Added 'proxyarp' interface option

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@156 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2025-02-27 07:01:23 +01:00 · 2002-07-25 15:05:21 +00:00 · 2002-07-25 15:05:21 +00:00 · c2b143cba0
commit c2b143cba0
parent f3d8676f16
4 changed files with 27 additions and 4 deletions
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -19,3 +19,5 @@ Changes since 1.3.4

 8. Added MUTEX_TIMEOUT variable.

+9. Added 'proxyarp' interface option
+
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -512,7 +512,9 @@ validate_interfaces_file() {

 	for option in `separate_list $options`; do
 	    case $option in
-	    dhcp|noping|filterping|routestopped|norfc1918|multi|routefilter|dropunclean|logunclean|blacklist|-)
+	    dhcp|noping|filterping|routestopped|norfc1918|multi)
+                ;;
+	    routefilter|dropunclean|logunclean|blacklist|proxyarp|-)
 		;;
 	    *)
 		error_message "Warning: Invalid option ($option) in record \"$r\""
@ -1228,6 +1230,16 @@ setup_proxy_arp() {
 	expandv address interface external haveroute
 	setup_one_proxy_arp
    done < $TMP_DIR/proxyarp
+
+    interfaces=`find_interfaces_by_option proxyarp`
+
+    for interface in $interfaces; do
+	if qt echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp; then
+	    echo "   Enabled proxy ARP on $interface"
+        else
+	    error_message "Warning: Unable to enable proxy ARP on $interface"
+        fi
+    done
 }

 ###############################################################################
@ -1268,15 +1280,16 @@ delete_proxy_arp() {
 	while read address interface external haveroute; do
 	    qt arp -i $external -d $address pub
 	    [ -z "$haveroute" ] && qt ip route del $address dev $interface
-
-	    echo 0 > /proc/sys/net/ipv4/conf/$external/proxy_arp
-	    echo 0 > /proc/sys/net/ipv4/conf/$interface/proxy_arp
 	done < ${STATEDIR}/proxyarp

 	rm -f ${STATEDIR}/proxyarp
    fi

    [ -d ${STATEDIR} ] && touch ${STATEDIR}/proxyarp
+
+    for f in `ls /proc/sys/net/ipv4/conf/*/proxy_arp`; do
+	echo 0 > $f
+    done
 }

 ################################################################################
--- a/Shorewall/interfaces
+++ b/Shorewall/interfaces
@ -73,6 +73,8 @@
 #	.	.	blacklist    - Check packets arriving on this interface
 #				       against the /etc/shorewall/blacklist
 #				       file.
+#			proxyarp     - Sets
+#				/proc/sys/net/ipv4/conf/<interface>/proxy_arp
 #			
 #			The order in which you list the options is not
 #			significant but the list should have no embedded white
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -31,3 +31,9 @@ In this release:
   An appopriate setting for MUTEX_TIMEOUT is twice the time that it takes
   your firewall system to process a "shorewall restart" command.

+5. Added 'proxyarp' interface option to facilitate Proxy ARP subnetting as
+   described in the Proxy ARP subnetting mini-HOWTO
+   (http://www.tldp.org/HOWTO/mini/Proxy-ARP-Subnet/)
+
+   Specifying this option for an interface causes Shorewall to set
+   /proc/sys/net/ipv4/conf/<interface>/proxy_arp.