diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt index 99cea9575..5c2139497 100644 --- a/Shorewall2/changelog.txt +++ b/Shorewall2/changelog.txt @@ -5,4 +5,6 @@ Changes since 2.0.2 2) Restore file now loads kernel modules. -3) Minor tweaks to the restore mechanism. \ No newline at end of file +3) Minor tweaks to the restore mechanism. + +4) Allow "!" in accounting rules. diff --git a/Shorewall2/firewall b/Shorewall2/firewall index 6b68482bc..55d02dcef 100755 --- a/Shorewall2/firewall +++ b/Shorewall2/firewall @@ -2238,8 +2238,8 @@ process_accounting_rule() { ensurechain1 $chain - if iptables -A $chain $rule ; then - [ "x$rule2" != x ] && run_iptables -A $jumpchain $rule2 + if iptables -A $chain $(fix_bang $rule) ; then + [ -n "$rule2" ] && run_iptables2 -A $jumpchain $rule2 progress_message " Accounting rule" $action $chain $source $dest $proto $port $sport Added else accounting_error @@ -2730,7 +2730,7 @@ process_actions1() { case $temp in ACCEPT|REJECT|DROP) eval ${temp}_common=$xaction - if ! list_search $xaction $USEDACTIONS; then + if [ -n "$xaction" ] && ! list_search $xaction $USEDACTIONS; then USEDACTIONS="$USEDACTIONS $xaction" [ $COMMAND = check ] || createactionchain $xaction fi @@ -5415,6 +5415,8 @@ define_firewall() # $1 = Command (Start or Restart) verify_os_version verify_ip + [ -d /var/lib/shorewall ] || mkdir -p /var/lib/shorewall + echo '#bin/sh' > /var/lib/shorewall/restore-$$ save_command "# Restore base file generated $(date)" save_command ". /usr/share/shorewall/functions" @@ -5952,7 +5954,7 @@ do_initialize() { determine_capabilities [ -z "${STATEDIR}" ] && STATEDIR=/var/state/shorewall - + [ -d $STATEDIR ] || mkdir -p $STATEDIR [ -z "$FW" ] && FW=fw diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt index 123f60e8d..0105b6fff 100755 --- a/Shorewall2/releasenotes.txt +++ b/Shorewall2/releasenotes.txt @@ -17,4 +17,4 @@ None. New Features: -None. \ No newline at end of file +1) "!" is now allowed in accounting rules.