From 0019ca53e52f21dc38ccfdf2749156c8800fb8c5 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Wed, 11 Jan 2017 15:39:13 -0800 Subject: [PATCH] Include ROUTE_FILTER in routefilter/provider checks Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Providers.pm | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index 087b02721..66dd4774e 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -616,11 +616,21 @@ sub process_a_provider( $ ) { fatal_error "MARK not allowed with 'tproxy'" if $mark ne '-'; fatal_error "'persistent' is not valid with 'tproxy" if $persistent; $mark = $globals{TPROXY_MARK}; - } elsif ( $interfaceref->{options}{routefilter} ) { + } elsif ( my $rf = $config{ROUTE_FILTER} || $interfaceref->{options}{routefilter} ) { if ( $config{USE_DEFAULT_RT} ) { - fatal_error "Provider interfaces may not specify 'routefilter' when USE_DEFAULT_RT=Yes"; + if ( $rf ) { + fatal_error "There may be no providers when ROUTE_FILTER=Yes and USE_DEFAULT_RT=Yes"; + } else { + fatal_error "Providers interfaces may not specify 'routefilter' when USE_DEFAULT_RT=Yes"; + } } else { - fatal_error "Provider interfaces may not specify 'routefilter' without 'balance' or 'primary'" unless $balance; + unless ( $balance ) { + if ( $rf ) { + fatal_error "The 'balance' option is required when ROUTE_FILTER=Yes"; + } else { + fatal_error "Provider interfaces may not specify 'routefilter' without 'balance' or 'primary'"; + } + } } }