From c95bbe4d72a75257c1500920c4c900262f693b28 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Wed, 11 May 2005 23:33:48 +0000
Subject: [PATCH] Fix PKTTYPE (port from 2.2.5); correct ipset restore boot
 problem

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2106 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall2/firewall  |  6 +++++-
 Shorewall2/shorewall | 26 +++++++++++++++++---------
 2 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/Shorewall2/firewall b/Shorewall2/firewall
index 442832690..6485cdf77 100755
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@@ -7682,6 +7682,8 @@ do_initialize() {
 	[ -e "$IPTABLES" ] || startup_error "\$IPTABLES=$IPTABLES does not exist or is not executable"
     fi
 
+    PKTTYPE=$(added_param_value_no PKTTYPE $PKTTYPE) # Used in determine_capabilities
+
     determine_capabilities
 
     [ -z "${STATEDIR}" ] && STATEDIR=/var/state/shorewall
@@ -7801,7 +7803,6 @@ do_initialize() {
     DISABLE_IPV6=$(added_param_value_no DISABLE_IPV6 $DISABLE_IPV6)
     BRIDGING=$(added_param_value_no BRIDGING $BRIDGING)
     DYNAMIC_ZONES=$(added_param_value_no DYNAMIC_ZONES $DYNAMIC_ZONES)
-    PKTTYPE=$(added_param_value_no PKTTYPE $PKTTYPE)
     STARTUP_ENABLED=$(added_param_value_yes STARTUP_ENABLED $STARTUP_ENABLED)
     RETAIN_ALIASES=$(added_param_value_no RETAIN_ALIASES $RETAIN_ALIASES)
     DELAYBLACKLISTLOAD=$(added_param_value_no DELAYBLACKLISTLOAD $DELAYBLACKLISTLOAD)
@@ -7993,10 +7994,13 @@ case "$COMMAND" in
 	EMPTY=
 	$@
 	;;
+
     capabilities)
+	[ $# -ne 1 ] && usage
 	do_initialize
 	report_capabilities
 	;;
+
     *)
 	usage
 	;;
diff --git a/Shorewall2/shorewall b/Shorewall2/shorewall
index 55aa0e8c5..1f70ab17d 100755
--- a/Shorewall2/shorewall
+++ b/Shorewall2/shorewall
@@ -1228,19 +1228,27 @@ case "$1" in
 				    case ${SAVE_IPSETS:-No} in
 					[Yy][Ee][Ss])
 					    RESTOREPATH=${RESTOREPATH}-ipsets
-					    echo "#!/bin/sh" >> /var/lib/shorewall/restore-$$
-					    echo "ipset -U :all: :all:" >> /var/lib/shorewall/restore-$$
-					    echo "ipset -F" >> /var/lib/shorewall/restore-$$
-					    echo "ipset -X" >> /var/lib/shorewall/restore-$$
-					    echo "ipset -R << __EOF__" >> /var/lib/shorewall/restore-$$
-					    ipset -S >> /var/lib/shorewall/restore-$$
-					    echo "__EOF__" >> /var/lib/shorewall/restore-$$
-					    mv -f /var/lib/shorewall/restore-$$ $RESTOREPATH 
+
+					    f=/var/lib/shorewall/restore-$$
+
+					    echo "#!/bin/sh" > $f
+					    echo  >> $f
+					    echo ". /usr/share/shorewall/functions" >> $f
+					    echo  >> $f
+					    grep -E '^MODULE|loadmodule ip_set' /var/lib/shorewall/restore-base >>  $f
+					    echo  >> $f
+					    echo "ipset -U :all: :all:" >> $f
+					    echo "ipset -F" >> $f
+					    echo "ipset -X" >> $f
+					    echo "ipset -R << __EOF__" >> $f
+					    ipset -S >> $f
+					    echo "__EOF__" >> $f
+					    mv -f $f $RESTOREPATH 
 					    chmod +x $RESTOREPATH
 					    echo "   Current Ipset Contents Saved to $RESTOREPATH"
 					    ;;
 					[Nn][Oo])
-					    ;
+					    ;;
 					*)
 					    echo "   WARNING: Invalid value ($SAVE_IPSETS) for SAVE_IPSETS. Ipset contents not saved"
 					    ;;