rpms/iptables/devel iptables.init, 1.16, 1.17 iptables.spec, 1.53, 1.54

[Thomas Woerner (twoerner)]

Author: twoerner

Update of /cvs/pkgs/rpms/iptables/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv21176

Modified Files:
	iptables.init iptables.spec 
Log Message:
- do not start ip6tables if ipv6 is blacklisted (rhbz#236888)
- use simpler fix for (rhbz#295611)
  Thanks to Linus Torvalds for the patch.




Index: iptables.init
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/devel/iptables.init,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- iptables.init	24 Sep 2007 16:03:24 -0000	1.16
+++ iptables.init	26 Sep 2007 15:59:58 -0000	1.17
@@ -32,6 +32,12 @@
     exit 5
 fi
 
+if [ "${IPV}" = "ip6" ] \
+    && grep -qIs "^blacklist\W${_IPV}" /etc/modprobe.conf /etc/modprobe.d/* ; then
+    echo $"$0: ${_IPV} is blacklisted."
+    exit 0
+fi
+
 # Old or new modutils
 /sbin/modprobe --version 2>&1 | grep -q module-init-tools \
     && NEW_MODUTILS=1 \
@@ -52,26 +58,9 @@
 NF_MODULES=(${IPV}_tables nf_conntrack_${_IPV})
 NF_MODULES_COMMON=(x_tables nf_conntrack) # Used by netfilter v4 and v6
 
-# Are netfilter modules loaded?
-MODULES_LOADED=0
-for mod in ${NF_MODULES[*]} ${NF_MODULES_COMMON[*]}; do
-    $(lsmod | grep -q ^${mod} | awk '{print $1}')
-    if [ $? -eq 0 ]; then
-	MODULES_LOADED=1
-	break
-    fi
-done
-
 # Get active tables
 NF_TABLES=$(cat "$PROC_IPTABLES_NAMES" 2>/dev/null)
 
-# Is netfilter compiled into the kernel?
-[ $MODULES_LOADED -eq 0 -a -n "$NF_TABLES" ] && COMPILED_IN=1 || COMPILED_IN=0
-
-# Get status (quicker than status function and honour lock file)
-[ ! -f "$VAR_SUBSYS_IPTABLES" -o ! -e "$PROC_IPTABLES_NAMES" \
-    -o -z "$NF_TABLES" ] && running=0 || running=1
-
 
 rmmod_r() {
     # Unload module with all referring modules.
@@ -324,13 +313,11 @@
 
 case "$1" in
     start)
-	[ $running -eq 1 -a $COMPILED_IN -eq 0 ] && exit 0
+	[ -f "$VAR_SUBSYS_IPTABLES" ] && exit 0
 	start
 	RETVAL=$?
 	;;
     stop)
-	# stop firewall, even if manually configured
-	[ $running -eq 1 -o $MODULES_LOADED -eq 1 ] || exit 0
 	[ "x$IPTABLES_SAVE_ON_STOP" = "xyes" ] && save
 	stop
 	RETVAL=$?
@@ -340,7 +327,7 @@
 	RETVAL=$?
 	;;
     condrestart|try-restart)
-	[ $running -eq 1 ] || exit 0
+	[ -f "$VAR_SUBSYS_IPTABLES" ] && exit 0
 	restart
 	RETVAL=$?
 	;;


Index: iptables.spec
===================================================================
RCS file: /cvs/pkgs/rpms/iptables/devel/iptables.spec,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -r1.53 -r1.54
--- iptables.spec	24 Sep 2007 16:03:24 -0000	1.53
+++ iptables.spec	26 Sep 2007 15:59:58 -0000	1.54
@@ -153,6 +153,11 @@
 %endif
 
 %changelog
+* Wed Sep 26 2007 Thomas Woerner <twoerner at redhat.com> 1.3.8-4.1
+- do not start ip6tables if ipv6 is blacklisted (rhbz#236888)
+- use simpler fix for (rhbz#295611)
+  Thanks to Linus Torvalds for the patch.
+
 * Mon Sep 24 2007 Thomas Woerner <twoerner at redhat.com> 1.3.8-4
 - fixed IPv6 reject type (rhbz#295181)
 - fixed init script: start, stop and status