rpms/iptables/devel iptables.init, 1.16, 1.17 iptables.spec, 1.53, 1.54
Thomas Woerner (twoerner)
fedora-extras-commits at redhat.com
Wed Sep 26 16:00:30 UTC 2007
Author: twoerner
Update of /cvs/pkgs/rpms/iptables/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21176
Modified Files:
iptables.init iptables.spec
Log Message:
- do not start ip6tables if ipv6 is blacklisted (rhbz#236888)
- use simpler fix for (rhbz#295611)
Thanks to Linus Torvalds for the patch.
Index: iptables.init
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/devel/iptables.init,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- iptables.init 24 Sep 2007 16:03:24 -0000 1.16
+++ iptables.init 26 Sep 2007 15:59:58 -0000 1.17
@@ -32,6 +32,12 @@
exit 5
fi
+if [ "${IPV}" = "ip6" ] \
+ && grep -qIs "^blacklist\W${_IPV}" /etc/modprobe.conf /etc/modprobe.d/* ; then
+ echo $"$0: ${_IPV} is blacklisted."
+ exit 0
+fi
+
# Old or new modutils
/sbin/modprobe --version 2>&1 | grep -q module-init-tools \
&& NEW_MODUTILS=1 \
@@ -52,26 +58,9 @@
NF_MODULES=(${IPV}_tables nf_conntrack_${_IPV})
NF_MODULES_COMMON=(x_tables nf_conntrack) # Used by netfilter v4 and v6
-# Are netfilter modules loaded?
-MODULES_LOADED=0
-for mod in ${NF_MODULES[*]} ${NF_MODULES_COMMON[*]}; do
- $(lsmod | grep -q ^${mod} | awk '{print $1}')
- if [ $? -eq 0 ]; then
- MODULES_LOADED=1
- break
- fi
-done
-
# Get active tables
NF_TABLES=$(cat "$PROC_IPTABLES_NAMES" 2>/dev/null)
-# Is netfilter compiled into the kernel?
-[ $MODULES_LOADED -eq 0 -a -n "$NF_TABLES" ] && COMPILED_IN=1 || COMPILED_IN=0
-
-# Get status (quicker than status function and honour lock file)
-[ ! -f "$VAR_SUBSYS_IPTABLES" -o ! -e "$PROC_IPTABLES_NAMES" \
- -o -z "$NF_TABLES" ] && running=0 || running=1
-
rmmod_r() {
# Unload module with all referring modules.
@@ -324,13 +313,11 @@
case "$1" in
start)
- [ $running -eq 1 -a $COMPILED_IN -eq 0 ] && exit 0
+ [ -f "$VAR_SUBSYS_IPTABLES" ] && exit 0
start
RETVAL=$?
;;
stop)
- # stop firewall, even if manually configured
- [ $running -eq 1 -o $MODULES_LOADED -eq 1 ] || exit 0
[ "x$IPTABLES_SAVE_ON_STOP" = "xyes" ] && save
stop
RETVAL=$?
@@ -340,7 +327,7 @@
RETVAL=$?
;;
condrestart|try-restart)
- [ $running -eq 1 ] || exit 0
+ [ -f "$VAR_SUBSYS_IPTABLES" ] && exit 0
restart
RETVAL=$?
;;
Index: iptables.spec
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/devel/iptables.spec,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -r1.53 -r1.54
--- iptables.spec 24 Sep 2007 16:03:24 -0000 1.53
+++ iptables.spec 26 Sep 2007 15:59:58 -0000 1.54
@@ -153,6 +153,11 @@
%endif
%changelog
+* Wed Sep 26 2007 Thomas Woerner <twoerner at redhat.com> 1.3.8-4.1
+- do not start ip6tables if ipv6 is blacklisted (rhbz#236888)
+- use simpler fix for (rhbz#295611)
+ Thanks to Linus Torvalds for the patch.
+
* Mon Sep 24 2007 Thomas Woerner <twoerner at redhat.com> 1.3.8-4
- fixed IPv6 reject type (rhbz#295181)
- fixed init script: start, stop and status
More information about the fedora-extras-commits
mailing list