From da3e9e46dba7043dc063fb0147ffb8d43f435bb7 Mon Sep 17 00:00:00 2001 From: teastep Date: Sat, 10 Jul 2004 17:03:31 +0000 Subject: [PATCH] Fix more $RESTOREBASE bugs; fix COMMAND typos git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1462 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall2/changelog.txt | 2 ++ Shorewall2/firewall | 25 ++++++++++++++++++++----- Shorewall2/releasenotes.txt | 6 ++++++ 3 files changed, 28 insertions(+), 5 deletions(-) diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt index 301a9c846..510478499 100644 --- a/Shorewall2/changelog.txt +++ b/Shorewall2/changelog.txt @@ -10,3 +10,5 @@ Changes since 2.0.3 4) Implement 'dropInvalid' builtin action. 5) Fix logging nat rules. + +6) Fix COMMAND typos. \ No newline at end of file diff --git a/Shorewall2/firewall b/Shorewall2/firewall index 2e8e02b9a..e1f928c28 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -1220,6 +1220,21 @@ disable_ipv6() { fi } +disable_ipv6_1() { + local foo=$(ip -f inet6 addr ls 2> /dev/null) + + if [ -n "$foo" ]; then + if qt which ip6tables; then + progress_message "Disabling IPV6..." + ip6tables -P FORWARD DROP + ip6tables -P INPUT DROP + ip6tables -P OUTPUT DROP + else + error_message "WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not appear to have ip6tables" + fi + fi +} + # # Stop the Firewall # @@ -1271,7 +1286,7 @@ stop_firewall() { delete_proxy_arp [ -n "$CLEAR_TC" ] && delete_tc1 - [ -n "$DISABLE_IPV6" ] && disable_ipv6 + [ -n "$DISABLE_IPV6" ] && disable_ipv6_1 if [ -z "$ADMINISABSENTMINDED" ]; then for chain in INPUT OUTPUT FORWARD; do @@ -2441,7 +2456,7 @@ refresh_tc() { # Add one Filter Rule from an action -- Helper function for the action file processor # # The caller has established the following variables: -# check = current command. If 'check', we're executing a 'check' +# COMMAND = current command. If 'check', we're executing a 'check' # which only goes through the motions. # client = SOURCE IP or MAC # server = DESTINATION IP or interface @@ -2941,7 +2956,7 @@ process_actions2() { log_action dLogNotSyn DROP ;; dropInvalid) - [ "COMMAND" != check ] && run_iptables -A dropInvalid -m state --state INVALID -j DROP + [ "$COMMAND" != check ] && run_iptables -A dropInvalid -m state --state INVALID -j DROP ;; *) f=action.$xaction @@ -2960,7 +2975,7 @@ process_actions2() { # Add a NAT rule - Helper function for the rules file processor # # The caller has established the following variables: -# command = The current command -- if 'check', we just go through +# COMMAND = The current command -- if 'check', we just go through # the motions. # cli = Source IP, interface or MAC Specification # serv = Destination IP Specification @@ -3148,7 +3163,7 @@ add_nat_rule() { # Add one Filter Rule -- Helper function for the rules file processor # # The caller has established the following variables: -# command = current command. If 'check', we're executing a 'check' +# COMMAND = current command. If 'check', we're executing a 'check' # which only goes through the motions. # client = SOURCE IP or MAC # server = DESTINATION IP or interface diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index a8d9697e3..4bd9bfc0d 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -12,6 +12,12 @@ Problems Corrected since 2.0.3 3) Two problems with logging NAT rules (DNAT and REDIRECT) could cause startup failures. +Problems Corrected since 2.1.0 + +1) The "check" command fails with the following message: + + iptables: No chain/target/match by that name + ----------------------------------------------------------------------- Issues when migrating from Shorewall 2.0 to Shorewall 2.1: