Correct version of firewall script

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@234 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Lrp/etc/init.d/shorewall

@@ -200,8 +200,7 @@ createchain() # $1 = chain name, $2 = If non-null, don't create default rules
 	state="ESTABLISHED"
 	[ -n "$ALLOWRELATED" ] && state="$state,RELATED"
 	run_iptables -A $1 -m state --state $state -j ACCEPT
-	[ -z "$NEWNOTSYN" ] && \
-	    run_iptables -A $1 -m state --state NEW -p tcp !--syn -j newnotsyn
+	run_iptables -A $1 -m state --state NEW -p tcp !--syn -j newnotsyn
     fi
 
     eval ${1}_exists=Yes
@@ -2397,10 +2396,6 @@ setup_masq()
 	    interface="${interface%:*}"
 	fi
 
-	if ! list_search $interface $all_interfaces; then
-	    fatal_error "Error: Unknown interface $interface"
-	fi
-	
 	if [ "$subnet" = "${subnet%!*}" ]; then
 	    nomasq=
 	else
@@ -2528,7 +2523,7 @@ process_blacklist_rec() {
 		--log-level $BLACKLIST_LOGLEVEL
 	run_iptables -A blacklst $source -j $disposition
 
-	echo "   $addr added to Black List"
+	echo "	 $addr added to Black List"
     done
 }
 
@@ -2731,14 +2726,12 @@ initialize_netfilter () {
 	    --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 
     
-    if [ -z "$NEWNOTSYN" ]; then
-	createchain newnotsyn no
-	run_user_exit newnotsyn
-	[ -n "$LOGNEWNOTSYN" ] && \
-	    run_iptables -A newnotsyn -j LOG \
-	    --log-prefix "Shorewall:newnotsyn:DROP:" --log-level $LOGNEWNOTSYN
-	run_iptables -A newnotsyn -j DROP
-    fi	
+    createchain newnotsyn no
+    run_user_exit newnotsyn
+    [ -n "$LOGNEWNOTSYN" ] && \
+	run_iptables -A newnotsyn -j LOG \
+	--log-prefix "Shorewall:newnotsyn:DROP:" --log-level $LOGNEWNOTSYN
+    run_iptables -A newnotsyn -j DROP	
 
     createchain icmpdef no
     createchain common	no
@@ -2836,7 +2829,7 @@ add_common_rules() {
     # PING
     #
     [ -n "$FORWARDPING" ] && \
-	run_iptables -A icmpdef -p icmp --icmp-type echo-request -j ACCEPT
+	run_iptables -A common -p icmp --icmp-type echo-request -j ACCEPT
     ############################################################################
     # Common ICMP rules
     #
@@ -2861,8 +2854,8 @@ add_common_rules() {
     echo "Adding rules for DHCP"
 
     for interface in `find_interfaces_by_option dhcp`; do
-	run_iptables -A `input_chain $interface` -p udp --dport 67:68 -j ACCEPT
-	run_iptables -A OUTPUT	  -o $interface	 -p udp --dport 67:68 -j ACCEPT
+       run_iptables -A `input_chain $interface` -p udp --dport 67:68 -j ACCEPT
+       run_iptables -A OUTPUT    -o $interface  -p udp --dport 67:68 -j ACCEPT
     done
 
     ###########################################################################
@@ -3310,6 +3303,11 @@ refresh_firewall()
     run_iptables -F common
 
     echo "Adding Common Rules"
+    ###########################################################################
+    # PING
+    #
+    [ -n "$FORWARDPING" ] && \
+	run_iptables -A common -p icmp --icmp-type echo-request -j ACCEPT
     ############################################################################
     # Common rules in each chain
     #
@@ -3418,7 +3416,6 @@ do_initialize() {
     DETECT_DNAT_IPADDRS=
     MERGE_HOSTS=
     MUTEX_TIMEOUT=
-    NEWNOTSYN=
     LOGNEWNOTSYN=
     FORWARDPING=
     stopping=
@@ -3498,7 +3495,6 @@ do_initialize() {
     DETECT_DNAT_IPADDRS=`added_param_value_no DETECT_DNAT_IPADDRS $DETECT_DNAT_IPADDRS`
     MERGE_HOSTS=`added_param_value_no MERGE_HOSTS $MERGE_HOSTS`
     FORWARDPING=`added_param_value_no FORWARDPING $FORWARDPING`
-    NEWNOTSYN=`added_param_value_yes NEWNOTSYN $NEWNOTSYN`
 }
 
 ################################################################################