Add RETAIN_ALIASES option

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1620 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2004-09-11 16:16:34 +00:00
parent 648b09ea1a
commit ec8e01d09c
4 changed files with 47 additions and 7 deletions

View File

@ -78,3 +78,4 @@ Changes since 2.0.3
37) Fixed proxy arp flag setting for complex configurations.
38) Added RETAIN_ALIASES option.

View File

@ -2069,7 +2069,7 @@ setup_nat() {
add_ip_aliases=
;;
*)
run_and_save_command qt ip addr del $external dev $iface
[ -n "$RETAIN_ALIASES" ] || run_and_save_command qt ip addr del $external dev $iface
;;
esac
else
@ -2105,7 +2105,7 @@ setup_nat() {
policyout="-m policy --pol none --dir out"
fi
save_progress_message "Restoring one-to-one NAT..."
[ -n "$RETAIN_ALIASES" ] || save_progress_message "Restoring one-to-one NAT..."
while read external interface internal allints localnat; do
expandv external interface internal allints localnat
@ -4807,7 +4807,7 @@ setup_masq()
if [ -n "$address" ]; then
for addr in $(ip_range_explicit ${address%:*}) ; do
if ! list_search $addr $aliases_to_add; then
save_command qt ip addr del $addr dev $interface
[ -n "$RETAIN_ALIASES" ] || save_command qt ip addr del $addr dev $interface
aliases_to_add="$aliases_to_add $addr $fullinterface"
case $fullinterface in
*:*)
@ -4980,7 +4980,10 @@ setup_masq()
strip_file masq $1
[ -n "$NAT_ENABLED" ] && echo "Masqueraded Networks and Hosts:" && save_progress_message "Restoring Masquerading/SNAT..."
if [ -n "$NAT_ENABLED" ]; then
echo "Masqueraded Networks and Hosts:"
[ -n "$RETAIN_ALIASES" ] || save_progress_message "Restoring Masquerading/SNAT..."
fi
while read fullinterface networks addresses proto ports ipsec; do
expandv fullinterface networks addresses proto ports ipsec
@ -5198,7 +5201,14 @@ add_ip_aliases()
do_one()
{
val=$(address_details)
ensure_and_save_command ip addr add ${external}${val} dev $interface $label
if [ -n "$RETAIN_ALIASES" ]; then
run_ip addr add ${external}${val} dev $interface $label
save_command qt ip addr add ${external}${val} dev $interface $label
else
ensure_and_save_command ip addr add ${external}${val} dev $interface $label
fi
echo "$external $interface" >> ${STATEDIR}/nat
[ -n "$label" ] && label="with $label"
progress_message " IP Address $external added to interface $interface $label"
@ -6740,9 +6750,10 @@ do_initialize() {
BRIDGING=
DYNAMIC_ZONES=
PKTTYPE=
RETAIN_ALIASES=
RESTOREBASE=
TMP_DIR=
ALL_INTERFACES=
stopping=
@ -6914,7 +6925,7 @@ do_initialize() {
DYNAMIC_ZONES=$(added_param_value_no DYNAMIC_ZONES $DYNAMIC_ZONES)
PKTTYPE=$(added_param_value_no PKTTYPE $PKTTYPE)
STARTUP_ENABLED=$(added_param_value_yes STARTUP_ENABLED $STARTUP_ENABLED)
RETAIN_ALIASES=$(added_param_value_no RETAIN_ALIASES $RETAIN_ALIASES)
#
# Strip the files that we use often
#

View File

@ -471,3 +471,16 @@ New Features:
Marking using the CLASSIFY target always occurs in the POSTROUTING
chain of the mangle table and is not affected by the setting of
MARK_IN_FORWARD_CHAIN in shorewall.conf.
16) During "shorewall start", IP addresses to be added as a consequence
of ADD_IP_ALIASES=Yes and ADD_SNAT_ALIASES=Yes are quietly deleted
when /etc/shorewall/nat and /etc/shorewall/masq are processed then
the are re-added later. This is done to help ensure that the
addresses can be added with the specified labels but can have
the undesirable side effect of causing routes to be quietly
deleted. A new RETAIN_ALIASES option has been added to
shorewall.conf; when this option is set to Yes, existing addresses
will not be deleted. Regardless of the setting of RETAIN_ALIASES,
addresses added during "shorewall start" are still deleted at a
subsequent "shorewall stop" or "shorewall restart".

View File

@ -333,6 +333,21 @@ ADD_IP_ALIASES=Yes
#
ADD_SNAT_ALIASES=No
#
# RETAIN EXISTING ALIASES/IP ADDRESSES
#
# Normally, when ADD_IP_ALIASES=Yes and/or ADD_SNAT_ALIASES=Yes then Shorewall
# will first delete the address then re-add it. This is to ensure that the
# address is added with the specified label. Unfortunately, this can cause
# problems if it results in the deletion of the last IP address on an
# interface because then all routes through the interface are automatically
# removed.
#
# You can cause Shorewall to retain existing addresses by setting
# RETAIN_ALIASES=Yes.
#
RETAIN_ALIASES=No
#
# ENABLE TRAFFIC SHAPING
#