Issue a clearer diagnostic when ip6tables is missing

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1183 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-03-06 17:32:28 +00:00 · 2004-03-06 17:32:28 +00:00 · b79ad25c7e
commit b79ad25c7e
parent a469d0d317
4 changed files with 24 additions and 16 deletions
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@ -58,3 +58,7 @@ Changes since 1.4.10
 28) Fix the help file.

 29) Correct handling of !z1,z2,... in a DNAT/REDIRECT rule.
+
+30) Remove fw->fw policy.
+
+31) Issue clearer message if ip6tables not installed.
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@ -975,6 +975,19 @@ setup_forwarding() {
    esac
 }

+#
+# Disable IPV6
+#
+disable_ipv6() {
+    if qt which ip6tables; then
+	ip6tables -P FORWARD DROP
+	ip6tables -P INPUT DROP
+	ip6tables -P OUTPUT DROP
+    else
+	error_message "WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system has no ip6tables"
+    fi
+}
+
 #
 # Stop the Firewall
 #
@ -1010,11 +1023,7 @@ stop_firewall() {
    delete_proxy_arp
    [ -n "$CLEAR_TC" ] && delete_tc

-    if [ -n "$DISABLE_IPV6" ]; then
-	ip6tables -P FORWARD DROP
-	ip6tables -P INPUT DROP
-	ip6tables -P OUTPUT DROP
-    fi
+    [ -n "$DISABLE_IPV6" ] && disable_ipv6

    if [ -z "$ADMINISABSENTMINDED" ]; then
 	for chain in INPUT OUTPUT FORWARD; do
@ -4274,11 +4283,7 @@ initialize_netfilter () {
    setcontinue INPUT
    setcontinue OUTPUT

-    if [ -n "$DISABLE_IPV6" ]; then
-	ip6tables -P FORWARD DROP
-	ip6tables -P INPUT DROP
-	ip6tables -P OUTPUT DROP
-    fi
+    [ -n "$DISABLE_IPV6" ] && disable_ipv6

    #
    # Enable the Loopback interface for now
--- a/Shorewall2/policy
+++ b/Shorewall2/policy
@ -76,12 +76,6 @@
 ###############################################################################
 #SOURCE		DEST		POLICY		LOG		LIMIT:BURST
 #						LEVEL
-#
-#   Unless you *really* know what you are doing, DO NOT TOUCH THIS
-#   POLICY!
-#
-fw		fw		ACCEPT
-#
 loc		net		ACCEPT
 net		all		DROP		info
 #
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@ -26,6 +26,11 @@ Problems Corrected since RC1
   to allow traffic through a bridge while shorewall is stopped.

 2) The /usr/share/shorewall/help file has been corrected.
+
+3) fw->fw policy removed from /etc/shorewall/policy.
+
+4) If IPV6_DISABLE=Yes, a clearer diagnostic message is issued if
+   ip6tables is not installed.
 -----------------------------------------------------------------------
 Issues when migrating from Shorewall 1.4.x to Shorewall 2.0.0: