Add 'sourceroute' interface option

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1658 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall2/changelog.txt

@@ -92,4 +92,6 @@ Changes since 2.0.3
 
 44) Implememt LOGTAGONLY.
 
-44) Merge 'tcrules' clarification from 2.0.10.
+46) Merge 'tcrules' clarification from 2.0.10.
+
+46) Implement 'sourceroute' interface option.

Shorewall2/firewall

@@ -905,7 +905,7 @@ validate_interfaces_file() {
 
 	for option in $options; do
 	    case $option in
-		dhcp|norfc1918|nobogons|tcpflags|newnotsyn|arp_filter|routefilter|logmartians|blacklist|proxyarp|maclist|nosmurfs|-)
+		dhcp|norfc1918|nobogons|tcpflags|newnotsyn|arp_filter|routefilter|logmartians|sourceroute|blacklist|proxyarp|maclist|nosmurfs|-)
 		    ;;
 		detectnets)
 		    [ -n "$wildcard" ] && \
@@ -5915,6 +5915,31 @@ add_common_rules() {
 
     fi
 
+    #
+    # Source Routing
+    #
+    save_progress_message "Restoring Accept Source Routing..."
+
+    for f in /proc/sys/net/ipv4/conf/*; do
+	run_and_save_command "[ -f $f/accept_source_route ] && echo 0 > $f/accept_source_route"
+    done
+
+    interfaces=$(find_interfaces_by_option sourceroute)
+
+    if [ -n "$interfaces" ]; then
+	echo "Setting up Accept Source Routing..."
+	
+	for interface in $interfaces; do
+	    file=/proc/sys/net/ipv4/conf/$interface/accept_source_route
+	    if [ -f $file ]; then
+		run_and_save_command "echo 1 > $file"
+	    else
+		error_message \
+		    "Warning: Cannot set Accept Source Routing on $interface"
+	    fi
+	done
+    fi
+
     if [ -n "$DYNAMIC_ZONES" ]; then
 	echo "Setting up Dynamic Zone Chains..."
 

Shorewall2/releasenotes.txt

@@ -515,3 +515,9 @@ New Features:
     Log prefix with LOGTAGONLY=Yes:
 
 	Shorewall:ftp:DROP
+
+19) Shorewall now resets the 'accept_source_route' flag for all
+    interfaces. If you wish to accept source routing on an interface,
+    you must specify the new 'sourceroute' interface option in
+    /etc/shorewall/interfaces.
+