extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 01:37:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Centralize addition of IP aliases

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@147 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2002-07-23 16:26:45 +00:00
parent 2344570e81
commit 1412f0d698
3 changed files with 54 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/changelog.txt
View File

@ -15,3 +15,5 @@ Changes since 1.3.4
6. Display the counter reset time in shorewall show and status 6. Display the counter reset time in shorewall show and status
commands. commands.
7. Centralize the adding of IP aliases

86
Shorewall/firewall
View File

@ -1317,31 +1317,8 @@ setup_nat() {
fi fi
if [ -n "$ADD_IP_ALIASES" ]; then if [ -n "$ADD_IP_ALIASES" ]; then
# list_search $external $aliases_to_add || \
# Folks feel uneasy if they don't see all of the same aliases_to_add="$aliases_to_add $external $interface"
# decoration on these IP addresses that they see when their
# distro's net config tool adds them. In an attempt to reduce
# the anxiety level, we have the following code which sets
# the VLSM and BRD from the primary address
#
# Get all of the lines that contain inet addresses with broadcast
#
val=`ip addr show $interface | grep 'inet.*brd '` 2> /dev/null
if [ -n "$val" ] ; then
#
# Hack off the leading 'inet <ip addr>' (actually cut off the
# "/" as well but add it back in).
#
val="/${val#*/}"
#
# Now get the VLSM, "brd" and the broadcast address
#
val=${val%% scope*}
fi
run_ip addr add ${external}${val} dev $interface
echo "$external $interface" >> ${STATEDIR}/nat
fi fi
echo " Host $internal NAT $external on $interface" echo " Host $internal NAT $external on $interface"
@ -2435,16 +2412,8 @@ setup_masq()
esac esac
if [ -n "$address" -a -n "$ADD_SNAT_ALIASES" ]; then if [ -n "$address" -a -n "$ADD_SNAT_ALIASES" ]; then
qt ip addr del $address dev $interface list_search $address $aliases_to_add || \
aliases_to_add="$aliases_to_add $external $address"
val=`ip addr show $interface | grep 'inet.*brd '` 2> /dev/null
if [ -n "$val" ] ; then
val="/${val#*/}"
val=${val%% scope*}
fi
run_ip addr add ${address}${val} dev $interface
echo "$address $interface" >> ${STATEDIR}/nat
fi fi
destination=$destnet destination=$destnet
@ -2606,6 +2575,48 @@ verify_os_version() {
esac esac
} }
################################################################################
# Add IP Aliases #
################################################################################
add_ip_aliases() # $* = addresses and devices
{
do_one()
{
#
# Folks feel uneasy if they don't see all of the same
# decoration on these IP addresses that they see when their
# distro's net config tool adds them. In an attempt to reduce
# the anxiety level, we have the following code which sets
# the VLSM and BRD from the primary address
#
# Get all of the lines that contain inet addresses with broadcast
#
val=`ip addr show $interface | grep 'inet.*brd '` 2> /dev/null
if [ -n "$val" ] ; then
#
# Hack off the leading 'inet <ip addr>' (actually cut off the
# "/" as well but add it back in).
#
val="/${val#*/}"
#
# Now get the VLSM, "brd" and the broadcast address
#
val=${val%% scope*}
fi
run_ip addr add ${external}${val} dev $interface
echo "$external $interface" >> ${STATEDIR}/nat
}
while [ $# -gt 0 ]; do
external=$1
interface=$2
shift;shift
do_one
done
}
################################################################################ ################################################################################
# Load kernel modules required for Shorewall # # Load kernel modules required for Shorewall #
################################################################################ ################################################################################
@ -3175,6 +3186,10 @@ define_firewall() # $1 = Command (Start or Restart)
activate_rules activate_rules
[ -n "$aliases_to_add" ] && \
echo "Adding IP Aliases..." && \
add_ip_aliases $aliases_to_add
run_user_exit start run_user_exit start
createchain shorewall no createchain shorewall no
@ -3361,6 +3376,7 @@ do_initialize() {
have_mutex= have_mutex=
masq_seq=1 masq_seq=1
nonat_seq=1 nonat_seq=1
aliases_to_add=
TMP_DIR=/tmp/shorewall-$$ TMP_DIR=/tmp/shorewall-$$
rm -rf $TMP_DIR rm -rf $TMP_DIR

2
Shorewall/rules
View File

@ -79,7 +79,7 @@
# 3128. The port number MUST be specified as an integer # 3128. The port number MUST be specified as an integer
# and not as a name from /etc/services. # and not as a name from /etc/services.
# #
# if the RESULT is REDIRECT, this column needs only to # if the ACTION is REDIRECT, this column needs only to
# contain the port number on the firewall that the # contain the port number on the firewall that the
# request should be redirected to. # request should be redirected to.
# #