mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-22 18:51:24 +02:00
Add BROKEN_ROUTING hack
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@8211 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
4e67f4206e
commit
bcb7c8e9fa
@ -15,6 +15,8 @@ Changes in 4.1.5
|
||||
7) Generate an error when mac match is used in the POSTROUTING or
|
||||
OUTPUT chains.
|
||||
|
||||
8) Add 'BROKEN_ROUTING' option.
|
||||
|
||||
Changes in 4.1.4
|
||||
|
||||
1) Fix do_test() to accept 0 and to use the same mask as
|
||||
|
@ -108,6 +108,18 @@ New Features in 4.1.5.
|
||||
3) The /usr/share/shorewall/modules file has been updated to reflect
|
||||
module renaming in kernel 2.6.25.
|
||||
|
||||
4) Some users are experiencing 'File Exists' errors when Shorewall
|
||||
executes 'ip route replace' commands. I consider this a bug in
|
||||
either kernel 2.6.24 or in iproute2 but until the issue is
|
||||
resolved, I've added a hack to work around the problem.
|
||||
|
||||
If you are experiencing these problems then add the following line
|
||||
to your shorewall.conf file:
|
||||
|
||||
BROKEN_ROUTING=Yes
|
||||
|
||||
Note: This hack is only available in Shorewall-perl.
|
||||
|
||||
4) Shorewall-perl now generates an error when a MAC address appears in
|
||||
a traffic shaping rule in the OUTPUT or POSTROUTING chains.
|
||||
|
||||
|
@ -352,6 +352,7 @@ sub initialize() {
|
||||
DELETE_THEN_ADD => undef,
|
||||
MULTICAST => undef,
|
||||
DONT_LOAD => '',
|
||||
BROKEN_ROUTING => '',
|
||||
#
|
||||
# Packet Disposition
|
||||
#
|
||||
@ -1878,6 +1879,7 @@ sub get_configuration( $ ) {
|
||||
default_yes_no 'EXPAND_POLICIES' , '';
|
||||
default_yes_no 'KEEP_RT_TABLES' , '';
|
||||
default_yes_no 'DELETE_THEN_ADD' , 'Yes';
|
||||
default_yes_no 'BROKEN_ROUTING' , '';
|
||||
default_yes_no 'MULTICAST' , '';
|
||||
default_yes_no 'MARK_IN_FORWARD_CHAIN' , '';
|
||||
|
||||
|
@ -339,7 +339,12 @@ sub add_a_provider( $$$$$$$$ ) {
|
||||
|
||||
if ( $gateway ) {
|
||||
$address = get_interface_address $interface unless $address;
|
||||
emit "run_ip route replace $gateway src $address dev $interface ${mtu}table $number $realm";
|
||||
if ( $config{BROKEN_ROUTING} ) {
|
||||
emit "qt ip route delete $gateway table $number";
|
||||
emit "run_ip route add $gateway src $address dev $interface ${mtu}table $number $realm";
|
||||
} else {
|
||||
emit "run_ip route replace $gateway src $address dev $interface ${mtu}table $number $realm";
|
||||
}
|
||||
emit "run_ip route add default via $gateway dev $interface table $number $realm";
|
||||
}
|
||||
|
||||
@ -509,9 +514,16 @@ sub setup_providers() {
|
||||
|
||||
if ( $providers ) {
|
||||
if ( $balance ) {
|
||||
emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then',
|
||||
' run_ip route replace default scope global $DEFAULT_ROUTE',
|
||||
" progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"",
|
||||
emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then' );
|
||||
|
||||
if ( $config{BROKEN_ROUTING} ) {
|
||||
emit( ' run_ip route del default' );
|
||||
emit( ' run_ip route add default scope global $DEFAULT_ROUTE' );
|
||||
} else {
|
||||
emit( ' run_ip route replace default scope global $DEFAULT_ROUTE' );
|
||||
}
|
||||
|
||||
emit ( " progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"",
|
||||
'else',
|
||||
' error_message "WARNING: No Default route added (all \'balance\' providers are down)"',
|
||||
' restore_default_route',
|
||||
|
@ -76,7 +76,14 @@ sub setup_one_proxy_arp( $$$$$ ) {
|
||||
}
|
||||
|
||||
unless ( $haveroute ) {
|
||||
emit "[ -n \"\$NOROUTES\" ] || run_ip route replace $address dev $interface";
|
||||
|
||||
if ( $config{BROKEN_ROUTING} ) {
|
||||
emit "[ -n \"\$NOROUTES\" ] || qt ip route del $address";
|
||||
emit "[ -n \"\$NOROUTES\" ] || run_ip route add $address dev $interface";
|
||||
} else {
|
||||
emit "[ -n \"\$NOROUTES\" ] || run_ip route replace $address dev $interface";
|
||||
}
|
||||
|
||||
$haveroute = 1 if $persistent;
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user