extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-03-13 13:59:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

Clarify 'switch' in the Fool's firewall article

Browse Source
This commit is contained in:
Tom Eastep 2010-11-27 10:28:44 -08:00
parent 1ae9a3185a
commit b771ce2925
1 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Shorewall/Perl/Shorewall/Providers.pm
View File

@ -655,13 +655,14 @@ sub add_a_route( ) {
for ( keys %providers ) { for ( keys %providers ) {
if ( $providers{$_}{number} == $provider_number ) { if ( $providers{$_}{number} == $provider_number ) {
$provider = $_; $provider = $_;
$found = $providers{$provider}{physical}; fatal_error "You may not add routes to the $provider table" if $provider_number == LOCAL_TABLE || $provider_number == UNSPEC_TABLE;
$found = 1;
last; last;
} }
} }
} }
fatal_error "Unknown or invalid provider ($provider)" unless $found; fatal_error "Unknown provider ($provider)" unless $found;
} }
validate_net ( $dest, 1 ); validate_net ( $dest, 1 );
@ -682,12 +683,16 @@ sub add_a_route( ) {
if ( $gateway ne '-' ) { if ( $gateway ne '-' ) {
if ( $device ne '-' ) { if ( $device ne '-' ) {
emit( "run_ip route add $dest via $gateway dev $physical table $number" ); emit qq(run_ip route add $dest via $gateway dev $physical table $number);
emit qq(echo "qt \$IP -$family route del $dest via $gateway dev $physical table $number" >> \${VARDIR}/undo_routing) if $number >= DEFAULT_TABLE;
} else { } else {
emit ("run_ip route add $dest via $gateway table $number" ); emit qq(run_ip route add $dest via $gateway table $number);
emit qq(echo "\$IP -$family route del $dest via $gateway table $number" >> \${VARDIR}/undo_routing) if $number >= DEFAULT_TABLE;
} }
} else { } else {
emit( "run_ip route add $dest dev $physical table $number" ); fatal_error "You must specify a device for this route" unless $physical;
emit qq(run_ip route add $dest dev $physical table $number);
emit qq(echo "\$IP -$family route del $dest dev $physical table $number" >> \${VARDIR}/undo_routing) if $number >= DEFAULT_TABLE;
} }
progress_message " Route \"$currentline\" $done"; progress_message " Route \"$currentline\" $done";