From 9d25318d803c3209a3ac7715dc50b56920c1b442 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 27 Jan 2010 12:53:31 -0800
Subject: [PATCH] Fix detection of HASHLIMIT_MATCH on old kernels.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Config.pm | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index f76f1d38c..518f412f0 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -2199,11 +2199,11 @@ sub Comments() {
 }
 
 sub Hashlimit_Match() {
-    qt1( "$iptables -A $sillyname -m hashlimit --hashlimit-upto 3/min --hashlimit-burst 3 --hashlimit-name $sillyname --hashlimit-mode srcip -j ACCEPT" );
+    have_capability 'OLD_HL_MATCH' || qt1( "$iptables -A $sillyname -m hashlimit --hashlimit-upto 3/min --hashlimit-burst 3 --hashlimit-name $sillyname --hashlimit-mode srcip -j ACCEPT" );
 }
 
 sub Old_Hashlimit_Match() {
-    have_capability 'HASHLIMIT_MATCH' && qt1( "$iptables -A $sillyname -m hashlimit --hashlimit 3/min --hashlimit-burst 3 --hashlimit-name $sillyname --hashlimit-mode srcip -j ACCEPT" );
+    have_capability qt1( "$iptables -A $sillyname -m hashlimit --hashlimit 3/min --hashlimit-burst 3 --hashlimit-name $sillyname --hashlimit-mode srcip -j ACCEPT" );
 }
 
 sub Mark() {
@@ -2417,8 +2417,8 @@ sub determine_capabilities( $ ) {
 	$capabilities{LENGTH_MATCH}    = Length_Match;
 	$capabilities{ENHANCED_REJECT} = Enhanced_Reject;
 	$capabilities{COMMENTS}        = Comments;
-	$capabilities{HASHLIMIT_MATCH} = Hashlimit_Match;
 	$capabilities{OLD_HL_MATCH}    = Old_Hashlimit_Match;
+	$capabilities{HASHLIMIT_MATCH} = Hashlimit_Match;
 	$capabilities{MARK}            = Mark;
 	$capabilities{XMARK}           = Xmark;
 	$capabilities{EXMARK}          = Exmark;