extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-15 14:16:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow multiple GATEWAYS to be listed in the tunnels file.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-04-18 09:28:37 -07:00
parent 2b7e5dd9d8
commit 34f5838365
4 changed files with 51 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -219,6 +219,7 @@ our %EXPORT_TAGS = (
do_ipsec_options do_ipsec_options
do_ipsec do_ipsec
log_rule log_rule
handle_network_list
expand_rule expand_rule
addnatjump addnatjump
set_chain_variables set_chain_variables

11
Shorewall/Perl/Shorewall/Tunnels.pm
View File

@ -234,7 +234,7 @@ sub setup_tunnels() {
} }
sub setup_one_tunnel($$$$) { sub setup_one_tunnel($$$$) {
my ( $kind , $zone, $gateway, $gatewayzones ) = @_; my ( $kind , $zone, $gateways, $gatewayzones ) = @_;
my $zonetype = zone_type( $zone ); my $zonetype = zone_type( $zone );
@ -243,8 +243,14 @@ sub setup_tunnels() {
my $inchainref = ensure_rules_chain( rules_chain( ${zone}, ${fw} ) ); my $inchainref = ensure_rules_chain( rules_chain( ${zone}, ${fw} ) );
my $outchainref = ensure_rules_chain( rules_chain( ${fw}, ${zone} ) ); my $outchainref = ensure_rules_chain( rules_chain( ${fw}, ${zone} ) );
$gateway = ALLIP if $gateway eq '-'; $gateways = ALLIP if $gateways eq '-';
my ( $net, $excl ) = handle_network_list( $gateways , 'src' );
( $net, $excl ) = handle_network_list( $gateways , 'dst' );
fatal_error "Exclusion is not allowed in the GATEWAYS column" if $excl;
for my $gateway ( split_list $gateways, 'GATEWAYS' ) {
my @source = imatch_source_net $gateway; my @source = imatch_source_net $gateway;
my @dest = imatch_dest_net $gateway; my @dest = imatch_dest_net $gateway;
@ -272,6 +278,7 @@ sub setup_tunnels() {
fatal_error "Tunnels of type $type are not supported" unless $tunnelref; fatal_error "Tunnels of type $type are not supported" unless $tunnelref;
$tunnelref->{function}->( $inchainref, $outchainref, @{$tunnelref->{params}} ); $tunnelref->{function}->( $inchainref, $outchainref, @{$tunnelref->{params}} );
}
progress_message " Tunnel \"$currentline\" $done"; progress_message " Tunnel \"$currentline\" $done";
} }

12
Shorewall/manpages/shorewall-tunnels.xml
View File

@ -125,8 +125,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">GATEWAY</emphasis> - <term><emphasis role="bold">GATEWAY</emphasis>S -
<emphasis>address-or-range</emphasis></term> <emphasis>address-or-range</emphasis> <emphasis role="bold">[ , ...
]</emphasis></term>
<listitem> <listitem>
<para>The IP address of the remote tunnel gateway. If the remote <para>The IP address of the remote tunnel gateway. If the remote
@ -134,6 +135,11 @@
as <emphasis role="bold">0.0.0.0/0</emphasis>. May be specified as a as <emphasis role="bold">0.0.0.0/0</emphasis>. May be specified as a
network address and if your kernel and iptables include iprange network address and if your kernel and iptables include iprange
match support then IP address ranges are also allowed.</para> match support then IP address ranges are also allowed.</para>
<para>Beginning with Shorewall 4.5.3, a list of addresses or ranges
may be given. Exclusion (<ulink
url="shorewall-exclusion.html">shorewall-exclusion</ulink> (5) ) is
not supported.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -148,7 +154,7 @@
comma-separated list of the names of the zones that the host might comma-separated list of the names of the zones that the host might
be in. This column only applies to IPSEC tunnels where it enables be in. This column only applies to IPSEC tunnels where it enables
ISAKMP traffic to flow through the tunnel to the remote ISAKMP traffic to flow through the tunnel to the remote
gateway.</para> gateway(s).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>

16
Shorewall6/manpages/shorewall6-tunnels.xml
View File

@ -101,10 +101,10 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term></term> <term/>
<listitem> <listitem>
<para></para> <para/>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -120,8 +120,9 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">GATEWAY</emphasis> - <term><emphasis role="bold">GATEWAY</emphasis>S -
<emphasis>address-or-range</emphasis></term> <emphasis>address-or-range</emphasis> <emphasis role="bold">[ , ...
]</emphasis></term>
<listitem> <listitem>
<para>The IP address of the remote tunnel gateway. If the remote <para>The IP address of the remote tunnel gateway. If the remote
@ -129,6 +130,11 @@
as <emphasis role="bold">::/0</emphasis>. May be specified as a as <emphasis role="bold">::/0</emphasis>. May be specified as a
network address and if your kernel and ip6tables include iprange network address and if your kernel and ip6tables include iprange
match support then IP address ranges are also allowed.</para> match support then IP address ranges are also allowed.</para>
<para>Beginning with Shorewall 4.5.3, a list of addresses or ranges
may be given. Exclusion (<ulink
url="shorewall6-exclusion.html">shorewall6-exclusion</ulink> (5) )
is not supported.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -143,7 +149,7 @@
comma-separated list of the names of the zones that the host might comma-separated list of the names of the zones that the host might
be in. This column only applies to IPSEC tunnels where it enables be in. This column only applies to IPSEC tunnels where it enables
ISAKMP traffic to flow through the tunnel to the remote ISAKMP traffic to flow through the tunnel to the remote
gateway.</para> gateway(s).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>