extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 07:33:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Implement USE_LOGICAL_NAMES.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-12-20 16:03:56 -08:00
parent 3e72442954
commit c03fe0a076
15 changed files with 74 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Samples/Universal/shorewall.conf
View File

@ -188,6 +188,8 @@ TRACK_PROVIDERS=Yes
USE_DEFAULT_RT=No
USE_PHYSICAL_NAMES=No
ZONE2ZONE=2
###############################################################################

2
Samples/one-interface/shorewall.conf
View File

@ -199,6 +199,8 @@ TRACK_PROVIDERS=Yes
USE_DEFAULT_RT=No
USE_PHYSICAL_NAMES=No
ZONE2ZONE=2
###############################################################################

2
Samples/three-interfaces/shorewall.conf
View File

@ -197,6 +197,8 @@ TRACK_PROVIDERS=Yes
USE_DEFAULT_RT=No
USE_PHYSICAL_NAMES=No
ZONE2ZONE=2
###############################################################################

2
Samples/two-interfaces/shorewall.conf
View File

@ -200,6 +200,8 @@ TRACK_PROVIDERS=Yes
USE_DEFAULT_RT=No
USE_PHYSICAL_NAMES=No
ZONE2ZONE=2
###############################################################################

2
Samples6/Universal/shorewall6.conf
View File

@ -165,6 +165,8 @@ TRACK_PROVIDERS=Yes
USE_DEFAULT_RT=No
USE_PHYSICAL_NAMES=No
ZONE2ZONE=2
###############################################################################

2
Samples6/one-interface/shorewall6.conf
View File

@ -165,6 +165,8 @@ TRACK_PROVIDERS=Yes
USE_DEFAULT_RT=No
USE_PHYSICAL_NAMES=No
ZONE2ZONE=2
###############################################################################

2
Samples6/three-interfaces/shorewall6.conf
View File

@ -165,6 +165,8 @@ TRACK_PROVIDERS=Yes
USE_DEFAULT_RT=No
USE_PHYSICAL_NAMES=No
ZONE2ZONE=2
###############################################################################

2
Samples6/two-interfaces/shorewall6.conf
View File

@ -165,6 +165,8 @@ TRACK_PROVIDERS=Yes
USE_DEFAULT_RT=No
USE_PHYSICAL_NAMES=No
ZONE2ZONE=2
###############################################################################

31
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -1572,7 +1572,8 @@ sub blacklist_chain($$) {
#
sub forward_chain($)
{
$_[0] . '_fwd';
my $interface = shift;
( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_fwd';
}
#
@ -1623,7 +1624,8 @@ sub use_forward_chain($$) {
#
sub input_chain($)
{
$_[0] . '_in';
my $interface = shift;
( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_in';
}
#
@ -1684,7 +1686,8 @@ sub use_input_chain($$) {
#
sub output_chain($)
{
$_[0] . '_out';
my $interface = shift;
( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_out';
}
#
@ -1692,15 +1695,17 @@ sub output_chain($)
#
sub prerouting_chain($)
{
$_[0] . '_pre';
my $interface = shift;
( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_pre';
}
#
# Prerouting Chain for an interface
# Postouting Chain for an interface
#
sub postrouting_chain($)
{
$_[0] . '_post';
my $interface = shift;
( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_post';
}
#
@ -1752,7 +1757,8 @@ sub use_output_chain($$) {
#
sub masq_chain($)
{
$_[0] . '_masq';
my $interface = shift;
( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_masq';
}
#
@ -1767,7 +1773,8 @@ sub syn_flood_chain ( $ ) {
#
sub mac_chain( $ )
{
$_[0] . '_mac';
my $interface = shift;
( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_mac';
}
sub macrecent_target($)
@ -1796,7 +1803,8 @@ sub notrack_chain( $ )
#
sub snat_chain( $ )
{
$_[0] . '_snat';
my $interface = shift;
( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_snat';
}
#
@ -1804,7 +1812,8 @@ sub snat_chain( $ )
#
sub ecn_chain( $ )
{
$_[0] . '_ecn';
my $interface = shift;
( $config{USE_PHYSICAL_NAMES} ? chain_base( get_physical( $interface ) ) : $interface ) . '_ecn';
}
#
@ -1814,7 +1823,7 @@ sub first_chains( $ ) #$1 = interface
{
my $c = $_[0];
( $c . '_fwd', $c . '_in' );
( forward_chain( $c ), input_chain( $c ) );
}
#

2
Shorewall/Perl/Shorewall/Config.pm
View File

@ -569,6 +569,7 @@ sub initialize( $ ) {
COMPLETE => undef,
EXPORTMODULES => undef,
LEGACY_FASTSTART => undef,
USE_PHYSICAL_NAMES => undef,
#
# Packet Disposition
#
@ -3732,6 +3733,7 @@ sub get_configuration( $$$ ) {
default_yes_no 'COMPLETE' , '';
default_yes_no 'EXPORTMODULES' , '';
default_yes_no 'LEGACY_FASTSTART' , 'Yes';
default_yes_no 'USE_PHYSICAL_NAMES' , '';
require_capability 'MARK' , 'FORWARD_CLEAR_MARK=Yes', 's', if $config{FORWARD_CLEAR_MARK};

2
Shorewall/Perl/Shorewall/Zones.pm
View File

@ -1340,7 +1340,7 @@ sub physical_name( $ ) {
$devref ? $devref->{physical} : $device;
}
#
# Returns true if there are bridge port zones defined in the config
#

2
Shorewall/configfiles/shorewall.conf
View File

@ -188,6 +188,8 @@ TRACK_PROVIDERS=No
USE_DEFAULT_RT=No
USE_PHYSICAL_NAMES=No
ZONE2ZONE=2
###############################################################################

2
Shorewall6/configfiles/shorewall6.conf
View File

@ -165,6 +165,8 @@ TRACK_PROVIDERS=No
USE_DEFAULT_RT=No
USE_PHYSICAL_NAMES=No
ZONE2ZONE=2
###############################################################################

17
manpages/shorewall.conf.xml
View File

@ -1715,7 +1715,7 @@ net all DROP info</programlisting>then the chain name is 'net2all'
do not match any rule in the RELATED section of <ulink
url="manpages/shorewall-rules.html">shorewall-rules</ulink> (5) are
logged at this level. The default value is empty which means no
logging is performed. </para>
logging is performed.</para>
</listitem>
</varlistentry>
@ -2168,6 +2168,21 @@ net all DROP info</programlisting>then the chain name is 'net2all'
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">USE_PHYSICAL_NAMES=</emphasis>[<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
<listitem>
<para>Added in Shorewall 4.4.27. Normally, when Shorewall creates a
Netfilter chain that relates to an interface, it uses the
interfaces's logical name as the base of the chain name. For
example, if the logical name for an interface is OAKLAND, then the
input chain for traffic arriving on that interface would be
'OAKLAND_in'. If this option is set to Yes, then the physical name
of the interface will be used the base of the chain name.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis
role="bold">VERBOSITY=</emphasis>[<emphasis>number</emphasis>]</term>

15
manpages6/shorewall6.conf.xml
View File

@ -1882,6 +1882,21 @@ net all DROP info</programlisting>then the chain name is 'net2all'
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis role="bold">USE_PHYSICAL_NAMES=</emphasis>[<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
<listitem>
<para>Added in Shorewall 4.4.27. Normally, when Shorewall creates a
Netfilter chain that relates to an interface, it uses the
interfaces's logical name as the base of the chain name. For
example, if the logical name for an interface is OAKLAND, then the
input chain for traffic arriving on that interface would be
'OAKLAND_in'. If this option is set to Yes, then the physical name
of the interface will be used the base of the chain name.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><emphasis
role="bold">VERBOSITY=</emphasis>[<emphasis>number</emphasis>]</term>