forked from extern/shorewall_code
Clean up untidiness where Shorewall6 tries to start on a system with an old kernel
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
a79a8d4acc
commit
f07ec1e9d3
@ -17,6 +17,19 @@ usage() {
|
||||
echo " -R <file> Override RESTOREFILE setting"
|
||||
exit $1
|
||||
}
|
||||
|
||||
checkkernelversion() {
|
||||
local kernel
|
||||
|
||||
kernel=$(printf "%2d%02d%02d" $(uname -r 2> /dev/null | sed -e 's/-.*//' -e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\)\.\([0-9][0-9]*\).*$/\1 \2 \3/g'))
|
||||
|
||||
if [ $kernel -lt 20624 ]; then
|
||||
error_message "ERROR: $g_product requires Linux kernel 2.6.24 or later"
|
||||
return 1
|
||||
else
|
||||
return 0
|
||||
fi
|
||||
}
|
||||
################################################################################
|
||||
# E X E C U T I O N B E G I N S H E R E #
|
||||
################################################################################
|
||||
@ -155,11 +168,7 @@ done
|
||||
|
||||
COMMAND="$1"
|
||||
|
||||
kernel=$(printf "%2d%02d%02d" $(uname -r 2> /dev/null | sed -e 's/-.*//' -e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\)\.\([0-9][0-9]*\).*$/\1 \2 \3/g'))
|
||||
if [ $kernel -lt 20624 ]; then
|
||||
error_message "ERROR: $g_product requires Linux kernel 2.6.24 or later"
|
||||
status=2
|
||||
else
|
||||
|
||||
case "$COMMAND" in
|
||||
start)
|
||||
[ $# -ne 1 ] && usage 2
|
||||
@ -168,27 +177,32 @@ else
|
||||
status=0
|
||||
else
|
||||
progress_message3 "Starting $g_product...."
|
||||
if checkkernelversion; then
|
||||
detect_configuration
|
||||
define_firewall
|
||||
status=$?
|
||||
[ -n "$SUBSYSLOCK" -a $status -eq 0 ] && touch $SUBSYSLOCK
|
||||
progress_message3 "done."
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
stop)
|
||||
[ $# -ne 1 ] && usage 2
|
||||
if checkkernelversion; then
|
||||
progress_message3 "Stopping $g_product...."
|
||||
detect_configuration
|
||||
stop_firewall
|
||||
status=0
|
||||
[ -n "$SUBSYSLOCK" ] && rm -f $SUBSYSLOCK
|
||||
progress_message3 "done."
|
||||
fi
|
||||
;;
|
||||
reset)
|
||||
if ! shorewall6_is_started ; then
|
||||
error_message "$g_product is not running"
|
||||
status=2
|
||||
elif [ $# -eq 1 ]; then
|
||||
elif checkkernelversion; then
|
||||
if [ $# -eq 1 ]; then
|
||||
$IP6TABLES -Z
|
||||
$IP6TABLES -t mangle -Z
|
||||
date > ${VARDIR}/restarted
|
||||
@ -211,6 +225,7 @@ else
|
||||
fi
|
||||
done
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
restart)
|
||||
[ $# -ne 1 ] && usage 2
|
||||
@ -222,6 +237,7 @@ else
|
||||
COMMAND=start
|
||||
fi
|
||||
|
||||
if checkkernelversion; then
|
||||
detect_configuration
|
||||
define_firewall
|
||||
status=$?
|
||||
@ -229,15 +245,18 @@ else
|
||||
[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
|
||||
fi
|
||||
progress_message3 "done."
|
||||
fi
|
||||
;;
|
||||
refresh)
|
||||
[ $# -ne 1 ] && usage 2
|
||||
if shorewall6_is_started; then
|
||||
progress_message3 "Refreshing $g_product...."
|
||||
if checkkernelversion; then
|
||||
detect_configuration
|
||||
define_firewall
|
||||
status=$?
|
||||
progress_message3 "done."
|
||||
fi
|
||||
else
|
||||
echo "$g_product is not running" >&2
|
||||
status=2
|
||||
@ -245,22 +264,26 @@ else
|
||||
;;
|
||||
restore)
|
||||
[ $# -ne 1 ] && usage 2
|
||||
if checkkernelversion; then
|
||||
detect_configuration
|
||||
define_firewall
|
||||
status=$?
|
||||
if [ -n "$SUBSYSLOCK" ]; then
|
||||
[ $status -eq 0 ] && touch $SUBSYSLOCK || rm -f $SUBSYSLOCK
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
clear)
|
||||
[ $# -ne 1 ] && usage 2
|
||||
progress_message3 "Clearing $g_product...."
|
||||
if checkkernelversion; then
|
||||
clear_firewall
|
||||
status=0
|
||||
if [ -n "$SUBSYSLOCK" ]; then
|
||||
rm -f $SUBSYSLOCK
|
||||
fi
|
||||
progress_message3 "done."
|
||||
fi
|
||||
;;
|
||||
status)
|
||||
[ $# -ne 1 ] && usage 2
|
||||
@ -307,6 +330,5 @@ else
|
||||
usage 2
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
exit $status
|
||||
|
@ -4,6 +4,8 @@ Changes in Shorewall 4.4.14
|
||||
|
||||
2) Use conntrack in 'shorewall connections'
|
||||
|
||||
3) Clean up Shorewall6 error messages when running on a kernel < 2.6.24
|
||||
|
||||
Changes in Shorewall 4.4.13
|
||||
|
||||
1) Allow zone lists in rules SOURCE and DEST.
|
||||
|
@ -14,7 +14,30 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
|
||||
I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E
|
||||
----------------------------------------------------------------------------
|
||||
|
||||
None.
|
||||
1) Previously, messages to the STARTUP_LOG had inconsistent date formats.
|
||||
|
||||
2) The blacklisting change in 4.4.13 was broken in some simple
|
||||
configurations with the effect that blacklisting was not enabled.
|
||||
|
||||
3) Previously, Shorewall6 produced an untidy sequence of error
|
||||
messages when an attempt was made to start it on a system running a
|
||||
kernel older than 2.6.24:
|
||||
|
||||
[root@localhost shorewall6]# shorewall6 start
|
||||
Compiling...
|
||||
Processing /etc/shorewall6/shorewall6.conf...
|
||||
Loading Modules...
|
||||
Compiling /etc/shorewall6/zones...
|
||||
...
|
||||
Shorewall configuration compiled to /var/lib/shorewall6/.start
|
||||
ERROR: Shorewall6 requires Linux kernel 2.6.24 or later
|
||||
/usr/share/shorewall6/lib.common: line 73:
|
||||
[: -lt: unary operator expected
|
||||
ERROR: Shorewall6 requires Linux kernel 2.6.24 or later
|
||||
[root@localhost shorewall6]#
|
||||
|
||||
This has been corrected so that a single ERROR message is
|
||||
generated.
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
I I. K N O W N P R O B L E M S R E M A I N I N G
|
||||
|
@ -35,7 +35,7 @@ get_script_version() { # $1 = script
|
||||
|
||||
temp=$( $SHOREWALL_SHELL $1 version | sed 's/-.*//' )
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
if [ -z "$temp" ]; then
|
||||
version=0
|
||||
else
|
||||
ifs=$IFS
|
||||
|
Loading…
Reference in New Issue
Block a user