Fix more $RESTOREBASE bugs; fix COMMAND typos

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1462 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/changelog.txt

@@ -10,3 +10,5 @@ Changes since 2.0.3
 4) Implement 'dropInvalid' builtin action.
 
 5) Fix logging nat rules.
+
+6) Fix COMMAND typos.

Shorewall2/firewall

@@ -1220,6 +1220,21 @@ disable_ipv6() {
     fi
 }
 
+disable_ipv6_1() {
+    local foo=$(ip -f inet6 addr ls 2> /dev/null)
+
+    if [ -n "$foo" ]; then
+	if qt which ip6tables; then
+	    progress_message "Disabling IPV6..."
+	    ip6tables -P FORWARD DROP
+	    ip6tables -P INPUT DROP
+	    ip6tables -P OUTPUT DROP
+	else
+	    error_message "WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not appear to have ip6tables"
+	fi
+    fi
+}
+
 #
 # Stop the Firewall
 #
@@ -1271,7 +1286,7 @@ stop_firewall() {
     delete_proxy_arp
     [ -n "$CLEAR_TC" ] && delete_tc1
 
-    [ -n "$DISABLE_IPV6" ] && disable_ipv6
+    [ -n "$DISABLE_IPV6" ] && disable_ipv6_1
 
     if [ -z "$ADMINISABSENTMINDED" ]; then
 	for chain in INPUT OUTPUT FORWARD; do
@@ -2441,7 +2456,7 @@ refresh_tc() {
 # Add one Filter Rule from an action -- Helper function for the action file processor
 #
 # The caller has established the following variables:
-#    check        = current command. If 'check', we're executing a 'check'
+#    COMMAND      = current command. If 'check', we're executing a 'check'
 #                   which only goes through the motions.
 #    client	  = SOURCE IP or MAC
 #    server	  = DESTINATION IP or interface
@@ -2941,7 +2956,7 @@ process_actions2() {
 		log_action dLogNotSyn DROP		
 		;;
 	    dropInvalid)
-		[ "COMMAND" != check ] && run_iptables -A dropInvalid -m state --state INVALID -j DROP
+		[ "$COMMAND" != check ] && run_iptables -A dropInvalid -m state --state INVALID -j DROP
 		;;
 	    *)
 		f=action.$xaction
@@ -2960,7 +2975,7 @@ process_actions2() {
 # Add a NAT rule - Helper function for the rules file processor
 #
 # The caller has established the following variables:
-#    command        = The current command -- if 'check', we just go through
+#    COMMAND        = The current command -- if 'check', we just go through
 #                     the motions.
 #    cli	    = Source IP, interface or MAC Specification
 #    serv	    = Destination IP Specification
@@ -3148,7 +3163,7 @@ add_nat_rule() {
 # Add one Filter Rule -- Helper function for the rules file processor
 #
 # The caller has established the following variables:
-#    command     = current command. If 'check', we're executing a 'check'
+#    COMMAND     = current command. If 'check', we're executing a 'check'
 #                  which only goes through the motions.
 #    client	 = SOURCE IP or MAC
 #    server	 = DESTINATION IP or interface

Shorewall2/releasenotes.txt

@@ -12,6 +12,12 @@ Problems Corrected since 2.0.3
 3)  Two problems with logging NAT rules (DNAT and REDIRECT) could cause
     startup failures.
 
+Problems Corrected since 2.1.0
+
+1)  The "check" command fails with the following message:
+
+	iptables: No chain/target/match by that name
+
 -----------------------------------------------------------------------
 Issues when migrating from Shorewall 2.0 to Shorewall 2.1: