From 4592b58df6033730ff58c906a025b4c8d69f33f7 Mon Sep 17 00:00:00 2001 From: teastep Date: Mon, 19 Jun 2006 23:57:01 +0000 Subject: [PATCH] Fix blacklist loading git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4147 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- Shorewall/changelog.txt | 2 ++ Shorewall/compiler | 20 +++++++++----------- Shorewall/releasenotes.txt | 5 ++++- 3 files changed, 15 insertions(+), 12 deletions(-) diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index ba961b2a0..e289764f6 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -2,6 +2,8 @@ Changes in 3.2.0 RC 5 1) Fix DOA 'LITEDIR' problem in /sbin/shorewall. +2) Stop the compiler from running iptables. + ------------------------------------------------------------------------------- Changes in 3.2.0 RC 4 diff --git a/Shorewall/compiler b/Shorewall/compiler index 969a0f8ce..20d50910b 100755 --- a/Shorewall/compiler +++ b/Shorewall/compiler @@ -6656,21 +6656,19 @@ refresh_blacklist() { local f=$(find_file blacklist) local disposition=$BLACKLIST_DISPOSITION - if qt $IPTABLES -L blacklst -n ; then - progress_message2 "$DOING Black List..." - save_progress_message "Loading Black List..." + progress_message2 "$DOING Black List..." + save_progress_message "Loading Black List..." - strip_file blacklist $f + strip_file blacklist $f - [ "$disposition" = REJECT ] && disposition=reject + [ "$disposition" = REJECT ] && disposition=reject - run_iptables -F blacklst + run_iptables -F blacklst - while read networks protocol ports; do - expandv networks protocol ports - process_blacklist_rec - done < $TMP_DIR/blacklist - fi + while read networks protocol ports; do + expandv networks protocol ports + process_blacklist_rec + done < $TMP_DIR/blacklist } # diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 413400a8c..7c6b5b6b2 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -40,6 +40,9 @@ Problems Corrected in 3.2.0 RC 5 ERROR: LITEDIR not defined in /usr/share/shorewall/configpath wifitipper: +2) The compiler was running iptables needlessly when DELAYBLACKLISTLOAD=Yes. + This could also result in the blacklist not being loaded in some cases. + Other changes in 3.2.0 RC 5 None. @@ -589,7 +592,7 @@ New Features: refresh". 18) "load" and "reload" commands have been added. These commands allow - a non-root user with ssh access to a remote system running + a non-root user with ssh access to a remote system running Shorewall Lite to compile a firewall script on the local system and to install that script on the remote system.