diff --git a/Shorewall-perl/Shorewall/Proc.pm b/Shorewall-perl/Shorewall/Proc.pm index 3041c0baa..c0fbdd999 100644 --- a/Shorewall-perl/Shorewall/Proc.pm +++ b/Shorewall-perl/Shorewall/Proc.pm @@ -123,7 +123,7 @@ sub setup_route_filtering() { emit 'echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter'; } - emit "[ -n \"\$NOROUTES\" ] || ip route flush cache"; + emit "[ -n \"\$NOROUTES\" ] || ip -4 route flush cache"; } } diff --git a/Shorewall-perl/Shorewall/Providers.pm b/Shorewall-perl/Shorewall/Providers.pm index b056fd8c2..8ee15bffa 100644 --- a/Shorewall-perl/Shorewall/Providers.pm +++ b/Shorewall-perl/Shorewall/Providers.pm @@ -56,6 +56,8 @@ our @providers; our $family; +our $default; + # # Initialize globals -- we take this novel approach to globals initialization to allow @@ -74,6 +76,7 @@ sub initialize( $ ) { @routemarked_interfaces = (); $balance = 0; $first_default_route = 1; + $default = $family == F_IPV4 ? 'default' : '2000::/3'; %providers = ( local => { number => LOCAL_TABLE , mark => 0 , optional => 0 } , main => { number => MAIN_TABLE , mark => 0 , optional => 0 } , @@ -135,7 +138,7 @@ sub copy_table( $$$ ) { } emit ( ' case $net in', - ' default|nexthop)', + ' default|nexthop|2000::/3)', ' ;;', ' *)', " run_ip route add table $number \$net \$route $realm", @@ -155,7 +158,7 @@ sub copy_and_edit_table( $$$$ ) { } emit ( ' case $net in', - ' default|nexthop)', + ' default|nexthop|2000::/3)', ' ;;', ' *)', ' case $(find_device $route) in', @@ -240,7 +243,7 @@ sub add_a_provider( $$$$$$$$ ) { } else { fatal_error "Configuring multiple providers through one interface requires a gateway" if $shared; $gateway = ''; - emit "run_ip route add default dev $interface table $number"; + emit "run_ip route add $default dev $interface table $number"; } my $val = 0; @@ -352,7 +355,7 @@ sub add_a_provider( $$$$$$$$ ) { if ( $gateway ) { $address = get_interface_address $interface unless $address; emit "run_ip route replace $gateway src $address dev $interface ${mtu}table $number $realm"; - emit "run_ip route add default via $gateway src $address dev $interface ${mtu}table $number $realm"; + emit "run_ip route add $default via $gateway src $address dev $interface ${mtu}table $number $realm"; } balance_default_route $balance , $gateway, $interface, $realm if $balance; @@ -511,7 +514,7 @@ sub setup_providers() { emit ( '#', '# Capture the default route(s) if we don\'t have it (them) already.', '#', - '[ -f ${VARDIR}/default_route ] || ip -' . $family . ' route list | grep -E \'^\s*(default |nexthop )\' > ${VARDIR}/default_route', + '[ -f ${VARDIR}/default_route ] || ip -' . $family . ' route list | grep -E \'^\s*(default |nexthop |2000::/3 )\' > ${VARDIR}/default_route', '#', '# Initialize the file that holds \'undo\' commands', '#', @@ -548,8 +551,8 @@ sub setup_providers() { } emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then' ); - emit ( " run_ip route replace default scope global table $table \$DEFAULT_ROUTE" ); - emit ( " qt ip -$family route del default table " . MAIN_TABLE ) if $config{USE_DEFAULT_RT}; + emit ( " run_ip route replace $default scope global table $table \$DEFAULT_ROUTE" ); + emit ( " qt ip -$family route del $default table " . MAIN_TABLE ) if $config{USE_DEFAULT_RT}; emit ( " progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"", 'else', ' error_message "WARNING: No Default route added (all \'balance\' providers are down)"', diff --git a/Shorewall-perl/prog.functions b/Shorewall-perl/prog.functions index 0b382e43c..a94977027 100644 --- a/Shorewall-perl/prog.functions +++ b/Shorewall-perl/prog.functions @@ -138,7 +138,7 @@ do_iptables() run_ip() { if ! ip -4 $@; then - error_message "ERROR: Command \"ip $@\" Failed" + error_message "ERROR: Command \"ip -4 $@\" Failed" stop_firewall exit 2 fi diff --git a/Shorewall-perl/prog.functions6 b/Shorewall-perl/prog.functions6 index 8e0d3e785..c5ecbbc94 100644 --- a/Shorewall-perl/prog.functions6 +++ b/Shorewall-perl/prog.functions6 @@ -114,7 +114,7 @@ do_iptables() run_ip() { if ! ip -6 $@; then - error_message "ERROR: Command \"ip $@\" Failed" + error_message "ERROR: Command \"ip -6 $@\" Failed" stop_firewall exit 2 fi