extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-03 11:29:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Export smarter ip_range() with the /sbin/shorewall iprange command

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@644 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-07-06 13:24:23 +00:00
parent 130c8f95f9
commit 2ec4e96fbd
4 changed files with 76 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/changelog.txt
View File

@ -37,3 +37,7 @@ Changes since 1.4.5
15. Added ipcalc command. 15. Added ipcalc command.
16. Fixed handling of destination DNS names containing a "-" 16. Fixed handling of destination DNS names containing a "-"
17. Make ip_range() smarter.
18. Added /sbin/shorewall iprange command.

25
Shorewall/functions
View File

@ -270,11 +270,10 @@ encodeaddr() {
# 32-bit signed arithmetic, the range cannot span 128.0.0.0. # 32-bit signed arithmetic, the range cannot span 128.0.0.0.
# #
ip_range() { ip_range() {
local first local first last l x y z vlsm
local last
case $1 in case $1 in
*.*.*.*-*.*.*.*) [0-9]*.*.*.*-*.*.*.*)
;; ;;
*) *)
echo $1 echo $1
@ -285,13 +284,27 @@ ip_range() {
first=`decodeaddr ${1%-*}` first=`decodeaddr ${1%-*}`
last=`decodeaddr ${1#*-}` last=`decodeaddr ${1#*-}`
if [ $first -gt $last -o $(($last - $first)) -gt 256 ]; then if [ $first -gt $last ]; then
fatal_error "Invalid IP address range: $1" fatal_error "Invalid IP address range: $1"
fi fi
l=$(( $last + 1 ))
while [ $first -le $last ]; do while [ $first -le $last ]; do
echo `encodeaddr $first` vlsm=
first=$(($first + 1)) x=31
y=2
z=1
while [ $(( $first % $y )) -eq 0 -a $(( $first + $y )) -le $l ]; do
vlsm=$x
x=$(( $x - 1 ))
z=$y
y=$(( $y * 2 ))
done
[ -n "$vlsm" ] && echo `encodeaddr $first`/$vlsm || echo `encodeaddr $first`
first=$(($first + $z))
done done
} }

40
Shorewall/releasenotes.txt
View File

@ -28,19 +28,14 @@ New Features:
one on an interface. one on an interface.
4) DNAT[-] rules may now be used to load balance (round-robin) over a 4) DNAT[-] rules may now be used to load balance (round-robin) over a
set of servers. Up to 256 servers may be specified in a range of set of servers. Any number of servers may be specified in a range of
addresses given as <first address>-<last address>. addresses given as <first address>-<last address> and multiple
ranges or individual servers may be specified in a comma-separated
list.
Example: Example:
DNAT net loc:192.168.10.2-192.168.10.5 tcp 80 DNAT net loc:192.168.10.2-192.168.10.5,192.168.10.44 tcp 80
Note that this capability has previously been available using a
combination of a DNAT- rule and one or more ACCEPT rules. That
technique is still preferable for load-balancing over a large number
of servers (> 16) since specifying a range in the DNAT rule causes
one filter table ACCEPT rule to be generated for each IP address in
the range.
5) The NAT_ENABLED, MANGLE_ENABLED and MULTIPORT configuration options 5) The NAT_ENABLED, MANGLE_ENABLED and MULTIPORT configuration options
have been removed and have been replaced by code that detects have been removed and have been replaced by code that detects
@ -113,3 +108,28 @@ New Features:
dash), then the ipcalc command produces incorrect information for dash), then the ipcalc command produces incorrect information for
IP addresses 128.0.0.0-1 and for /1 networks. Bash should produce IP addresses 128.0.0.0-1 and for /1 networks. Bash should produce
correct information for all valid IP addresses. correct information for all valid IP addresses.
9) An 'iprange' command has been added to /sbin/shorewall.
iprange <address>-<address>
This command decomposes a range of IP addressses into a list of
network and host addresses. The command can be useful if you need to
construct an efficient set of rules that accept connections from a
range of network addresses.
Example:
[root@gateway root]# shorewall iprange 192.168.1.4-192.168.12.9
192.168.1.4/30
192.168.1.8/29
192.168.1.16/28
192.168.1.32/27
192.168.1.64/26
192.168.1.128/25
192.168.2.0/23
192.168.4.0/22
192.168.8.0/22
192.168.12.0/29
192.168.12.8/31
[root@gateway root]#

23
Shorewall/shorewall
View File

@ -86,6 +86,18 @@
# #
# Displays information about the network # Displays information about the network
# defined by the argument[s] # defined by the argument[s]
#
# shorewall iprange <address>-<address> Decomposes a range of IP addresses into
# a list of network/host addresses.
#
# Fatal Error
#
fatal_error() # $@ = Message
{
echo " $@" >&2
exit 2
}
# Display a chain if it exists # Display a chain if it exists
# #
@ -533,6 +545,7 @@ usage() # $1 = exit status
echo " allow <address> ..." echo " allow <address> ..."
echo " save" echo " save"
echo " ipcalc [ <address>/<vlsm> | <address> <netmask> ]" echo " ipcalc [ <address>/<vlsm> | <address> <netmask> ]"
echo " iprange <address>-<address>"
exit $1 exit $1
} }
@ -897,6 +910,16 @@ case "$1" in
temp=`broadcastaddress $address`; echo " BROADCAST=$temp" temp=`broadcastaddress $address`; echo " BROADCAST=$temp"
;; ;;
iprange)
case $2 in
*.*.*.*-*.*.*.*)
ip_range $2
;;
*)
usage 1
;;
esac
;;
call) call)
# #
# Undocumented way to call functions in /usr/share/shorewall/functions directly # Undocumented way to call functions in /usr/share/shorewall/functions directly