diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index f9e35d5c5..15a9ac53b 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -859,17 +859,15 @@ sub handle_optional_interfaces( $ ) { emit( join( '_', 'SW', uc chain_base( get_physical( $_ ) ) , 'IS_USABLE=' ) ) for @$interfaces; if ( $wildcards ) { + # + # We must consider all interfaces with an address in $family -- generate a list of such addresses. + # emit( '', - 'interfaces=$($IP -' . $family . ' addr list | egrep \'^[[:digit:]]+\' | while read number interface rest; do echo ${interface%:}; done)', - '', - 'for interface in $interfaces; do' + 'for interface in $(find_all_interfaces1); do', ); push_indent; - - emit ( 'case "$interface" in' - ); - + emit ( 'case "$interface" in' ); push_indent; } else { emit ''; @@ -881,9 +879,7 @@ sub handle_optional_interfaces( $ ) { my $base = uc chain_base( $physical ); my $providerref = $providers{$provider}; - emit( "$physical)" ) if $wildcards; - - push_indent; + emit( "$physical)" ), push_indent if $wildcards; if ( $providerref->{gatewaycase} eq 'detect' ) { emit qq(if interface_is_usable $physical && [ -n "$providerref->{gateway}" ]; then); @@ -908,7 +904,6 @@ sub handle_optional_interfaces( $ ) { if ( $wildcards ) { emit( "$case)" ); push_indent; - if ( $wild ) { emit( qq(if [ -z "\$SW_${base}_IS_USABLE" ]; then) ); @@ -922,7 +917,6 @@ sub handle_optional_interfaces( $ ) { } emit ( ' HAVE_INTERFACE=Yes' ) if $require; - emit ( " SW_${base}_IS_USABLE=Yes" , 'fi' ); @@ -934,6 +928,10 @@ sub handle_optional_interfaces( $ ) { } if ( $wildcards ) { + emit( '*)' , + ' ;;' + ); + pop_indent; emit( 'esac' ); pop_indent; emit('done' ); diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm index 14e66b85b..24f33df9b 100644 --- a/Shorewall/Perl/Shorewall/Zones.pm +++ b/Shorewall/Perl/Shorewall/Zones.pm @@ -1429,16 +1429,16 @@ sub verify_required_interfaces( $ ) { $physical =~ s/\+$/*/; - emit( "${base}_IS_UP=\n", + emit( "SW_${base}_IS_UP=\n", 'for interface in $(find_all_interfaces); do', ' case $interface in', " $physical)", - " interface_is_usable \$interface && ${base}_IS_UP=Yes && break", + " interface_is_usable \$interface && SW_${base}_IS_UP=Yes && break", ' ;;', ' esac', 'done', '', - "if [ -z \"\$${base}_IS_UP\" ]; then", + "if [ -z \"\$SW_${base}_IS_UP\" ]; then", " startup_error \"None of the required interfaces $physical are available\"", "fi\n" ); diff --git a/Shorewall/Perl/prog.header b/Shorewall/Perl/prog.header index f5f865656..2a601b255 100644 --- a/Shorewall/Perl/prog.header +++ b/Shorewall/Perl/prog.header @@ -124,7 +124,14 @@ deleteallchains() { # Generate a list of all network interfaces on the system # find_all_interfaces() { - ${IP:-ip} link list | egrep '^[[:digit:]]+:' | cut -d ' ' -f2 | sed 's/:$//' + ${IP:-ip} link list | egrep '^[[:digit:]]+:' | cut -d ' ' -f2 | sed -r 's/(@.*)?:$//' +} + +# +# Generate a list of all network interfaces on the system that have an ipv4 address +# +find_all_interfaces1() { + ${IP:-ip} -4 addr list | egrep '^[[:digit:]]+:' | cut -d ' ' -f2 | sed -r 's/(@.*)?:$//' } # diff --git a/Shorewall/Perl/prog.header6 b/Shorewall/Perl/prog.header6 index fde2185d7..ce73f6e3c 100644 --- a/Shorewall/Perl/prog.header6 +++ b/Shorewall/Perl/prog.header6 @@ -116,7 +116,14 @@ deleteallchains() { # Generate a list of all network interfaces on the system # find_all_interfaces() { - ${IP:-ip} link list | egrep '^[[:digit:]]+:' | cut -d ' ' -f2 | sed 's/:$//' + ${IP:-ip} link list | egrep '^[[:digit:]]+:' | cut -d ' ' -f2 | sed -r 's/(@.*)?:$//' +} + +# +# Generate a list of all network interfaces on the system that have an ipv6 address +# +find_all_interfaces1() { + ${IP:-ip} -6 addr list | egrep '^[[:digit:]]+:' | cut -d ' ' -f2 | sed -r 's/(@.*)?:$//' } #