From e075e8c3e2f2b02c1e53673ed358d2701ebf56dd Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sun, 14 Aug 2005 19:26:17 +0000
Subject: [PATCH] Fix 'Packet type match' availability reporting with
 PKTTYPE=No

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2491 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/firewall | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/Shorewall/firewall b/Shorewall/firewall
index 084d8146e..55a0ae2ee 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -4394,7 +4394,7 @@ process_actions3() {
 	case $xaction1 in
 	    dropBcast)
 		if [ "$COMMAND" != check ]; then
-		    if [ -n "$PKTTYPE" ]; then
+		    if [ -n "$USEPKTTYPE" ]; then
 			case $xlevel in
 			    none'!')
 	                        ;;
@@ -4426,7 +4426,7 @@ process_actions3() {
 		;;
 	    allowBcast)
 		if [ "$COMMAND" != check ]; then
-		    if [ -n "$PKTTYPE" ]; then
+		    if [ -n "$USEPKTTYPE" ]; then
 			case $xlevel in
 			    none'!')
 	                        ;;
@@ -6814,9 +6814,7 @@ determine_capabilities() {
 	fi
     fi		
 
-    if [ -n "$PKTTYPE" ]; then
-	qt $IPTABLES -A fooX1234 -m pkttype --pkt-type broadcast -j ACCEPT || PKTTYPE=
-    fi
+    qt $IPTABLES -A fooX1234 -m pkttype --pkt-type broadcast -j ACCEPT && USEPKTTYPE=Yes
 
     qt $IPTABLES -F fooX1234
     qt $IPTABLES -X fooX1234
@@ -6838,7 +6836,8 @@ report_capabilities() {
     report_capability "Multi-port Match" $MULTIPORT
     [ -n "$MULTIPORT" ] && report_capability "Extended Multi-port Match" $XMULTIPORT
     report_capability "Connection Tracking Match" $CONNTRACK_MATCH
-    report_capability "Packet Type Match" $PKTTYPE
+    report_capability "Packet Type Match" $USEPKTTYPE
+    [ -n "$PKTTYPE" ] || USEPKTTYPE=
     report_capability "Policy Match" $POLICY_MATCH
     report_capability "Physdev Match" $PHYSDEV_MATCH
     report_capability "IP range Match" $IPRANGE_MATCH
@@ -7100,7 +7099,7 @@ add_common_rules() {
     #
     # Reject Rules -- Don't respond to broadcasts with an ICMP
     #
-    if [ -n "$PKTTYPE" ]; then
+    if [ -n "$USEPKTTYPE" ]; then
 	qt $IPTABLES -A reject -m pkttype --pkt-type broadcast -j DROP
 	if ! qt $IPTABLES -A reject -m pkttype --pkt-type multicast -j DROP; then
             #
@@ -8506,6 +8505,7 @@ do_initialize() {
     BRIDGING=
     DYNAMIC_ZONES=
     PKTTYPE=
+    USEPKTYPE=
     RETAIN_ALIASES=
     DELAYBLACKLISTLOAD=
     LOGTAGONLY=
@@ -8589,7 +8589,7 @@ do_initialize() {
 	[ -e "$IPTABLES" ] || startup_error "\$IPTABLES=$IPTABLES does not exist or is not executable"
     fi
 
-    PKTTYPE=$(added_param_value_no PKTTYPE $PKTTYPE) # Used in determine_capabilities
+    PKTTYPE=$(added_param_value_no PKTTYPE $PKTTYPE)
 
     determine_capabilities