Hey all, Just a sanity check, but should the shorecap script in shorewall6-lite be sourcing /usr/share/shorewall6-lite/lib.base rather than /usr/share/shorewall-lite/lib.base like it does currently?
In fact shouldn't there be a general s/shorewall-lite/shorewall6-lite/
in shorecap in shorewall6-lite? Maybe there is more of that lurking
about as well.
Also, the first line of the determine_capabilities() function in
lib.base is:
qt $IP6TABLES -t mangle -L -n && MANGLE_ENABLED=Yes || MANGLE_ENABLED=
which is followed somewhat further down in the function with:
[ -n "$IP6TABLES" ] || IP6TABLES=$(mywhich ip6tables)
But shouldn't the test for the mangle table come after the conditional
setting of IP6TABLES?
FWIW, the difference in shorecap output when I make the shorewall-lite
-> shorewall6-lite changes and fix the IP6TABLES bug above is:
@@ -1,7 +1,6 @@
#
-# Shorewall 4.2.8 detected the following iptables/netfilter capabilities - Sat
Dec 5 23:32:07 EST 2009
+# Shorewall6 4.2.8 detected the following ip6tables/netfilter capabilities -
Sun Dec 6 00:04:48 EST 2009
#
-NAT_ENABLED=Yes
MANGLE_ENABLED=Yes
MULTIPORT=Yes
XMULTIPORT=Yes
@@ -16,7 +15,7 @@
IPRANGE_MATCH=Yes
RECENT_MATCH=Yes
OWNER_MATCH=
-IPSET_MATCH=Yes
+IPSET_MATCH=
CONNMARK=Yes
XCONNMARK=Yes
CONNMARK_MATCH=Yes
Cheers,
b.
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Join us December 9, 2009 for the Red Hat Virtual Experience, a free event focused on virtualization and cloud computing. Attend in-depth sessions from your desk. Your couch. Anywhere. http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
