diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt index 85e701311..de033c2a1 100644 --- a/Shorewall-common/changelog.txt +++ b/Shorewall-common/changelog.txt @@ -4,7 +4,7 @@ Changes in 4.2.0-Beta3 2) Don't assume -f in /etc/init.d/shorewall-lite -3) Implement ROUTE_BALANCE +3) Implement USE_DEFAULT_RT Changes in 4.2.0-Beta2 diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt index 6990ce44a..6f4d96fd5 100644 --- a/Shorewall-common/releasenotes.txt +++ b/Shorewall-common/releasenotes.txt @@ -92,17 +92,22 @@ Other Changes in Shoreall 4.2.0 Beta 3. default for '/etc/init.d/shorewall start'. Beginning with 4.0.13 and 4.2.0-Beta3, this is also true for Shoreawall-lite. -2) A new ROUTE_BALANCE option has been added to shorewall.conf. When +2) A new USE_DEFAULT_RT option has been added to shorewall.conf. When set to 'Yes', it causes the Shorewall multi-ISP feature to create a different set of routing rules which are resilient to changes in the main routing table. Such changes can occur for a number of reasons, VPNs going up and down being an example. + The USE_DEFAULT_RT option is currently classified as + EXPERIMENTAL. As a consequence, if you have a problem with it, the + Shorewall support team may not be able to supply you with a + solution. + The idea is to send packets through the main table prior to applying any of the Shorewall-generated routing rules. So changes to the main table will affect the routing of packets by default. - When ROUTE_BALANCE=Yes: + When USE_DEFAULT_RT=Yes: a) Both the DUPLICATE and the COPY columns in the providers file must remain empty (or contain "-"). diff --git a/Shorewall-common/shorewall.conf b/Shorewall-common/shorewall.conf index e9b91a78a..134c93801 100644 --- a/Shorewall-common/shorewall.conf +++ b/Shorewall-common/shorewall.conf @@ -184,7 +184,7 @@ AUTO_COMMENT=Yes MANGLE_ENABLED=Yes -ROUTE_BALANCE=No +USE_DEFAULT_RT=No ############################################################################### # P A C K E T D I S P O S I T I O N diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl/Shorewall/Config.pm index 522b97baf..f352a05c0 100644 --- a/Shorewall-perl/Shorewall/Config.pm +++ b/Shorewall-perl/Shorewall/Config.pm @@ -366,7 +366,7 @@ sub initialize() { AUTO_COMMENT => undef , MANGLE_ENABLED => undef , NULL_ROUTE_RFC1918 => undef , - ROUTE_BALANCE => undef , + USE_DEFAULT_RT => undef , # # Packet Disposition # @@ -1913,7 +1913,7 @@ sub get_configuration( $ ) { default_yes_no 'MARK_IN_FORWARD_CHAIN' , ''; default_yes_no 'MANGLE_ENABLED' , 'Yes'; default_yes_no 'NULL_ROUTE_RFC1918' , ''; - default_yes_no 'ROUTE_BALANCE' , ''; + default_yes_no 'USE_DEFAULT_RT' , ''; $capabilities{XCONNMARK} = '' unless $capabilities{XCONNMARK_MATCH} and $capabilities{XMARK}; diff --git a/Shorewall-perl/Shorewall/Providers.pm b/Shorewall-perl/Shorewall/Providers.pm index 3dbeb20d2..340fd5c6b 100644 --- a/Shorewall-perl/Shorewall/Providers.pm +++ b/Shorewall-perl/Shorewall/Providers.pm @@ -228,7 +228,7 @@ sub add_a_provider( $$$$$$$$ ) { emit "echo \"qt ip route flush table $number\" >> \${VARDIR}/undo_routing"; if ( $gateway eq 'detect' ) { - fatal_error "'detect' is not allowed with ROUTE_BALANCE=Yes" if $config{ROUTE_BALANCE}; + fatal_error "'detect' is not allowed with USE_DEFAULT_RT=Yes" if $config{USE_DEFAULT_RT}; $gateway = get_interface_gateway $interface; } elsif ( $gateway && $gateway ne '-' ) { validate_address $gateway, 0; @@ -267,7 +267,7 @@ sub add_a_provider( $$$$$$$$ ) { ); } - my ( $loose, $track, $balance , $optional, $mtu ) = (0,0,$config{ROUTE_BALANCE} ? 1 : 0,interface_is_optional( $interface ), '' ); + my ( $loose, $track, $balance , $optional, $mtu ) = (0,0,$config{USE_DEFAULT_RT} ? 1 : 0,interface_is_optional( $interface ), '' ); unless ( $options eq '-' ) { for my $option ( split_list $options, 'option' ) { @@ -279,7 +279,7 @@ sub add_a_provider( $$$$$$$$ ) { $balance = 1; } elsif ( $option eq 'loose' ) { $loose = 1; - $balance = 0 if $config{ROUTE_BALANCE}; + $balance = 0 if $config{USE_DEFAULT_RT}; } elsif ( $option eq 'optional' ) { set_interface_option $interface, 'optional', 1; $optional = 1; @@ -324,7 +324,7 @@ sub add_a_provider( $$$$$$$$ ) { } if ( $duplicate ne '-' ) { - fatal_error "The DUPLICATE column must be empty when ROUTE_BALANCE=Yes" if $config{ROUTE_BALANCE}; + fatal_error "The DUPLICATE column must be empty when USE_DEFAULT_RT=Yes" if $config{USE_DEFAULT_RT}; if ( $copy eq '-' ) { copy_table ( $duplicate, $number, $realm ); } else { @@ -337,7 +337,7 @@ sub add_a_provider( $$$$$$$$ ) { copy_and_edit_table( $duplicate, $number ,$copy , $realm); } } else { - fatal_error "The COPY column must be empty when ROUTE_BALANCE=Yes" if $config{ROUTE_BALANCE} && $copy ne '-'; + fatal_error "The COPY column must be empty when USE_DEFAULT_RT=Yes" if $config{USE_DEFAULT_RT} && $copy ne '-'; fatal_error 'A non-empty COPY column requires that a routing table be specified in the DUPLICATE column' if $copy ne '-'; } @@ -529,7 +529,7 @@ sub setup_providers() { if ( $balance ) { my $table = 254; # Main - if ( $config{ROUTE_BALANCE} ) { + if ( $config{USE_DEFAULT_RT} ) { emit ( 'run_ip rule add from all table 254 pref 999', 'ip rule del from all table 254 pref 32766', 'echo "qt ip rule add from all table 254 pref 32766" >> ${VARDIR}/undo_routing', @@ -540,7 +540,7 @@ sub setup_providers() { emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then' ); emit ( " run_ip route replace default scope global table $table \$DEFAULT_ROUTE" ); - emit ( ' qt ip route del default table 254' ) if $config{ROUTE_BALANCE}; + emit ( ' qt ip route del default table 254' ) if $config{USE_DEFAULT_RT}; emit ( " progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"", 'else', ' error_message "WARNING: No Default route added (all \'balance\' providers are down)"',