mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-20 17:58:07 +02:00
Add RETAIN_ALIASES option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1620 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
648b09ea1a
commit
ec8e01d09c
@ -78,3 +78,4 @@ Changes since 2.0.3
|
||||
|
||||
37) Fixed proxy arp flag setting for complex configurations.
|
||||
|
||||
38) Added RETAIN_ALIASES option.
|
||||
|
@ -2069,7 +2069,7 @@ setup_nat() {
|
||||
add_ip_aliases=
|
||||
;;
|
||||
*)
|
||||
run_and_save_command qt ip addr del $external dev $iface
|
||||
[ -n "$RETAIN_ALIASES" ] || run_and_save_command qt ip addr del $external dev $iface
|
||||
;;
|
||||
esac
|
||||
else
|
||||
@ -2105,7 +2105,7 @@ setup_nat() {
|
||||
policyout="-m policy --pol none --dir out"
|
||||
fi
|
||||
|
||||
save_progress_message "Restoring one-to-one NAT..."
|
||||
[ -n "$RETAIN_ALIASES" ] || save_progress_message "Restoring one-to-one NAT..."
|
||||
|
||||
while read external interface internal allints localnat; do
|
||||
expandv external interface internal allints localnat
|
||||
@ -4807,7 +4807,7 @@ setup_masq()
|
||||
if [ -n "$address" ]; then
|
||||
for addr in $(ip_range_explicit ${address%:*}) ; do
|
||||
if ! list_search $addr $aliases_to_add; then
|
||||
save_command qt ip addr del $addr dev $interface
|
||||
[ -n "$RETAIN_ALIASES" ] || save_command qt ip addr del $addr dev $interface
|
||||
aliases_to_add="$aliases_to_add $addr $fullinterface"
|
||||
case $fullinterface in
|
||||
*:*)
|
||||
@ -4980,7 +4980,10 @@ setup_masq()
|
||||
|
||||
strip_file masq $1
|
||||
|
||||
[ -n "$NAT_ENABLED" ] && echo "Masqueraded Networks and Hosts:" && save_progress_message "Restoring Masquerading/SNAT..."
|
||||
if [ -n "$NAT_ENABLED" ]; then
|
||||
echo "Masqueraded Networks and Hosts:"
|
||||
[ -n "$RETAIN_ALIASES" ] || save_progress_message "Restoring Masquerading/SNAT..."
|
||||
fi
|
||||
|
||||
while read fullinterface networks addresses proto ports ipsec; do
|
||||
expandv fullinterface networks addresses proto ports ipsec
|
||||
@ -5198,7 +5201,14 @@ add_ip_aliases()
|
||||
do_one()
|
||||
{
|
||||
val=$(address_details)
|
||||
ensure_and_save_command ip addr add ${external}${val} dev $interface $label
|
||||
|
||||
if [ -n "$RETAIN_ALIASES" ]; then
|
||||
run_ip addr add ${external}${val} dev $interface $label
|
||||
save_command qt ip addr add ${external}${val} dev $interface $label
|
||||
else
|
||||
ensure_and_save_command ip addr add ${external}${val} dev $interface $label
|
||||
fi
|
||||
|
||||
echo "$external $interface" >> ${STATEDIR}/nat
|
||||
[ -n "$label" ] && label="with $label"
|
||||
progress_message " IP Address $external added to interface $interface $label"
|
||||
@ -6740,9 +6750,10 @@ do_initialize() {
|
||||
BRIDGING=
|
||||
DYNAMIC_ZONES=
|
||||
PKTTYPE=
|
||||
RETAIN_ALIASES=
|
||||
|
||||
RESTOREBASE=
|
||||
TMP_DIR=
|
||||
|
||||
ALL_INTERFACES=
|
||||
|
||||
stopping=
|
||||
@ -6914,7 +6925,7 @@ do_initialize() {
|
||||
DYNAMIC_ZONES=$(added_param_value_no DYNAMIC_ZONES $DYNAMIC_ZONES)
|
||||
PKTTYPE=$(added_param_value_no PKTTYPE $PKTTYPE)
|
||||
STARTUP_ENABLED=$(added_param_value_yes STARTUP_ENABLED $STARTUP_ENABLED)
|
||||
|
||||
RETAIN_ALIASES=$(added_param_value_no RETAIN_ALIASES $RETAIN_ALIASES)
|
||||
#
|
||||
# Strip the files that we use often
|
||||
#
|
||||
|
@ -471,3 +471,16 @@ New Features:
|
||||
Marking using the CLASSIFY target always occurs in the POSTROUTING
|
||||
chain of the mangle table and is not affected by the setting of
|
||||
MARK_IN_FORWARD_CHAIN in shorewall.conf.
|
||||
|
||||
16) During "shorewall start", IP addresses to be added as a consequence
|
||||
of ADD_IP_ALIASES=Yes and ADD_SNAT_ALIASES=Yes are quietly deleted
|
||||
when /etc/shorewall/nat and /etc/shorewall/masq are processed then
|
||||
the are re-added later. This is done to help ensure that the
|
||||
addresses can be added with the specified labels but can have
|
||||
the undesirable side effect of causing routes to be quietly
|
||||
deleted. A new RETAIN_ALIASES option has been added to
|
||||
shorewall.conf; when this option is set to Yes, existing addresses
|
||||
will not be deleted. Regardless of the setting of RETAIN_ALIASES,
|
||||
addresses added during "shorewall start" are still deleted at a
|
||||
subsequent "shorewall stop" or "shorewall restart".
|
||||
|
||||
|
@ -333,6 +333,21 @@ ADD_IP_ALIASES=Yes
|
||||
#
|
||||
ADD_SNAT_ALIASES=No
|
||||
|
||||
#
|
||||
# RETAIN EXISTING ALIASES/IP ADDRESSES
|
||||
#
|
||||
# Normally, when ADD_IP_ALIASES=Yes and/or ADD_SNAT_ALIASES=Yes then Shorewall
|
||||
# will first delete the address then re-add it. This is to ensure that the
|
||||
# address is added with the specified label. Unfortunately, this can cause
|
||||
# problems if it results in the deletion of the last IP address on an
|
||||
# interface because then all routes through the interface are automatically
|
||||
# removed.
|
||||
#
|
||||
# You can cause Shorewall to retain existing addresses by setting
|
||||
# RETAIN_ALIASES=Yes.
|
||||
#
|
||||
RETAIN_ALIASES=No
|
||||
|
||||
#
|
||||
# ENABLE TRAFFIC SHAPING
|
||||
#
|
||||
|
Loading…
x
Reference in New Issue
Block a user