holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add a hack to work around a 'feature' of xtables-addons on Lenny

Browse Source 
Be more careful about checking for the ipset utility before saving the ipsets

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-01-04 10:14:36 -08:00
parent f306018159
commit a1fd3aa7e3
1 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -2162,6 +2162,7 @@ sub compile_stop_firewall( $ ) {
# Stop/restore the firewall after an error or because of a 'stop' or 'clear' command # Stop/restore the firewall after an error or because of a 'stop' or 'clear' command
# #
stop_firewall() { stop_firewall() {
local hack
EOF EOF
$output->{policy} = 'ACCEPT' if $config{ADMINISABSENTMINDED}; $output->{policy} = 'ACCEPT' if $config{ADMINISABSENTMINDED};
@ -2344,8 +2345,30 @@ EOF
if ( @ipsets ) { if ( @ipsets ) {
emit <<'EOF'; emit <<'EOF';
if [ -n "$(mywhich ipset)" ]; then case $IPSET in
if $IPSET -S > ${VARDIR}/ipsets.tmp; then */*)
if [ ! -x "$IPSET" ]; then
error_message "ERROR: IPSET=$IPSET does not exist or is not executable - ipsets are not saved"
IPSET=
fi
;;
*)
IPSET="$(mywhich $IPSET)"
[ -n "$IPSET" ] || error_message "ERROR: The ipset utility cannot be located - ipsets are not saved"
;;
esac
if [ -n "$IPSET" ]; then
if [ -f /etc/debian_version ] && [ $(cat /etc/debian_version) = 5.0.3 ]; then
#
# The 'grep -v' is a hack for a bug in ipset's nethash implementation when xtables-addons is applied to Lenny
#
hack='| grep -v /31'
else
hack=
fi
if eval $IPSET -S $hack > ${VARDIR}/ipsets.tmp; then
# #
# Don't save an 'empty' file # Don't save an 'empty' file
# #