Don't fail if fooX1234 already exists

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1800 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-12-03 23:18:28 +00:00
parent e73d3149d9
commit 8927e62047
3 changed files with 17 additions and 12 deletions

View File

@ -171,3 +171,4 @@ Changes since 2.0.3
84) Log drops due to policy rate limiting.
85) Continue determining capabilities when fooX1234 already exists.

View File

@ -5484,7 +5484,7 @@ determine_capabilities() {
PHYSDEV_MATCH=
IPRANGE_MATCH=
if qt $IPTABLES -N fooX1234 ; then
qt $IPTABLES -N fooX1234
qt $IPTABLES -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT && CONNTRACK_MATCH=Yes
qt $IPTABLES -A fooX1234 -p tcp -m multiport --dports 21,22 -j ACCEPT && MULTIPORT=Yes
qt $IPTABLES -A fooX1234 -m policy --pol ipsec --dir in -j ACCEPT && POLICY_MATCH=Yes
@ -5498,7 +5498,6 @@ determine_capabilities() {
qt $IPTABLES -F fooX1234
qt $IPTABLES -X fooX1234
fi
}
report_capability() # $1 = Capability Name, $2 Capability Setting (if any)

View File

@ -175,6 +175,11 @@ Problems corrected since 2.2.0 Beta 6:
zone Z then traffic out of any firewall interface to 1.2.3.4 will
obey the fw->Z policies and rules. This has been corrected.
4) Shorewall uses the temporary chain 'fooX1234' to probe iptables for
detrmining which features are supported. Previously, if that chain
happened to exist when Shorewall was run, capabilities were
mis-detected.
-----------------------------------------------------------------------
Issues when migrating from Shorewall 2.0 to Shorewall 2.1: