extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-02-25 14:10:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

'shorewall check' now checks the proxyarp file

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2593 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-08-30 17:42:21 +00:00
parent 124af9a046
commit e949e18749
4 changed files with 42 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/changelog.txt
View File

@ -6,6 +6,8 @@ Changes in 2.5.4
3) "shorewall check" now checks the masq file. 3) "shorewall check" now checks the masq file.
4) "shorewall check" now checks the proxyarp file.
Changes in 2.5.3 Changes in 2.5.3
1) Allow exclusion lists in /etc/shorewall/tcrules. 1) Allow exclusion lists in /etc/shorewall/tcrules.

10
Shorewall/firewall
View File

@ -2605,6 +2605,7 @@ setup_proxy_arp() {
;; ;;
esac esac
if [ $COMMAND != check ]; then
if [ -z "$haveroute" ]; then if [ -z "$haveroute" ]; then
ensure_and_save_command ip route replace $address dev $interface ensure_and_save_command ip route replace $address dev $interface
[ -n "$persistent" ] && haveroute=yes [ -n "$persistent" ] && haveroute=yes
@ -2613,13 +2614,16 @@ setup_proxy_arp() {
ensure_and_save_command arp -i $external -Ds $address $external pub ensure_and_save_command arp -i $external -Ds $address $external pub
echo $address $interface $external $haveroute >> /var/lib/shorewall/proxyarp echo $address $interface $external $haveroute >> /var/lib/shorewall/proxyarp
fi
progress_message " Host $address connected to $interface added to ARP on $external" progress_message " Host $address connected to $interface added to ARP on $external"
} }
if [ $COMMAND != check ]; then
> /var/lib/shorewall/proxyarp > /var/lib/shorewall/proxyarp
save_progress_message "Restoring Proxy ARP..." save_progress_message "Restoring Proxy ARP..."
fi
while read address interface external haveroute persistent; do while read address interface external haveroute persistent; do
expandv address interface external haveroute persistent expandv address interface external haveroute persistent
@ -2628,6 +2632,7 @@ setup_proxy_arp() {
setup_one_proxy_arp setup_one_proxy_arp
done < $TMP_DIR/proxyarp done < $TMP_DIR/proxyarp
if [ $COMMAND != check ]; then
for interface in $resetlist; do for interface in $resetlist; do
list_search $interface $setlist || \ list_search $interface $setlist || \
run_and_save_command "echo 0 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" run_and_save_command "echo 0 > /proc/sys/net/ipv4/conf/$interface/proxy_arp"
@ -2647,6 +2652,7 @@ setup_proxy_arp() {
error_message "WARNING: Unable to enable proxy ARP on $interface" error_message "WARNING: Unable to enable proxy ARP on $interface"
fi fi
done done
fi
} }
# #
@ -3666,6 +3672,10 @@ check_config() {
validate_blacklist validate_blacklist
echo "Validating Proxy ARP"
strip_file proxyarp
setup_proxy_arp
echo "Pre-validating Actions..." echo "Pre-validating Actions..."
process_actions1 process_actions1

6
Shorewall/help
View File

@ -74,9 +74,9 @@ allow)
check) check)
echo "check: check [ <configuration-directory> ] echo "check: check [ <configuration-directory> ]
Performs a cursory validation of the zones, interfaces, hosts, Performs a cursory validation of the zones, interfaces, hosts,
rules, policy and masq files. Use this if you are unsure of any edits rules, policy, masq, blacklist and proxyarp files. Use this if you are
you have made to the shorewall configuration. See the try command unsure of any edits you have made to the shorewall configuration. See the
examples for a recommended way to make changes." try command examples for a recommended way to make changes."
;; ;;
clear) clear)

4
Shorewall/releasenotes.txt
View File

@ -29,8 +29,8 @@ New Features in Shorewall 2.5.4
Now, $1 = these, $2 = are and $3 = parameters Now, $1 = these, $2 = are and $3 = parameters
2) The "shorewall check" command now checks the /etc/shorewall/masq 2) The "shorewall check" command now checks the /etc/shorewall/masq,
file. /etc/shorewall/blacklist and /etc/shorewall/proxyarp files.
Problems Corrected in 2.5.3: Problems Corrected in 2.5.3: