Fix ROUTE_FILTER and LOG_MARTIANS

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5965 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-common/releasenotes.txt

@@ -64,6 +64,12 @@ Problems corrected in Shorewall 3.9.2
 
 10) A syntax error in the lib.base Shell library has been corrected.
 
+11) When ROUTE_FILTER=Yes in shorewall.conf, Shorewall no longer clears
+    the rp_filter flag for all interfaces.
+
+12) When LOG_MARTIANS=Yes in shorewall.conf, Shorewall no longer clears
+    the log_martians flag for all interfaces.
+
 Other changes in Shorewall 3.9.2
 
 1)  A LOCKFILE option has been added to shorewall.conf. This file is

Shorewall-perl/Shorewall/Proc.pm

@@ -105,10 +105,12 @@ sub setup_route_filtering() {
 
 	save_progress_message "Setting up Route Filtering...";
 
+	unless ( $config{ROUTE_FILTER} ) {
 	    emit "for f in /proc/sys/net/ipv4/conf/*; do
-    [ -f \$f/log_martians ] && echo 0 > \$f/rp_filter
+    [ -f \$f/rp_filter ] && echo 0 > \$f/rp_filter
 done
 ";
+	}
 
 	for my $interface ( @$interfaces ) {
 	    my $file = "/proc/sys/net/ipv4/conf/$interface/rp_filter";
@@ -121,12 +123,8 @@ fi
 ";
 	}
 
-	emit 'echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter';
+	emit 'echo 1 0 /proc/sys/net/ipv4/conf/all/rp_filter';
-
+	emit 'echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter' if $config{ROUTE_FILTER};
-	if ( $config{ROUTE_FILTER} ) {
-	    emit 'echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter';
-	    emit 'echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter';
-	}
 
 	emit "[ -n \"\$NOROUTES\" ] || ip route flush cache";
     }
@@ -162,11 +160,7 @@ fi
 	}
 
 	emit 'echo 1 > /proc/sys/net/ipv4/conf/all/log_martians';
-
+	emit 'echo 1 > /proc/sys/net/ipv4/conf/default/log_martians' if $config{LOG_MARTIANS};
-	if ( $config{LOG_MARTIANS} ) {
-	    emit 'echo 1 > /proc/sys/net/ipv4/conf/default/log_martians';
-	    emit 'echo 1 > /proc/sys/net/ipv4/conf/all/log_martians';
-	}
 
     }
 }

Shorewall-shell/compiler

@@ -3715,13 +3715,16 @@ __EOF__
 
 	save_progress_message "Setting up Route Filtering..."
 
+	if [ -z "$ROUTE_FILTER" ]; THEN
 	    indent >&3 << __EOF__
 
 for f in /proc/sys/net/ipv4/conf/*; do
-    [ -f \$f/log_martians ] && echo 0 > \$f/rp_filter
+    [ -f \$f/rp_filter ] && echo 0 > \$f/rp_filter
 done
 
 __EOF__
+	fi
+
 	for interface in $interfaces; do
 	    file=/proc/sys/net/ipv4/conf/$interface/rp_filter
 
@@ -3738,7 +3741,6 @@ __EOF__
 
 	if [ -n "$ROUTE_FILTER" ]; then
 	    save_command "echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter"
-	    save_command "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter"
 	fi
 
 	save_command "[ -n \"\$NOROUTES\" ] || ip route flush cache"
@@ -3754,6 +3756,7 @@ __EOF__
 
 	save_progress_message "Setting up Martian Logging..."
 
+	if [ -z "$LOG_MARTIANS" ]; then
 	    indent >&3 << __EOF__
 
 for f in /proc/sys/net/ipv4/conf/*; do
@@ -3761,6 +3764,8 @@ for f in /proc/sys/net/ipv4/conf/*; do
 done
 
 __EOF__
+	fi
+
 	for interface in $interfaces; do
 	    file=/proc/sys/net/ipv4/conf/$interface/log_martians
 
@@ -3774,9 +3779,10 @@ fi
 __EOF__
 	    done
 
+	save_command "echo 1 > /proc/sys/net/ipv4/conf/all/log_martians"
+	
 	if [ -n "$LOG_MARTIANS" ]; then
 	    save_command "echo 1 > /proc/sys/net/ipv4/conf/default/log_martians"
-	    save_command "echo 1 > /proc/sys/net/ipv4/conf/all/log_martians"
 	fi
 
     fi