diff --git a/Shorewall/Perl/prog.footer6 b/Shorewall/Perl/prog.footer6 index 24074d6e6..bbfd8f1d0 100644 --- a/Shorewall/Perl/prog.footer6 +++ b/Shorewall/Perl/prog.footer6 @@ -17,6 +17,19 @@ usage() { echo " -R Override RESTOREFILE setting" exit $1 } + +checkkernelversion() { + local kernel + + kernel=$(printf "%2d%02d%02d" $(uname -r 2> /dev/null | sed -e 's/-.*//' -e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\)\.\([0-9][0-9]*\).*$/\1 \2 \3/g')) + + if [ $kernel -lt 20624 ]; then + error_message "ERROR: $g_product requires Linux kernel 2.6.24 or later" + return 1 + else + return 0 + fi +} ################################################################################ # E X E C U T I O N B E G I N S H E R E # ################################################################################ @@ -155,40 +168,41 @@ done COMMAND="$1" -kernel=$(printf "%2d%02d%02d" $(uname -r 2> /dev/null | sed -e 's/-.*//' -e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\)\.\([0-9][0-9]*\).*$/\1 \2 \3/g')) -if [ $kernel -lt 20624 ]; then - error_message "ERROR: $g_product requires Linux kernel 2.6.24 or later" - status=2 -else - case "$COMMAND" in - start) - [ $# -ne 1 ] && usage 2 - if shorewall6_is_started; then - error_message "$g_product is already Running" - status=0 - else - progress_message3 "Starting $g_product...." + +case "$COMMAND" in + start) + [ $# -ne 1 ] && usage 2 + if shorewall6_is_started; then + error_message "$g_product is already Running" + status=0 + else + progress_message3 "Starting $g_product...." + if checkkernelversion; then detect_configuration define_firewall status=$? [ -n "$SUBSYSLOCK" -a $status -eq 0 ] && touch $SUBSYSLOCK progress_message3 "done." fi - ;; - stop) - [ $# -ne 1 ] && usage 2 + fi + ;; + stop) + [ $# -ne 1 ] && usage 2 + if checkkernelversion; then progress_message3 "Stopping $g_product...." detect_configuration stop_firewall status=0 [ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK progress_message3 "done." - ;; - reset) - if ! shorewall6_is_started ; then - error_message "$g_product is not running" - status=2 - elif [ $# -eq 1 ]; then + fi + ;; + reset) + if ! shorewall6_is_started ; then + error_message "$g_product is not running" + status=2 + elif checkkernelversion; then + if [ $# -eq 1 ]; then $IP6TABLES -Z $IP6TABLES -t mangle -Z date > ${VARDIR}/restarted @@ -211,17 +225,19 @@ else fi done fi - ;; - restart) - [ $# -ne 1 ] && usage 2 - if shorewall6_is_started; then - progress_message3 "Restarting $g_product...." - else - error_message "$g_product is not running" - progress_message3 "Starting $g_product...." - COMMAND=start - fi + fi + ;; + restart) + [ $# -ne 1 ] && usage 2 + if shorewall6_is_started; then + progress_message3 "Restarting $g_product...." + else + error_message "$g_product is not running" + progress_message3 "Starting $g_product...." + COMMAND=start + fi + if checkkernelversion; then detect_configuration define_firewall status=$? @@ -229,84 +245,90 @@ else [ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK fi progress_message3 "done." - ;; - refresh) - [ $# -ne 1 ] && usage 2 - if shorewall6_is_started; then - progress_message3 "Refreshing $g_product...." + fi + ;; + refresh) + [ $# -ne 1 ] && usage 2 + if shorewall6_is_started; then + progress_message3 "Refreshing $g_product...." + if checkkernelversion; then detect_configuration define_firewall status=$? progress_message3 "done." - else - echo "$g_product is not running" >&2 - status=2 fi - ;; - restore) - [ $# -ne 1 ] && usage 2 + else + echo "$g_product is not running" >&2 + status=2 + fi + ;; + restore) + [ $# -ne 1 ] && usage 2 + if checkkernelversion; then detect_configuration define_firewall status=$? if [ -n "$SUBSYSLOCK" ]; then [ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK fi - ;; - clear) - [ $# -ne 1 ] && usage 2 - progress_message3 "Clearing $g_product...." + fi + ;; + clear) + [ $# -ne 1 ] && usage 2 + progress_message3 "Clearing $g_product...." + if checkkernelversion; then clear_firewall status=0 if [ -n "$SUBSYSLOCK" ]; then rm -f $SUBSYSLOCK fi progress_message3 "done." - ;; - status) - [ $# -ne 1 ] && usage 2 - echo "$g_product-$SHOREWALL_VERSION Status at $(hostname) - $(date)" - echo - if shorewall6_is_started; then - echo "$g_product is running" - status=0 - else - echo "$g_product is stopped" - status=4 - fi - - if [ -f ${VARDIR}/state ]; then - state="$(cat ${VARDIR}/state)" - case $state in - Stopped*|Clear*) - status=3 - ;; - esac - else - state=Unknown - fi - echo "State:$state" - echo - ;; - up|down) - [ $# -eq 1 ] && exit 0 - shift - [ $# -ne 1 ] && usage 2 - updown $1 + fi + ;; + status) + [ $# -ne 1 ] && usage 2 + echo "$g_product-$SHOREWALL_VERSION Status at $(hostname) - $(date)" + echo + if shorewall6_is_started; then + echo "$g_product is running" status=0 - ;; - version) - [ $# -ne 1 ] && usage 2 - echo $SHOREWALL_VERSION - status=0 - ;; - help) - [ $# -ne 1 ] && usage 2 - usage 0 - ;; - *) - usage 2 - ;; - esac -fi + else + echo "$g_product is stopped" + status=4 + fi + + if [ -f ${VARDIR}/state ]; then + state="$(cat ${VARDIR}/state)" + case $state in + Stopped*|Clear*) + status=3 + ;; + esac + else + state=Unknown + fi + echo "State:$state" + echo + ;; + up|down) + [ $# -eq 1 ] && exit 0 + shift + [ $# -ne 1 ] && usage 2 + updown $1 + status=0 + ;; + version) + [ $# -ne 1 ] && usage 2 + echo $SHOREWALL_VERSION + status=0 + ;; + help) + [ $# -ne 1 ] && usage 2 + usage 0 + ;; + *) + usage 2 + ;; +esac exit $status diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index b722ca0ed..32ec415da 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -4,6 +4,8 @@ Changes in Shorewall 4.4.14 2) Use conntrack in 'shorewall connections' +3) Clean up Shorewall6 error messages when running on a kernel < 2.6.24 + Changes in Shorewall 4.4.13 1) Allow zone lists in rules SOURCE and DEST. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 9bdcab856..e71f15e87 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -14,7 +14,30 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- -None. +1) Previously, messages to the STARTUP_LOG had inconsistent date formats. + +2) The blacklisting change in 4.4.13 was broken in some simple + configurations with the effect that blacklisting was not enabled. + +3) Previously, Shorewall6 produced an untidy sequence of error + messages when an attempt was made to start it on a system running a + kernel older than 2.6.24: + + [root@localhost shorewall6]# shorewall6 start + Compiling... + Processing /etc/shorewall6/shorewall6.conf... + Loading Modules... + Compiling /etc/shorewall6/zones... + ... + Shorewall configuration compiled to /var/lib/shorewall6/.start + ERROR: Shorewall6 requires Linux kernel 2.6.24 or later + /usr/share/shorewall6/lib.common: line 73: + [: -lt: unary operator expected + ERROR: Shorewall6 requires Linux kernel 2.6.24 or later + [root@localhost shorewall6]# + + This has been corrected so that a single ERROR message is + generated. ---------------------------------------------------------------------------- I I. K N O W N P R O B L E M S R E M A I N I N G diff --git a/Shorewall6/lib.common b/Shorewall6/lib.common index e826f24d0..48936e75b 100644 --- a/Shorewall6/lib.common +++ b/Shorewall6/lib.common @@ -35,7 +35,7 @@ get_script_version() { # $1 = script temp=$( $SHOREWALL_SHELL $1 version | sed 's/-.*//' ) - if [ $? -ne 0 ]; then + if [ -z "$temp" ]; then version=0 else ifs=$IFS