Add support for 'persistent'

2025-01-24 14:39:04 +01:00 · 2009-08-15 08:15:38 -07:00 · 2009-08-15 08:15:38 -07:00 · 55f75604b3
commit 55f75604b3
parent f042c641d6
4 changed files with 36 additions and 2 deletions
--- a/Shorewall/Perl/Shorewall/Nat.pm
+++ b/Shorewall/Perl/Shorewall/Nat.pm
@ -214,6 +214,7 @@ sub process_one_masq( )
 	my $detectaddress = 0;
 	my $exceptionrule = '';
 	my $randomize     = '';
+	my $persistent    = '';
 	#
 	# Parse the ADDRESSES column
 	#
@ -221,7 +222,8 @@ sub process_one_masq( )
 	    if ( $addresses eq 'random' ) {
 		$randomize = '--random ';
 	    } else {
-		$addresses =~ s/:random$// and $randomize = '--random ';
+		$addresses =~ s/:persistent$// and $persistent = '--persistent ';
+		$addresses =~ s/:random$//     and $randomize  = '--random ';

 		if ( $addresses =~ /^SAME/ ) {
 		    fatal_error "The SAME target is no longer supported";
@ -260,6 +262,7 @@ sub process_one_masq( )
 	    }

 	    $target .= $randomize;
+	    $target .= $persistent;
 	} else {
 	    $add_snat_aliases = 0;
 	}
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -2,6 +2,10 @@ Changes in Shorewall 4.4.1

 1)  Deleted extra 'user ...IPAddrs.pm' from Nat.pm.

+2)  Deleted superfluous export from Chains.pm.
+
+3)  Added support for --persistent.
+
 Changes in Shorewall 4.4.0

 1)  Fix 'compile ... -' so that it no longer requires '-v-1'
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -163,6 +163,24 @@ None.

 None.

+----------------------------------------------------------------------------
+                N E W   F E A T U R E S   I N   4 . 4 . 1
+----------------------------------------------------------------------------
+
+1)  To replace the SAME keyword in /etc/shorewall/masq, support has
+    been added for 'persistent' SNAT. Persistent SNAT is required when
+    an address range is specified in the ADDRESS column and when you
+    want a client to always receive the same source/destination IP
+    pair. It replaces SAME: which was removed in Shorewall 4.4.0.
+
+    To spacify persistence, follow the address range with
+    ":persistent".
+
+    Example:
+
+    #INTERFACE	SOURCE	   ADDRESS
+    eth0	0.0.0.0/0  206.124.146.177-206.124.146.179:persistent	
+
 ----------------------------------------------------------------------------
                 N E W   F E A T U R E S   I N   4 . 4
 ----------------------------------------------------------------------------
--- a/manpages/shorewall-masq.xml
+++ b/manpages/shorewall-masq.xml
@ -155,7 +155,7 @@
        role="bold">-</emphasis>|<emphasis
        role="bold">NONAT</emphasis>|[<emphasis>address-or-address-range</emphasis>[,<emphasis>address-or-address-range</emphasis>]...][:<emphasis>lowport</emphasis><emphasis
        role="bold">-</emphasis><emphasis>highport</emphasis>][<emphasis
-        role="bold">:random</emphasis>]|<emphasis
+        role="bold">:random</emphasis>][:persistent]|<emphasis
        role="bold">detect</emphasis>|<emphasis
        role="bold">random</emphasis>]</term>

@ -178,6 +178,15 @@

          <para>Example: 206.124.146.177-206.124.146.180</para>

+          <para>You may follow the port range (or <emphasis
+          role="bold">:random</emphasis>) with <emphasis
+          role="bold">:persistent</emphasis>. This is only useful when an
+          address range is specified and causes a client to be given the same
+          source/destination IP pair. This feature replaces the SAME modifier
+          which was removed from Shorewall in version 4.4.0. Unlike <emphasis
+          role="bold">random</emphasis>, <emphasis
+          role="bold">persistent</emphasis> may not be used by itself.</para>
+
          <para>You may also use the special value "detect" which causes
          Shorewall to determine the IP addresses configured on the interface
          named in the INTERFACES column and substitute them in this