forked from extern/shorewall_code
Clean up untidiness where Shorewall6 tries to start on a system with an old kernel
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
a79a8d4acc
commit
f07ec1e9d3
@ -17,6 +17,19 @@ usage() {
|
|||||||
echo " -R <file> Override RESTOREFILE setting"
|
echo " -R <file> Override RESTOREFILE setting"
|
||||||
exit $1
|
exit $1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
checkkernelversion() {
|
||||||
|
local kernel
|
||||||
|
|
||||||
|
kernel=$(printf "%2d%02d%02d" $(uname -r 2> /dev/null | sed -e 's/-.*//' -e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\)\.\([0-9][0-9]*\).*$/\1 \2 \3/g'))
|
||||||
|
|
||||||
|
if [ $kernel -lt 20624 ]; then
|
||||||
|
error_message "ERROR: $g_product requires Linux kernel 2.6.24 or later"
|
||||||
|
return 1
|
||||||
|
else
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
}
|
||||||
################################################################################
|
################################################################################
|
||||||
# E X E C U T I O N B E G I N S H E R E #
|
# E X E C U T I O N B E G I N S H E R E #
|
||||||
################################################################################
|
################################################################################
|
||||||
@ -155,12 +168,8 @@ done
|
|||||||
|
|
||||||
COMMAND="$1"
|
COMMAND="$1"
|
||||||
|
|
||||||
kernel=$(printf "%2d%02d%02d" $(uname -r 2> /dev/null | sed -e 's/-.*//' -e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\)\.\([0-9][0-9]*\).*$/\1 \2 \3/g'))
|
|
||||||
if [ $kernel -lt 20624 ]; then
|
case "$COMMAND" in
|
||||||
error_message "ERROR: $g_product requires Linux kernel 2.6.24 or later"
|
|
||||||
status=2
|
|
||||||
else
|
|
||||||
case "$COMMAND" in
|
|
||||||
start)
|
start)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
if shorewall6_is_started; then
|
if shorewall6_is_started; then
|
||||||
@ -168,27 +177,32 @@ else
|
|||||||
status=0
|
status=0
|
||||||
else
|
else
|
||||||
progress_message3 "Starting $g_product...."
|
progress_message3 "Starting $g_product...."
|
||||||
|
if checkkernelversion; then
|
||||||
detect_configuration
|
detect_configuration
|
||||||
define_firewall
|
define_firewall
|
||||||
status=$?
|
status=$?
|
||||||
[ -n "$SUBSYSLOCK" -a $status -eq 0 ] && touch $SUBSYSLOCK
|
[ -n "$SUBSYSLOCK" -a $status -eq 0 ] && touch $SUBSYSLOCK
|
||||||
progress_message3 "done."
|
progress_message3 "done."
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
stop)
|
stop)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
|
if checkkernelversion; then
|
||||||
progress_message3 "Stopping $g_product...."
|
progress_message3 "Stopping $g_product...."
|
||||||
detect_configuration
|
detect_configuration
|
||||||
stop_firewall
|
stop_firewall
|
||||||
status=0
|
status=0
|
||||||
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
|
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
|
||||||
progress_message3 "done."
|
progress_message3 "done."
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
reset)
|
reset)
|
||||||
if ! shorewall6_is_started ; then
|
if ! shorewall6_is_started ; then
|
||||||
error_message "$g_product is not running"
|
error_message "$g_product is not running"
|
||||||
status=2
|
status=2
|
||||||
elif [ $# -eq 1 ]; then
|
elif checkkernelversion; then
|
||||||
|
if [ $# -eq 1 ]; then
|
||||||
$IP6TABLES -Z
|
$IP6TABLES -Z
|
||||||
$IP6TABLES -t mangle -Z
|
$IP6TABLES -t mangle -Z
|
||||||
date > ${VARDIR}/restarted
|
date > ${VARDIR}/restarted
|
||||||
@ -211,6 +225,7 @@ else
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
restart)
|
restart)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
@ -222,6 +237,7 @@ else
|
|||||||
COMMAND=start
|
COMMAND=start
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if checkkernelversion; then
|
||||||
detect_configuration
|
detect_configuration
|
||||||
define_firewall
|
define_firewall
|
||||||
status=$?
|
status=$?
|
||||||
@ -229,15 +245,18 @@ else
|
|||||||
[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
|
[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
|
||||||
fi
|
fi
|
||||||
progress_message3 "done."
|
progress_message3 "done."
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
refresh)
|
refresh)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
if shorewall6_is_started; then
|
if shorewall6_is_started; then
|
||||||
progress_message3 "Refreshing $g_product...."
|
progress_message3 "Refreshing $g_product...."
|
||||||
|
if checkkernelversion; then
|
||||||
detect_configuration
|
detect_configuration
|
||||||
define_firewall
|
define_firewall
|
||||||
status=$?
|
status=$?
|
||||||
progress_message3 "done."
|
progress_message3 "done."
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
echo "$g_product is not running" >&2
|
echo "$g_product is not running" >&2
|
||||||
status=2
|
status=2
|
||||||
@ -245,22 +264,26 @@ else
|
|||||||
;;
|
;;
|
||||||
restore)
|
restore)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
|
if checkkernelversion; then
|
||||||
detect_configuration
|
detect_configuration
|
||||||
define_firewall
|
define_firewall
|
||||||
status=$?
|
status=$?
|
||||||
if [ -n "$SUBSYSLOCK" ]; then
|
if [ -n "$SUBSYSLOCK" ]; then
|
||||||
[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
|
[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
clear)
|
clear)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
progress_message3 "Clearing $g_product...."
|
progress_message3 "Clearing $g_product...."
|
||||||
|
if checkkernelversion; then
|
||||||
clear_firewall
|
clear_firewall
|
||||||
status=0
|
status=0
|
||||||
if [ -n "$SUBSYSLOCK" ]; then
|
if [ -n "$SUBSYSLOCK" ]; then
|
||||||
rm -f $SUBSYSLOCK
|
rm -f $SUBSYSLOCK
|
||||||
fi
|
fi
|
||||||
progress_message3 "done."
|
progress_message3 "done."
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
status)
|
status)
|
||||||
[ $# -ne 1 ] && usage 2
|
[ $# -ne 1 ] && usage 2
|
||||||
@ -306,7 +329,6 @@ else
|
|||||||
*)
|
*)
|
||||||
usage 2
|
usage 2
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
fi
|
|
||||||
|
|
||||||
exit $status
|
exit $status
|
||||||
|
@ -4,6 +4,8 @@ Changes in Shorewall 4.4.14
|
|||||||
|
|
||||||
2) Use conntrack in 'shorewall connections'
|
2) Use conntrack in 'shorewall connections'
|
||||||
|
|
||||||
|
3) Clean up Shorewall6 error messages when running on a kernel < 2.6.24
|
||||||
|
|
||||||
Changes in Shorewall 4.4.13
|
Changes in Shorewall 4.4.13
|
||||||
|
|
||||||
1) Allow zone lists in rules SOURCE and DEST.
|
1) Allow zone lists in rules SOURCE and DEST.
|
||||||
|
@ -14,7 +14,30 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
|||||||
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
|
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
|
|
||||||
None.
|
1) Previously, messages to the STARTUP_LOG had inconsistent date formats.
|
||||||
|
|
||||||
|
2) The blacklisting change in 4.4.13 was broken in some simple
|
||||||
|
configurations with the effect that blacklisting was not enabled.
|
||||||
|
|
||||||
|
3) Previously, Shorewall6 produced an untidy sequence of error
|
||||||
|
messages when an attempt was made to start it on a system running a
|
||||||
|
kernel older than 2.6.24:
|
||||||
|
|
||||||
|
[root@localhost shorewall6]# shorewall6 start
|
||||||
|
Compiling...
|
||||||
|
Processing /etc/shorewall6/shorewall6.conf...
|
||||||
|
Loading Modules...
|
||||||
|
Compiling /etc/shorewall6/zones...
|
||||||
|
...
|
||||||
|
Shorewall configuration compiled to /var/lib/shorewall6/.start
|
||||||
|
ERROR: Shorewall6 requires Linux kernel 2.6.24 or later
|
||||||
|
/usr/share/shorewall6/lib.common: line 73:
|
||||||
|
[: -lt: unary operator expected
|
||||||
|
ERROR: Shorewall6 requires Linux kernel 2.6.24 or later
|
||||||
|
[root@localhost shorewall6]#
|
||||||
|
|
||||||
|
This has been corrected so that a single ERROR message is
|
||||||
|
generated.
|
||||||
|
|
||||||
----------------------------------------------------------------------------
|
----------------------------------------------------------------------------
|
||||||
I I. K N O W N P R O B L E M S R E M A I N I N G
|
I I. K N O W N P R O B L E M S R E M A I N I N G
|
||||||
|
@ -35,7 +35,7 @@ get_script_version() { # $1 = script
|
|||||||
|
|
||||||
temp=$( $SHOREWALL_SHELL $1 version | sed 's/-.*//' )
|
temp=$( $SHOREWALL_SHELL $1 version | sed 's/-.*//' )
|
||||||
|
|
||||||
if [ $? -ne 0 ]; then
|
if [ -z "$temp" ]; then
|
||||||
version=0
|
version=0
|
||||||
else
|
else
|
||||||
ifs=$IFS
|
ifs=$IFS
|
||||||
|
Loading…
Reference in New Issue
Block a user