We re-run the firewall if it is disabled.

firewall/bin/firewall-blacklist

@@ -115,6 +115,17 @@ parseCommandLineArguments();
 if ( -e "/etc/firewall/disabled" )
 {
     $CONFIG{'verbose'} && print "Firewall disabled\n";
+
+    #
+    #  If we're disabled we'll still reload the firewall
+    # because we want to make sure changes take effect.
+    #
+    if ( -x "/usr/bin/firewall" )
+    {
+        $CONFIG{'verbose'} && print "Reloading firewall\n";
+        system( "/usr/bin/firewall" );
+    }
+
     exit;
 }
 
@@ -458,7 +469,7 @@ sub processRules
         else
         {
             $CONFIG{'verbose'} &&
-              print "Allowing IP $ip only made $attempts (<5 ) attempts\n";
+              print "Allowing IP $ip only made $attempts (<$CONFIG{'attempts'} ) attempts\n";
         }
     }
 

firewall/debian/changelog

+bytemark-vhost-firewall (20090731104804) stable; urgency=low
+
+  * If the firewall-blacklist program is disabled then reload the
+    firewall prior to exiting - to flush out bogus entries.
+
+ -- Steve Kemp <steve@bytemark.co.uk>  Fri, 31 Jul 2009 10:48:04 +0000
+
 bytemark-vhost-firewall (20090707153244) stable; urgency=low
 
   * Per-Lenny vhost repository, rather than branches