extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-10 15:48:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Allow 'routeback=0'

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-06-16 08:37:53 -07:00
parent 52eb29d01e
commit 4bd35a0b93
3 changed files with 24 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -265,7 +265,7 @@ our %prohibitunmanaged = (
upnpclient => 1, upnpclient => 1,
); );
our %defaultinterfaceoptions = ( routefilter => 1 , wait => 60, accept_ra => 1 , ignore => 3 ); our %defaultinterfaceoptions = ( routefilter => 1 , wait => 60, accept_ra => 1 , ignore => 3, routeback => 1 );
our %maxoptionvalue = ( routefilter => 2, mss => 100000 , wait => 120 , ignore => NO_UPDOWN | NO_SFILTER, accept_ra => 2 ); our %maxoptionvalue = ( routefilter => 2, mss => 100000 , wait => 120 , ignore => NO_UPDOWN | NO_SFILTER, accept_ra => 2 );
@ -343,7 +343,7 @@ sub initialize( $$ ) {
optional => SIMPLE_IF_OPTION, optional => SIMPLE_IF_OPTION,
proxyarp => BINARY_IF_OPTION, proxyarp => BINARY_IF_OPTION,
required => SIMPLE_IF_OPTION, required => SIMPLE_IF_OPTION,
routeback => SIMPLE_IF_OPTION + IF_OPTION_ZONEONLY + IF_OPTION_HOST + IF_OPTION_VSERVER, routeback => BINARY_IF_OPTION + IF_OPTION_ZONEONLY + IF_OPTION_HOST + IF_OPTION_VSERVER,
routefilter => NUMERIC_IF_OPTION , routefilter => NUMERIC_IF_OPTION ,
rpfilter => SIMPLE_IF_OPTION, rpfilter => SIMPLE_IF_OPTION,
sfilter => IPLIST_IF_OPTION, sfilter => IPLIST_IF_OPTION,
@ -388,7 +388,7 @@ sub initialize( $$ ) {
optional => SIMPLE_IF_OPTION, optional => SIMPLE_IF_OPTION,
proxyndp => BINARY_IF_OPTION, proxyndp => BINARY_IF_OPTION,
required => SIMPLE_IF_OPTION, required => SIMPLE_IF_OPTION,
routeback => SIMPLE_IF_OPTION + IF_OPTION_ZONEONLY + IF_OPTION_HOST + IF_OPTION_VSERVER, routeback => BINARY_IF_OPTION + IF_OPTION_ZONEONLY + IF_OPTION_HOST + IF_OPTION_VSERVER,
rpfilter => SIMPLE_IF_OPTION, rpfilter => SIMPLE_IF_OPTION,
sfilter => IPLIST_IF_OPTION, sfilter => IPLIST_IF_OPTION,
sourceroute => BINARY_IF_OPTION, sourceroute => BINARY_IF_OPTION,
@ -1218,7 +1218,7 @@ sub process_interface( $$ ) {
} elsif ( $type == BINARY_IF_OPTION ) { } elsif ( $type == BINARY_IF_OPTION ) {
$value = 1 unless defined $value; $value = 1 unless defined $value;
fatal_error "Option value for '$option' must be 0 or 1" unless ( $value eq '0' || $value eq '1' ); fatal_error "Option value for '$option' must be 0 or 1" unless ( $value eq '0' || $value eq '1' );
fatal_error "The '$option' option may not be used with a wild-card interface name" if $wildcard; fatal_error "The '$option' option may not be used with a wild-card interface name" if $wildcard && ! $type && IF_OPTION_WILDOK;
$options{$option} = $value; $options{$option} = $value;
$hostoptions{$option} = $value if $hostopt; $hostoptions{$option} = $value if $hostopt;
} elsif ( $type == ENUM_IF_OPTION ) { } elsif ( $type == ENUM_IF_OPTION ) {
@ -1325,10 +1325,10 @@ sub process_interface( $$ ) {
if ( $options{bridge} ) { if ( $options{bridge} ) {
require_capability( 'PHYSDEV_MATCH', 'The "bridge" option', 's'); require_capability( 'PHYSDEV_MATCH', 'The "bridge" option', 's');
fatal_error "Bridges may not have wildcard names" if $wildcard; fatal_error "Bridges may not have wildcard names" if $wildcard;
$hostoptions{routeback} = $options{routeback} = 1; $hostoptions{routeback} = $options{routeback} = 1 unless supplied $options{routeback};
} }
$hostoptions{routeback} = $options{routeback} = is_a_bridge( $physical ) unless $export || $options{routeback} || $options{unmanaged}; $hostoptions{routeback} = $options{routeback} = is_a_bridge( $physical ) unless $export || supplied $options{routeback} || $options{unmanaged};
$hostoptionsref = \%hostoptions; $hostoptionsref = \%hostoptions;
} else { } else {

16
Shorewall/manpages/shorewall-interfaces.xml
View File

@ -210,7 +210,7 @@ loc eth2 -</programlisting>
changed; the value assigned to the setting will be the value changed; the value assigned to the setting will be the value
specified (if any) or 1 if no value is given.</para> specified (if any) or 1 if no value is given.</para>
<para/> <para></para>
<note> <note>
<para>This option does not work with a wild-card <para>This option does not work with a wild-card
@ -244,7 +244,7 @@ loc eth2 -</programlisting>
<para>8 - do not reply for all local addresses</para> <para>8 - do not reply for all local addresses</para>
<para/> <para></para>
<note> <note>
<para>This option does not work with a wild-card <para>This option does not work with a wild-card
@ -252,7 +252,7 @@ loc eth2 -</programlisting>
the INTERFACE column.</para> the INTERFACE column.</para>
</note> </note>
<para/> <para></para>
<warning> <warning>
<para>Do not specify <emphasis <para>Do not specify <emphasis
@ -411,7 +411,7 @@ loc eth2 -</programlisting>
1 1
teastep@lists:~$ </programlisting> teastep@lists:~$ </programlisting>
<para/> <para></para>
<note> <note>
<para>This option does not work with a wild-card <para>This option does not work with a wild-card
@ -576,7 +576,7 @@ loc eth2 -</programlisting>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">routeback</emphasis></term> <term><emphasis role="bold">routeback[={0|1}]</emphasis></term>
<listitem> <listitem>
<para>If specified, indicates that Shorewall should include <para>If specified, indicates that Shorewall should include
@ -591,6 +591,12 @@ loc eth2 -</programlisting>
<option>sfilter</option> (see below) or <option>sfilter</option> (see below) or
<option>routefilter</option> on all interfaces (see <option>routefilter</option> on all interfaces (see
below).</para> below).</para>
<para>Beginning with Shorewall 4.5.18, you may specify this
option to explicitly reset (e.g., <emphasis
role="bold">routeback=0</emphasis>). This can be used to
override Shorewall's default setting for bridge devices which
is <emphasis role="bold">routeback=1</emphasis>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

8
Shorewall6/manpages/shorewall6-interfaces.xml
View File

@ -413,7 +413,7 @@ loc eth2 -</programlisting>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><emphasis role="bold">routeback</emphasis></term> <term><emphasis role="bold">routeback[={0|1}]</emphasis></term>
<listitem> <listitem>
<para>If specified, indicates that shorewall6 should include <para>If specified, indicates that shorewall6 should include
@ -427,6 +427,12 @@ loc eth2 -</programlisting>
<option>rpfilter</option> (see below) if you are running <option>rpfilter</option> (see below) if you are running
Shorewall 4.5.7 or later; otherwise, you should specify Shorewall 4.5.7 or later; otherwise, you should specify
<option>sfilter</option> (see below).</para> <option>sfilter</option> (see below).</para>
<para>Beginning with Shorewall 4.5.18, you may specify this
option to explicitly reset (e.g., <emphasis
role="bold">routeback=0</emphasis>). This can be used to
override Shorewall's default setting for bridge devices which
is <emphasis role="bold">routeback=1</emphasis>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>