Clean up untidiness where Shorewall6 tries to start on a system with an old kernel

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-25 08:46:14 -07:00 · 2010-09-25 08:46:14 -07:00 · f07ec1e9d3
commit f07ec1e9d3
parent a79a8d4acc
4 changed files with 142 additions and 95 deletions
--- a/Shorewall/Perl/prog.footer6
+++ b/Shorewall/Perl/prog.footer6
@ -17,6 +17,19 @@ usage() {
    echo "   -R <file>        Override RESTOREFILE setting"
    exit $1
 }
 checkkernelversion() {
    local kernel
    kernel=$(printf "%2d%02d%02d" $(uname -r 2> /dev/null | sed -e 's/-.*//' -e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\)\.\([0-9][0-9]*\).*$/\1 \2 \3/g'))
    if [ $kernel -lt 20624 ]; then
 	error_message "ERROR: $g_product requires Linux kernel 2.6.24 or later"
 	return 1
    else 
 	return 0
    fi
 }
 ################################################################################
 # E X E C U T I O N    B E G I N S   H E R E				       #
 ################################################################################
@ -155,11 +168,7 @@ done
 COMMAND="$1"
-kernel=$(printf "%2d%02d%02d" $(uname -r 2> /dev/null | sed -e 's/-.*//' -e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\)\.\([0-9][0-9]*\).*$/\1 \2 \3/g'))
+
 if [ $kernel -lt 20624 ]; then
    error_message "ERROR: $g_product requires Linux kernel 2.6.24 or later"
    status=2
 else
 case "$COMMAND" in
    start)
 	[ $# -ne 1 ] && usage 2
@ -168,27 +177,32 @@ else
 	    status=0
 	else
 	    progress_message3 "Starting $g_product...."
 	    if checkkernelversion; then
 		detect_configuration
 		define_firewall
 		status=$?
 		[ -n "$SUBSYSLOCK" -a $status -eq 0 ] && touch $SUBSYSLOCK
 		progress_message3 "done."
 	    fi
 	fi
 	;;
    stop)
 	[ $# -ne 1 ] && usage 2
 	if checkkernelversion; then
 	    progress_message3 "Stopping $g_product...."
 	    detect_configuration
 	    stop_firewall
 	    status=0
 	    [ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
 	    progress_message3 "done."
 	fi
 	;;
    reset)
 	if ! shorewall6_is_started ; then
 	    error_message "$g_product is not running"
 	    status=2
-	    elif [ $# -eq 1 ]; then
+	elif checkkernelversion; then
 	    if [ $# -eq 1 ]; then
 		$IP6TABLES -Z
 		$IP6TABLES -t mangle -Z
 		date > ${VARDIR}/restarted
@ -211,6 +225,7 @@ else
 		    fi
 		done
 	    fi
 	fi
 	;;
    restart)
 	[ $# -ne 1 ] && usage 2
@ -222,6 +237,7 @@ else
 	    COMMAND=start
 	fi
 	if checkkernelversion; then
 	    detect_configuration
 	    define_firewall
 	    status=$?
@ -229,15 +245,18 @@ else
 		[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
            fi
 	    progress_message3 "done."
 	fi
 	;;
    refresh)
 	[ $# -ne 1 ] && usage 2
 	if shorewall6_is_started; then
 	    progress_message3 "Refreshing $g_product...."
 	    if checkkernelversion; then
 		detect_configuration
 		define_firewall
 		status=$?
 		progress_message3 "done."
 	    fi
 	else
 	    echo "$g_product is not running" >&2
 	    status=2
@ -245,22 +264,26 @@ else
 	;;
    restore)
 	[ $# -ne 1 ] && usage 2
 	if checkkernelversion; then
 	    detect_configuration
 	    define_firewall
 	    status=$?
 	    if [ -n "$SUBSYSLOCK" ]; then
 		[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
            fi
 	fi
 	;;
    clear)
 	[ $# -ne 1 ] && usage 2
 	progress_message3 "Clearing $g_product...."
 	if checkkernelversion; then
 	    clear_firewall
 	    status=0
 	    if [ -n "$SUBSYSLOCK" ]; then
 		rm -f $SUBSYSLOCK
 	    fi
 	    progress_message3 "done."
 	fi
 	;;
    status)
 	[ $# -ne 1 ] && usage 2
@ -307,6 +330,5 @@ else
 	usage 2
 	;;
 esac
 fi
 exit $status
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -4,6 +4,8 @@ Changes in Shorewall 4.4.14
 2)  Use conntrack in 'shorewall connections'
 3)  Clean up Shorewall6 error messages when running on a kernel < 2.6.24
 Changes in Shorewall 4.4.13
 1)  Allow zone lists in rules SOURCE and DEST.
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -14,7 +14,30 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
  I.  P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
 ----------------------------------------------------------------------------
-None.
+1)  Previously, messages to the STARTUP_LOG had inconsistent date formats.
 2)  The blacklisting change in 4.4.13 was broken in some simple
    configurations with the effect that blacklisting was not enabled.
 3)  Previously, Shorewall6 produced an untidy sequence of error
    messages when an attempt was made to start it on a system running a
    kernel older than 2.6.24:
       [root@localhost shorewall6]# shorewall6 start
       Compiling...
       Processing /etc/shorewall6/shorewall6.conf...
       Loading Modules...
       Compiling /etc/shorewall6/zones...
       ...
       Shorewall configuration compiled to /var/lib/shorewall6/.start
          ERROR: Shorewall6 requires Linux kernel 2.6.24 or later
       /usr/share/shorewall6/lib.common: line 73: 
             [: -lt: unary operator expected
          ERROR: Shorewall6 requires Linux kernel 2.6.24 or later
       [root@localhost shorewall6]#
    This has been corrected so that a single ERROR message is
    generated.
 ----------------------------------------------------------------------------
           I I.  K N O W N   P R O B L E M S   R E M A I N I N G
--- a/Shorewall6/lib.common
+++ b/Shorewall6/lib.common
@ -35,7 +35,7 @@ get_script_version() { # $1 = script
    temp=$( $SHOREWALL_SHELL $1 version | sed 's/-.*//' )
-    if [ $? -ne 0 ]; then
+    if [ -z "$temp" ]; then
 	version=0
    else
 	ifs=$IFS