From 08993cfe08976be54f4452460198bae2e7888016 Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 31 Oct 2005 21:06:01 +0000 Subject: [PATCH] Stop whining about ipt_owner messages under kernel 2.6.14 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2939 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 4 +++- Shorewall/functions | 2 +- Shorewall/releasenotes.txt | 4 ++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index e0e4f1a9b..18300ca5a 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -4,7 +4,9 @@ Changes in 3.0.0 RC 3. 2) Suppress 'ambiguous redirect' error messages. -2) Correct stupid typo in release notes ([rej|drop]NewNot vs. [rej|drop]NewNon) +3) Correct stupid typo in release notes ([rej|drop]NewNot vs. [rej|drop]NewNon). + +4) Stop whining about ipt_owner messages under kernel 2.6.14. Changes in 3.0.0 RC 2. diff --git a/Shorewall/functions b/Shorewall/functions index 1d826415f..c7aebb3ea 100755 --- a/Shorewall/functions +++ b/Shorewall/functions @@ -907,7 +907,7 @@ determine_capabilities() { qt $IPTABLES -A fooX1234 -m physdev --physdev-in eth0 -j ACCEPT && PHYSDEV_MATCH=Yes qt $IPTABLES -A fooX1234 -m iprange --src-range 192.168.1.5-192.168.1.124 -j ACCEPT && IPRANGE_MATCH=Yes qt $IPTABLES -A fooX1234 -m recent --update -j ACCEPT && RECENT_MATCH=Yes - qt $IPTABLES -A fooX1234 -m owner --cmd-owner foo -j ACCEPT && OWNER_MATCH=Yes + qt $IPTABLES -A fooX1234 -m owner --uid-owner 0 -j ACCEPT && OWNER_MATCH=Yes qt $IPTABLES -A fooX1234 -m connmark --mark 2 -j ACCEPT && CONNMARK_MATCH=Yes qt $IPTABLES -A fooX1234 -p tcp -m ipp2p --ipp2p -j ACCEPT && IPP2P_MATCH=Yes diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 8d6a996f8..2dab9c232 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -12,6 +12,10 @@ Problems Corrected in 3.0.0 RC 3: "/usr/share/shorewall/firewall:  line 128:  $RESTOREBASE:  ambiguous redirect" +3) The test that Shorewall uses to detect the availability of the + owner match capability has been changed to avoid the generation + of ipt_owner messages under kernel 2.6.14. + Migration Considerations: 1) The "monitor" command has been eliminated.