mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-22 23:53:30 +01:00
Allow specification of the MAC address of a gateway
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
c72265667f
commit
2ed523101c
@ -6723,20 +6723,25 @@ sub interface_mac( $$ ) {
|
||||
#
|
||||
# Record the fact that the ruleset requires MAC address of the passed gateway IP routed out of the passed interface for the passed provider number
|
||||
#
|
||||
sub get_interface_mac( $$$ ) {
|
||||
my ( $ipaddr, $logical , $table ) = @_;
|
||||
sub get_interface_mac( $$$$ ) {
|
||||
my ( $ipaddr, $logical , $table, $mac ) = @_;
|
||||
|
||||
my $interface = get_physical( $logical );
|
||||
my $variable = interface_mac( $interface , $table );
|
||||
|
||||
$global_variables |= NOT_RESTORE;
|
||||
|
||||
if ( interface_is_optional $logical ) {
|
||||
$interfacemacs{$table} = qq($variable=\$(find_mac $ipaddr $interface)\n);
|
||||
|
||||
if ( $mac ) {
|
||||
$interfacemacs{$table} = qq($variable=$mac);
|
||||
} else {
|
||||
$interfacemacs{$table} = qq($variable=\$(find_mac $ipaddr $interface)
|
||||
if ( interface_is_optional $logical ) {
|
||||
$interfacemacs{$table} = qq($variable=\$(find_mac $ipaddr $interface)\n);
|
||||
} else {
|
||||
$interfacemacs{$table} = qq($variable=\$(find_mac $ipaddr $interface)
|
||||
[ -n "\$$variable" ] || startup_error "Unable to determine the MAC address of $ipaddr through interface \\"$interface\\""
|
||||
);
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
"\$$variable";
|
||||
|
||||
@ -258,7 +258,7 @@ sub copy_and_edit_table( $$$$$ ) {
|
||||
emit '';
|
||||
|
||||
if ( $realm ) {
|
||||
emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ realm [[:alnum:]]+//' | ${filter}while read net route; do" )
|
||||
emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ realm [[:alnum:]_]+//' | ${filter}while read net route; do" )
|
||||
} else {
|
||||
emit ( "\$IP -$family -o route show table $duplicate | ${filter}while read net route; do" )
|
||||
}
|
||||
@ -442,10 +442,11 @@ sub process_a_provider( $ ) {
|
||||
|
||||
fatal_error 'INTERFACE must be specified' if $interface eq '-';
|
||||
|
||||
( $interface, my $address ) = split /:/, $interface;
|
||||
( $interface, my $address ) = split /:/, $interface, 2;
|
||||
|
||||
my $shared = 0;
|
||||
my $noautosrc = 0;
|
||||
my $mac = '';
|
||||
|
||||
if ( defined $address ) {
|
||||
validate_address $address, 0;
|
||||
@ -469,7 +470,17 @@ sub process_a_provider( $ ) {
|
||||
$gateway = get_interface_gateway $interface;
|
||||
$gatewaycase = 'detect';
|
||||
} elsif ( $gateway && $gateway ne '-' ) {
|
||||
( $gateway, $mac ) = split_host_list( $gateway, 0 );
|
||||
validate_address $gateway, 0;
|
||||
|
||||
if ( defined $mac ) {
|
||||
$mac =~ tr/-/:/;
|
||||
$mac =~ s/^~//;
|
||||
fatal_error "Invalid MAC address ($mac)" unless $mac =~ /^(?:[0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$/;
|
||||
} else {
|
||||
$mac = '';
|
||||
}
|
||||
|
||||
$gatewaycase = 'specified';
|
||||
} else {
|
||||
$gatewaycase = 'none';
|
||||
@ -644,6 +655,7 @@ sub process_a_provider( $ ) {
|
||||
loose => $loose ,
|
||||
duplicate => $duplicate ,
|
||||
address => $address ,
|
||||
mac => $mac ,
|
||||
local => $local ,
|
||||
tproxy => $tproxy ,
|
||||
load => $load ,
|
||||
@ -720,6 +732,7 @@ sub add_a_provider( $$ ) {
|
||||
my $loose = $providerref->{loose};
|
||||
my $duplicate = $providerref->{duplicate};
|
||||
my $address = $providerref->{address};
|
||||
my $mac = $providerref->{mac};
|
||||
my $local = $providerref->{local};
|
||||
my $tproxy = $providerref->{tproxy};
|
||||
my $load = $providerref->{load};
|
||||
@ -733,7 +746,7 @@ sub add_a_provider( $$ ) {
|
||||
my $realm = '';
|
||||
|
||||
if ( $shared ) {
|
||||
my $variable = $providers{$table}{mac} = get_interface_mac( $gateway, $interface , $table );
|
||||
my $variable = $providers{$table}{mac} = get_interface_mac( $gateway, $interface , $table, $mac );
|
||||
$realm = "realm $number";
|
||||
start_provider( $label , $table, $number, $id, qq(if interface_is_usable $physical && [ -n "$variable" ]; then) );
|
||||
} elsif ( $pseudo ) {
|
||||
|
||||
@ -129,11 +129,15 @@
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">GATEWAY</emphasis> - {<emphasis
|
||||
role="bold">-</emphasis>|<emphasis>address</emphasis>|<emphasis
|
||||
role="bold">-</emphasis>|<emphasis>address</emphasis>[,<emphasis>mac</emphasis>]|<emphasis
|
||||
role="bold">detect</emphasis>}</term>
|
||||
|
||||
<listitem>
|
||||
<para>The IP address of the provider's gateway router.</para>
|
||||
<para>The IP address of the provider's gateway router. Beginning
|
||||
with Shorewall 4.6.2, you may also specify the MAC address of the
|
||||
gateway when there are multiple providers serviced through the same
|
||||
interface. When the MAC is not specified, Shorewall will detect the
|
||||
MAC during firewall start or restart.</para>
|
||||
|
||||
<para>You can enter "detect" here and Shorewall will attempt to
|
||||
detect the gateway automatically.</para>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user