Fix PKTTYPE (port from 2.2.5); correct ipset restore boot problem

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2106 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2024-11-08 16:54:10 +01:00 · 2005-05-11 23:33:48 +00:00 · 2005-05-11 23:33:48 +00:00 · c95bbe4d72
commit c95bbe4d72
parent 713617cf4e
2 changed files with 22 additions and 10 deletions
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@ -7682,6 +7682,8 @@ do_initialize() {
 	[ -e "$IPTABLES" ] || startup_error "\$IPTABLES=$IPTABLES does not exist or is not executable"
    fi

+    PKTTYPE=$(added_param_value_no PKTTYPE $PKTTYPE) # Used in determine_capabilities
+
    determine_capabilities

    [ -z "${STATEDIR}" ] && STATEDIR=/var/state/shorewall
@ -7801,7 +7803,6 @@ do_initialize() {
    DISABLE_IPV6=$(added_param_value_no DISABLE_IPV6 $DISABLE_IPV6)
    BRIDGING=$(added_param_value_no BRIDGING $BRIDGING)
    DYNAMIC_ZONES=$(added_param_value_no DYNAMIC_ZONES $DYNAMIC_ZONES)
-    PKTTYPE=$(added_param_value_no PKTTYPE $PKTTYPE)
    STARTUP_ENABLED=$(added_param_value_yes STARTUP_ENABLED $STARTUP_ENABLED)
    RETAIN_ALIASES=$(added_param_value_no RETAIN_ALIASES $RETAIN_ALIASES)
    DELAYBLACKLISTLOAD=$(added_param_value_no DELAYBLACKLISTLOAD $DELAYBLACKLISTLOAD)
@ -7993,10 +7994,13 @@ case "$COMMAND" in
 	EMPTY=
 	$@
 	;;
+
    capabilities)
+	[ $# -ne 1 ] && usage
 	do_initialize
 	report_capabilities
 	;;
+
    *)
 	usage
 	;;
--- a/Shorewall2/shorewall
+++ b/Shorewall2/shorewall
@ -1228,19 +1228,27 @@ case "$1" in
 				    case ${SAVE_IPSETS:-No} in
 					[Yy][Ee][Ss])
 					    RESTOREPATH=${RESTOREPATH}-ipsets
-					    echo "#!/bin/sh" >> /var/lib/shorewall/restore-$$
-					    echo "ipset -U :all: :all:" >> /var/lib/shorewall/restore-$$
-					    echo "ipset -F" >> /var/lib/shorewall/restore-$$
-					    echo "ipset -X" >> /var/lib/shorewall/restore-$$
-					    echo "ipset -R << __EOF__" >> /var/lib/shorewall/restore-$$
-					    ipset -S >> /var/lib/shorewall/restore-$$
-					    echo "__EOF__" >> /var/lib/shorewall/restore-$$
-					    mv -f /var/lib/shorewall/restore-$$ $RESTOREPATH 
+
+					    f=/var/lib/shorewall/restore-$$
+
+					    echo "#!/bin/sh" > $f
+					    echo  >> $f
+					    echo ". /usr/share/shorewall/functions" >> $f
+					    echo  >> $f
+					    grep -E '^MODULE|loadmodule ip_set' /var/lib/shorewall/restore-base >>  $f
+					    echo  >> $f
+					    echo "ipset -U :all: :all:" >> $f
+					    echo "ipset -F" >> $f
+					    echo "ipset -X" >> $f
+					    echo "ipset -R << __EOF__" >> $f
+					    ipset -S >> $f
+					    echo "__EOF__" >> $f
+					    mv -f $f $RESTOREPATH 
 					    chmod +x $RESTOREPATH
 					    echo "   Current Ipset Contents Saved to $RESTOREPATH"
 					    ;;
 					[Nn][Oo])
-					    ;
+					    ;;
 					*)
 					    echo "   WARNING: Invalid value ($SAVE_IPSETS) for SAVE_IPSETS. Ipset contents not saved"
 					    ;;