From 0a4f26a318e82d78d2b2c4ca55b85d93b81a6902 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Thu, 16 Aug 2012 14:46:48 -0700 Subject: [PATCH] Correct handling of existing notrack file. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Raw.pm | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Raw.pm b/Shorewall/Perl/Shorewall/Raw.pm index f212d0366..d190063de 100644 --- a/Shorewall/Perl/Shorewall/Raw.pm +++ b/Shorewall/Perl/Shorewall/Raw.pm @@ -201,15 +201,16 @@ sub process_format( $ ) { sub setup_conntrack() { - my $format = 1; - my $action = 'NOTRACK'; - for my $name ( qw/notrack conntrack/ ) { my $fn = open_file( $name ); if ( $fn ) { + my $format = 1; + + my $action = 'NOTRACK'; + my $empty = 1; first_entry( "$doing $fn..." ); @@ -224,11 +225,6 @@ sub setup_conntrack() { $format = process_format( $dest ); next; } - - if ( $source eq 'COMMENT' ) { - process_comment; - next; - } } else { ( $action, $source, $dest, $proto, $ports, $sports, $user ) = split_line1 'Conntrack File', { action => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, user => 6 }, { COMMENT => 0, FORMAT => 2 }; @@ -237,11 +233,11 @@ sub setup_conntrack() { $action = 'NOTRACK'; next; } + } - if ( $action eq 'COMMENT' ) { - process_comment; - next; - } + if ( $action eq 'COMMENT' ) { + process_comment; + next; } $empty = 0; @@ -257,11 +253,15 @@ sub setup_conntrack() { clear_comment; - if ( $empty && $name eq 'notrack') { - if ( unlink( $fn ) ) { - warning_message "Empty notrack file ($fn) removed"; + if ( $name eq 'notrack') { + if ( $empty ) { + if ( unlink( $fn ) ) { + warning_message "Empty notrack file ($fn) removed"; + } else { + warning_message "Unable to remove empty notrack file ($fn): $!"; + } } else { - warning_message "Unable to remove empty notrack file ($fn): $!"; + warning_message "Non-empty notrack file ($fn); please move its contents to the conntrack file"; } } }