Clean up untidiness where Shorewall6 tries to start on a system with an old kernel

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/prog.footer6

@@ -17,6 +17,19 @@ usage() {
     echo "   -R <file>        Override RESTOREFILE setting"
     exit $1
 }
+
+checkkernelversion() {
+    local kernel
+
+    kernel=$(printf "%2d%02d%02d" $(uname -r 2> /dev/null | sed -e 's/-.*//' -e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\)\.\([0-9][0-9]*\).*$/\1 \2 \3/g'))
+    
+    if [ $kernel -lt 20624 ]; then
+	error_message "ERROR: $g_product requires Linux kernel 2.6.24 or later"
+	return 1
+    else 
+	return 0
+    fi
+}
 ################################################################################
 # E X E C U T I O N    B E G I N S   H E R E				       #
 ################################################################################
@@ -155,40 +168,41 @@ done
 
 COMMAND="$1"
 
-kernel=$(printf "%2d%02d%02d" $(uname -r 2> /dev/null | sed -e 's/-.*//' -e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\)\.\([0-9][0-9]*\).*$/\1 \2 \3/g'))
+
-if [ $kernel -lt 20624 ]; then
+case "$COMMAND" in
-    error_message "ERROR: $g_product requires Linux kernel 2.6.24 or later"
+    start)
-    status=2
+	[ $# -ne 1 ] && usage 2
-else
+	if shorewall6_is_started; then
-    case "$COMMAND" in
+	    error_message "$g_product is already Running"
-	start)
+	    status=0
-	    [ $# -ne 1 ] && usage 2
+	else
-	    if shorewall6_is_started; then
+	    progress_message3 "Starting $g_product...."
-		error_message "$g_product is already Running"
+	    if checkkernelversion; then
-		status=0
-	    else
-		progress_message3 "Starting $g_product...."
 		detect_configuration
 		define_firewall
 		status=$?
 		[ -n "$SUBSYSLOCK" -a $status -eq 0 ] && touch $SUBSYSLOCK
 		progress_message3 "done."
 	    fi
-	    ;;
+	fi
-	stop)
+	;;
-	    [ $# -ne 1 ] && usage 2
+    stop)
+	[ $# -ne 1 ] && usage 2
+	if checkkernelversion; then
 	    progress_message3 "Stopping $g_product...."
 	    detect_configuration
 	    stop_firewall
 	    status=0
 	    [ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
 	    progress_message3 "done."
-	    ;;
+	fi
- 	reset)
+	;;
-	    if ! shorewall6_is_started ; then
+    reset)
-		error_message "$g_product is not running"
+	if ! shorewall6_is_started ; then
-		status=2
+	    error_message "$g_product is not running"
-	    elif [ $# -eq 1 ]; then
+	    status=2
+	elif checkkernelversion; then
+	    if [ $# -eq 1 ]; then
 		$IP6TABLES -Z
 		$IP6TABLES -t mangle -Z
 		date > ${VARDIR}/restarted
@@ -211,17 +225,19 @@ else
 		    fi
 		done
 	    fi
-	    ;;
+	fi
-	restart)
+	;;
-	    [ $# -ne 1 ] && usage 2
+    restart)
-	    if shorewall6_is_started; then
+	[ $# -ne 1 ] && usage 2
-		progress_message3 "Restarting $g_product...."
+	if shorewall6_is_started; then
-	    else
+	    progress_message3 "Restarting $g_product...."
-		error_message "$g_product is not running"
+	else
-		progress_message3 "Starting $g_product...."
+	    error_message "$g_product is not running"
-		COMMAND=start
+	    progress_message3 "Starting $g_product...."
-	    fi
+	    COMMAND=start
+	fi
 
+	if checkkernelversion; then
 	    detect_configuration
 	    define_firewall
 	    status=$?
@@ -229,84 +245,90 @@ else
  		[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
             fi
 	    progress_message3 "done."
-	    ;;
+	fi
-	refresh)
+	;;
-	    [ $# -ne 1 ] && usage 2
+    refresh)
-	    if shorewall6_is_started; then
+	[ $# -ne 1 ] && usage 2
-		progress_message3 "Refreshing $g_product...."
+	if shorewall6_is_started; then
+	    progress_message3 "Refreshing $g_product...."
+	    if checkkernelversion; then
 		detect_configuration
 		define_firewall
 		status=$?
 		progress_message3 "done."
-	    else
-		echo "$g_product is not running" >&2
-		status=2
 	    fi
-	    ;;
+	else
-	restore)
+	    echo "$g_product is not running" >&2
-	    [ $# -ne 1 ] && usage 2
+	    status=2
+	fi
+	;;
+    restore)
+	[ $# -ne 1 ] && usage 2
+	if checkkernelversion; then
 	    detect_configuration
 	    define_firewall
 	    status=$?
 	    if [ -n "$SUBSYSLOCK" ]; then
  		[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
             fi
-	    ;;
+	fi
-	clear)
+	;;
-	    [ $# -ne 1 ] && usage 2
+    clear)
-	    progress_message3 "Clearing $g_product...."
+	[ $# -ne 1 ] && usage 2
+	progress_message3 "Clearing $g_product...."
+	if checkkernelversion; then
 	    clear_firewall
 	    status=0
 	    if [ -n "$SUBSYSLOCK" ]; then
 		rm -f $SUBSYSLOCK
 	    fi
 	    progress_message3 "done."
-	    ;;
+	fi
-	status)
+	;;
-	    [ $# -ne 1 ] && usage 2
+    status)
-	    echo "$g_product-$SHOREWALL_VERSION Status at $(hostname) - $(date)"
+	[ $# -ne 1 ] && usage 2
-	    echo
+	echo "$g_product-$SHOREWALL_VERSION Status at $(hostname) - $(date)"
-	    if shorewall6_is_started; then
+	echo
-		echo "$g_product is running"
+	if shorewall6_is_started; then
-		status=0
+	    echo "$g_product is running"
-	    else
+	    status=0
-		echo "$g_product is stopped"
+	else
-		status=4
+	    echo "$g_product is stopped"
-	    fi
+	    status=4
+	fi
 	
-	    if [ -f ${VARDIR}/state ]; then
+	if [ -f ${VARDIR}/state ]; then
-		state="$(cat ${VARDIR}/state)"
+	    state="$(cat ${VARDIR}/state)"
-		case $state in
+	    case $state in
-		    Stopped*|Clear*)
+		Stopped*|Clear*)
-			status=3
+		    status=3
-			;;
+		    ;;
-		esac
+	    esac
-	    else
+	else
-		state=Unknown
+	    state=Unknown
-	    fi
+	fi
-	    echo "State:$state"
+	echo "State:$state"
-	    echo
+	echo
-	    ;;
+	;;
-	up|down)
+    up|down)
-	    [ $# -eq 1 ] && exit 0
+	[ $# -eq 1 ] && exit 0
-	    shift
+	shift
-	    [ $# -ne 1 ] && usage 2
+	[ $# -ne 1 ] && usage 2
-	    updown $1
+	updown $1
-	    status=0
+	status=0
-	    ;;
+	;;
-	version)
+    version)
-	    [ $# -ne 1 ] && usage 2
+	[ $# -ne 1 ] && usage 2
-	    echo $SHOREWALL_VERSION
+	echo $SHOREWALL_VERSION
-	    status=0
+	status=0
-	    ;;
+	;;
-	help)
+    help)
-	    [ $# -ne 1 ] && usage 2
+	[ $# -ne 1 ] && usage 2
-	    usage 0
+	usage 0
-	    ;;
+	;;
-	*)
+    *)
-	    usage 2
+	usage 2
-	    ;;
+	;;
-    esac
+esac
-fi
 
 exit $status

Shorewall/changelog.txt

@@ -4,6 +4,8 @@ Changes in Shorewall 4.4.14
 
 2)  Use conntrack in 'shorewall connections'
 
+3)  Clean up Shorewall6 error messages when running on a kernel < 2.6.24
+
 Changes in Shorewall 4.4.13
 
 1)  Allow zone lists in rules SOURCE and DEST.

Shorewall/releasenotes.txt

@@ -14,7 +14,30 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
   I.  P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
 ----------------------------------------------------------------------------
 
-None.
+1)  Previously, messages to the STARTUP_LOG had inconsistent date formats.
+
+2)  The blacklisting change in 4.4.13 was broken in some simple
+    configurations with the effect that blacklisting was not enabled.
+
+3)  Previously, Shorewall6 produced an untidy sequence of error
+    messages when an attempt was made to start it on a system running a
+    kernel older than 2.6.24:
+
+       [root@localhost shorewall6]# shorewall6 start
+       Compiling...
+       Processing /etc/shorewall6/shorewall6.conf...
+       Loading Modules...
+       Compiling /etc/shorewall6/zones...
+       ...
+       Shorewall configuration compiled to /var/lib/shorewall6/.start
+          ERROR: Shorewall6 requires Linux kernel 2.6.24 or later
+       /usr/share/shorewall6/lib.common: line 73: 
+             [: -lt: unary operator expected
+          ERROR: Shorewall6 requires Linux kernel 2.6.24 or later
+       [root@localhost shorewall6]#
+
+    This has been corrected so that a single ERROR message is
+    generated.
 
 ----------------------------------------------------------------------------
            I I.  K N O W N   P R O B L E M S   R E M A I N I N G

Shorewall6/lib.common

@@ -35,7 +35,7 @@ get_script_version() { # $1 = script
 
     temp=$( $SHOREWALL_SHELL $1 version | sed 's/-.*//' )
 
-    if [ $? -ne 0 ]; then
+    if [ -z "$temp" ]; then
 	version=0
     else
 	ifs=$IFS