mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-23 06:38:53 +01:00
Add the accept_ra Shorewall6 interface option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
2381b0fd8f
commit
d415de1883
@ -741,6 +741,8 @@ sub compiler {
|
||||
''
|
||||
);
|
||||
|
||||
setup_accept_ra if $family == F_IPV6;
|
||||
|
||||
if ( $scriptfilename || $debug ) {
|
||||
emit 'return 0';
|
||||
pop_indent;
|
||||
|
@ -38,6 +38,7 @@ our @EXPORT = qw(
|
||||
setup_route_filtering
|
||||
setup_martian_logging
|
||||
setup_source_routing
|
||||
setup_accept_ra
|
||||
setup_forwarding
|
||||
);
|
||||
our @EXPORT_OK = qw( setup_interface_proc );
|
||||
@ -214,6 +215,35 @@ sub setup_source_routing( $ ) {
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Source Routing
|
||||
#
|
||||
sub setup_accept_ra() {
|
||||
|
||||
my $interfaces = find_interfaces_by_option 'accept_ra';
|
||||
|
||||
if ( @$interfaces ) {
|
||||
progress_message2 "$doing Accept Routing Advertisements...";
|
||||
|
||||
save_progress_message 'Setting up Accept Routing Advertisements...';
|
||||
|
||||
for my $interface ( @$interfaces ) {
|
||||
my $value = get_interface_option $interface, 'accept_ra';
|
||||
my $optional = interface_is_optional $interface;
|
||||
|
||||
$interface = get_physical $interface;
|
||||
|
||||
my $file = "/proc/sys/net/ipv6/conf/$interface/accept_ra";
|
||||
|
||||
emit ( "if [ -f $file ]; then" ,
|
||||
" echo $value > $file" );
|
||||
emit ( 'else' ,
|
||||
" error_message \"WARNING: Cannot set Accept Source Routing on $interface\"" ) unless $optional;
|
||||
emit "fi\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
sub setup_forwarding( $$ ) {
|
||||
my ( $family, $first ) = @_;
|
||||
|
||||
@ -297,8 +327,8 @@ sub setup_interface_proc( $ ) {
|
||||
push @emitted, "echo $value > /proc/sys/net/ipv4/conf/$physical/accept_source_route";
|
||||
}
|
||||
|
||||
if ( interface_has_option( $interface, 'sourceroute' , $value ) ) {
|
||||
push @emitted, "echo $value > /proc/sys/net/ipv4/conf/$physical/accept_source_route";
|
||||
if ( interface_has_option( $interface, 'accept_ra' , $value ) ) {
|
||||
push @emitted, "echo $value > /proc/sys/net/ipv6/conf/$physical/accept_ra";
|
||||
}
|
||||
|
||||
if ( @emitted ) {
|
||||
|
@ -234,9 +234,9 @@ use constant { NO_UPDOWN => 1,
|
||||
|
||||
our %validinterfaceoptions;
|
||||
|
||||
our %defaultinterfaceoptions = ( routefilter => 1 , wait => 60 );
|
||||
our %defaultinterfaceoptions = ( routefilter => 1 , wait => 60, accept_ra => 1 );
|
||||
|
||||
our %maxoptionvalue = ( routefilter => 2, mss => 100000 , wait => 120 , ignore => NO_UPDOWN );
|
||||
our %maxoptionvalue = ( routefilter => 2, mss => 100000 , wait => 120 , ignore => NO_UPDOWN, accept_ra => 2 );
|
||||
|
||||
our %validhostoptions;
|
||||
|
||||
@ -334,7 +334,8 @@ sub initialize( $$ ) {
|
||||
);
|
||||
%zonetypes = ( 1 => 'firewall', 2 => 'ipv4', 4 => 'bport4', 8 => 'ipsec4', 16 => 'vserver' );
|
||||
} else {
|
||||
%validinterfaceoptions = ( blacklist => SIMPLE_IF_OPTION + IF_OPTION_HOST,
|
||||
%validinterfaceoptions = ( accept_ra => NUMERIC_IF_OPTION,
|
||||
blacklist => SIMPLE_IF_OPTION + IF_OPTION_HOST,
|
||||
bridge => SIMPLE_IF_OPTION,
|
||||
dhcp => SIMPLE_IF_OPTION,
|
||||
ignore => NUMERIC_IF_OPTION + IF_OPTION_WILDOK,
|
||||
|
@ -148,6 +148,42 @@ loc eth2 -</programlisting>
|
||||
should have no embedded white space.</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>accept_ra[={0|1|2)]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.5.16. Values are:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>0</term>
|
||||
|
||||
<listitem>
|
||||
<para>Do not accept Router Advertisements.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>1</term>
|
||||
|
||||
<listitem>
|
||||
<para>Accept Route Advertisements if forwarding is
|
||||
disabled.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>2</term>
|
||||
|
||||
<listitem>
|
||||
<para>Overrule forwarding behavior. Accept Route
|
||||
Advertisements even if forwarding is enabled.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">blacklist</emphasis></term>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user