From d6c8cd5d3ed513f75549cc8ba52d60764cb09750 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 21 May 2009 09:39:43 -0700
Subject: [PATCH] Warn if 'proxyarp' specified on a non-loose provider

---
 Shorewall/Perl/Shorewall/Providers.pm | 5 +++++
 docs/MultiISP.xml                     | 7 +++++++
 manpages/shorewall-providers.xml      | 6 +++++-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index 73e1211a7..9a5747551 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -353,6 +353,11 @@ sub add_a_provider( ) {
 	}
     }
 
+    unless ( $loose ) {
+	warning_message q(The 'proxyarp' option is dangerous when specified on a Provider interface) if get_interface_option( $interface, 'proxyarp' );
+	warning_message q(The 'proxyndp' option is dangerous when specified on a Provider interface) if get_interface_option( $interface, 'proxyndp' );
+    }
+
     $balance = $default_balance unless $balance;
 
     $providers{$table} = { provider  => $table,
diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml
index e6e173a21..54590b046 100644
--- a/docs/MultiISP.xml
+++ b/docs/MultiISP.xml
@@ -270,6 +270,13 @@
             address assigned by this provider (e.g., eth0:206.124.146.176).
             See <link linkend="Shared">below</link> for additional
             considerations.</para>
+
+            <para>The interface must have been previously defined in <ulink
+            url="manpages/shorewall-interfaces.html">shorewall-interfaces</ulink>
+            (5). In general, that interface should not have the
+            <option>proxyarp</option> option specified unless
+            <option>loose</option> is given in the OPTIONS column of this
+            entry.</para>
           </listitem>
         </varlistentry>
 
diff --git a/manpages/shorewall-providers.xml b/manpages/shorewall-providers.xml
index 1570e6002..23c05e90b 100644
--- a/manpages/shorewall-providers.xml
+++ b/manpages/shorewall-providers.xml
@@ -113,7 +113,11 @@
         <listitem>
           <para>The name of the network interface to the provider. Must be
           listed in <ulink
-          url="shorewall-interfaces.html">shorewall-interfaces(5)</ulink>.</para>
+          url="shorewall-interfaces.html">shorewall-interfaces(5)</ulink>. In
+          general, that interface should not have the
+          <option>proxyarp</option> option specified unless
+          <option>loose</option> is given in the OPTIONS column of this
+          entry.</para>
 
           <para>Where more than one provider is serviced through a single
           interface, the <emphasis>interface</emphasis> must be followed by a