forked from extern/shorewall_code
Add a hack to work around a 'feature' of xtables-addons on Lenny
Be more careful about checking for the ipset utility before saving the ipsets Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
f306018159
commit
a1fd3aa7e3
@ -2162,6 +2162,7 @@ sub compile_stop_firewall( $ ) {
|
|||||||
# Stop/restore the firewall after an error or because of a 'stop' or 'clear' command
|
# Stop/restore the firewall after an error or because of a 'stop' or 'clear' command
|
||||||
#
|
#
|
||||||
stop_firewall() {
|
stop_firewall() {
|
||||||
|
local hack
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
$output->{policy} = 'ACCEPT' if $config{ADMINISABSENTMINDED};
|
$output->{policy} = 'ACCEPT' if $config{ADMINISABSENTMINDED};
|
||||||
@ -2344,13 +2345,35 @@ EOF
|
|||||||
if ( @ipsets ) {
|
if ( @ipsets ) {
|
||||||
emit <<'EOF';
|
emit <<'EOF';
|
||||||
|
|
||||||
if [ -n "$(mywhich ipset)" ]; then
|
case $IPSET in
|
||||||
if $IPSET -S > ${VARDIR}/ipsets.tmp; then
|
*/*)
|
||||||
|
if [ ! -x "$IPSET" ]; then
|
||||||
|
error_message "ERROR: IPSET=$IPSET does not exist or is not executable - ipsets are not saved"
|
||||||
|
IPSET=
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
IPSET="$(mywhich $IPSET)"
|
||||||
|
[ -n "$IPSET" ] || error_message "ERROR: The ipset utility cannot be located - ipsets are not saved"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
if [ -n "$IPSET" ]; then
|
||||||
|
if [ -f /etc/debian_version ] && [ $(cat /etc/debian_version) = 5.0.3 ]; then
|
||||||
|
#
|
||||||
|
# The 'grep -v' is a hack for a bug in ipset's nethash implementation when xtables-addons is applied to Lenny
|
||||||
|
#
|
||||||
|
hack='| grep -v /31'
|
||||||
|
else
|
||||||
|
hack=
|
||||||
|
fi
|
||||||
|
|
||||||
|
if eval $IPSET -S $hack > ${VARDIR}/ipsets.tmp; then
|
||||||
#
|
#
|
||||||
# Don't save an 'empty' file
|
# Don't save an 'empty' file
|
||||||
#
|
#
|
||||||
grep -q '^-N' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${VARDIR}/ipsets.save
|
grep -q '^-N' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${VARDIR}/ipsets.save
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
EOF
|
EOF
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user