extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-19 17:28:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix ROUTE_FILTER and LOG_MARTIANS

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5965 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-04-17 14:37:28 +00:00
parent d3777adf63
commit ba6a6c1278
3 changed files with 24 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Shorewall-common/releasenotes.txt
View File

@ -64,6 +64,12 @@ Problems corrected in Shorewall 3.9.2
10) A syntax error in the lib.base Shell library has been corrected. 10) A syntax error in the lib.base Shell library has been corrected.
11) When ROUTE_FILTER=Yes in shorewall.conf, Shorewall no longer clears
the rp_filter flag for all interfaces.
12) When LOG_MARTIANS=Yes in shorewall.conf, Shorewall no longer clears
the log_martians flag for all interfaces.
Other changes in Shorewall 3.9.2 Other changes in Shorewall 3.9.2
1) A LOCKFILE option has been added to shorewall.conf. This file is 1) A LOCKFILE option has been added to shorewall.conf. This file is

20
Shorewall-perl/Shorewall/Proc.pm
View File

@ -105,10 +105,12 @@ sub setup_route_filtering() {
save_progress_message "Setting up Route Filtering..."; save_progress_message "Setting up Route Filtering...";
emit "for f in /proc/sys/net/ipv4/conf/*; do unless ( $config{ROUTE_FILTER} ) {
[ -f \$f/log_martians ] && echo 0 > \$f/rp_filter emit "for f in /proc/sys/net/ipv4/conf/*; do
[ -f \$f/rp_filter ] && echo 0 > \$f/rp_filter
done done
"; ";
}
for my $interface ( @$interfaces ) { for my $interface ( @$interfaces ) {
my $file = "/proc/sys/net/ipv4/conf/$interface/rp_filter"; my $file = "/proc/sys/net/ipv4/conf/$interface/rp_filter";
@ -121,12 +123,8 @@ fi
"; ";
} }
emit 'echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter'; emit 'echo 1 0 /proc/sys/net/ipv4/conf/all/rp_filter';
emit 'echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter' if $config{ROUTE_FILTER};
if ( $config{ROUTE_FILTER} ) {
emit 'echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter';
emit 'echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter';
}
emit "[ -n \"\$NOROUTES\" ] || ip route flush cache"; emit "[ -n \"\$NOROUTES\" ] || ip route flush cache";
} }
@ -162,11 +160,7 @@ fi
} }
emit 'echo 1 > /proc/sys/net/ipv4/conf/all/log_martians'; emit 'echo 1 > /proc/sys/net/ipv4/conf/all/log_martians';
emit 'echo 1 > /proc/sys/net/ipv4/conf/default/log_martians' if $config{LOG_MARTIANS};
if ( $config{LOG_MARTIANS} ) {
emit 'echo 1 > /proc/sys/net/ipv4/conf/default/log_martians';
emit 'echo 1 > /proc/sys/net/ipv4/conf/all/log_martians';
}
} }
} }

16
Shorewall-shell/compiler
View File

@ -3715,13 +3715,16 @@ __EOF__
save_progress_message "Setting up Route Filtering..." save_progress_message "Setting up Route Filtering..."
indent >&3 << __EOF__ if [ -z "$ROUTE_FILTER" ]; THEN
indent >&3 << __EOF__
for f in /proc/sys/net/ipv4/conf/*; do for f in /proc/sys/net/ipv4/conf/*; do
[ -f \$f/log_martians ] && echo 0 > \$f/rp_filter [ -f \$f/rp_filter ] && echo 0 > \$f/rp_filter
done done
__EOF__ __EOF__
fi
for interface in $interfaces; do for interface in $interfaces; do
file=/proc/sys/net/ipv4/conf/$interface/rp_filter file=/proc/sys/net/ipv4/conf/$interface/rp_filter
@ -3738,7 +3741,6 @@ __EOF__
if [ -n "$ROUTE_FILTER" ]; then if [ -n "$ROUTE_FILTER" ]; then
save_command "echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter" save_command "echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter"
save_command "echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter"
fi fi
save_command "[ -n \"\$NOROUTES\" ] || ip route flush cache" save_command "[ -n \"\$NOROUTES\" ] || ip route flush cache"
@ -3754,13 +3756,16 @@ __EOF__
save_progress_message "Setting up Martian Logging..." save_progress_message "Setting up Martian Logging..."
indent >&3 << __EOF__ if [ -z "$LOG_MARTIANS" ]; then
indent >&3 << __EOF__
for f in /proc/sys/net/ipv4/conf/*; do for f in /proc/sys/net/ipv4/conf/*; do
[ -f \$f/log_martians ] && echo 0 > \$f/log_martians [ -f \$f/log_martians ] && echo 0 > \$f/log_martians
done done
__EOF__ __EOF__
fi
for interface in $interfaces; do for interface in $interfaces; do
file=/proc/sys/net/ipv4/conf/$interface/log_martians file=/proc/sys/net/ipv4/conf/$interface/log_martians
@ -3774,9 +3779,10 @@ fi
__EOF__ __EOF__
done done
save_command "echo 1 > /proc/sys/net/ipv4/conf/all/log_martians"
if [ -n "$LOG_MARTIANS" ]; then if [ -n "$LOG_MARTIANS" ]; then
save_command "echo 1 > /proc/sys/net/ipv4/conf/default/log_martians" save_command "echo 1 > /proc/sys/net/ipv4/conf/default/log_martians"
save_command "echo 1 > /proc/sys/net/ipv4/conf/all/log_martians"
fi fi
fi fi