ -5498,7 +5498,6 @@ determine_capabilities() {
     
     qt $IPTABLES -F fooX1234
     qt $IPTABLES -X fooX1234
-    fi
 }
 
 report_capability() # $1 = Capability Name, $2 Capability Setting (if any)

Shorewall2/releasenotes.txt

@@ -175,6 +175,11 @@ Problems corrected since 2.2.0 Beta 6:
    zone Z then traffic out of any firewall interface to 1.2.3.4 will
    obey the fw->Z policies and rules. This has been corrected.
 
+4) Shorewall uses the temporary chain 'fooX1234' to probe iptables for
+   detrmining which features are supported. Previously, if that chain
+   happened to exist when Shorewall was run, capabilities were
+   mis-detected.
+
 -----------------------------------------------------------------------
 Issues when migrating from Shorewall 2.0 to Shorewall 2.1: