extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-05-19 07:31:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Make Documentation page refer to 3.x and 4.x equally

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6855 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-07-13 21:12:23 +00:00
parent 7554183e03
commit a3f78b51e7
4 changed files with 280 additions and 263 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall-perl/Shorewall/Common.pm
View File

@ -203,7 +203,11 @@ sub timestamp() {
sub progress_message { sub progress_message {
if ( $verbose > 1 ) { if ( $verbose > 1 ) {
timestamp if $timestamp; timestamp if $timestamp;
my $line = join( ' ', @_ ); #
# We use this function to display messages containing raw config file images which may contains tabs (including multiple tabs in succession).
# The following makes such messages look more readable and uniform
#
my $line = "@_";
$line =~ s/\s+/ /g; $line =~ s/\s+/ /g;
print "$line\n"; print "$line\n";
} }

482
Shorewall-perl/Shorewall/Providers.pm
View File

@ -103,259 +103,265 @@ sub setup_route_marking() {
add_rule $chainref, "-m mark ! --mark 0/$mask -j CONNMARK --save-mark --mask $mask"; add_rule $chainref, "-m mark ! --mark 0/$mask -j CONNMARK --save-mark --mask $mask";
} }
sub setup_providers() { sub copy_table( $$ ) {
my $providers = 0; my ( $duplicate, $number ) = @_;
emitj( "ip route show table $duplicate | while read net route; do",
' case $net in',
' default|nexthop)',
' ;;',
' *)',
" run_ip route add table $number \$net \$route",
' ;;',
' esac',
"done\n"
);
}
sub copy_table( $$ ) { sub copy_and_edit_table( $$$ ) {
my ( $duplicate, $number ) = @_; my ( $duplicate, $number, $copy ) = @_;
emitj ( "ip route show table $duplicate | while read net route; do",
' case $net in',
' default|nexthop)',
' ;;',
' *)',
' case $(find_device $route) in',
" $copy)",
" run_ip route add table $number \$net \$route",
' ;;',
' esac',
' ;;',
' esac',
"done\n" );
}
emitj( "ip route show table $duplicate | while read net route; do", sub balance_default_route( $$$ ) {
' case $net in', my ( $weight, $gateway, $interface ) = @_;
' default|nexthop)',
' ;;', $balance = 1;
' *)',
" run_ip route add table $number \$net \$route", emit '';
' ;;',
' esac', if ( $first_default_route ) {
"done\n" if ( $gateway ) {
); emit "DEFAULT_ROUTE=\"nexthop via $gateway dev $interface weight $weight\"";
}
sub copy_and_edit_table( $$$ ) {
my ( $duplicate, $number, $copy ) = @_;
emitj ( "ip route show table $duplicate | while read net route; do",
' case $net in',
' default|nexthop)',
' ;;',
' *)',
' case $(find_device $route) in',
" $copy)",
" run_ip route add table $number \$net \$route",
' ;;',
' esac',
' ;;',
' esac',
"done\n" );
}
sub balance_default_route( $$$ ) {
my ( $weight, $gateway, $interface ) = @_;
$balance = 1;
emit '';
if ( $first_default_route ) {
if ( $gateway ) {
emit "DEFAULT_ROUTE=\"nexthop via $gateway dev $interface weight $weight\"";
} else {
emit "DEFAULT_ROUTE=\"nexthop dev $interface weight $weight\"";
}
$first_default_route = 0;
} else { } else {
if ( $gateway ) { emit "DEFAULT_ROUTE=\"nexthop dev $interface weight $weight\"";
emit "DEFAULT_ROUTE=\"\$DEFAULT_ROUTE nexthop via $gateway dev $interface weight $weight\""; }
} else {
emit "DEFAULT_ROUTE=\"\$DEFAULT_ROUTE nexthop dev $interface weight $weight\""; $first_default_route = 0;
} } else {
if ( $gateway ) {
emit "DEFAULT_ROUTE=\"\$DEFAULT_ROUTE nexthop via $gateway dev $interface weight $weight\"";
} else {
emit "DEFAULT_ROUTE=\"\$DEFAULT_ROUTE nexthop dev $interface weight $weight\"";
} }
} }
}
sub add_a_provider( $$$$$$$$ ) { sub add_a_provider( $$$$$$$$ ) {
my ($table, $number, $mark, $duplicate, $interface, $gateway, $options, $copy) = @_; my ($table, $number, $mark, $duplicate, $interface, $gateway, $options, $copy) = @_;
fatal_error "Duplicate provider ($table)" if $providers{$table}; fatal_error "Duplicate provider ($table)" if $providers{$table};
for my $providerref ( values %providers ) {
fatal_error "Duplicate provider number ($number)" if $providerref->{number} == $number;
}
emit "#\n# Add Provider $table ($number)\n#";
emit "if interface_is_usable $interface; then";
push_indent;
my $iface = chain_base $interface;
emit "${iface}_up=Yes";
emit "qt ip route flush table $number";
emit "echo \"qt ip route flush table $number\" >> \${VARDIR}/undo_routing";
if ( $duplicate ne '-' ) {
if ( $copy eq '-' ) {
copy_table ( $duplicate, $number );
} else {
if ( $copy eq 'none' ) {
$copy = $interface;
} else {
$copy =~ tr/,/|/;
}
copy_and_edit_table( $duplicate, $number ,$copy );
}
} else {
fatal_error 'A non-empty COPY column requires that a routing table be specified in the DUPLICATE column' if $copy ne '-';
}
if ( $gateway eq 'detect' ) {
my $variable = get_interface_address $interface;
emitj ( "gateway=\$(detect_gateway $interface)\n",
'if [ -n "$gateway" ]; then',
" run_ip route replace $variable dev $interface table $number",
" run_ip route add default via \$gateway dev $interface table $number",
'else',
" fatal_error \"Unable to detect the gateway through interface $interface\"",
"fi\n" );
$gateway = '$gateway';
} elsif ( $gateway && $gateway ne '-' ) {
validate_address $gateway;
my $variable = get_interface_address $interface;
emit "run_ip route replace $gateway src $variable dev $interface table $number";
emit "run_ip route add default via $gateway dev $interface table $number";
} else {
$gateway = '';
emit "run_ip route add default dev $interface table $number";
}
my $val = 0;
if ( $mark ne '-' ) {
$val = numeric_value $mark;
verify_mark $mark;
if ( $val < 256) {
fatal_error "Invalid Mark Value ($mark) with HIGH_ROUTE_MARKS=Yes" if $config{HIGH_ROUTE_MARKS};
} else {
fatal_error "Invalid Mark Value ($mark) with HIGH_ROUTE_MARKS=No" if ! $config{HIGH_ROUTE_MARKS};
}
for my $providerref ( values %providers ) { for my $providerref ( values %providers ) {
fatal_error "Duplicate provider number ($number)" if $providerref->{number} == $number; fatal_error "Duplicate mark value ($mark)" if $providerref->{mark} == $val;
} }
emit "#\n# Add Provider $table ($number)\n#"; my $pref = 10000 + $val;
emit "if interface_is_usable $interface; then"; emitj( "qt ip rule del fwmark $mark",
push_indent; "run_ip rule add fwmark $mark pref $pref table $number",
my $iface = chain_base $interface; "echo \"qt ip rule del fwmark $mark\" >> \${VARDIR}/undo_routing"
);
emit "${iface}_up=Yes";
emit "qt ip route flush table $number";
emit "echo \"qt ip route flush table $number\" >> \${VARDIR}/undo_routing";
if ( $duplicate ne '-' ) {
if ( $copy eq '-' ) {
copy_table ( $duplicate, $number );
} else {
if ( $copy eq 'none' ) {
$copy = $interface;
} else {
$copy =~ tr/,/|/;
}
copy_and_edit_table( $duplicate, $number ,$copy );
}
} else {
fatal_error 'A non-empty COPY column requires that a routing table be specified in the DUPLICATE column' if $copy ne '-';
}
if ( $gateway eq 'detect' ) {
my $variable = get_interface_address $interface;
emitj ( "gateway=\$(detect_gateway $interface)\n",
'if [ -n "$gateway" ]; then',
" run_ip route replace $variable dev $interface table $number",
" run_ip route add default via \$gateway dev $interface table $number",
'else',
" fatal_error \"Unable to detect the gateway through interface $interface\"",
"fi\n" );
$gateway = '$gateway';
} elsif ( $gateway && $gateway ne '-' ) {
validate_address $gateway;
my $variable = get_interface_address $interface;
emit "run_ip route replace $gateway src $variable dev $interface table $number";
emit "run_ip route add default via $gateway dev $interface table $number";
} else {
$gateway = '';
emit "run_ip route add default dev $interface table $number";
}
my $val = 0;
if ( $mark ne '-' ) {
$val = numeric_value $mark;
verify_mark $mark;
if ( $val < 256) {
fatal_error "Invalid Mark Value ($mark) with HIGH_ROUTE_MARKS=Yes" if $config{HIGH_ROUTE_MARKS};
} else {
fatal_error "Invalid Mark Value ($mark) with HIGH_ROUTE_MARKS=No" if ! $config{HIGH_ROUTE_MARKS};
}
for my $providerref ( values %providers ) {
fatal_error "Duplicate mark value ($mark)" if $providerref->{mark} == $val;
}
my $pref = 10000 + $val;
emitj( "qt ip rule del fwmark $mark",
"run_ip rule add fwmark $mark pref $pref table $number",
"echo \"qt ip rule del fwmark $mark\" >> \${VARDIR}/undo_routing"
);
}
$providers{$table} = {};
$providers{$table}{number} = $number;
$providers{$table}{mark} = $val;
my ( $loose, $optional ) = (0,0);
unless ( $options eq '-' ) {
for my $option ( split /,/, $options ) {
if ( $option eq 'track' ) {
fatal_error "Interface $interface is tracked through an earlier provider" if $routemarked_interfaces{$interface};
fatal_error "The 'track' option requires a numeric value in the MARK column" if $mark eq '-';
$routemarked_interfaces{$interface} = $mark;
push @routemarked_interfaces, $interface;
} elsif ( $option =~ /^balance=(\d+)$/ ) {
balance_default_route $1 , $gateway, $interface;
} elsif ( $option eq 'balance' ) {
balance_default_route 1 , $gateway, $interface;
} elsif ( $option eq 'loose' ) {
$loose = 1;
} elsif ( $option eq 'optional' ) {
$optional = 1;
} else {
fatal_error "Invalid option ($option)";
}
}
}
if ( $loose ) {
my $rulebase = 20000 + ( 256 * ( $number - 1 ) );
emit "\nrulenum=0\n";
emitj ( "find_interface_addresses $interface | while read address; do",
' qt ip rule del from $address',
" run_ip rule add from \$address pref \$(( $rulebase + \$rulenum )) table $number",
" echo \"qt ip rule del from \$address\" >> \${VARDIR}/undo_routing",
' rulenum=$(($rulenum + 1))',
'done'
);
} else {
emitj( "\nfind_interface_addresses $interface | while read address; do",
' qt ip rule del from $address',
'done'
);
}
emit "\nprogress_message \" Provider $table ($number) Added\"\n";
pop_indent;
emit 'else';
if ( $optional ) {
emitj( " error_message \"WARNING: Interface $interface is not configured -- Provider $table ($number) not Added\"",
" ${iface}_up="
);
} else {
emit " fatal_error \"ERROR: Interface $interface is not configured -- Provider $table ($number) Cannot be Added\"";
}
emit "fi\n";
} }
sub add_an_rtrule( $$$$ ) { $providers{$table} = {};
my ( $source, $dest, $provider, $priority ) = @_; #
unless ( $providers{$provider} ) {
my $found = 0;
if ( "\L$provider" =~ /^(0x[a-f0-9]+|0[0-7]*|[0-9]*)$/ ) {
my $provider_number = numeric_value $provider;
for my $provider ( keys %providers ) {
if ( $providers{$provider}{number} == $provider_number ) {
$found = 1;
last;
}
}
}
fatal_error "Unknown provider ($provider)" unless $found;
}
fatal_error "You must specify either the source or destination in a route_rules entry" if $source eq '-' && $dest eq '-';
$dest = $dest eq '-' ? '' : "to $dest";
if ( $source eq '-' ) {
$source = '';
} elsif ( $source =~ /:/ ) {
( my $interface, $source , my $remainder ) = split( /:/, $source, 3 );
fatal_error "Invalid SOURCE" if defined $remainder;
$source = "iif $interface from $source";
} elsif ( $source =~ /\..*\..*/ ) {
$source = "from $source";
} else {
$source = "iif $source";
}
fatal_error "Invalid priority ($priority)" unless $priority && $priority =~ /^\d{1,5}$/;
$priority = "priority $priority";
emitj( "qt ip rule del $source $dest $priority",
"run_ip rule add $source $dest $priority table $provider",
"echo \"qt ip rule del $source $dest $priority\" >> \${VARDIR}/undo_routing"
);
progress_message " Routing rule \"$currentline\" $done";
}
#
# Setup_Providers() Starts Here.... # Setup_Providers() Starts Here....
# #
$providers{$table}{number} = $number;
$providers{$table}{mark} = $val;
my ( $loose, $optional ) = (0,0);
unless ( $options eq '-' ) {
for my $option ( split /,/, $options ) {
if ( $option eq 'track' ) {
fatal_error "Interface $interface is tracked through an earlier provider" if $routemarked_interfaces{$interface};
fatal_error "The 'track' option requires a numeric value in the MARK column" if $mark eq '-';
$routemarked_interfaces{$interface} = $mark;
push @routemarked_interfaces, $interface;
} elsif ( $option =~ /^balance=(\d+)$/ ) {
balance_default_route $1 , $gateway, $interface;
} elsif ( $option eq 'balance' ) {
balance_default_route 1 , $gateway, $interface;
} elsif ( $option eq 'loose' ) {
$loose = 1;
} elsif ( $option eq 'optional' ) {
$optional = 1;
} else {
fatal_error "Invalid option ($option)";
}
}
}
if ( $loose ) {
my $rulebase = 20000 + ( 256 * ( $number - 1 ) );
emit "\nrulenum=0\n";
emitj ( "find_interface_addresses $interface | while read address; do",
' qt ip rule del from $address',
" run_ip rule add from \$address pref \$(( $rulebase + \$rulenum )) table $number",
" echo \"qt ip rule del from \$address\" >> \${VARDIR}/undo_routing",
' rulenum=$(($rulenum + 1))',
'done'
);
} else {
emitj( "\nfind_interface_addresses $interface | while read address; do",
' qt ip rule del from $address',
'done'
);
}
emit "\nprogress_message \" Provider $table ($number) Added\"\n";
pop_indent;
emit 'else';
if ( $optional ) {
emitj( " error_message \"WARNING: Interface $interface is not configured -- Provider $table ($number) not Added\"",
" ${iface}_up="
);
} else {
emit " fatal_error \"ERROR: Interface $interface is not configured --
#
# Setup_Providers() Starts Here....
#
Provider $table ($number) Cannot be Added\"";
}
emit "fi\n";
}
sub add_an_rtrule( $$$$ ) {
my ( $source, $dest, $provider, $priority ) = @_;
unless ( $providers{$provider} ) {
my $found = 0;
if ( "\L$provider" =~ /^(0x[a-f0-9]+|0[0-7]*|[0-9]*)$/ ) {
my $provider_number = numeric_value $provider;
for my $provider ( keys %providers ) {
if ( $providers{$provider}{number} == $provider_number ) {
$found = 1;
last;
}
}
}
fatal_error "Unknown provider ($provider)" unless $found;
}
fatal_error "You must specify either the source or destination in a route_rules entry" if $source eq '-' && $dest eq '-';
$dest = $dest eq '-' ? '' : "to $dest";
if ( $source eq '-' ) {
$source = '';
} elsif ( $source =~ /:/ ) {
( my $interface, $source , my $remainder ) = split( /:/, $source, 3 );
fatal_error "Invalid SOURCE" if defined $remainder;
$source = "iif $interface from $source";
} elsif ( $source =~ /\..*\..*/ ) {
$source = "from $source";
} else {
$source = "iif $source";
}
fatal_error "Invalid priority ($priority)" unless $priority && $priority =~ /^\d{1,5}$/;
$priority = "priority $priority";
emitj( "qt ip rule del $source $dest $priority",
"run_ip rule add $source $dest $priority table $provider",
"echo \"qt ip rule del $source $dest $priority\" >> \${VARDIR}/undo_routing"
);
progress_message " Routing rule \"$currentline\" $done";
}
sub setup_providers() {
my $providers = 0;
my $fn = open_file 'providers'; my $fn = open_file 'providers';
while ( read_a_line ) { while ( read_a_line ) {
@ -422,6 +428,10 @@ sub setup_providers() {
emit_unindented join( "\n", emit_unindented join( "\n",
'#', '#',
#
# Setup_Providers() Starts Here....
#
'# reserved values', '# reserved values',
'#', '#',
"255\tlocal", "255\tlocal",

9
docs/Manpages.xml
View File

@ -71,8 +71,9 @@
<member><ulink url="manpages/shorewall-hosts.html">hosts</ulink> - <member><ulink url="manpages/shorewall-hosts.html">hosts</ulink> -
Define multiple zones accessed through a single interface</member> Define multiple zones accessed through a single interface</member>
<member><ulink url="shorewall-interfaces.html">interfaces</ulink> - <member><ulink
Define the interfaces on the system and optionally associate them with url="manpages/shorewall-interfaces.html">interfaces</ulink> - Define the
interfaces on the system and optionally associate them with
zones.</member> zones.</member>
<member><ulink url="manpages/shorewall-maclist.html">maclist</ulink> - <member><ulink url="manpages/shorewall-maclist.html">maclist</ulink> -
@ -140,8 +141,8 @@
- Specify values for global Shorewall options.</member> - Specify values for global Shorewall options.</member>
<member><ulink <member><ulink
url="manpages/shorewall.conf.html">shorewall-lite.conf</ulink> - Specify url="manpages/shorewall-lite.conf.html">shorewall-lite.conf</ulink> -
values for global Shorewall Lite options.</member> Specify values for global Shorewall Lite options.</member>
<member><ulink url="manpages/shorewall-vardir.html">vardir</ulink> - <member><ulink url="manpages/shorewall-vardir.html">vardir</ulink> -
Redefine the directory where Shorewall keeps its state Redefine the directory where Shorewall keeps its state

46
web/Documentation.html
View File

@ -6,7 +6,7 @@
</head> </head>
<body> <body>
<h1 style="text-align: left;">Shorewall 3.x Documentation<br> <h1 style="text-align: left;">Shorewall Documentation<br>
</h1> </h1>
<span style="font-weight: bold;">Tom Eastep<br> <span style="font-weight: bold;">Tom Eastep<br>
<br> <br>
@ -22,44 +22,49 @@ href="GnuCopyright.htm" target="_self">GNU Free Documentation
License</a></span>”.<br> License</a></span>”.<br>
</p> </p>
<p>2007-06-23<br> <p>2007-07-13<br>
</p> </p>
<hr style="width: 100%; height: 2px;"> <hr style="width: 100%; height: 2px;">
<br> <br>
<ul> <ul>
<li><a href="Documentation_Index.html">Alphabetical <span <li><strong>Alphabetical Index</strong> -- Over 70 articles with topics
style="font-weight: bold;">Index</span> of all Articles</a> <a ranging from Accounting to Xen
href="http://gomix.homelinux.net/gomix/shorewall/">(En Español)</a> -- <p><a href="Documentation_Index.html">Shorewall 3.x</a></p>
Over 70 articles with topics ranging from Accounting to Xen<br> <p><a href="4.0/Documentation_Index.html">Shorewall 4.x</a></p>
</li> </li>
<li><a href="FAQ.htm"><span style="font-weight: bold;">FAQ</span>s</a> -- <li><strong>FAQs</strong> -- Answers to the most commonly asked questions.
Answers to the most commonly asked questions.<br> <p><a href="FAQ.htm">Shorewall 3.x</a></p>
<p><a href="4.0/FAQ.htm">Shorewall 4.x</a></p>
</li>
<li><strong>Getting Started</strong> -- Introductory Articles and Beginner
HOWTOs
<p><span style="font-weight: bold;"></span><a
href="shorewall_quickstart_guide.htm">Shorewall 3.x</a></p>
<p><a href="4.0/shorewall_quickstart_guide.htm">Shorewall 4.x</a></p>
</li> </li>
<li><a href="GettingStarted.html"><span
style="font-weight: bold;"></span>Getting Started</a> -- Introductory
Articles and Beginner HOWTOs</li>
<li>PPPPPPPS ( or, Paul's Principles for Practical Provision of Packet <li>PPPPPPPS ( or, Paul's Principles for Practical Provision of Packet
Processing with Shorewall ) <a Processing with Shorewall ) <a
href="http://linuxman.wikispaces.com/PPPPPPS">http://linuxman.wikispaces.com/PPPPPPS</a> href="http://linuxman.wikispaces.com/PPPPPPS">http://linuxman.wikispaces.com/PPPPPPS</a>
-- Some very useful tips for dealing with Shorewall from Paul Gear<br> -- Some very useful tips for dealing with Shorewall from Paul Gear<br>
</li> </li>
<li><a href="manpages/Manpages.html">Shorewall 3.4 <span <li>Man Pages -- Online version of the manpages released with Shorewall
style="font-weight: bold;">Manpages</span></a> -- Online version of the 3.4.0 and later
manpages released with Shorewall 3.4.0 and later<br> <p><a href="manpages/Manpages.html">Shorewall 3.x</a></p>
<p><a href="4.0/Manpages.html">Shorewall 4.x</a></p>
</li> </li>
<li><a href="shorewall_features.htm">Shorewall <span <li><a href="4.0/shorewall_features.htm">Shorewall <span
style="font-weight: bold;">Features</span></a> -- What it can do<br> style="font-weight: bold;">Features</span></a> -- What it can do<br>
</li> </li>
<li><a href="Shorewall_Doesnt.html"><span <li><a href="4.0/Shorewall_Doesnt.html"><span
style="font-weight: bold;">Limitations</span></a> -- Some things that it style="font-weight: bold;">Limitations</span></a> -- Some things that it
cannot do<br> cannot do<br>
</li> </li>
<li><a href="troubleshoot.htm"><span <li><a href="4.0/troubleshoot.htm"><span
style="font-weight: bold;">Troubleshooting</span> Guide</a> -- Look here style="font-weight: bold;">Troubleshooting</span> Guide</a> -- Look here
when "it doesn't work"<br> when "it doesn't work"<br>
</li> </li>
<li><a href="upgrade_issues.htm"><span <li><a href="4.0/upgrade_issues.htm"><span
style="font-weight: bold;">Upgrade</span> Issues</a> -- avoid problems style="font-weight: bold;">Upgrade</span> Issues</a> -- avoid problems
when upgrading your Shorewall installation</li> when upgrading your Shorewall installation</li>
</ul> </ul>
@ -67,10 +72,7 @@ License</a></span>”.<br>
<div style="margin-left: 40px;"> <div style="margin-left: 40px;">
<a href="2.0/">Shorewall 2.x Documentation</a> <a href="2.0/">Shorewall 2.x Documentation</a> </div>
<p><a href="4.0/index.html">Shorewall 4.0 Documentation</a></p>
</div>
<br> <br>
</body> </body>
</html> </html>