Set logmartians along with routefilter.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2017-01-11 15:53:55 -08:00
parent 0019ca53e5
commit 64c249a174
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
2 changed files with 8 additions and 0 deletions

View File

@ -1275,6 +1275,7 @@ sub process_interface( $$ ) {
my $numval = numeric_value $value; my $numval = numeric_value $value;
fatal_error "Invalid value ($value) for option $option" unless defined $numval && $numval <= $maxoptionvalue{$option}; fatal_error "Invalid value ($value) for option $option" unless defined $numval && $numval <= $maxoptionvalue{$option};
require_capability 'TCPMSS_TARGET', "mss=$value", 's' if $option eq 'mss'; require_capability 'TCPMSS_TARGET', "mss=$value", 's' if $option eq 'mss';
$options{logmartians} = 1 if $numval && $option eq 'routefilter';
$options{$option} = $numval; $options{$option} = $numval;
$hostoptions{$option} = $numval if $hostopt; $hostoptions{$option} = $numval if $hostopt;
} elsif ( $type == IPLIST_IF_OPTION ) { } elsif ( $type == IPLIST_IF_OPTION ) {

View File

@ -762,6 +762,13 @@ loc eth2 -</programlisting>
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</note> </note>
<para>Beginning with Shorewall 5.1.1, when
<option>routefilter</option> is set to a non-zero value, the
<option>logmartians</option> option is also implicitly set. If
you actually want route filtering without logging, then you
must also specify <option>logmartians=0</option> after
<option>routefilter</option>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>