From c2b6d974e733227022f066b655157ff52040ebcc Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 22 Jan 2015 08:30:05 -0800 Subject: [PATCH 1/4] Protect 'enable' and 'disable' with mutex Signed-off-by: Tom Eastep --- Shorewall/Perl/prog.footer | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Shorewall/Perl/prog.footer b/Shorewall/Perl/prog.footer index 7b21d30fa..8d1d99cd1 100644 --- a/Shorewall/Perl/prog.footer +++ b/Shorewall/Perl/prog.footer @@ -373,20 +373,24 @@ case "$COMMAND" in [ $# -eq 1 ] && exit 0 shift [ $# -ne 1 ] && usage 2 + mutex_on if product_is_started; then detect_configuration enable_provider $1 fi + mutex_off status=0 ;; disable) [ $# -eq 1 ] && exit 0 shift [ $# -ne 1 ] && usage 2 + mutex_on if product_is_started; then detect_configuration disable_provider $1 fi + mutex_off status=0 ;; run) From 01220d58ea5362eac1312d4a69db7692d180855f Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 22 Jan 2015 08:30:50 -0800 Subject: [PATCH 2/4] Change the installation default value of INLINE_MATCHES to 'No'. Signed-off-by: Tom Eastep --- Shorewall/configfiles/shorewall.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf index ceae87b3b..99edf264a 100644 --- a/Shorewall/configfiles/shorewall.conf +++ b/Shorewall/configfiles/shorewall.conf @@ -166,7 +166,7 @@ HELPERS= IMPLICIT_CONTINUE=No -INLINE_MATCHES=Yes +INLINE_MATCHES=No IPSET_WARNINGS=Yes From a060f683cc1c3192134f0acc99b09a1aa68fd7df Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 22 Jan 2015 08:31:51 -0800 Subject: [PATCH 3/4] Correct file name in mangle 'split_line' error messages Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Tc.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index 352a22cda..a87ed38b8 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -1055,7 +1055,7 @@ sub process_mangle_rule( ) { my ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability , $dscp , $state, $time ); if ( $family == F_IPV4 ) { ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $probability, $dscp, $state, $time ) = - split_line2( 'tcrules file', + split_line2( 'mangle file', { mark => 0, action => 0, source => 1, @@ -1080,7 +1080,7 @@ sub process_mangle_rule( ) { $headers = '-'; } else { ( $originalmark, $source, $dest, $protos, $ports, $sports, $user, $testval, $length, $tos , $connbytes, $helper, $headers, $probability, $dscp, $state, $time ) = - split_line2( 'tcrules file', + split_line2( 'mangle file', { mark => 0, action => 0, source => 1, From e3b96862ef0cf4b147bc20c8828f1cfc5030efda Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Fri, 23 Jan 2015 08:18:30 -0800 Subject: [PATCH 4/4] Propagate the LOCKFILE setting to the generated script. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Config.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index 14f1511fe..041d9676e 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -301,7 +301,7 @@ our %renamed = ( AUTO_COMMENT => 'AUTOCOMMENT', BLACKLIST_LOGLEVEL => 'BLACKLIST # # Config options and global settings that are to be copied to output script # -our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY SUBSYSLOCK LOG_VERBOSITY/; +our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX LOAD_HELPERS_ONLY LOCKFILE SUBSYSLOCK LOG_VERBOSITY/; # # From parsing the capabilities file or detecting capabilities #