Allow addition of blackhole routes.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Providers.pm

@@ -1104,7 +1104,11 @@ sub add_a_route( ) {
     fatal_error 'DEST must be specified' if $dest eq '-';
     $dest = validate_net ( $dest, 0 );
 
-    validate_address ( $gateway, 1 ) if $gateway ne '-';
+    if ( $gateway eq 'blackhole' ) {
+	fatal_error q('blackhole' routes may not specify a DEVICE) unless $device eq '-';
+    } else {
+	validate_address ( $gateway, 1 ) if $gateway ne '-';
+    }
 
     my $providerref = $providers{$provider};
     my $number = $providerref->{number};
@@ -1117,6 +1121,9 @@ sub add_a_route( ) {
 	if ( $device ne '-' ) {
 	    push @$routes, qq(run_ip route add $dest via $gateway dev $physical table $number);
 	    emit qq(echo "qt \$IP -$family route del $dest via $gateway dev $physical table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
+	} elsif ( $gateway eq 'blackhole' ) {
+	    push @$routes, qq(run_ip route add blackhole $dest table $number);
+	    emit qq(echo "\$IP -$family route del blackhole $dest table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
 	} else {
 	    push @$routes, qq(run_ip route add $dest via $gateway table $number);
 	    emit qq(echo "\$IP -$family route del $dest via $gateway table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;

Shorewall/manpages/shorewall-routes.xml

@@ -53,6 +53,9 @@
         <listitem>
           <para>If specified, gives the IP address of the gateway to the
           DEST.</para>
+
+          <para>Beginning with Shorewall 4.5.15, you may specify blackhole in
+          this column to create a <option>blackhole</option> route. </para>
         </listitem>
       </varlistentry>
 
@@ -62,8 +65,9 @@
         <listitem>
           <para>Specifies the device route. If neither DEVICE nor GATEWAY is
           given, then the INTERFACE specified for the PROVIDER in <ulink
-          url="shorewall-providers.html">shorewall-providers</ulink>
+          url="shorewall-providers.html">shorewall-providers</ulink> (5). This
-          (5).</para>
+          column must be omitted if <option>blackhole</option> is specified in
+          the GATEWAY column.</para>
         </listitem>
       </varlistentry>
     </variablelist>

Shorewall6/manpages/shorewall6-routes.xml

@@ -53,6 +53,9 @@
         <listitem>
           <para>If specified, gives the IP address of the gateway to the
           DEST.</para>
+
+          <para>Beginning with Shorewall 4.5.15, you may specify blackhole in
+          this column to create a <option>blackhole</option> route.</para>
         </listitem>
       </varlistentry>
 
@@ -62,8 +65,9 @@
         <listitem>
           <para>Specifies the device route. If neither DEVICE nor GATEWAY is
           given, then the INTERFACE specified for the PROVIDER in <ulink
-          url="shorewall6-providers.html">shorewall6-providers</ulink>
+          url="shorewall6-providers.html">shorewall6-providers</ulink> (5).
-          (5).</para>
+          This column must be omitted if <option>blackhole</option> is
+          specified in the GATEWAY column.</para>
         </listitem>
       </varlistentry>
     </variablelist>