extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-25 20:22:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

First cut at backing out routing changes from multiple providers

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4754 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2006-10-29 17:19:11 +00:00
parent 33c94f34f7
commit cb1ec8d932
6 changed files with 79 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/changelog.txt
View File

@ -16,6 +16,8 @@ Changes in 3.3.4
8) Add lib.cli. 8) Add lib.cli.
9) Attempt to undo routing changes.
Changes in 3.3.3 Changes in 3.3.3
1) Fix excluding in SUBNET column. 1) Fix excluding in SUBNET column.

2
Shorewall/compiler
View File

@ -4722,6 +4722,8 @@ __EOF__
[ -n "$DISABLE_IPV6" ] && save_command "disable_ipv6" [ -n "$DISABLE_IPV6" ] && save_command "disable_ipv6"
save_command "undo_routing"
process_criticalhosts process_criticalhosts
if [ -n "$CRITICALHOSTS" ]; then if [ -n "$CRITICALHOSTS" ]; then

2
Shorewall/firewall
View File

@ -303,6 +303,8 @@ stop_firewall() {
[ -n "$DISABLE_IPV6" ] && disable_ipv6 [ -n "$DISABLE_IPV6" ] && disable_ipv6
undo_routing
process_criticalhosts process_criticalhosts
if [ -n "$CRITICALHOSTS" ]; then if [ -n "$CRITICALHOSTS" ]; then

42
Shorewall/lib.base
View File

@ -1281,3 +1281,45 @@ get_device_mtu() # $1 = device
echo 1500 echo 1500
fi fi
} }
#
# Undo changes to routing
#
undo_routing() {
#
# Restore rt_tables database
#
if [ -f ${VARDIR}/rt_tables ]; then
cp -f ${VARDIR}/rt_tables /etc/iproute2/ && progress_message "/etc/iproute2/rt_tables database restored"
rm -f ${VARDIR}/rt_tables
fi
#
# Restore the default route
#
if [ -f ${VARDIR}/default_route ]; then
local default_route="$(sed 's/\n/ /' ${VARDIR}/default_route)"
case "$default_route" in
default*default)
default_route="${default_route%% default*}"
;;
esac
qt ip route replace $default_route
progress_message "Default Route ($default_route) restored"
rm -f ${VARDIR}/default_route
fi
#
# Restore the rest of the routing table
#
if [ -f ${VARDIR}/undo_routing; then
. undo_routing
progress_message "Shorewall-generated routing tables and routing rules removed"
rm -f ${VARDIR}/undo_routing
fi
}

17
Shorewall/lib.providers
View File

@ -123,6 +123,8 @@ __EOF__
save_command "qt ip route flush table $number" save_command "qt ip route flush table $number"
echo "qt ip route flush table $number" >> ${VARDIR}/undo_routing
if [ "x${duplicate:=-}" != x- ]; then if [ "x${duplicate:=-}" != x- ]; then
if [ "x${copy:=-}" != "x-" ]; then if [ "x${copy:=-}" != "x-" ]; then
if [ "x${copy}" = xnone ]; then if [ "x${copy}" = xnone ]; then
@ -174,6 +176,7 @@ __EOF__
save_command "qt ip rule del fwmark $mark" save_command "qt ip rule del fwmark $mark"
save_command "run_ip rule add fwmark $mark pref $((10000 + $mark)) table $number" save_command "run_ip rule add fwmark $mark pref $((10000 + $mark)) table $number"
echo "qt ip rule del fwmark $mark" >> ${VARDIR}/undo_routing
fi fi
loose= loose=
@ -297,10 +300,13 @@ __EOF__
save_command "qt ip rule del $source $dest $priority" save_command "qt ip rule del $source $dest $priority"
save_command "run_ip rule add $source $dest $priority table $provider" save_command "run_ip rule add $source $dest $priority table $provider"
echo "qt ip rule del $source $dest $priority" >> ${VARDIR}/undo_routing
progress_message "Routing rule \"$rule\" $DONE" progress_message "Routing rule \"$rule\" $DONE"
} }
#
# E x e c u t i o n B e g i n s H e r e
#
local_number=255 local_number=255
main_number=254 main_number=254
default_number=253 default_number=253
@ -311,6 +317,15 @@ __EOF__
save_command save_command
save_command "if [ -z \"\$NOROUTES\" ]; then" save_command "if [ -z \"\$NOROUTES\" ]; then"
INDENT="$INDENT " INDENT="$INDENT "
indent >&3 << __EOF__
#
# Undo any changes made the last time that we [re]started
#
undo_routing
echo "cp /etc/iproute2/rt_tables \${VARDIR}/"
ip route ls | grep -E '^\s*(default |nexthop )' > ${VARDIR}default_route
> \${VARDIR}/undo_routing
__EOF__
save_progress_message "Adding Providers..." save_progress_message "Adding Providers..."
save_command "DEFAULT_ROUTE=" save_command "DEFAULT_ROUTE="

15
Shorewall/releasenotes.txt
View File

@ -150,6 +150,21 @@ Other Changes in 3.3.4.
command-processing code that is common to both /sbin/shorewall and command-processing code that is common to both /sbin/shorewall and
/sbin/shorewall-lite. /sbin/shorewall-lite.
6) Previously, Shorewall has not attempted to undo the changes it has
made to the firewall's routing as a result of entries in
/etc/shorewall/providers and /etc/shorewall/routes. Beginning with
this release, Shorewall will attempt to undo these changes.
If you use entries in /etc/shorewall/providers, you must exercise
care when installing this version of Shorewall in order to
ensure that the firewall's routing be restored correctly.
When Shorewall starts or is restarted, it will capture the contents
of /etc/shorewall/rt_tables and will restore that database when
Shorewall is stopped or restarted. Similarly, the default route
will be captured the first time that you [re]start Shorewall using
this version.
Migration Considerations: Migration Considerations:
1) Shorewall supports the notion of "default actions". A default 1) Shorewall supports the notion of "default actions". A default