mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-08 16:54:10 +01:00
Add TEST column to /etc/shorewall/routes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2126 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
0e8d1e958f
commit
08a3c1d95d
@ -2,6 +2,8 @@ Changes in 2.3.2
|
||||
|
||||
1) Add support for -j ROUTE
|
||||
|
||||
2) Add TEST column to /etc/shorewall/routes
|
||||
|
||||
Changes in 2.3.1
|
||||
|
||||
1) Change the behavior of SAVE_IPSETS and allow 'ipsets' files in
|
||||
|
||||
@ -5255,6 +5255,7 @@ add_a_route()
|
||||
{
|
||||
local r=
|
||||
local chain=routefwd
|
||||
local marktest=
|
||||
|
||||
if [ "x$source" != "x-" ]; then
|
||||
case ${source} in
|
||||
@ -5304,10 +5305,36 @@ add_a_route()
|
||||
[ "x$proto" = "x-" ] && proto=all
|
||||
[ "x$proto" = "x" ] && proto=all
|
||||
[ "$proto" = "all" ] || r="${r}-p $proto "
|
||||
[ "x$port" = "x-" ] || r="${r}--dport $port "
|
||||
[ "x$port" = "x-" ] || r="${r}-m multiport --dports $port "
|
||||
fi
|
||||
|
||||
[ "x${sport:--}" = "x-" ] || r="${r}--sport $sport "
|
||||
if [ "x${sport:--}" != "x-" ]; then
|
||||
[ "x$port" = "x-" ] && r="${r}-m multiport "
|
||||
r="${r}--sports $sport "
|
||||
fi
|
||||
|
||||
case $testval in
|
||||
-)
|
||||
;;
|
||||
!*:C)
|
||||
marktest="connmark ! "
|
||||
testval=${testval%:*}
|
||||
testval=${testval#!}
|
||||
;;
|
||||
*:C)
|
||||
marktest="connmark "
|
||||
testval=${testval%:*}
|
||||
;;
|
||||
!*)
|
||||
marktest="mark ! "
|
||||
testval=${testval#!}
|
||||
;;
|
||||
*)
|
||||
[ -n "$testval" ] && marktest="mark "
|
||||
;;
|
||||
esac
|
||||
|
||||
[ -n "$marktest" ] && r="${r}-m ${marktest}--mark $testval "
|
||||
|
||||
r="${r}-j ROUTE "
|
||||
|
||||
@ -5336,10 +5363,10 @@ setup_routes() # $1 = file name
|
||||
run_iptables -t mangle -N routeout
|
||||
run_iptables -t mangle -A OUTPUT -j routeout
|
||||
|
||||
while read source dest proto port sport interface gateway; do
|
||||
while read source dest proto port sport testval interface gateway; do
|
||||
|
||||
expandv source dest proto port sport interface gateway
|
||||
rule="$source $dest $proto $port $sport $interface $gateway"
|
||||
expandv source dest proto port sport testval interface gateway
|
||||
rule="$source $dest $proto $port $sport testval $interface $gateway"
|
||||
add_a_route
|
||||
done < $TMP_DIR/routes
|
||||
fi
|
||||
|
||||
@ -64,6 +64,25 @@ New Features in version 2.3.2
|
||||
comma-separated list of port names, port
|
||||
numbers or port ranges.
|
||||
|
||||
TEST Defines a test on the existing packet or
|
||||
connection mark.
|
||||
|
||||
The rule will match only if the test returns
|
||||
true. Tests have the format
|
||||
[!]<value>[/<mask>][:C]
|
||||
|
||||
Where:
|
||||
|
||||
! Inverts the test (not equal)
|
||||
<value> Value of the packet or
|
||||
connection mark.
|
||||
|
||||
<mask> A mask to be applied to the
|
||||
mark before testing
|
||||
:C Designates a connection
|
||||
mark. If omitted, the packet
|
||||
mark's value is tested.
|
||||
|
||||
INTERFACE The interface that the packet is to be routed
|
||||
out of. If you do not specify this field then
|
||||
you must place "-" in this column and enter an
|
||||
|
||||
@ -11,6 +11,8 @@
|
||||
# In order to use entries in this file, your kernel and iptables must
|
||||
# have ROUTE target support.
|
||||
#
|
||||
# To omit any column, enter "-" in that column.
|
||||
#
|
||||
# Columns are:
|
||||
#
|
||||
#
|
||||
@ -50,22 +52,30 @@
|
||||
# for bit-torrent). If no PORT is given, "ipp2p" is
|
||||
# assumed.
|
||||
#
|
||||
# This column is ignored if PROTOCOL = all but must be
|
||||
# entered if any of the following field is supplied.
|
||||
# In that case, it is suggested that this field contain
|
||||
# "-"
|
||||
#
|
||||
# SOURCE PORT(S) (Optional) Source port(s). If omitted,
|
||||
# any source port is acceptable. Specified as a comma-
|
||||
# separated list of port names, port numbers or port
|
||||
# ranges.
|
||||
#
|
||||
# TEST Defines a test on the existing packet or connection mark.
|
||||
# The rule will match only if the test returns true. Tests
|
||||
# have the format [!]<value>[/<mask>][:C]
|
||||
#
|
||||
# Where:
|
||||
#
|
||||
# ! Inverts the test (not equal)
|
||||
# <value> Value of the packet or connection mark.
|
||||
# <mask> A mask to be applied to the mark before
|
||||
# testing
|
||||
# :C Designates a connection mark. If omitted,
|
||||
# the packet mark's value is tested.
|
||||
#
|
||||
# INTERFACE The interface that the packet is to be routed out of.
|
||||
#
|
||||
# GATEWAY The gateway that the packet is to be forewarded through.
|
||||
#
|
||||
# See http://shorewall.net/Shorewall_and_Routing.html for additional information.
|
||||
#######################################################################################
|
||||
#SOURCE DEST PROTO PORT(S) SOURCE INTERFACE GATEWAY
|
||||
# PORT(S)
|
||||
#SOURCE DEST PROTO PORT(S) SOURCE TEST INTERFACE GATEWAY
|
||||
# PORT(S)
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
||||
|
||||
Loading…
Reference in New Issue
Block a user