Update example in the providers file

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2737 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-09-27 14:30:11 +00:00
parent d79acf3583
commit 6c76f878a8
2 changed files with 21 additions and 12 deletions

View File

@ -150,7 +150,9 @@ append_file() # $1 = File Name
# Run iptables and if an error occurs, stop the firewall and quit
#
run_iptables() {
#
# Purge the temporary files that we use to prevent duplicate '-m' specifications
#
[ -n "$BRIDGING" ] && [ -f $TMP_DIR/physdev ] && rm -f $TMP_DIR/physdev
[ -n "$IPRANGE_MATCH" ] && [ -f $TMP_DIR/iprange ] && rm -f $TMP_DIR/iprange
@ -183,7 +185,9 @@ run_iptables2() {
# Quietly run iptables
#
qt_iptables() {
#
# Purge the temporary files that we use to prevent duplicate '-m' specifications
#
[ -n "$BRIDGING" ] && [ -f $TMP_DIR/physdev ] && rm -f $TMP_DIR/physdev
[ -n "$IPRANGE_MATCH" ] && [ -f $TMP_DIR/iprange ] && rm -f $TMP_DIR/iprange
@ -1304,6 +1308,7 @@ setup_providers()
ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip route add default via $gateway dev $interface table $number"
fi
if [ x${mark} != x- ]; then
verify_mark $mark
eval ${table}_mark=$mark
@ -1312,6 +1317,7 @@ setup_providers()
run_and_save_command "[ -n \"\$NOROUTES\" ] || qt ip rule del fwmark $mark"
ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip rule add fwmark $mark pref $((10000 + $mark)) table $number"
fi
fi
loose=
@ -1323,6 +1329,7 @@ setup_providers()
list_search $interface $ROUTEMARK_INTERFACES && \
fatal_error "Interface $interface is tracked through an earlier provider"
iface=$(chain_base $interface)
[ x${mark} = x- ] && fatal_error "The 'track' option requires a numeric value in the MARK column - Provider \"$provider\""
eval ${iface}_routemark=$mark
ROUTEMARK_INTERFACES="$ROUTEMARK_INTERFACES $interface"
;;
@ -1347,7 +1354,7 @@ setup_providers()
find_interface_addresses $interface | while read address; do
run_and_save_command "[ -n \"\$NOROUTES\" ] || qt ip rule del from $address"
if [ -z "$loose" ]; then
pref=$((20000 + $rulenum * 1000 + $mark ))
pref=$((20000 + $rulenum * 1000 + $number ))
rulenum=$(($rulenum + 1))
ensure_and_save_command "[ -n \"\$NOROUTES\" ] || ip rule add from $address pref $pref table $number"
fi
@ -5981,7 +5988,7 @@ process_rules()
for yservers in $xservers; do
ysourcezone=${yclients%%:*}
ydestzone=${yservers%%:*}
if [ "$2" = Yes -o "${ysourcezone}" != "${ydestzone}" ] ; then
if [ "${ysourcezone}" != "${ydestzone}" -o "$2" = Yes ] ; then
eval ypolicy=\$${ysourcezone}2${ydestzone}_policy
if [ "$ypolicy" != NONE ] ; then
if [ "$1" = Yes ]; then

View File

@ -75,9 +75,11 @@
# eth1 connects to ISP 2. The IP address of eth1 is 130.252.99.27 and the
# ISP's gateway router has IP address 130.252.99.254.
#
# eth2 connects to a local network.
#
# #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
# ISP1 1 1 main eth0 206.124.146.254 track,balance
# ISP2 2 2 main eth1 130.252.99.254 track,balance
# ISP1 1 1 main eth0 206.124.146.254 track,balance eth2
# ISP2 2 2 main eth1 130.252.99.254 track,balance eth2
#
# For additional information, see
# http://shorewall.net/Shorewall_and_Routing.html