Fixes from 3.4

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6566 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2007-06-16 15:24:17 +00:00 · 2007-06-16 15:24:17 +00:00 · 3803870081
commit 3803870081
parent d49b31d7d0
4 changed files with 56 additions and 16 deletions
--- a/Shorewall-common/lib.config
+++ b/Shorewall-common/lib.config
@ -413,7 +413,9 @@ setup_ipsec() {

 	if [ "$policy" != NONE ]; then
 	    ensurechain $1
-	    run_iptables -I $1 -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss $2: -j TCPMSS --set-mss $2
+	    local match=
+	    [ "$TCPMSS_MATCH" ] && match="-m tcpmss --mss $2: "
+	    run_iptables -I $1 -p tcp --tcp-flags SYN,RST SYN ${match}-j TCPMSS --set-mss $2
 	fi
    }
    #
--- a/Shorewall-common/shorewall
+++ b/Shorewall-common/shorewall
@ -1400,6 +1400,49 @@ while [ $finished -eq 0 ]; do
    esac
 done

+version_command() {
+    local finished=0 all=
+
+    while [ $finished -eq 0 -a $# -gt 0 ]; do
+	option=$1
+	case $option in
+	    -*)
+		option=${option#-}
+
+		while [ -n "$option" ]; do
+		    case $option in
+			-)
+			    finished=1
+			    option=
+			    ;;
+			a*)
+			    all=Yes
+			    option=${option#a}
+			    ;;
+			*)
+			    usage 1
+			    ;;
+		    esac
+		done
+		shift
+		;;
+	    *)
+		finished=1
+		;;
+	esac
+    done
+
+    [ $# -gt 0 ] && usage 1
+
+    echo $version
+
+    if [ -n "$all" ]; then
+	if [ -f /usr/share/shorewall-perl/version ]; then
+	    echo "Shorewall-perl $(cat /usr/share/shorewall-perl/version)"
+	fi
+    fi
+}
+
 if [ $# -eq 0 ]; then
    usage 1
 fi
@ -1560,15 +1603,8 @@ case "$COMMAND" in
 	hits_command
 	;;
    version)
-	echo $version
-
-	if [ -f /usr/share/shorewall-shell/version ]; then
-	    echo "Shorewall-shell $(cat /usr/share/shorewall-shell/version)"
-	fi
-
-	if [ -f /usr/share/shorewall-perl/version ]; then
-	    echo "Shorewall-perl $(cat /usr/share/shorewall-perl/version)"
-	fi
+	shift
+	version_command $@
 	;;
    try)
 	get_config
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@ -605,9 +605,9 @@ case "$COMMAND" in
 	[ -n "$debugging" ] && set -x
 	[ $# -eq 1 ] && usage 1
 	if shorewall_is_started ; then
-	    mutex_on
+	    [ -n "$nolock" ] || mutex_on
 	    block DROP Dropped $*
-	    mutex_off
+	    [ -n "$nolock" ] || mutex_off
 	else
 	    error_message "ERROR: Shorewall Lite is not started"
 	    exit 2
@ -617,9 +617,9 @@ case "$COMMAND" in
 	[ -n "$debugging" ] && set -x
 	[ $# -eq 1 ] && usage 1
 	if shorewall_is_started ; then
-	    mutex_on
+	    [ -n "$nolock" ] || mutex_on
 	    block logdrop Dropped $*
-	    mutex_off
+	    [ -n "$nolock" ] || mutex_off
 	else
 	    error_message "ERROR: Shorewall Lite is not started"
 	    exit 2
@ -629,9 +629,9 @@ case "$COMMAND" in
 	[ -n "$debugging" ] && set -x
 	[ $# -eq 1 ] && usage 1
 	if shorewall_is_started ; then
-	    mutex_on
+	    [ -n "$nolock" ] || mutex_on
 	    block $COMMAND Rejected $*
-	    mutex_off
+	    [ -n "$nolock" ] || mutex_off
 	else
 	    error_message "ERROR: Shorewall Lite is not started"
 	    exit 2
--- a/Shorewall-shell/compiler
+++ b/Shorewall-shell/compiler
@ -4865,6 +4865,7 @@ compile_firewall() # $1 = File Name
    local IPTABLES_COMMAND=run_iptables
    local INDENT=""
    local checking= outfile=$1 dir=
+    local match=

    setup_mss()
    {
@ -4874,6 +4875,7 @@ compile_firewall() # $1 = File Name
 		;;
 	    *)
 		option="--set-mss $CLAMPMSS"
+		[ "$TCPMSS_MATCH" ] && match="-m tcpmss --mss $CLAMPMSS: "
 		;;
 	esac