Work around RH7.3 'service' anomaly

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@595 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-18 18:26:05 +00:00 · 2003-06-18 18:26:05 +00:00 · 170c3df6c4
commit 170c3df6c4
parent ae42fcdbe6
3 changed files with 7 additions and 30 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -1,15 +1,3 @@
-Changes since 1.4.4b
-
-1) The command "shorewall debug try <directory>" now correctly traces
-   the attempt.
-
-2) The ORIGINAL DEST column in a DNAT[-] or REDIRECT[-] rule may now
-   contain a list of addresses. If the list begins with "!' then the
-   rule will take effect only if the original destination address in
-   the connection request does not match any of the addresses listed.
-
-3) Enhanced processing of the zones file to allow the INCLUDE
-   directive.
- 
-4) Fix processing of the routestopped file's second column.
+Changes since 1.4.5

+1) Worked around RH7.3 "service" anomaly.
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -233,8 +233,7 @@ createchain() # $1 = chain name, $2 = If "yes", create default rules
    run_iptables -N $1

    if [ $2 = yes ]; then
-	state="ESTABLISHED,RELATED"
-	run_iptables -A $1 -m state --state $state -j ACCEPT
+	run_iptables -A $1 -m state --state ESTABLISHED,RELATED -j ACCEPT
 	[ -z "$NEWNOTSYN" ] && \
 	    run_iptables -A $1 -m state --state NEW -p tcp ! --syn -j newnotsyn
    fi
@ -3207,7 +3206,7 @@ load_kernel_modules() {
 # Verify that the 'ip' program is installed

 verify_ip() {
-    qt which ip ||\
+    qt ip link ls ||\
 	startup_error "Shorewall $version requires the iproute package ('ip' utility)"
 }

--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -2,19 +2,9 @@ This is a minor release of Shorewall.

 Problems Corrected:

-1) The command "shorewall debug try <directory>" now correctly traces
-   the attempt.
-
-2) The INCLUDE directive now works properly in the zones file;
-   previously, INCLUDE in that file was ignored.
-
-3) /etc/shorewall/routestopped records with an empty second column are no
-   longer ignored.
+1) A problem seen on RH7.3 systems where Shorewall encountered start
+   errors when started using the "service" mechanism has been worked
+   around.

 New Features:

-1) The ORIGINAL DEST column in a DNAT[-] or REDIRECT[-] rule may now
-   contain a list of addresses. If the list begins with "!' then the
-   rule will take effect only if the original destination address in
-   the connection request does not match any of the addresses listed.
-