mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-15 12:14:32 +01:00
Move module state check fix to trunk
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9400 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
9d8997be32
commit
f35013649e
@ -226,32 +226,6 @@ sub generate_script_1() {
|
||||
'[ -d ${VARDIR} ] || mkdir -p ${VARDIR}'
|
||||
);
|
||||
|
||||
if ( $family == F_IPV4 ) {
|
||||
emit ( '',
|
||||
'#',
|
||||
'# Recent kernels are difficult to configure -- we see state match omitted a lot so we check for it here',
|
||||
'#',
|
||||
'qt1 $IPTABLES -N foox1234',
|
||||
'qt1 $IPTABLES -A foox1234 -m state --state ESTABLISHED,RELATED -j ACCEPT',
|
||||
'result=$?',
|
||||
'qt1 $IPTABLES -F foox1234',
|
||||
'qt1 $IPTABLES -X foox1234',
|
||||
'[ $result = 0 ] || startup_error "Your kernel/iptables do not include state match support. No version of Shorewall will run on this system"',
|
||||
'' );
|
||||
} else {
|
||||
emit ( '',
|
||||
'#',
|
||||
'# Recent kernels are difficult to configure -- we see state match omitted a lot so we check for it here',
|
||||
'#',
|
||||
'qt1 $IP6TABLES -N foox1234',
|
||||
'qt1 $IP6TABLES -A foox1234 -m state --state ESTABLISHED,RELATED -j ACCEPT',
|
||||
'result=$?',
|
||||
'qt1 $IP6TABLES -F foox1234',
|
||||
'qt1 $IP6TABLES -X foox1234',
|
||||
'[ $result = 0 ] || startup_error "Your kernel/ip6tables do not include state match support. No version of Shorewall6 will run on this system"',
|
||||
'' );
|
||||
}
|
||||
|
||||
pop_indent;
|
||||
|
||||
emit "}\n"; # End of initialize()
|
||||
@ -697,6 +671,7 @@ sub generate_script_4($) {
|
||||
} else {
|
||||
progress_message2 "Creating ip6tables-restore input...";
|
||||
}
|
||||
|
||||
create_netfilter_load( $test );
|
||||
create_chainlist_reload( $_[0] );
|
||||
|
||||
@ -733,6 +708,17 @@ sub generate_script_4($) {
|
||||
push_indent;
|
||||
|
||||
if ( $family == F_IPV4 ) {
|
||||
emit ( '#',
|
||||
'# Recent kernels are difficult to configure -- we see state match omitted a lot so we check for it here',
|
||||
'#',
|
||||
'qt1 $IPTABLES -N foox1234',
|
||||
'qt1 $IPTABLES -A foox1234 -m state --state ESTABLISHED,RELATED -j ACCEPT',
|
||||
'result=$?',
|
||||
'qt1 $IPTABLES -F foox1234',
|
||||
'qt1 $IPTABLES -X foox1234',
|
||||
'[ $result = 0 ] || startup_error "Your kernel/iptables do not include state match support. No version of Shorewall will run on this system"',
|
||||
'' );
|
||||
|
||||
for my $interface ( @{find_interfaces_by_option 'norfc1918'} ) {
|
||||
emit ( "addr=\$(ip -f inet addr show $interface 2> /dev/null | grep 'inet\ ' | head -n1)",
|
||||
'if [ -n "$addr" ]; then',
|
||||
@ -766,6 +752,17 @@ sub generate_script_4($) {
|
||||
emit "disable_ipv6\n" if $config{DISABLE_IPV6};
|
||||
|
||||
} else {
|
||||
emit ( '#',
|
||||
'# Recent kernels are difficult to configure -- we see state match omitted a lot so we check for it here',
|
||||
'#',
|
||||
'qt1 $IP6TABLES -N foox1234',
|
||||
'qt1 $IP6TABLES -A foox1234 -m state --state ESTABLISHED,RELATED -j ACCEPT',
|
||||
'result=$?',
|
||||
'qt1 $IP6TABLES -F foox1234',
|
||||
'qt1 $IP6TABLES -X foox1234',
|
||||
'[ $result = 0 ] || startup_error "Your kernel/ip6tables do not include state match support. No version of Shorewall6 will run on this system"',
|
||||
'' );
|
||||
|
||||
emit ( '[ "$COMMAND" = refresh ] && run_refresh_exit || run_init_exit',
|
||||
'',
|
||||
'qt1 $IP6TABLES -L shorewall -n && qt1 $IP6TABLES -F shorewall && qt1 $IP6TABLES -X shorewall',
|
||||
|
Loading…
Reference in New Issue
Block a user