mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-21 02:08:48 +02:00
First set of changes to allow compilation on a different system
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3266 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
160e7432e0
commit
51d9e2aeec
@ -55,14 +55,6 @@ my_mutex_off() {
|
|||||||
[ -n "$HAVE_MUTEX" ] && { mutex_off; HAVE_MUTEX=; }
|
[ -n "$HAVE_MUTEX" ] && { mutex_off; HAVE_MUTEX=; }
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
|
||||||
# Message to stderr
|
|
||||||
#
|
|
||||||
error_message() # $* = Error Message
|
|
||||||
{
|
|
||||||
echo " $@" >&2
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Fatal error -- stops the firewall after issuing the error message
|
# Fatal error -- stops the firewall after issuing the error message
|
||||||
#
|
#
|
||||||
@ -1237,6 +1229,23 @@ validate_interfaces_file() {
|
|||||||
dhcp|tcpflags|arp_filter|routefilter|logmartians|sourceroute|blacklist|proxyarp|maclist|nosmurfs|upnp|-)
|
dhcp|tcpflags|arp_filter|routefilter|logmartians|sourceroute|blacklist|proxyarp|maclist|nosmurfs|upnp|-)
|
||||||
;;
|
;;
|
||||||
norfc1918)
|
norfc1918)
|
||||||
|
if [ $COMMAND = generate ]; then
|
||||||
|
cat >> $RESTOREBASE << __EOF__
|
||||||
|
|
||||||
|
progress_message "Verifying 'norfc1918' on $interface"
|
||||||
|
|
||||||
|
addr=\$(ip -f inet addr show $interface 2> /dev/null | grep inet | head -n1)
|
||||||
|
if [ -n "\$addr" ]; then
|
||||||
|
addr=\$(echo \$addr | sed 's/inet //;s/\/.*//;s/ peer.*//')
|
||||||
|
for network in 10.0.0.0/8 176.16.0.0/12 192.168.0.0/16; do
|
||||||
|
if in_network \$addr \$network; then
|
||||||
|
fatal_error "The 'norfc1918' option has been specified on an interface with an RFC 1918 address. Interface:$interface"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
|
__EOF__
|
||||||
|
else
|
||||||
addr=$(ip -f inet addr show $interface 2> /dev/null | grep inet | head -n1)
|
addr=$(ip -f inet addr show $interface 2> /dev/null | grep inet | head -n1)
|
||||||
if [ -n "$addr" ]; then
|
if [ -n "$addr" ]; then
|
||||||
addr=$(echo $addr | sed 's/inet //;s/\/.*//;s/ peer.*//')
|
addr=$(echo $addr | sed 's/inet //;s/\/.*//;s/ peer.*//')
|
||||||
@ -1246,6 +1255,7 @@ validate_interfaces_file() {
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
arp_ignore=*)
|
arp_ignore=*)
|
||||||
eval ${iface}_arp_ignore=${option#*=}
|
eval ${iface}_arp_ignore=${option#*=}
|
||||||
@ -1296,6 +1306,19 @@ setup_providers()
|
|||||||
local table number mark duplicate interface gateway options provider address copy route loose addresses rulenum pref echobin=$(mywhich echo)
|
local table number mark duplicate interface gateway options provider address copy route loose addresses rulenum pref echobin=$(mywhich echo)
|
||||||
|
|
||||||
copy_table() {
|
copy_table() {
|
||||||
|
if [ $COMMAND = generate ]; then
|
||||||
|
cat >> $RESTOREBASE << __EOF__
|
||||||
|
ip route show table $duplicate | while read net route; do
|
||||||
|
case \$net in
|
||||||
|
default|nexthop)
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
ip route add table $number \$net \$route"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
__EOF__
|
||||||
|
else
|
||||||
run_ip route show table $duplicate | while read net route; do
|
run_ip route show table $duplicate | while read net route; do
|
||||||
case $net in
|
case $net in
|
||||||
default|nexthop)
|
default|nexthop)
|
||||||
@ -1305,9 +1328,28 @@ setup_providers()
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
copy_and_edit_table() {
|
copy_and_edit_table() {
|
||||||
|
if [ $COMMAND = generate ]; then
|
||||||
|
cat >> $RESTOREBASE << __EOF__
|
||||||
|
ip route show table $duplicate | while read net route; do
|
||||||
|
case \$net in
|
||||||
|
default|nexthop)
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
case \$(find_device \$route) in
|
||||||
|
`echo $copy\) | sed 's/ /|/g'`
|
||||||
|
ip route add table $number \$net \$route
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
__EOF__
|
||||||
|
else
|
||||||
run_ip route show table $duplicate | while read net route; do
|
run_ip route show table $duplicate | while read net route; do
|
||||||
case $net in
|
case $net in
|
||||||
default|nexthop)
|
default|nexthop)
|
||||||
@ -1319,6 +1361,7 @@ setup_providers()
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
add_a_provider() {
|
add_a_provider() {
|
||||||
@ -1358,28 +1401,32 @@ setup_providers()
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "x$gateway" = xdetect ] ; then
|
if [ "x$gateway" = xdetect ] ; then
|
||||||
#
|
if [ $COMMAND = generate ]; then
|
||||||
# First assume that this is some sort of point-to-point interface
|
cat >> $RESTOREBASE << __EOF__
|
||||||
#
|
gateway=\$(detect_gateway $interface)
|
||||||
gateway=$( find_peer $(ip addr ls $interface ) )
|
|
||||||
#
|
if [ -z \"\$gateway\" ]; then
|
||||||
# Maybe there's a default route through this gateway already
|
ip route replace \$gateway src \$(find_first_interface_address $interface) dev $interface table $number
|
||||||
#
|
ip route add default via \$gateway dev $interface table $number
|
||||||
[ -n "$gateway" ] || gateway=$(find_gateway $(ip route ls dev $interface))
|
else
|
||||||
#
|
fatal_error "Unable to detect the gateway through interface $interface"
|
||||||
# Last hope -- is there a load-balancing route through the interface?
|
|
||||||
#
|
|
||||||
[ -n "$gateway" ] || gateway=$(find_nexthop $interface)
|
|
||||||
#
|
|
||||||
# Be sure we found one
|
|
||||||
#
|
|
||||||
[ -n "$gateway" ] || fatal_error "Unable to detect the gateway through interface $interface"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ $COMMAND != check ]; then
|
__EOF__
|
||||||
|
else
|
||||||
|
gateway=$(detect_gateway $interface)
|
||||||
|
[ -n "$gateway" ] || fatal_error "Unable to detect the gateway through interface $interface"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
case $COMMAND in
|
||||||
|
check|generate)
|
||||||
|
;;
|
||||||
|
*)
|
||||||
ensure_and_save_command " ip route replace $gateway src $(find_first_interface_address $interface) dev $interface table $number"
|
ensure_and_save_command " ip route replace $gateway src $(find_first_interface_address $interface) dev $interface table $number"
|
||||||
ensure_and_save_command " ip route add default via $gateway dev $interface table $number"
|
ensure_and_save_command " ip route add default via $gateway dev $interface table $number"
|
||||||
fi
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
if [ x${mark} != x- ]; then
|
if [ x${mark} != x- ]; then
|
||||||
verify_mark $mark
|
verify_mark $mark
|
||||||
@ -1407,10 +1454,18 @@ setup_providers()
|
|||||||
ROUTEMARK_INTERFACES="$ROUTEMARK_INTERFACES $interface"
|
ROUTEMARK_INTERFACES="$ROUTEMARK_INTERFACES $interface"
|
||||||
;;
|
;;
|
||||||
balance=*)
|
balance=*)
|
||||||
|
if [ $COMMAND = generate ]; then
|
||||||
|
save_command " DEFAULT_ROUTE=\"\$DEFAULT_ROUTE nexthop via \$gateway dev $interface weight ${option#*=}\""
|
||||||
|
else
|
||||||
DEFAULT_ROUTE="$DEFAULT_ROUTE nexthop via $gateway dev $interface weight ${option#*=}"
|
DEFAULT_ROUTE="$DEFAULT_ROUTE nexthop via $gateway dev $interface weight ${option#*=}"
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
balance)
|
balance)
|
||||||
|
if [ $COMMAND = generate ]; then
|
||||||
|
save_command " DEFAULT_ROUTE=\"\$DEFAULT_ROUTE nexthop via \$gateway dev $interface weight 1\""
|
||||||
|
else
|
||||||
DEFAULT_ROUTE="$DEFAULT_ROUTE nexthop via $gateway dev $interface weight 1"
|
DEFAULT_ROUTE="$DEFAULT_ROUTE nexthop via $gateway dev $interface weight 1"
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
loose)
|
loose)
|
||||||
loose=Yes
|
loose=Yes
|
||||||
@ -1438,10 +1493,13 @@ setup_providers()
|
|||||||
strip_file providers $1
|
strip_file providers $1
|
||||||
|
|
||||||
if [ -s $TMP_DIR/providers ]; then
|
if [ -s $TMP_DIR/providers ]; then
|
||||||
|
DEFAULT_ROUTE=
|
||||||
|
|
||||||
if [ $COMMAND != check ]; then
|
if [ $COMMAND != check ]; then
|
||||||
progress_message2 "Processing $1..."
|
progress_message2 "Processing $1..."
|
||||||
save_progress_message "Restoring Providers..."
|
save_progress_message "Restoring Providers..."
|
||||||
save_command "if [ -z \"\$NOROUTES\" ]; then"
|
save_command "if [ -z \"\$NOROUTES\" ]; then"
|
||||||
|
[ $COMMAND = generate ] && save_command " DEFAULT_ROUTE="
|
||||||
else
|
else
|
||||||
progress_message2 "Validating $1..."
|
progress_message2 "Validating $1..."
|
||||||
fi
|
fi
|
||||||
@ -1463,17 +1521,18 @@ setup_providers()
|
|||||||
|
|
||||||
if [ $COMMAND != check ]; then
|
if [ $COMMAND != check ]; then
|
||||||
if [ -n "$PROVIDERS" ]; then
|
if [ -n "$PROVIDERS" ]; then
|
||||||
if [ -n "$DEFAULT_ROUTE" ]; then
|
|
||||||
ensure_and_save_command " ip route replace default scope global $DEFAULT_ROUTE"
|
|
||||||
case $COMMAND in
|
case $COMMAND in
|
||||||
generate)
|
generate)
|
||||||
progress_message " Default route $DEFAULT_ROUTE Compiled."
|
save_command " [ -n \"\$DEFAULT_ROUTE\" ] && ip route replace default scope global \$DEFAULT_ROUTE"
|
||||||
|
save_command " progress_message Default route \$DEFAULT_ROUTE Added"
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
|
if [ -n "$DEFAULT_ROUTE" ]; then
|
||||||
|
ensure_and_save_command " ip route replace default scope global $DEFAULT_ROUTE"
|
||||||
progress_message " Default route $DEFAULT_ROUTE Added."
|
progress_message " Default route $DEFAULT_ROUTE Added."
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
fi
|
|
||||||
|
|
||||||
cat > /etc/iproute2/rt_tables <<EOF
|
cat > /etc/iproute2/rt_tables <<EOF
|
||||||
#
|
#
|
||||||
@ -3856,6 +3915,20 @@ delete_tc()
|
|||||||
|
|
||||||
run_user_exit tcclear
|
run_user_exit tcclear
|
||||||
|
|
||||||
|
if [ $COMMAND = generate ]; then
|
||||||
|
cat >> $RESTOREBASE << __EOF__
|
||||||
|
ip link list | while read inx interface details; do
|
||||||
|
case \$inx in
|
||||||
|
[0-9]*)
|
||||||
|
qt tc qdisc del dev \${interface%:} root
|
||||||
|
qt tc qdisc del dev \${interface%:} ingress
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
__EOF__
|
||||||
|
else
|
||||||
run_ip link list | \
|
run_ip link list | \
|
||||||
while read inx interface details; do
|
while read inx interface details; do
|
||||||
case $inx in
|
case $inx in
|
||||||
@ -3866,6 +3939,7 @@ delete_tc()
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
delete_tc1()
|
delete_tc1()
|
||||||
@ -7641,120 +7715,6 @@ verify_os_version() {
|
|||||||
startup_error "Shorewall can't start with the ipchains kernel module loaded - see FAQ #8"
|
startup_error "Shorewall can't start with the ipchains kernel module loaded - see FAQ #8"
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
|
||||||
# Add IP Aliases
|
|
||||||
#
|
|
||||||
add_ip_aliases()
|
|
||||||
{
|
|
||||||
local addresses external interface inet cidr rest val arping=$(mywhich arping)
|
|
||||||
|
|
||||||
address_details()
|
|
||||||
{
|
|
||||||
#
|
|
||||||
# Folks feel uneasy if they don't see all of the same
|
|
||||||
# decoration on these IP addresses that they see when their
|
|
||||||
# distro's net config tool adds them. In an attempt to reduce
|
|
||||||
# the anxiety level, we have the following code which sets
|
|
||||||
# the VLSM and BRD from an existing address in the same networks
|
|
||||||
#
|
|
||||||
# Get all of the lines that contain inet addresses with broadcast
|
|
||||||
#
|
|
||||||
ip -f inet addr show $interface 2> /dev/null | grep 'inet.*brd' | while read inet cidr rest ; do
|
|
||||||
case $cidr in
|
|
||||||
*/*)
|
|
||||||
if in_network $external $cidr; then
|
|
||||||
echo "/${cidr#*/} brd $(broadcastaddress $cidr)"
|
|
||||||
break
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
do_one()
|
|
||||||
{
|
|
||||||
val=$(address_details)
|
|
||||||
|
|
||||||
if [ -n "$RETAIN_ALIASES" ]; then
|
|
||||||
[ "$COMMAND" = generate ] || run_ip addr add ${external}${val} dev $interface $label
|
|
||||||
save_command qt ip addr add ${external}${val} dev $interface $label
|
|
||||||
else
|
|
||||||
ensure_and_save_command ip addr add ${external}${val} dev $interface $label
|
|
||||||
fi
|
|
||||||
|
|
||||||
[ -n "$arping" ] && run_and_save_command qt $arping -U -c 2 -I $interface $external
|
|
||||||
|
|
||||||
echo "$external $interface" >> $STATEDIR/nat
|
|
||||||
[ -n "$label" ] && label="with $label"
|
|
||||||
progress_message " IP Address $external added to interface $interface $label"
|
|
||||||
}
|
|
||||||
|
|
||||||
set -- $ALIASES_TO_ADD
|
|
||||||
|
|
||||||
save_progress_message "Restoring IP Addresses..."
|
|
||||||
|
|
||||||
while [ $# -gt 0 ]; do
|
|
||||||
external=$1
|
|
||||||
interface=$2
|
|
||||||
label=
|
|
||||||
|
|
||||||
if [ "$interface" != "${interface%:*}" ]; then
|
|
||||||
label="${interface#*:}"
|
|
||||||
interface="${interface%:*}"
|
|
||||||
label="label $interface:$label"
|
|
||||||
fi
|
|
||||||
|
|
||||||
shift 2
|
|
||||||
|
|
||||||
if list_search $external $(find_interface_addresses $interface) ; then
|
|
||||||
save_command qt ip addr add ${external}$(address_details) dev $interface $label
|
|
||||||
else
|
|
||||||
do_one
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
#
|
|
||||||
# Load kernel modules required for Shorewall
|
|
||||||
#
|
|
||||||
load_kernel_modules()
|
|
||||||
{
|
|
||||||
save_modules_dir=$MODULESDIR
|
|
||||||
|
|
||||||
[ -z "$MODULESDIR" ] && \
|
|
||||||
MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
|
|
||||||
|
|
||||||
modules=$(find_file modules)
|
|
||||||
|
|
||||||
if [ -f $modules -a -d $MODULESDIR ]; then
|
|
||||||
progress_message "Loading Modules..."
|
|
||||||
. $modules
|
|
||||||
fi
|
|
||||||
|
|
||||||
MODULESDIR=$save_modules_dir
|
|
||||||
}
|
|
||||||
|
|
||||||
save_load_kernel_modules()
|
|
||||||
{
|
|
||||||
|
|
||||||
modules=$(find_file modules)
|
|
||||||
|
|
||||||
save_progress_message "Loading kernel modules..."
|
|
||||||
save_command "reload_kernel_modules <<__EOF__"
|
|
||||||
|
|
||||||
while read command; do
|
|
||||||
case "$command" in
|
|
||||||
loadmodule*)
|
|
||||||
save_command $command
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done < $modules
|
|
||||||
|
|
||||||
save_command __EOF__
|
|
||||||
save_command ""
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
# Verify that the 'ip' program is installed
|
# Verify that the 'ip' program is installed
|
||||||
|
|
||||||
verify_ip() {
|
verify_ip() {
|
||||||
@ -8726,9 +8686,7 @@ activate_rules()
|
|||||||
#
|
#
|
||||||
# There is a fw->fw chain. Send loopback output through that chain
|
# There is a fw->fw chain. Send loopback output through that chain
|
||||||
#
|
#
|
||||||
run_ip link ls | grep LOOPBACK | while read ordinal interface rest ; do
|
run_iptables -A OUTPUT -o lo -j $chain
|
||||||
run_iptables -A OUTPUT -o ${interface%:*} -j $chain
|
|
||||||
done
|
|
||||||
#
|
#
|
||||||
# And delete the unconditional ACCEPT rule
|
# And delete the unconditional ACCEPT rule
|
||||||
#
|
#
|
||||||
@ -8825,7 +8783,7 @@ define_firewall() # $1 = Command (Start or Restart)
|
|||||||
save_command "MODULESDIR=\"$MODULESDIR\""
|
save_command "MODULESDIR=\"$MODULESDIR\""
|
||||||
save_command "MODULE_SUFFIX=\"$MODULE_SUFFIX\""
|
save_command "MODULE_SUFFIX=\"$MODULE_SUFFIX\""
|
||||||
|
|
||||||
save_load_kernel_modules
|
save_command "load_kernel_modules"
|
||||||
|
|
||||||
progress_message2 "Initializing..."; initialize_netfilter
|
progress_message2 "Initializing..."; initialize_netfilter
|
||||||
|
|
||||||
@ -9029,23 +8987,32 @@ compile_firewall() # $1 = File Name
|
|||||||
|
|
||||||
[ -n "$RESTOREBASE" ] || startup_error "Cannot create temporary file in /var/lib/shorewall"
|
[ -n "$RESTOREBASE" ] || startup_error "Cannot create temporary file in /var/lib/shorewall"
|
||||||
|
|
||||||
echo '#bin/sh' >> $RESTOREBASE
|
cat >> $RESTOREBASE << __EOF__
|
||||||
save_command "#"
|
#
|
||||||
save_command "# Compiled startup file generated by Shorewall $version - $(date)"
|
# Compiled startup file generated by Shorewall $version - $(date)"
|
||||||
save_command "#"
|
#
|
||||||
save_command ". /usr/share/shorewall/functions"
|
. /usr/share/shorewall/functions
|
||||||
|
__EOF__
|
||||||
f=$(find_file params)
|
f=$(find_file params)
|
||||||
|
|
||||||
[ -f $f ] && \
|
[ -f $f ] && \
|
||||||
save_command ". $(resolve_file $f)"
|
save_command ". $(resolve_file $f)"
|
||||||
|
cat >> $RESTOREBASE << __EOF__
|
||||||
|
#
|
||||||
|
COMMAND=restore
|
||||||
|
[ -n \${QUIET:=0} ]
|
||||||
|
MODULESDIR="$MODULESDIR"
|
||||||
|
MODULE_SUFFIX="$MODULE_SUFFIX"
|
||||||
|
|
||||||
save_command "#"
|
fatal_error()
|
||||||
save_command "COMMAND=restore"
|
{
|
||||||
save_command "MODULESDIR=\"$MODULESDIR\""
|
echo " ERROR: \$@" >&2
|
||||||
save_command "MODULE_SUFFIX=\"$MODULE_SUFFIX\""
|
exit 2
|
||||||
|
}
|
||||||
|
|
||||||
save_load_kernel_modules
|
load_kernel_modules
|
||||||
|
|
||||||
|
__EOF__
|
||||||
|
|
||||||
progress_message2 "Initializing..."
|
progress_message2 "Initializing..."
|
||||||
save_progress_message "Initializing..."
|
save_progress_message "Initializing..."
|
||||||
|
@ -2,6 +2,14 @@
|
|||||||
#
|
#
|
||||||
# Shorewall 3.0 -- /usr/share/shorewall/functions
|
# Shorewall 3.0 -- /usr/share/shorewall/functions
|
||||||
|
|
||||||
|
#
|
||||||
|
# Message to stderr
|
||||||
|
#
|
||||||
|
error_message() # $* = Error Message
|
||||||
|
{
|
||||||
|
echo " $@" >&2
|
||||||
|
}
|
||||||
|
|
||||||
# Function to truncate a string -- It uses 'cut -b -<n>'
|
# Function to truncate a string -- It uses 'cut -b -<n>'
|
||||||
# rather than ${v:first:last} because light-weight shells like ash and
|
# rather than ${v:first:last} because light-weight shells like ash and
|
||||||
# dash do not support that form of expansion.
|
# dash do not support that form of expansion.
|
||||||
@ -314,6 +322,26 @@ reload_kernel_modules() {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Load kernel modules required for Shorewall
|
||||||
|
#
|
||||||
|
load_kernel_modules()
|
||||||
|
{
|
||||||
|
save_modules_dir=$MODULESDIR
|
||||||
|
|
||||||
|
[ -z "$MODULESDIR" ] && \
|
||||||
|
MODULESDIR=/lib/modules/$(uname -r)/kernel/net/ipv4/netfilter
|
||||||
|
|
||||||
|
modules=$(find_file modules)
|
||||||
|
|
||||||
|
if [ -f $modules -a -d $MODULESDIR ]; then
|
||||||
|
progress_message "Loading Modules..."
|
||||||
|
. $modules
|
||||||
|
fi
|
||||||
|
|
||||||
|
MODULESDIR=$save_modules_dir
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Call this function to assert MUTEX with Shorewall. If you invoke the
|
# Call this function to assert MUTEX with Shorewall. If you invoke the
|
||||||
# /sbin/shorewall program while holding MUTEX, you should pass "nolock" as
|
# /sbin/shorewall program while holding MUTEX, you should pass "nolock" as
|
||||||
@ -849,6 +877,27 @@ find_interface_by_mac() {
|
|||||||
done
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Find interface address--returns the first IP address assigned to the passed
|
||||||
|
# device
|
||||||
|
#
|
||||||
|
find_first_interface_address() # $1 = interface
|
||||||
|
{
|
||||||
|
#
|
||||||
|
# get the line of output containing the first IP address
|
||||||
|
#
|
||||||
|
addr=$(ip -f inet addr show $1 2> /dev/null | grep 'inet .* global' | head -n1)
|
||||||
|
#
|
||||||
|
# If there wasn't one, bail out now
|
||||||
|
#
|
||||||
|
[ -n "$addr" ] || fatal_error "Can't determine the IP address of $1"
|
||||||
|
#
|
||||||
|
# Strip off the trailing VLSM mask (or the peer IP in case of a P-t-P link)
|
||||||
|
# along with everything else on the line
|
||||||
|
#
|
||||||
|
echo $addr | sed 's/inet //;s/\/.*//;s/ peer.*//'
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Find interface addresses--returns the set of addresses assigned to the passed
|
# Find interface addresses--returns the set of addresses assigned to the passed
|
||||||
# device
|
# device
|
||||||
@ -979,5 +1028,84 @@ report_capabilities() {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Add IP Aliases
|
||||||
|
#
|
||||||
|
add_ip_aliases() # $1 = List of addresses
|
||||||
|
{
|
||||||
|
local addresses external interface inet cidr rest val arping=$(mywhich arping)
|
||||||
|
|
||||||
|
address_details()
|
||||||
|
{
|
||||||
|
#
|
||||||
|
# Folks feel uneasy if they don't see all of the same
|
||||||
|
# decoration on these IP addresses that they see when their
|
||||||
|
# distro's net config tool adds them. In an attempt to reduce
|
||||||
|
# the anxiety level, we have the following code which sets
|
||||||
|
# the VLSM and BRD from an existing address in the same networks
|
||||||
|
#
|
||||||
|
# Get all of the lines that contain inet addresses with broadcast
|
||||||
|
#
|
||||||
|
ip -f inet addr show $interface 2> /dev/null | grep 'inet.*brd' | while read inet cidr rest ; do
|
||||||
|
case $cidr in
|
||||||
|
*/*)
|
||||||
|
if in_network $external $cidr; then
|
||||||
|
echo "/${cidr#*/} brd $(broadcastaddress $cidr)"
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
do_one()
|
||||||
|
{
|
||||||
|
val=$(address_details)
|
||||||
|
|
||||||
|
ip addr add ${external}${val} dev $interface $label
|
||||||
|
[ -n "$arping" ] && qt $arping -U -c 2 -I $interface $external
|
||||||
|
echo "$external $interface" >> $STATEDIR/nat
|
||||||
|
[ -n "$label" ] && label="with $label"
|
||||||
|
progress_message " IP Address $external added to interface $interface $label"
|
||||||
|
}
|
||||||
|
|
||||||
|
progress_message "Adding IP Addresses..."
|
||||||
|
|
||||||
|
while [ $# -gt 0 ]; do
|
||||||
|
external=$1
|
||||||
|
interface=$2
|
||||||
|
label=
|
||||||
|
|
||||||
|
if [ "$interface" != "${interface%:*}" ]; then
|
||||||
|
label="${interface#*:}"
|
||||||
|
interface="${interface%:*}"
|
||||||
|
label="label $interface:$label"
|
||||||
|
fi
|
||||||
|
|
||||||
|
shift 2
|
||||||
|
|
||||||
|
list_search $external $(find_interface_addresses $interface) || do_one
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
detect_gateway() # $1 = interface
|
||||||
|
{
|
||||||
|
local interface=$1
|
||||||
|
#
|
||||||
|
# First assume that this is some sort of point-to-point interface
|
||||||
|
#
|
||||||
|
gateway=$( find_peer $(ip addr ls $interface ) )
|
||||||
|
#
|
||||||
|
# Maybe there's a default route through this gateway already
|
||||||
|
#
|
||||||
|
[ -n "$gateway" ] || gateway=$(find_gateway $(ip route ls dev $interface))
|
||||||
|
#
|
||||||
|
# Last hope -- is there a load-balancing route through the interface?
|
||||||
|
#
|
||||||
|
[ -n "$gateway" ] || gateway=$(find_nexthop $interface)
|
||||||
|
#
|
||||||
|
# Be sure we found one
|
||||||
|
#
|
||||||
|
[ -n "$gateway" ] && echo $gateway
|
||||||
|
}
|
||||||
|
|
||||||
SHOREWALL_LIBRARY=Loaded
|
SHOREWALL_LIBRARY=Loaded
|
||||||
|
Loading…
x
Reference in New Issue
Block a user