Add 'routestopped' file

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@131 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall/fallback.sh

@@ -91,6 +91,8 @@ restore_file /etc/shorewall/params
 
 restore_file /etc/shorewall/proxyarp
 
+restore_file /etc/shorewall/routestopped
+
 restore_file /etc/shorewall/masq
 
 restore_file /etc/shorewall/modules

Shorewall/firewall

@@ -1015,6 +1015,12 @@ stop_firewall() {
 
     hosts="`find_hosts_by_option routestopped`"
 
+    strip_file routestopped 
+
+    while read interface host; do
+	hosts="$hosts $interface:${host:-0.0.0.0/0}"
+    done < $TMP_DIR/routestopped
+
     for host in $hosts; do
 	interface=${host%:*}
 	subnet=${host#*:}

Shorewall/hosts

@@ -30,7 +30,9 @@
 #	OPTIONS - A comma-separated list of options. Currently-defined
 #		  options are:
 #
-#			routestopped - route messages to and from this
+#			routestopped - (Deprecated -- use
+#				       /etc/shorewall/routestopped)
+#				       route messages to and from this
 #				       member when the firewall is in the
 #				       stopped state
 #

Shorewall/install.sh

@@ -360,6 +360,15 @@ else
     echo -e "\nProxy ARP file installed as ${PREFIX}/etc/shorewall/proxyarp"
 fi
 #
+# Install the Stopped Routing file
+#
+if [ -f ${PREFIX}/etc/shorewall/routestopped ]; then
+    backup_file /etc/shorewall/routestopped
+else
+    run_install -o $OWNER -g $GROUP -m 0600 routestopped ${PREFIX}/etc/shorewall/routestopped
+    echo -e "\nStopped Routing file installed as ${PREFIX}/etc/shorewall/routestopped"
+fi
+#
 # Install the Masq file
 #
 if [ -f ${PREFIX}/etc/shorewall/masq ]; then

Shorewall/interfaces

@@ -48,7 +48,9 @@
 #				       requests. 'filterping' takes 
 #				       precedence over 'noping' if both are
 #				       given.
-#			routestopped - When the firewall is stopped, allow
+#			routestopped - (Deprecated -- use 
+#				       /etc/shorewall/routestopped)
+#				       When the firewall is stopped, allow
 #				       and route traffic to and from this
 #				       interface.
 #			norfc1918    - This interface should not receive

Shorewall/routestopped

@@ -0,0 +1,21 @@
+##############################################################################
+#
+# Shorewall 1.3 -- Hosts Accessible when the Firewall is Stopped
+#
+# /etc/shorewall/routestopped
+#
+#	This file is used to define the hosts that are accessible when the firewall is stopped
+#
+# Columns must be separated by white space and are:
+#
+#	INTERFACE	- Interface through which host(s) communicate with the firewall
+#	HOST(S)		- Comma-separated list of IP/subnet addresses.
+#
+# Example:
+#
+#	INTERFACE	HOST(S)
+#	eth2		192.168.1.0/24
+#	eth0		192.0.2.44
+##############################################################################
+#INTERFACE	HOST(S)
+#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

Shorewall/shorewall.spec

@@ -64,6 +64,7 @@ if [ $1 = 0 ]; then if [ -x /sbin/insserv ]; then /sbin/insserv -r /etc/init.d/s
 %attr(0600,root,root) %config(noreplace) /etc/shorewall/nat
 %attr(0600,root,root) %config(noreplace) /etc/shorewall/params
 %attr(0600,root,root) %config(noreplace) /etc/shorewall/proxyarp
+%attr(0600,root,root) %config(noreplace) /etc/shorewall/routestopped
 %attr(0600,root,root) %config(noreplace) /etc/shorewall/masq
 %attr(0600,root,root) %config(noreplace) /etc/shorewall/modules
 %attr(0600,root,root) %config(noreplace) /etc/shorewall/tcrules
@@ -79,6 +80,8 @@ if [ $1 = 0 ]; then if [ -x /sbin/insserv ]; then /sbin/insserv -r /etc/init.d/s
 %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel
 
 %changelog
+* Web Jul 10 2002 Tom Eastep <tom@shorewall.net>
+- Added 'routestopped' configuration file.
 * Fri Jul 05 2002 Tom Eastep <tom@shorewall.net>
 - Changed version to 1.3.3
 * Sat Jun 15 2002 Tom Eastep <tom@shorewall.net>