Some tweaks to the MASQ proto/port change

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1302 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-23 16:13:18 +01:00 · 2004-05-01 17:26:02 +00:00 · 2004-05-01 17:26:02 +00:00 · a0c7b4af79
commit a0c7b4af79
parent e40e0345f5
3 changed files with 16 additions and 6 deletions
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@ -1222,6 +1222,8 @@ stop_firewall() {
 	    ;;
 	*)
 	    set +x
+	    rm -f /var/lib/shorewall/restore-$$
+
 	    if [ -f /var/lib/shorewall/restore ]; then
 		echo Restoring Shorewall...
 		. /var/lib/shorewall/restore
@ -1349,6 +1351,8 @@ stop_firewall() {
 	# else. Remove the lock file and Kill the shell in case we're in a
 	# subshell
 	#
+	rm -f /var/lib/shorewall/restore-$$
+
 	my_mutex_off
 	kill $$
 	;;
@ -1369,9 +1373,11 @@ clear_firewall() {
    setpolicy FORWARD ACCEPT
    setpolicy OUTPUT ACCEPT

-    ip6tables -P INPUT   ACCEPT 2> /dev/null
-    ip6tables -P OUTPUT  ACCEPT 2> /dev/null
-    ip6tables -P FORWARD ACCEPT 2> /dev/null
+    if qt which ip6tables; then
+	ip6tables -P INPUT   ACCEPT 2> /dev/null
+	ip6tables -P OUTPUT  ACCEPT 2> /dev/null
+	ip6tables -P FORWARD ACCEPT 2> /dev/null
+    fi

    run_user_exit clear

@ -4151,13 +4157,16 @@ setup_masq()
 		    if [ -n "$ports" ]; then
 			displayproto="($proto $ports)"

-			if [ $(list_count $ports) -gt 1 ]; then
+			listcount=$(list_count $ports)
+
+			if [ $listcount -gt 1 ]; then
 			    case $ports in
 				*:*)
 				    fatal_error "Port Range not allowed in list ($ports)"
 				    ;;
 				*)
 				    if [ -n "$MULTIPORT" ]; then
+					[ $listcount -gt 15 ] && fatal_error "Too many entries in port list ($ports)"
 					ports="-m multiport --dports $ports"
 				    else
 					fatal_error "Port Ranges require multiport match support in your kernel ($ports)"
--- a/Shorewall2/masq
+++ b/Shorewall2/masq
@ -72,7 +72,8 @@
 #				
 #				Where a comma-separated list is given, your
 #				kernel and iptables must have multiport match
-#				support.
+#				support and a maximum of 15 ports may be 
+#				listed.
 #				
 #
 #	Example 1:
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@ -171,7 +171,7 @@ New Features:
   testing this change, I discovered a bug where a bogus warning
   message was being generated).

-9) Shorewall now used 'modprobe' to load kernel modules if that utility
+9) Shorewall now uses 'modprobe' to load kernel modules if that utility
   is available in the PATH; otherwise, 'insmod' is used.

 10) It is now possible to restrict entries in the /etc/shorewall/masq