extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-03-05 18:11:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Tweaks to 'detectnets'

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6055 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-04-22 00:40:20 +00:00
parent e4c8d85fb9
commit 592e4861ad
1 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
Shorewall-perl/Shorewall/Interfaces.pm
View File

@ -115,20 +115,20 @@ sub add_group_to_zone($$$$$)
push @{$arrayref}, \%h; push @{$arrayref}, \%h;
} }
#
# Return a list of networks routed out of the passed interface
#
sub get_routed_networks ( $$ ) { sub get_routed_networks ( $$ ) {
my ( $interface , $error_message ) = @_; my ( $interface , $error_message ) = @_;
my @networks; my @networks;
if ( open IP , '-|' , "ip route show dev $interface 2> /dev/null" ) { if ( open IP , '-|' , "/sbin/ip route show dev $interface 2> /dev/null" ) {
while ( my $route = <IP> ) { while ( my $route = <IP> ) {
$route =~ s/^\s+//; $route =~ s/^\s+//;
my $network = ( split /\s+/, $route )[0]; my $network = ( split /\s+/, $route )[0];
if ( $network eq 'default' ) { if ( $network eq 'default' ) {
if ( $error_message ) { fatal_error $error_message if $error_message;
fatal_error $error_message; warning_message "default route ignored on interface $interface";
} else {
warning_message "default route ignored on interface $interface";
}
} else { } else {
my ( $address, $vlsm ) = split '/', $network; my ( $address, $vlsm ) = split '/', $network;
$vlsm = 32 unless defined $vlsm; $vlsm = 32 unless defined $vlsm;
@ -136,12 +136,8 @@ sub get_routed_networks ( $$ ) {
} }
} }
close IP close IP
} else {
fatal_error "Cannot get routes through interface $interface";
} }
fatal_error "detectnets: There are no routes through interface $interface" unless @networks;
@networks; @networks;
} }
@ -252,17 +248,25 @@ sub validate_interfaces_file()
} }
} }
$zoneref->{options}{in_out}{routeback} = 1 if $options{routeback}; $zoneref->{options}{in_out}{routeback} = 1 if $options{routeback};
} }
$interfaces{$interface}{options} = $optionsref = \%options; $interfaces{$interface}{options} = $optionsref = \%options;
push @interfaces, $interface; push @interfaces, $interface;
my @networks = $options{detectnets} ? get_routed_networks( $interface , "detectnets not allowed on interface with default route - $interface" ) : @allipv4; my @networks;
add_group_to_zone( $zone, $zoneref->{type}, $interface, \@networks, $optionsref ) if $zone; if ( $options{detectnets} ) {
fatal_error "'detectnets' not allowed with multi-zone interface" unless $zone;
fatal_error "The 'detectnets' option may not be used with a wild-card interface name" if $wildcard;
@networks = get_routed_networks( $interface, 'detectnets not allowed on interface with default route' );
fatal_error "No routes through 'detectnets' interface $interface" unless @networks || $options{optional};
} else {
@networks = @allipv4;
}
add_group_to_zone( $zone, $zoneref->{type}, $interface, \@networks, $optionsref ) if @networks;
$interfaces{$interface}{zone} = $zone; #Must follow the call to add_group_to_zone() $interfaces{$interface}{zone} = $zone; #Must follow the call to add_group_to_zone()