From 06dc3cf91e00080f55766904d7102d68db07bded Mon Sep 17 00:00:00 2001 From: teastep Date: Tue, 22 Nov 2005 02:27:00 +0000 Subject: [PATCH] Make Shorewall tolerate prehistoric kernels git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3046 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 6 ++++++ Shorewall/firewall | 12 ++++++------ Shorewall/releasenotes.txt | 11 ++++++++++- 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 24f64fc4a..5908339c1 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -1,3 +1,9 @@ +Changes in 3.0.2 + +1) Typos in the Samples corrected. + +2) Incompatibility with old kernels worked around. + Changes in 3.0.1 1) Set policies for chains in nat, mangle and raw tables. diff --git a/Shorewall/firewall b/Shorewall/firewall index 65c81f858..30006f9c3 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -2126,7 +2126,7 @@ stop_firewall() { run_iptables -t mangle -F run_iptables -t mangle -X for chain in PREROUTING INPUT FORWARD POSTROUTING; do - run_iptables -t mangle -P $chain ACCEPT + qt $IPTABLES -t mangle -P $chain ACCEPT done fi @@ -2134,14 +2134,14 @@ stop_firewall() { run_iptables -t raw -F run_iptables -t raw -X for chain in PREROUTING OUTPUT; do - run_iptables -t raw -P $chain ACCEPT + qt $IPTABLES -t raw -P $chain ACCEPT done fi if [ -n "$NAT_ENABLED" ]; then delete_nat for chain in PREROUTING POSTROUTING OUTPUT; do - run_iptables -t nat -P $chain ACCEPT + qt $IPTABLES -t nat -P $chain ACCEPT done fi @@ -7709,7 +7709,7 @@ initialize_netfilter () { if [ -n "$NAT_ENABLED" ]; then delete_nat for chain in PREROUTING POSTROUTING OUTPUT; do - run_iptables -t nat -P $chain ACCEPT + qt $IPTABLES -t nat -P $chain ACCEPT done fi @@ -7719,7 +7719,7 @@ initialize_netfilter () { run_iptables -t mangle -F run_iptables -t mangle -X for chain in PREROUTING INPUT FORWARD POSTROUTING; do - run_iptables -t mangle -P $chain ACCEPT + qt $IPTABLES -t mangle -P $chain ACCEPT done fi @@ -7727,7 +7727,7 @@ initialize_netfilter () { run_iptables -t raw -F run_iptables -t raw -X for chain in PREROUTING OUTPUT; do - run_iptables -t raw -P $chain ACCEPT + qt $IPTABLES -t raw -P $chain ACCEPT done fi diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index eae331711..f58fc1762 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -1,4 +1,13 @@ -Shorewall 3.0.1 +Shorewall 3.0.2 + +Problems Corrected in 3.0.2 + +1) A couple of typos in the one-interface sample configuration have + been corrected. + +2) The 3.0.1 version of Shorewall was incompatible with old versions of + the Linux kernel (2.4.7 for example). The new code ignores errors + produced when Shorewall 3.x is run on these ancient kernels. Problems Corrected in 3.0.1