From 22d082249b4c3e7196288196b812e5fbba1e83f0 Mon Sep 17 00:00:00 2001 From: Thomas Woerner Date: Tue, 16 Oct 2007 15:30:01 +0000 Subject: [PATCH] - fixed error code for stopping a already stopped firewall (rhbz#321751) - moved blacklist test into start --- iptables.init | 32 ++++++++++++++++---------------- iptables.spec | 6 +++++- 2 files changed, 21 insertions(+), 17 deletions(-) diff --git a/iptables.init b/iptables.init index b7fe486..f44f89b 100755 --- a/iptables.init +++ b/iptables.init @@ -32,12 +32,6 @@ if [ ! -x /sbin/$IPTABLES ]; then exit 5 fi -if [ "${IPV}" = "ip6" ] \ - && grep -qIs "^blacklist\W${_IPV}" /etc/modprobe.conf /etc/modprobe.d/* ; then - echo $"$0: ${_IPV} is blacklisted." - exit 0 -fi - # Old or new modutils /sbin/modprobe --version 2>&1 | grep -q module-init-tools \ && NEW_MODUTILS=1 \ @@ -94,7 +88,7 @@ rmmod_r() { flush_n_delete() { # Flush firewall rules and delete chains. - [ -e "$PROC_IPTABLES_NAMES" ] || return 1 + [ ! -e "$PROC_IPTABLES_NAMES" ] && return 0 # Check if firewall is configured (has tables) [ -z "$NF_TABLES" ] && return 1 @@ -126,7 +120,7 @@ set_policy() { policy=$1 # Check if iptable module is loaded - [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1 + [ ! -e "$PROC_IPTABLES_NAMES" ] && return 0 # Check if firewall is configured (has tables) tables=$(cat "$PROC_IPTABLES_NAMES" 2>/dev/null) @@ -175,7 +169,13 @@ set_policy() { start() { # Do not start if there is no config file. - [ -f "$IPTABLES_DATA" ] || return 1 + [ ! -f "$IPTABLES_DATA" ] && return 6 + + if [ "${IPV}" = "ip6" ] \ + && grep -qIs "^blacklist\W*${_IPV}" /etc/modprobe.conf /etc/modprobe.d/* ; then + echo $"${0##*/}: ${_IPV} is blacklisted." + return 6 + fi echo -n $"Applying $IPTABLES firewall rules: " @@ -208,7 +208,7 @@ start() { stop() { # Do not stop if iptables module is not loaded. - [ -e "$PROC_IPTABLES_NAMES" ] || return 1 + [ ! -e "$PROC_IPTABLES_NAMES" ] && return 0 flush_n_delete set_policy ACCEPT @@ -235,10 +235,10 @@ stop() { save() { # Check if iptable module is loaded - [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1 + [ ! -e "$PROC_IPTABLES_NAMES" ] && return 0 # Check if firewall is configured (has tables) - [ -z "$NF_TABLES" ] && return 1 + [ -z "$NF_TABLES" ] && return 6 echo -n $"Saving firewall rules to $IPTABLES_DATA: " @@ -271,7 +271,7 @@ save() { status() { if [ ! -f "$VAR_SUBSYS_IPTABLES" -a -z "$NF_TABLES" ]; then - echo $"Firewall is not running." + echo $"${0##*/}: Firewall is not running." return 3 fi @@ -279,13 +279,13 @@ status() { # loaded. # Check if iptable modules are loaded if [ ! -e "$PROC_IPTABLES_NAMES" ]; then - echo $"Firewall modules not loaded." + echo $"${0##*/}: Firewall modules are not loaded." return 3 fi # Check if firewall is configured (has tables) if [ -z "$NF_TABLES" ]; then - echo $"Firewall is not configured. " + echo $"${0##*/}: Firewall is not configured. " return 3 fi @@ -345,7 +345,7 @@ case "$1" in RETVAL=$? ;; *) - echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}" + echo $"Usage: ${0##*/} {start|stop|restart|condrestart|status|panic|save}" RETVAL=2 ;; esac diff --git a/iptables.spec b/iptables.spec index 0d3ea4a..e3b387c 100644 --- a/iptables.spec +++ b/iptables.spec @@ -3,7 +3,7 @@ Name: iptables Summary: Tools for managing Linux kernel packet filtering capabilities Version: 1.3.8 -Release: 4.1%{?dist} +Release: 5%{?dist} Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2 Source1: iptables.init Source2: iptables-config @@ -153,6 +153,10 @@ fi %endif %changelog +* Tue Oct 16 2007 Thomas Woerner 1.3.8-5 +- fixed error code for stopping a already stopped firewall (rhbz#321751) +- moved blacklist test into start + * Wed Sep 26 2007 Thomas Woerner 1.3.8-4.1 - do not start ip6tables if ipv6 is blacklisted (rhbz#236888) - use simpler fix for (rhbz#295611)