Merge branch '4.4.23'

2024-12-22 22:30:58 +01:00 · 2011-09-05 17:25:03 -07:00 · 2011-09-05 17:25:03 -07:00 · b19a6f0bfd
commit b19a6f0bfd
parent 5015aade0c a16986ddc3
5 changed files with 12 additions and 6 deletions
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@ -554,9 +554,11 @@ sub add_common_rules() {
 	
 	    if ( @filters ) {
 		add_ijump( $chainref , @ipsec ? 'j' : 'g' => $target1, imatch_source_net( $_ ), @ipsec ), $chainref->{filtered}++ for @filters;
+		$interfaceref->{options}{use_forward_chain} = 1;
 	    } elsif ( $interfaceref->{bridge} eq $interface ) {
 		add_ijump( $chainref , @ipsec ? 'j' : 'g' => $target1, imatch_dest_dev( $interface ), @ipsec ), $chainref->{filtered}++
 		    unless $interfaceref->{options}{routeback} || $interfaceref->{options}{routefilter} || $interfaceref->{physical} eq '+';
+		$interfaceref->{options}{use_forward_chain} = 1;
 	    }

 	    add_ijump( $chainref, j => 'ACCEPT', state_imatch 'ESTABLISHED,RELATED' ), $chainref->{filtered}++ if $config{FASTACCEPT};
@ -566,6 +568,7 @@ sub add_common_rules() {
 	
 	    if ( @filters ) {
 		add_ijump( $chainref , g => $target, imatch_source_net( $_ ), @ipsec ), $chainref->{filtered}++ for @filters;
+		$interfaceref->{options}{use_input_chain} = 1;
 	    }
 	
 	    add_ijump( $chainref, j => 'ACCEPT', state_imatch 'ESTABLISHED,RELATED' ), $chainref->{filtered}++ if $config{FASTACCEPT};
--- a/Shorewall/Perl/prog.header6
+++ b/Shorewall/Perl/prog.header6
@ -822,6 +822,9 @@ debug_restore_input() {
 	    '*'raw)
 		table=raw
 		;;
+	    '*'rawpost)
+		table=rawpost
+		;;
 	    '*'mangle)
 		table=mangle
 		;;
--- a/Shorewall/lib.common
+++ b/Shorewall/lib.common
@ -294,7 +294,7 @@ reload_kernel_modules() {
 	uname=$(uname -r) && \
 	MODULESDIR=/lib/modules/$uname/kernel/net/ipv4/netfilter:/lib/modules/$uname/kernel/net/netfilter:/lib/modules/$uname/kernel/net/sched:/lib/modules/$uname/extra:/lib/modules/$uname/extra/ipset

-    MODULES=$(lsmod | cut -d ' ' -f1)
+    [ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)

    for directory in $(split $MODULESDIR); do
 	[ -d $directory ] && moduledirectories="$moduledirectories $directory"
@ -340,7 +340,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
    [ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules)

    if [ -f $modules -a -n "$moduledirectories" ]; then
-	MODULES=$(lsmod | cut -d ' ' -f1)
+	[ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
 	progress_message "Loading Modules..."
 	. $modules
 	if [ $savemoduleinfo = Yes ]; then
--- a/Shorewall6/lib.common
+++ b/Shorewall6/lib.common
@ -312,7 +312,7 @@ reload_kernel_modules() {
    [ -n "${MODULE_SUFFIX:=ko ko.gz o o.gz gz}" ]

    [ -z "$MODULESDIR" ] && MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv6/netfilter:/lib/modules/$(uname -r)/kernel/net/netfilter:/lib/modules/$(uname -r)/kernel/net/sched
-    MODULES=$(lsmod | cut -d ' ' -f1)
+    [ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)

    for directory in $(split $MODULESDIR); do
 	[ -d $directory ] && moduledirectories="$moduledirectories $directory"
@ -356,7 +356,7 @@ load_kernel_modules() # $1 = Yes, if we are to save moduleinfo in $VARDIR
    [ -n "$LOAD_HELPERS_ONLY" ] && modules=$(find_file helpers) || modules=$(find_file modules)

    if [ -f $modules -a -n "$moduledirectories" ]; then
-	MODULES=$(lsmod | cut -d ' ' -f1)
+	[ -d /sys/module/ ] || MODULES=$(lsmod | cut -d ' ' -f1)
 	progress_message "Loading Modules..."
 	. $modules
 	if [ $savemoduleinfo = Yes ]; then
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@ -1596,7 +1596,7 @@ teastep@ursa:~$ </programlisting>The first number determines the maximum log
        </varlistentry>

        <varlistentry>
-          <term>filter</term>
+          <term>sfilter</term>

          <listitem>
            <para>On systems running Shorewall 4.4.20 or later, either the
@ -1604,7 +1604,7 @@ teastep@ursa:~$ </programlisting>The first number determines the maximum log
            url="manpages/shorewall-interfaces.html">interface option</ulink>
            or it is being routed out of the same interface on which it
            arrived and the interface does not have the
-            <option>routeback</option> <ulink
+            <option>routeback</option> or <option>routefilter</option> <ulink
            url="manpages/shorewall-interfaces.html">interface
            option</ulink>.</para>
          </listitem>