extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-19 17:28:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

'shorewall check' now checks the proxyarp file

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2593 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-08-30 17:42:21 +00:00
parent 124af9a046
commit e949e18749
4 changed files with 42 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/changelog.txt
View File

@ -6,6 +6,8 @@ Changes in 2.5.4
3) "shorewall check" now checks the masq file. 3) "shorewall check" now checks the masq file.
4) "shorewall check" now checks the proxyarp file.
Changes in 2.5.3 Changes in 2.5.3
1) Allow exclusion lists in /etc/shorewall/tcrules. 1) Allow exclusion lists in /etc/shorewall/tcrules.

60
Shorewall/firewall
View File

@ -2605,21 +2605,25 @@ setup_proxy_arp() {
;; ;;
esac esac
if [ -z "$haveroute" ]; then if [ $COMMAND != check ]; then
ensure_and_save_command ip route replace $address dev $interface if [ -z "$haveroute" ]; then
[ -n "$persistent" ] && haveroute=yes ensure_and_save_command ip route replace $address dev $interface
[ -n "$persistent" ] && haveroute=yes
fi
ensure_and_save_command arp -i $external -Ds $address $external pub
echo $address $interface $external $haveroute >> /var/lib/shorewall/proxyarp
fi fi
ensure_and_save_command arp -i $external -Ds $address $external pub
echo $address $interface $external $haveroute >> /var/lib/shorewall/proxyarp
progress_message " Host $address connected to $interface added to ARP on $external" progress_message " Host $address connected to $interface added to ARP on $external"
} }
> /var/lib/shorewall/proxyarp if [ $COMMAND != check ]; then
> /var/lib/shorewall/proxyarp
save_progress_message "Restoring Proxy ARP..." save_progress_message "Restoring Proxy ARP..."
fi
while read address interface external haveroute persistent; do while read address interface external haveroute persistent; do
expandv address interface external haveroute persistent expandv address interface external haveroute persistent
@ -2628,25 +2632,27 @@ setup_proxy_arp() {
setup_one_proxy_arp setup_one_proxy_arp
done < $TMP_DIR/proxyarp done < $TMP_DIR/proxyarp
for interface in $resetlist; do if [ $COMMAND != check ]; then
list_search $interface $setlist || \ for interface in $resetlist; do
run_and_save_command "echo 0 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" list_search $interface $setlist || \
done run_and_save_command "echo 0 > /proc/sys/net/ipv4/conf/$interface/proxy_arp"
done
for interface in $setlist; do for interface in $setlist; do
run_and_save_command "echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" run_and_save_command "echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp"
done done
interfaces=$(find_interfaces_by_option proxyarp) interfaces=$(find_interfaces_by_option proxyarp)
for interface in $interfaces; do for interface in $interfaces; do
if echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp 2> /dev/null; then if echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp 2> /dev/null; then
progress_message " Enabled proxy ARP on $interface" progress_message " Enabled proxy ARP on $interface"
save_command "echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp" save_command "echo 1 > /proc/sys/net/ipv4/conf/$interface/proxy_arp"
else else
error_message "WARNING: Unable to enable proxy ARP on $interface" error_message "WARNING: Unable to enable proxy ARP on $interface"
fi fi
done done
fi
} }
# #
@ -3666,6 +3672,10 @@ check_config() {
validate_blacklist validate_blacklist
echo "Validating Proxy ARP"
strip_file proxyarp
setup_proxy_arp
echo "Pre-validating Actions..." echo "Pre-validating Actions..."
process_actions1 process_actions1

6
Shorewall/help
View File

@ -74,9 +74,9 @@ allow)
check) check)
echo "check: check [ <configuration-directory> ] echo "check: check [ <configuration-directory> ]
Performs a cursory validation of the zones, interfaces, hosts, Performs a cursory validation of the zones, interfaces, hosts,
rules, policy and masq files. Use this if you are unsure of any edits rules, policy, masq, blacklist and proxyarp files. Use this if you are
you have made to the shorewall configuration. See the try command unsure of any edits you have made to the shorewall configuration. See the
examples for a recommended way to make changes." try command examples for a recommended way to make changes."
;; ;;
clear) clear)

4
Shorewall/releasenotes.txt
View File

@ -29,8 +29,8 @@ New Features in Shorewall 2.5.4
Now, $1 = these, $2 = are and $3 = parameters Now, $1 = these, $2 = are and $3 = parameters
2) The "shorewall check" command now checks the /etc/shorewall/masq 2) The "shorewall check" command now checks the /etc/shorewall/masq,
file. /etc/shorewall/blacklist and /etc/shorewall/proxyarp files.
Problems Corrected in 2.5.3: Problems Corrected in 2.5.3: