holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Move module state check fix to trunk

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9400 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2009-02-03 23:03:28 +00:00
parent 9d8997be32
commit f35013649e
1 changed files with 25 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
Shorewall-perl/Shorewall/Compiler.pm
View File

@ -226,32 +226,6 @@ sub generate_script_1() {
'[ -d ${VARDIR} ] || mkdir -p ${VARDIR}' '[ -d ${VARDIR} ] || mkdir -p ${VARDIR}'
); );
if ( $family == F_IPV4 ) {
emit ( '',
'#',
'# Recent kernels are difficult to configure -- we see state match omitted a lot so we check for it here',
'#',
'qt1 $IPTABLES -N foox1234',
'qt1 $IPTABLES -A foox1234 -m state --state ESTABLISHED,RELATED -j ACCEPT',
'result=$?',
'qt1 $IPTABLES -F foox1234',
'qt1 $IPTABLES -X foox1234',
'[ $result = 0 ] || startup_error "Your kernel/iptables do not include state match support. No version of Shorewall will run on this system"',
'' );
} else {
emit ( '',
'#',
'# Recent kernels are difficult to configure -- we see state match omitted a lot so we check for it here',
'#',
'qt1 $IP6TABLES -N foox1234',
'qt1 $IP6TABLES -A foox1234 -m state --state ESTABLISHED,RELATED -j ACCEPT',
'result=$?',
'qt1 $IP6TABLES -F foox1234',
'qt1 $IP6TABLES -X foox1234',
'[ $result = 0 ] || startup_error "Your kernel/ip6tables do not include state match support. No version of Shorewall6 will run on this system"',
'' );
}
pop_indent; pop_indent;
emit "}\n"; # End of initialize() emit "}\n"; # End of initialize()
@ -697,6 +671,7 @@ sub generate_script_4($) {
} else { } else {
progress_message2 "Creating ip6tables-restore input..."; progress_message2 "Creating ip6tables-restore input...";
} }
create_netfilter_load( $test ); create_netfilter_load( $test );
create_chainlist_reload( $_[0] ); create_chainlist_reload( $_[0] );
@ -733,6 +708,17 @@ sub generate_script_4($) {
push_indent; push_indent;
if ( $family == F_IPV4 ) { if ( $family == F_IPV4 ) {
emit ( '#',
'# Recent kernels are difficult to configure -- we see state match omitted a lot so we check for it here',
'#',
'qt1 $IPTABLES -N foox1234',
'qt1 $IPTABLES -A foox1234 -m state --state ESTABLISHED,RELATED -j ACCEPT',
'result=$?',
'qt1 $IPTABLES -F foox1234',
'qt1 $IPTABLES -X foox1234',
'[ $result = 0 ] || startup_error "Your kernel/iptables do not include state match support. No version of Shorewall will run on this system"',
'' );
for my $interface ( @{find_interfaces_by_option 'norfc1918'} ) { for my $interface ( @{find_interfaces_by_option 'norfc1918'} ) {
emit ( "addr=\$(ip -f inet addr show $interface 2> /dev/null | grep 'inet\ ' | head -n1)", emit ( "addr=\$(ip -f inet addr show $interface 2> /dev/null | grep 'inet\ ' | head -n1)",
'if [ -n "$addr" ]; then', 'if [ -n "$addr" ]; then',
@ -766,6 +752,17 @@ sub generate_script_4($) {
emit "disable_ipv6\n" if $config{DISABLE_IPV6}; emit "disable_ipv6\n" if $config{DISABLE_IPV6};
} else { } else {
emit ( '#',
'# Recent kernels are difficult to configure -- we see state match omitted a lot so we check for it here',
'#',
'qt1 $IP6TABLES -N foox1234',
'qt1 $IP6TABLES -A foox1234 -m state --state ESTABLISHED,RELATED -j ACCEPT',
'result=$?',
'qt1 $IP6TABLES -F foox1234',
'qt1 $IP6TABLES -X foox1234',
'[ $result = 0 ] || startup_error "Your kernel/ip6tables do not include state match support. No version of Shorewall6 will run on this system"',
'' );
emit ( '[ "$COMMAND" = refresh ] && run_refresh_exit || run_init_exit', emit ( '[ "$COMMAND" = refresh ] && run_refresh_exit || run_init_exit',
'', '',
'qt1 $IP6TABLES -L shorewall -n && qt1 $IP6TABLES -F shorewall && qt1 $IP6TABLES -X shorewall', 'qt1 $IP6TABLES -L shorewall -n && qt1 $IP6TABLES -F shorewall && qt1 $IP6TABLES -X shorewall',