Allow addition of blackhole routes.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-22 23:53:30 +01:00 · 2013-03-06 11:48:09 -08:00 · 2013-03-06 11:48:09 -08:00 · 06e7f297f7
commit 06e7f297f7
parent 216029c3a9
3 changed files with 20 additions and 5 deletions
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@ -1104,7 +1104,11 @@ sub add_a_route( ) {
    fatal_error 'DEST must be specified' if $dest eq '-';
    $dest = validate_net ( $dest, 0 );

-    validate_address ( $gateway, 1 ) if $gateway ne '-';
+    if ( $gateway eq 'blackhole' ) {
+	fatal_error q('blackhole' routes may not specify a DEVICE) unless $device eq '-';
+    } else {
+	validate_address ( $gateway, 1 ) if $gateway ne '-';
+    }

    my $providerref = $providers{$provider};
    my $number = $providerref->{number};
@ -1117,6 +1121,9 @@ sub add_a_route( ) {
 	if ( $device ne '-' ) {
 	    push @$routes, qq(run_ip route add $dest via $gateway dev $physical table $number);
 	    emit qq(echo "qt \$IP -$family route del $dest via $gateway dev $physical table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
+	} elsif ( $gateway eq 'blackhole' ) {
+	    push @$routes, qq(run_ip route add blackhole $dest table $number);
+	    emit qq(echo "\$IP -$family route del blackhole $dest table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
 	} else {
 	    push @$routes, qq(run_ip route add $dest via $gateway table $number);
 	    emit qq(echo "\$IP -$family route del $dest via $gateway table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
--- a/Shorewall/manpages/shorewall-routes.xml
+++ b/Shorewall/manpages/shorewall-routes.xml
@ -53,6 +53,9 @@
        <listitem>
          <para>If specified, gives the IP address of the gateway to the
          DEST.</para>
+
+          <para>Beginning with Shorewall 4.5.15, you may specify blackhole in
+          this column to create a <option>blackhole</option> route. </para>
        </listitem>
      </varlistentry>

@ -62,8 +65,9 @@
        <listitem>
          <para>Specifies the device route. If neither DEVICE nor GATEWAY is
          given, then the INTERFACE specified for the PROVIDER in <ulink
-          url="shorewall-providers.html">shorewall-providers</ulink>
-          (5).</para>
+          url="shorewall-providers.html">shorewall-providers</ulink> (5). This
+          column must be omitted if <option>blackhole</option> is specified in
+          the GATEWAY column.</para>
        </listitem>
      </varlistentry>
    </variablelist>
--- a/Shorewall6/manpages/shorewall6-routes.xml
+++ b/Shorewall6/manpages/shorewall6-routes.xml
@ -53,6 +53,9 @@
        <listitem>
          <para>If specified, gives the IP address of the gateway to the
          DEST.</para>
+
+          <para>Beginning with Shorewall 4.5.15, you may specify blackhole in
+          this column to create a <option>blackhole</option> route.</para>
        </listitem>
      </varlistentry>

@ -62,8 +65,9 @@
        <listitem>
          <para>Specifies the device route. If neither DEVICE nor GATEWAY is
          given, then the INTERFACE specified for the PROVIDER in <ulink
-          url="shorewall6-providers.html">shorewall6-providers</ulink>
-          (5).</para>
+          url="shorewall6-providers.html">shorewall6-providers</ulink> (5).
+          This column must be omitted if <option>blackhole</option> is
+          specified in the GATEWAY column.</para>
        </listitem>
      </varlistentry>
    </variablelist>