Allow 'capabilities' file to be used with Shorewall

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5046 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-12-04 16:31:48 +00:00
parent 6f133e9783
commit 9749b617ef
3 changed files with 20 additions and 1 deletions

View File

@ -18,6 +18,9 @@ Changes in 3.3.6
9) Restore 'try' command and improve 'safe-' commands.
10) Allow capabilities file to be used with Shorewall as well as
Shorewall Lite.
Changes in 3.3.5
1) Restore default route when there are no 'balance' providers.

View File

@ -1869,7 +1869,10 @@ do_initialize() {
else
[ -e "$IPTABLES" ] || fatal_error "\$IPTABLES=$IPTABLES does not exist or is not executable"
fi
determine_capabilities
f=$(find_file capabilities)
if [ -f $f ] && . $f || determine_capabilities
else
f=$(find_file capabilities)

View File

@ -115,6 +115,19 @@ Other Changes in 3.3.6
export firewall2
8) Shorewall commands may be speeded up slightly by using a
'capabilities' file. The 'capabilities' file was originally
designed for use with Shorewall Lite and records the
iptables/Netfilter features available on the target system.
To generate a capabilities file, execute the following command as
root:
shorewall show -f capabilities > /etc/shorewall/capabilities
When you install a new kernel and/or iptables, be sure to generate
a new file.
Migration Considerations:
1) Shorewall supports the notion of "default actions". A default