Infrastructure for detecting loopback interfaces

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2025-01-03 03:59:16 +01:00 · 2015-01-02 08:49:38 -08:00 · 2015-01-02 08:49:38 -08:00 · 3890b8a884
commit 3890b8a884
parent 551a16d18f
4 changed files with 32 additions and 6 deletions
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@ -3421,6 +3421,8 @@ get_config() {

    TC=tc

+    g_loopback=$(find_loopback_interfaces)
+
 }

 #
@ -3724,6 +3726,7 @@ shorewall_cli() {
    g_inline=
    g_tcrules=
    g_counters=
+    g_loopback=

    VERBOSE=
    VERBOSITY=1
--- a/Shorewall-core/lib.common
+++ b/Shorewall-core/lib.common
@ -645,6 +645,24 @@ find_first_interface_address_if_any() # $1 = interface
    fi
 }

+#
+#Determines if the passed interface is a loopback interface
+#
+loopback_interface() { #$1 = Interface name
+    [ "$1" = lo ] || $IP link show $1 | fgrep -q LOOPBACK
+}
+
+#
+# Find Loopback Interfaces
+#
+find_loopback_interfaces() {
+    local interfaces
+
+    interfaces=$($IP link show | fgrep LOOPBACK | sed 's/://g' | cut -d ' ' -f 2)
+
+    [ -n "$interfaces" ] && echo $interfaces || echo lo
+}
+
 #
 # Internal version of 'which'
 #
--- a/Shorewall/Perl/lib.core
+++ b/Shorewall/Perl/lib.core
@ -652,7 +652,7 @@ interface_is_usable() # $1 = interface
    local status;
    status=0

-    if [ "$1" != lo ]; then
+    if ! loopback_interface $1 then
 	if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" != 0.0.0.0 ]; then
 	    [ "$COMMAND" = enable ] || run_isusable_exit $1
 	    status=$?
@ -902,18 +902,21 @@ detect_gateway() # $1 = interface
 # Disable IPV6
 #
 disable_ipv6() {
-    local foo
-    foo="$($IP -f inet6 addr list 2> /dev/null)"
+    local temp
+    temp="$($IP -f inet6 addr list 2> /dev/null)"

-    if [ -n "$foo" ]; then
+    if [ -n "$temp" ]; then
 	if [ -x "$IP6TABLES" ]; then
 	    $IP6TABLES -P FORWARD DROP
 	    $IP6TABLES -P INPUT DROP
 	    $IP6TABLES -P OUTPUT DROP
 	    $IP6TABLES -F
 	    $IP6TABLES -X
-	    $IP6TABLES -A OUTPUT -o lo -j ACCEPT
-	    $IP6TABLES -A INPUT -i lo -j ACCEPT
+
+	    for temp in $(find_loopback_interfaces); do
+		$IP6TABLES -A OUTPUT -o $temp -j ACCEPT
+		$IP6TABLES -A INPUT  -i $temp -j ACCEPT
+	    done
 	else
 	    error_message "WARNING: DISABLE_IPV6=Yes in shorewall.conf but this system does not appear to have ip6tables"
 	fi
--- a/Shorewall/lib.cli-std
+++ b/Shorewall/lib.cli-std
@ -323,6 +323,8 @@ get_config() {
 	    LEGACY_FASTSTART=Yes
 	    ;;
    esac
+
+    g_loopback=$(find_loopback_interfaces)
 }

 #