holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Merge branch '4.6.2' into 4.6.3

Browse Source 
Conflicts:
	Shorewall/Perl/Shorewall/Providers.pm

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2014-09-16 08:09:20 -07:00
commit f9d98b74a2
3 changed files with 24 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Shorewall-core/lib.cli
View File

@ -1470,10 +1470,22 @@ do_dump_command() {
$g_tool -t rawpost -L $g_ipt_options $g_tool -t rawpost -L $g_ipt_options
fi fi
local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count) local count
local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max) local max
heading "Conntrack Table ($count out of $max)" if [ -f /proc/sys/net/netfilter/nf_conntrack_count ]; then
count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
heading "Conntrack Table ($count out of $max)"
elif [ -f /proc/sys/net/ipv4/netfilter/ip_conntrack_count ]; then
count=$(cat /proc/sys/net/ipv4/netfilter/ip_conntrack_count)
max=$(cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max)
heading "Conntrack Table ($count out of $max)"
else
heading "Conntrack Table"
fi
if [ $g_family -eq 4 ]; then if [ $g_family -eq 4 ]; then
[ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack [ -f /proc/net/ip_conntrack ] && cat /proc/net/ip_conntrack || grep -v '^ipv6' /proc/net/nf_conntrack

11
Shorewall-init/shorewall-init
View File

@ -63,18 +63,19 @@ shorewall_start () {
for PRODUCT in $PRODUCTS; do for PRODUCT in $PRODUCTS; do
setstatedir setstatedir
if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then if [ -x ${STATEDIR}/firewall ]; then
# #
# Run in a sub-shell to avoid name collisions # Run in a sub-shell to avoid name collisions
# #
( (
if ! ${STATEDIR}/$PRODUCT/firewall status > /dev/null 2>&1; then if ! ${STATEDIR}/firewall status > /dev/null 2>&1; then
${STATEDIR}/$PRODUCT/firewall ${OPTIONS} stop || exit 1 ${STATEDIR}/firewall ${OPTIONS} stop || exit 1
else else
exit 1 exit 1
fi fi
) )
else else
echo ERROR: ${STATEDIR}/firewall does not exist or is not executable!
exit 1 exit 1
fi fi
done done
@ -95,8 +96,8 @@ shorewall_stop () {
for PRODUCT in $PRODUCTS; do for PRODUCT in $PRODUCTS; do
setstatedir setstatedir
if [ -x ${STATEDIR}/$PRODUCT/firewall ]; then if [ -x ${STATEDIR}/firewall ]; then
${STATEDIR}/$PRODUCT/firewall ${OPTIONS} clear || exit 1 ${STATEDIR}/firewall ${OPTIONS} clear || exit 1
fi fi
done done

3
Shorewall/Perl/Shorewall/Providers.pm
View File

@ -460,6 +460,9 @@ sub process_a_provider( $ ) {
fatal_error "A bridge port ($interface) may not be configured as a provider interface" if port_to_bridge $interface; fatal_error "A bridge port ($interface) may not be configured as a provider interface" if port_to_bridge $interface;
#
# Switch to the logical name if a physical name was passed
#
my $physical; my $physical;
if ( $interface eq $interfaceref->{name} ) { if ( $interface eq $interfaceref->{name} ) {