diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index bfa30c7dc..cc1737bfd 100755 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -4,6 +4,8 @@ Changes in 2.5.5 2) Fix install.sh re: Makefile +3) Fix error handling. + Changes in 2.5.4 1) Allow TAG to be used as a general parameter mechanism [hack]. diff --git a/Shorewall/firewall b/Shorewall/firewall index 8cbd87c26..35b07840e 100755 --- a/Shorewall/firewall +++ b/Shorewall/firewall @@ -133,7 +133,7 @@ ensure_and_save_command() if eval $* ; then echo "$@" >> $RESTOREBASE else - [ -z "STOPPING" ] && { stop_firewall; exit 2; } + [ -z "$STOPPING" ] && { stop_firewall; exit 2; } fi } @@ -156,7 +156,7 @@ run_iptables() { [ -n "$IPRANGE_MATCH" ] && [ -f $TMP_DIR/iprange ] && rm -f $TMP_DIR/iprange if ! $IPTABLES $@ ; then - if [ -z "STOPPING" ]; then + if [ -z "$STOPPING" ]; then error_message "ERROR: Command \"$IPTABLES $@\" Failed" stop_firewall exit 2 @@ -196,7 +196,7 @@ qt_iptables() { # run_ip() { if ! ip $@ ; then - if [ -z "STOPPING" ]; then + if [ -z "$STOPPING" ]; then error_message "ERROR: Command \"ip $@\" Failed" stop_firewall exit 2 @@ -209,7 +209,7 @@ run_ip() { # run_tc() { if ! tc $@ ; then - if [ -z "STOPPING" ]; then + if [ -z "$STOPPING" ]; then error_message "ERROR: Command \"tc $@\" Failed" stop_firewall exit 2 @@ -222,7 +222,7 @@ run_tc() { # run_ipset() { if ! ipset $@ ; then - if [ -z "STOPPING" ]; then + if [ -z "$STOPPING" ]; then error_message "ERROR: Command \"ipset $@\" Failed" stop_firewall exit 2 @@ -1813,7 +1813,7 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = dispositi case $level in ULOG) if ! $IPTABLES $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix "$prefix" ; then - if [ -z "STOPPING" ]; then + if [ -z "$STOPPING" ]; then error_message "ERROR: Command \"$IPTABLES $command $chain $@ $limit -j ULOG $LOGPARMS --ulog-prefix \"$prefix\"\" Failed" stop_firewall exit 2 @@ -1822,7 +1822,7 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = dispositi ;; *) if ! $IPTABLES $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix "$prefix"; then - if [ -z "STOPPING" ]; then + if [ -z "$STOPPING" ]; then error_message "ERROR: Command \"$IPTABLES $command $chain $@ $limit -j LOG $LOGPARMS --log-level $level --log-prefix \"$prefix\"\" Failed" stop_firewall exit 2 @@ -1832,7 +1832,7 @@ log_rule_limit() # $1 = log level, $2 = chain, $3 = display Chain $4 = dispositi esac if [ $? -ne 0 ] ; then - [ -z "STOPPING" ] && { stop_firewall; exit 2; } + [ -z "$STOPPING" ] && { stop_firewall; exit 2; } fi } diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 3ef70cbbd..bdc62ec93 100755 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -5,7 +5,13 @@ Problems Corrected in 2.5.5: 1) The install script now installs the correct Makefile. Previously, the /etc/shorewall/actions file was identical to the Makefile. -2) The IPSEC column in /etc/shorewall/zones has been renamed TYPE and +2) Error Handling was completely broken; operations such as + "shorewall start" would continue after what should have been fatal + errors. + +New Features in 2.5.5: + +1) The IPSEC column in /etc/shorewall/zones has been renamed TYPE and can have one of the following values: plain, -, or A normal zone