Centralize addition of IP aliases

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@147 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -15,3 +15,5 @@ Changes since 1.3.4
 6. Display the counter reset time in shorewall show and status
    commands.
 
+7. Centralize the adding of IP aliases
+

Shorewall/firewall

@@ -1317,31 +1317,8 @@ setup_nat() {
 	fi
 
 	if [ -n "$ADD_IP_ALIASES" ]; then
-	    #
-	    # Folks feel uneasy if they don't see all of the same
-	    # decoration on these IP addresses that they see when their
-	    # distro's net config tool adds them. In an attempt to reduce
-	    # the anxiety level, we have the following code which sets
-	    # the VLSM and BRD from the primary address
-	    #
-	    # Get all of the lines that contain inet addresses with broadcast
-	    #
-	    val=`ip addr show $interface | grep 'inet.*brd '` 2> /dev/null
-
-	    if [ -n "$val" ] ; then
-		#
-		# Hack off the leading 'inet <ip addr>' (actually cut off the
-		# "/" as well but add it back in).
-		#
-		val="/${val#*/}"
-		#
-		# Now get the VLSM, "brd" and the broadcast address
-		#
-		val=${val%% scope*}
-	    fi
-
-	    run_ip addr add ${external}${val} dev $interface
-	    echo "$external $interface" >> ${STATEDIR}/nat
+	    list_search $external $aliases_to_add || \
+		aliases_to_add="$aliases_to_add $external $interface"
 	fi
 
 	echo "   Host $internal NAT $external on $interface"
@@ -2435,16 +2412,8 @@ setup_masq()
 	esac
 
 	if [ -n "$address" -a -n "$ADD_SNAT_ALIASES" ]; then
-	    qt ip addr del $address dev $interface
-
-	    val=`ip addr show $interface | grep 'inet.*brd '` 2> /dev/null
-	    if [ -n "$val" ] ; then
-		val="/${val#*/}"
-		val=${val%% scope*}
-	    fi
-	    run_ip addr add ${address}${val} dev $interface
-
-	    echo "$address $interface" >> ${STATEDIR}/nat
+	    list_search $address $aliases_to_add || \
+		aliases_to_add="$aliases_to_add $external $address"
 	fi
 
 	destination=$destnet
@@ -2606,6 +2575,48 @@ verify_os_version() {
     esac
 }
 
+################################################################################
+# Add IP Aliases                                                               #
+################################################################################
+add_ip_aliases() # $* = addresses and devices
+{
+    do_one() 
+    {
+	#
+	# Folks feel uneasy if they don't see all of the same
+	# decoration on these IP addresses that they see when their
+	# distro's net config tool adds them. In an attempt to reduce
+	# the anxiety level, we have the following code which sets
+	# the VLSM and BRD from the primary address
+	#
+	# Get all of the lines that contain inet addresses with broadcast
+	#
+	val=`ip addr show $interface | grep 'inet.*brd '` 2> /dev/null
+
+	if [ -n "$val" ] ; then
+	    #
+	    # Hack off the leading 'inet <ip addr>' (actually cut off the
+	    # "/" as well but add it back in).
+	    #
+	    val="/${val#*/}"
+	    #
+	    # Now get the VLSM, "brd" and the broadcast address
+	    #
+	    val=${val%% scope*}
+	fi
+
+	run_ip addr add ${external}${val} dev $interface
+	echo "$external $interface" >> ${STATEDIR}/nat
+    }
+
+    while [ $# -gt 0 ]; do
+	external=$1
+	interface=$2
+	shift;shift
+	do_one
+    done
+}
+
 ################################################################################
 # Load kernel modules required for Shorewall				       #
 ################################################################################
@@ -3175,6 +3186,10 @@ define_firewall() # $1 = Command (Start or Restart)
 
     activate_rules
 
+    [ -n "$aliases_to_add" ] && \
+	echo "Adding IP Aliases..." && \
+	add_ip_aliases $aliases_to_add
+
     run_user_exit start
 
     createchain shorewall no
@@ -3361,6 +3376,7 @@ do_initialize() {
     have_mutex=
     masq_seq=1
     nonat_seq=1
+    aliases_to_add=
 
     TMP_DIR=/tmp/shorewall-$$
     rm -rf $TMP_DIR

Shorewall/rules

@@ -79,7 +79,7 @@
 #			3128. The port number MUST be specified as an integer
 #			and not as a name from /etc/services.
 #
-#			if the RESULT is REDIRECT, this column needs only to
+#			if the ACTION is REDIRECT, this column needs only to
 #			contain the port number on the firewall that the
 #			request should be redirected to.
 #