Don't clear proxy arp unconditionally

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5456 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/changelog.txt

@@ -6,6 +6,8 @@ Changes in 3.4.0 Final
 
 3)  Fix obscure bug in rule activation logic.
 
+4)  Don't clear proxy arp unconditionally.
+
 Changes in 3.4.0 RC 3
 
 1)  Add warning about 'loose' and 'balance'

Shorewall/compiler

@@ -787,18 +787,18 @@ setup_syn_flood_chains()
 #
 delete_proxy_arp() {
     indent >&3 << __EOF__
-if [ -f \${VARDIR}/proxyarp ]; then
+if [ -s \${VARDIR}/proxyarp ]; then
     while read address interface external haveroute; do
         qt arp -i \$external -d \$address pub
         [ -z "\$haveroute" -a -z "\$NOROUTE" ] && qt ip route del \$address dev \$interface
     done < \${VARDIR}/proxyarp
 
-    rm -f \${VARDIR}/proxyarp
+    for f in /proc/sys/net/ipv4/conf/*; do
+        [ -f \$f/proxy_arp ] && echo 0 > \$f/proxy_arp
+    done
 fi
 
-for f in /proc/sys/net/ipv4/conf/*; do
-    [ -f \$f/proxy_arp ] && echo 0 > \$f/proxy_arp
-done
+rm -f \${VARDIR}/proxyarp
 
 __EOF__
 

Shorewall/releasenotes.txt

@@ -42,6 +42,13 @@ Problems Corrected in 3.4.0 Final.
 3)  An obscure bug in rule activation having to do with the new
     exclusion feature in /etc/shorewall/hosts has been corrected.
 
+4) The "shorewall-[lite] [re]start and stop" commands reset the
+   proxy_arp flag on all interfaces on the system making it impossible
+   to control proxy arp manually with Shorewall installed. With this
+   change, shorewall will only clear proxy arp if there were entries in
+   /etc/shorewall/proxyarp the last time that Shorewall was
+   [re]started.
+
 Migration Considerations:
 
 If you are migrating from a Shorewall version earlier than 3.2.0 then