Add TRACK_PROVIDERS option

2024-11-21 23:23:13 +01:00 · 2009-10-20 13:24:17 -07:00 · 2009-10-20 13:24:17 -07:00 · d0cda6b6ea
commit d0cda6b6ea
parent 49f361124e
16 changed files with 54 additions and 31 deletions
--- a/Samples/one-interface/shorewall.conf
+++ b/Samples/one-interface/shorewall.conf
@ -191,6 +191,8 @@ AUTOMAKE=No

 WIDE_TC_MARKS=Yes

+TRACK_PROVIDERS=Yes
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/Samples/three-interfaces/shorewall.conf
+++ b/Samples/three-interfaces/shorewall.conf
@ -191,6 +191,8 @@ AUTOMAKE=No

 WIDE_TC_MARKS=Yes

+TRACK_PROVIDERS=Yes
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/Samples/two-interfaces/shorewall.conf
+++ b/Samples/two-interfaces/shorewall.conf
@ -198,6 +198,8 @@ AUTOMAKE=No

 WIDE_TC_MARKS=Yes

+TRACK_PROVIDERS=Yes
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/Samples6/one-interface/shorewall6.conf
+++ b/Samples6/one-interface/shorewall6.conf
@ -139,6 +139,8 @@ AUTOMAKE=No

 WIDE_TC_MARKS=Yes

+TRACK_PROVIDERS=Yes
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/Samples6/three-interfaces/shorewall6.conf
+++ b/Samples6/three-interfaces/shorewall6.conf
@ -139,6 +139,8 @@ AUTOMAKE=No

 WIDE_TC_MARKS=Yes

+TRACK_PROVIDERS=Yes
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/Samples6/two-interfaces/shorewall6.conf
+++ b/Samples6/two-interfaces/shorewall6.conf
@ -139,6 +139,8 @@ AUTOMAKE=No

 WIDE_TC_MARKS=Yes

+TRACK_PROVIDERS=Yes
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -439,6 +439,7 @@ sub initialize( $ ) {
 	      FAST_STOP => undef ,
 	      AUTOMAKE => undef ,
 	      WIDE_TC_MARKS => undef,
+	      TRACK_PROVIDERS => undef,
 	      #
 	      # Packet Disposition
 	      #
@ -545,6 +546,7 @@ sub initialize( $ ) {
 	      MANGLE_ENABLED => undef ,
 	      AUTOMAKE => undef ,
 	      WIDE_TC_MARKS => undef,
+	      TRACK_PROVIDERS => undef,
 	      #
 	      # Packet Disposition
 	      #
@ -2404,6 +2406,7 @@ sub get_configuration( $ ) {
    default_yes_no 'RESTORE_DEFAULT_ROUTE'      , 'Yes';
    default_yes_no 'AUTOMAKE'                   , '';
    default_yes_no 'WIDE_TC_MARKS'              , '';
+    default_yes_no 'TRACK_PROVIDERS'            , '';

    $capabilities{XCONNMARK} = '' unless $capabilities{XCONNMARK_MATCH} and $capabilities{XMARK};

--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@ -316,7 +316,8 @@ sub add_a_provider( ) {

    }

-    my ( $loose, $track, $balance , $default, $default_balance, $optional, $mtu ) = (0,1,0,0,$config{USE_DEFAULT_RT} ? 1 : 0,interface_is_optional( $interface ), '' );
+    my ( $loose, $track,                   $balance , $default, $default_balance,                $optional,                           $mtu ) = 
+	(0,      $config{TRACK_PROVIDERS}, 0 ,        0,        $config{USE_DEFAULT_RT} ? 1 : 0, interface_is_optional( $interface ), '' );

    unless ( $options eq '-' ) {
 	for my $option ( split_list $options, 'option' ) {
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -18,6 +18,8 @@ Changes in Shorewall 4.4.3

 9)  Make 'track' the default.

+10)  Add TRACK_PROVIDERS option.
+
 Changes in Shorewall 4.4.2

 1)  BUGFIX: Correct detection of Persistent SNAT support
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@ -189,6 +189,8 @@ AUTOMAKE=No

 WIDE_TC_MARKS=No

+TRACK_PROVIDERS=No
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -222,9 +222,9 @@ None.
    On non-Debian systems, new installs will now log all Shorewall 
    commands to /var/log/shorewall-init.log.

-2)  Because the 'track' provider option is so useful, it is now the
-    default. If, for some reason, you don't want 'track' then specify
-    'notrack' for the provider.
+2)  A new TRACK_PROVIDERS option has been added in shorewall.conf.
+    The value of this option becomes the default for the 'track'
+    provider option in /etc/shorewall/providers.

 ----------------------------------------------------------------------------
                N E W   F E A T U R E S   I N   4 . 4 . 0
--- a/Shorewall6/shorewall6.conf
+++ b/Shorewall6/shorewall6.conf
@ -145,6 +145,8 @@ AUTOMAKE=No

 WIDE_TC_MARKS=No

+TRACK_PROVIDERS=No
+
 ###############################################################################
 #			P A C K E T   D I S P O S I T I O N
 ###############################################################################
--- a/docs/LennyToSqueeze.xml
+++ b/docs/LennyToSqueeze.xml
@ -700,15 +700,6 @@ NONAT           loc             -               tcp     80</programlisting>
      earlier.</para>
    </section>

-    <section>
-      <title>/etc/shorewall/providers</title>
-
-      <para>Beginnins with Shorewall 4.4.3, the <option>track</option> option
-      is now the default. If, for some reason, you don't want the
-      <option>track</option> option then specify
-      <option>notrack</option>.</para>
-    </section>
-
    <section id="extension">
      <title>Extension Scripts</title>

--- a/docs/MultiISP.xml
+++ b/docs/MultiISP.xml
@ -143,12 +143,11 @@
      Shorewall can set up the correct marking rules for you.</para>

      <para>When you use the <emphasis role="bold">track</emphasis> option in
-      <filename>/etc/shorewall/providers</filename> (which is the default,
-      beginning with Shorewall 4.4.3), connections from the Internet are
-      automatically routed back out of the correct interface and through the
-      correct ISP gateway. This works whether the connection is handled by the
-      firewall itself or if it is routed or port-forwarded to a system behind
-      the firewall.</para>
+      <filename>/etc/shorewall/providers</filename>, connections from the
+      Internet are automatically routed back out of the correct interface and
+      through the correct ISP gateway. This works whether the connection is
+      handled by the firewall itself or if it is routed or port-forwarded to a
+      system behind the firewall.</para>

      <para>Shorewall will set up the routing and will update the
      <filename>/etc/iproute2/rt_tables</filename> to include the table names
@ -164,8 +163,7 @@
          <listitem>
            <para>Packet marking for traffic control purposes may not be done
            in the PREROUTING table for connections involving providers with
-            'track' specified (see below -- note that 'track' defaults to on
-            beginning with Shorewall 4.4.3).</para>
+            'track' specified (see below).</para>
          </listitem>

          <listitem>
@ -333,9 +331,13 @@
                <listitem>
                  <para><important>
                      <para>Beginning with Shorwall 4.3.3, <emphasis
-                      role="bold">track</emphasis> is the default. To disable
-                      this option, you must specify <emphasis
-                      role="bold">notrack</emphasis> (see below).</para>
+                      role="bold">track</emphasis> defaults to the setting of
+                      the <option>TRACK_PROVIDERS</option> option in <ulink
+                      url="manpages/shorewall.conf">shorewall.conf
+                      </ulink>(5). To disable this option when you have
+                      specified TRACK_PROVIDERS=Yes, you must specify
+                      <emphasis role="bold">notrack</emphasis> (see
+                      below).</para>
                    </important>If specified, connections FROM this interface
                  are to be tracked so that responses may be routed back out
                  this same interface.</para>
@ -454,8 +456,7 @@

                <listitem>
                  <para>Added in Shorewall 4.4.3. This option turns off the
-                  <emphasis role="bold">track</emphasis> option which is now
-                  the default.</para>
+                  <emphasis role="bold">track</emphasis> option.</para>
                </listitem>
              </varlistentry>

--- a/manpages/shorewall-providers.xml
+++ b/manpages/shorewall-providers.xml
@ -168,6 +168,13 @@
                is the default. If, for some reason, you don't want
                <option>track</option> then specify <option>notrack</option>
                (see below).</para>
+
+                <para>Beginning with Shorewall 4.4.3, <option>track</option>
+                defaults to the setting of the TRACK_PROVIDERS option in
+                <ulink url="shorwewall.conf.html">shorewall.conf</ulink> (5).
+                If you set TRACK_PROVIDERS=Yes and want to override that
+                setting for an individual provider, then specify
+                <option>notrack</option> (see below).</para>
              </listitem>
            </varlistentry>

@ -204,7 +211,7 @@

              <listitem>
                <para>Added in Shorewall 4.4.3. When specified, turns off
-                <option>track</option> which is now the default.</para>
+                <option>track</option>.</para>
              </listitem>
            </varlistentry>

--- a/manpages6/shorewall6-providers.xml
+++ b/manpages6/shorewall6-providers.xml
@ -154,9 +154,11 @@
                provider.</para>

                <para>Beginning with Shorewall 4.4.3, <option>track</option>
-                is the default. If, for some reason, you don't want
-                <option>track</option> then specify <option>notrack</option>
-                (see below).</para>
+                defaults to the setting of the TRACK_PROVIDERS option in
+                <ulink url="shorwewall6.conf.html">shorewall6.conf</ulink>
+                (5). If you set TRACK_PROVIDERS=Yes and want to override that
+                setting for an individual provider, then specify
+                <option>notrack</option> (see below).</para>
              </listitem>
            </varlistentry>

@ -177,7 +179,7 @@

              <listitem>
                <para>Added in Shorewall 4.4.3. When specified, turns off
-                <option>track</option> which is now the default.</para>
+                <option>track</option>.</para>
              </listitem>
            </varlistentry>