From cc3b8793e06c09e18c3c4557a74174aec6682591 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 17 Jan 2017 15:02:16 -0800 Subject: [PATCH] Make BALANCE_PROVIDERS default the setting of USE_DEFAULT_RT Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Config.pm | 12 +++-- Shorewall/Perl/Shorewall/Providers.pm | 52 ++++++++++---------- Shorewall/manpages/shorewall-providers.xml | 10 ++++ Shorewall/manpages/shorewall.conf.xml | 5 +- Shorewall6/manpages/shorewall6-providers.xml | 10 ++++ Shorewall6/manpages/shorewall6.conf.xml | 5 +- 6 files changed, 60 insertions(+), 34 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index b7b4dbf9f..4489279a4 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -5280,7 +5280,13 @@ sub update_config_file( $ ) { } update_default( 'USE_DEFAULT_RT', 'No' ); - update_default( 'BALANCE_PROVIDERS', 'Yes' ); + + if ( $config{USE_DEFAULT_RT} eq '' || $config{USE_DEFAULT_RT} =~ /^no$/i ) { + update_default( 'BALANCE_PROVIDERS', 'No' ); + } else { + update_default( 'BALANCE_PROVIDERS', 'Yes' ); + } + update_default( 'EXPORTMODULES', 'No' ); update_default( 'RESTART', 'reload' ); update_default( 'PAGER', $shorewallrc1{DEFAULT_PAGER} ); @@ -6288,9 +6294,7 @@ sub get_configuration( $$$$ ) { default_yes_no 'RESTORE_DEFAULT_ROUTE' , 'Yes'; default_yes_no 'AUTOMAKE' , ''; default_yes_no 'TRACK_PROVIDERS' , ''; - default_yes_no 'BALANCE_PROVIDERS' , 'Yes'; - - $config{BALANCE_PROVIDERS} = '' unless $config{USE_DEFAULT_RT}; + default_yes_no 'BALANCE_PROVIDERS' , $config{USE_DEFAULT_RT} ? 'Yes' : ''; unless ( ( $config{NULL_ROUTE_RFC1918} || '' ) =~ /^(?:blackhole|unreachable|prohibit)$/ ) { default_yes_no( 'NULL_ROUTE_RFC1918', '' ); diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index 3791af199..234fd7a29 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -603,39 +603,39 @@ sub process_a_provider( $ ) { fatal_error "A provider interface must have at least one associated zone" unless $tproxy || %{interface_zones($interface)}; - if ( $local ) { - fatal_error "GATEWAY not valid with 'local' provider" unless $gatewaycase eq 'omitted'; - fatal_error "'track' not valid with 'local'" if $track; - fatal_error "DUPLICATE not valid with 'local'" if $duplicate ne '-'; - fatal_error "'persistent' is not valid with 'local" if $persistent; - } elsif ( $tproxy ) { - fatal_error "Only one 'tproxy' provider is allowed" if $tproxies++; - fatal_error "GATEWAY not valid with 'tproxy' provider" unless $gatewaycase eq 'omitted'; - fatal_error "'track' not valid with 'tproxy'" if $track; - fatal_error "DUPLICATE not valid with 'tproxy'" if $duplicate ne '-'; - fatal_error "MARK not allowed with 'tproxy'" if $mark ne '-'; - fatal_error "'persistent' is not valid with 'tproxy" if $persistent; - $mark = $globals{TPROXY_MARK}; - } elsif ( ! $pseudo && ( ( my $rf = ( $config{ROUTE_FILTER} eq 'on' ) ) || $interfaceref->{options}{routefilter} ) ) { - if ( $config{USE_DEFAULT_RT} ) { - if ( $rf ) { - fatal_error "There may be no providers when ROUTE_FILTER=Yes and USE_DEFAULT_RT=Yes"; - } else { - fatal_error "Providers interfaces may not specify 'routefilter' when USE_DEFAULT_RT=Yes"; - } - } else { - unless ( $balance ) { + unless ( $pseudo ) { + if ( $local ) { + fatal_error "GATEWAY not valid with 'local' provider" unless $gatewaycase eq 'omitted'; + fatal_error "'track' not valid with 'local'" if $track; + fatal_error "DUPLICATE not valid with 'local'" if $duplicate ne '-'; + fatal_error "'persistent' is not valid with 'local" if $persistent; + } elsif ( $tproxy ) { + fatal_error "Only one 'tproxy' provider is allowed" if $tproxies++; + fatal_error "GATEWAY not valid with 'tproxy' provider" unless $gatewaycase eq 'omitted'; + fatal_error "'track' not valid with 'tproxy'" if $track; + fatal_error "DUPLICATE not valid with 'tproxy'" if $duplicate ne '-'; + fatal_error "MARK not allowed with 'tproxy'" if $mark ne '-'; + fatal_error "'persistent' is not valid with 'tproxy" if $persistent; + $mark = $globals{TPROXY_MARK}; + } elsif ( ( my $rf = ( $config{ROUTE_FILTER} eq 'on' ) ) || $interfaceref->{options}{routefilter} ) { + if ( $config{USE_DEFAULT_RT} ) { if ( $rf ) { - fatal_error "The 'balance' option is required when ROUTE_FILTER=Yes"; + fatal_error "There may be no providers when ROUTE_FILTER=Yes and USE_DEFAULT_RT=Yes"; } else { - fatal_error "Provider interfaces may not specify 'routefilter' without 'balance' or 'primary'"; + fatal_error "Providers interfaces may not specify 'routefilter' when USE_DEFAULT_RT=Yes"; + } + } else { + unless ( $balance ) { + if ( $rf ) { + fatal_error "The 'balance' option is required when ROUTE_FILTER=Yes"; + } else { + fatal_error "Provider interfaces may not specify 'routefilter' without 'balance' or 'primary'"; + } } } } } - - my $val = 0; my $pref; diff --git a/Shorewall/manpages/shorewall-providers.xml b/Shorewall/manpages/shorewall-providers.xml index 75359ad3e..6df17ac9e 100644 --- a/Shorewall/manpages/shorewall-providers.xml +++ b/Shorewall/manpages/shorewall-providers.xml @@ -208,6 +208,16 @@ weight where weight is the weight of the route out of this interface. + + Prior to Shorewall 5.1.1, when USE_DEFAULT_RT=Yes, + is assumed unless the + , , + or option is + specified. Beginning with Shorewall 5.1.1, when + BALANCE_PROVIDERS=Yes, is assumed + unless the , , + or option is + specified. diff --git a/Shorewall/manpages/shorewall.conf.xml b/Shorewall/manpages/shorewall.conf.xml index bfc550af8..e5028aaff 100644 --- a/Shorewall/manpages/shorewall.conf.xml +++ b/Shorewall/manpages/shorewall.conf.xml @@ -452,11 +452,12 @@ determines whether the provider option (see shorewall-providers(5)) is - the default. When BALANCE_PROVIDERS=Yes (the default), then the + the default. When BALANCE_PROVIDERS=Yes, then the option is assumed unless the , , or option is - specified. + specified. If this option is not set or is set to the empty value, + then the default value is the value of USE_DEFAULT_RT. diff --git a/Shorewall6/manpages/shorewall6-providers.xml b/Shorewall6/manpages/shorewall6-providers.xml index 63b799b4c..fec8dd27d 100644 --- a/Shorewall6/manpages/shorewall6-providers.xml +++ b/Shorewall6/manpages/shorewall6-providers.xml @@ -173,6 +173,16 @@ where weight is the weight of the route out of this interface. Prior to Shorewall 5.0.13, only one provider can specify this option. + + Prior to Shorewall 5.1.1, when USE_DEFAULT_RT=Yes, + is assumed unless the + , , + or option is + specified. Beginning with Shorewall 5.1.1, when + BALANCE_PROVIDERS=Yes, is assumed + unless the , , + or option is + specified. diff --git a/Shorewall6/manpages/shorewall6.conf.xml b/Shorewall6/manpages/shorewall6.conf.xml index 09fcab205..161e9252f 100644 --- a/Shorewall6/manpages/shorewall6.conf.xml +++ b/Shorewall6/manpages/shorewall6.conf.xml @@ -383,11 +383,12 @@ determines whether the provider option (see shorewall6-providers(5)) is - the default. When BALANCE_PROVIDERS=Yes (the default), then the + the default. When BALANCE_PROVIDERS=Yes, then the option is assumed unless the , , or option is - specified. + specified. If this option is not set or is set to the empty value, + then the default value is the value of USE_DEFAULT_RT.