From 86cf128a9f7ca2c7c06b4640712a15fe7100c756 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Fri, 26 Nov 2004 23:33:32 +0000
Subject: [PATCH] Fix some bugs in Tuomas's patch

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1772 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall2/changelog.txt    | 2 ++
 Shorewall2/firewall         | 2 +-
 Shorewall2/releasenotes.txt | 3 +++
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt
index ab1036c6d..6af0ced32 100644
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@@ -150,3 +150,5 @@ Changes since 2.0.3
 72) Apply Tuomas Jormola's IPTABLES patch.
 
 73) Fixed some bugs in Tuomas's patch.
+
+74) Correct bug in "shorewall add"
diff --git a/Shorewall2/firewall b/Shorewall2/firewall
index ca1a03946..6aadddbdc 100755
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@@ -1756,7 +1756,7 @@ setup_ipsec() {
     set_mss1() # $1 = chain, $2 = MSS
     {
 	eval local policy=\$${1}_policy
-	if [ "$policy" != NONE ]; then
+	if [ "$policy" != NONE -a "$COMMAND" != add ]; then
 	    ensurechain $1
 	    run_iptables -I $1 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss $2
 	fi
diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt
index dc9f8fec5..4f4413cbb 100755
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@@ -138,6 +138,9 @@ Problems corrected since 2.2.0 Beta 5:
 1) Many problems associated with an empty IPTABLES variable have been
    corrected.
 
+2) A 'chain already exists' error occurs on "shorewall add" if you are
+   using the 'mss' option in the ipsec file.
+
 -----------------------------------------------------------------------
 Issues when migrating from Shorewall 2.0 to Shorewall 2.1: