- fixed error code for stopping a already stopped firewall (rhbz#321751)

- moved blacklist test into start

iptables.init

@@ -32,12 +32,6 @@ if [ ! -x /sbin/$IPTABLES ]; then
     exit 5
 fi
 
-if [ "${IPV}" = "ip6" ] \
-    && grep -qIs "^blacklist\W${_IPV}" /etc/modprobe.conf /etc/modprobe.d/* ; then
-    echo $"$0: ${_IPV} is blacklisted."
-    exit 0
-fi
-
 # Old or new modutils
 /sbin/modprobe --version 2>&1 | grep -q module-init-tools \
     && NEW_MODUTILS=1 \
@@ -94,7 +88,7 @@ rmmod_r() {
 
 flush_n_delete() {
     # Flush firewall rules and delete chains.
-    [ -e "$PROC_IPTABLES_NAMES" ] || return 1
+    [ ! -e "$PROC_IPTABLES_NAMES" ] && return 0
 
     # Check if firewall is configured (has tables)
     [ -z "$NF_TABLES" ] && return 1
@@ -126,7 +120,7 @@ set_policy() {
     policy=$1
 
     # Check if iptable module is loaded
-    [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1
+    [ ! -e "$PROC_IPTABLES_NAMES" ] && return 0
 
     # Check if firewall is configured (has tables)
     tables=$(cat "$PROC_IPTABLES_NAMES" 2>/dev/null)
@@ -175,7 +169,13 @@ set_policy() {
 
 start() {
     # Do not start if there is no config file.
-    [ -f "$IPTABLES_DATA" ] || return 1
+    [ ! -f "$IPTABLES_DATA" ] && return 6
+
+    if [ "${IPV}" = "ip6" ] \
+	&& grep -qIs "^blacklist\W*${_IPV}" /etc/modprobe.conf /etc/modprobe.d/* ; then
+	echo $"${0##*/}: ${_IPV} is blacklisted."
+	return 6
+    fi
 
     echo -n $"Applying $IPTABLES firewall rules: "
 
@@ -208,7 +208,7 @@ start() {
 
 stop() {
     # Do not stop if iptables module is not loaded.
-    [ -e "$PROC_IPTABLES_NAMES" ] || return 1
+    [ ! -e "$PROC_IPTABLES_NAMES" ] && return 0
 
     flush_n_delete
     set_policy ACCEPT
@@ -235,10 +235,10 @@ stop() {
 
 save() {
     # Check if iptable module is loaded
-    [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1
+    [ ! -e "$PROC_IPTABLES_NAMES" ] && return 0
 
     # Check if firewall is configured (has tables)
-    [ -z "$NF_TABLES" ] && return 1
+    [ -z "$NF_TABLES" ] && return 6
 
     echo -n $"Saving firewall rules to $IPTABLES_DATA: "
 
@@ -271,7 +271,7 @@ save() {
 
 status() {
     if [ ! -f "$VAR_SUBSYS_IPTABLES" -a -z "$NF_TABLES" ]; then
-	echo $"Firewall is not running."
+	echo $"${0##*/}: Firewall is not running."
 	return 3
     fi
 
@@ -279,13 +279,13 @@ status() {
     # loaded.
     # Check if iptable modules are loaded
     if [ ! -e "$PROC_IPTABLES_NAMES" ]; then
-	echo $"Firewall modules not loaded."
+	echo $"${0##*/}: Firewall modules are not loaded."
 	return 3
     fi
 
     # Check if firewall is configured (has tables)
     if [ -z "$NF_TABLES" ]; then
-	echo $"Firewall is not configured. "
+	echo $"${0##*/}: Firewall is not configured. "
 	return 3
     fi
 
@@ -345,7 +345,7 @@ case "$1" in
 	RETVAL=$?
 	;;
     *)
-	echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}"
+	echo $"Usage: ${0##*/} {start|stop|restart|condrestart|status|panic|save}"
 	RETVAL=2
 	;;
 esac

iptables.spec

@@ -3,7 +3,7 @@
 Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
 Version: 1.3.8
-Release: 4.1%{?dist}
+Release: 5%{?dist}
 Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
@@ -153,6 +153,10 @@ fi
 %endif
 
 %changelog
+* Tue Oct 16 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-5
+- fixed error code for stopping a already stopped firewall (rhbz#321751)
+- moved blacklist test into start
+
 * Wed Sep 26 2007 Thomas Woerner <twoerner@redhat.com> 1.3.8-4.1
 - do not start ip6tables if ipv6 is blacklisted (rhbz#236888)
 - use simpler fix for (rhbz#295611)