extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-12 18:54:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Obviate the need for 'loose'

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2389 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-07-21 19:48:33 +00:00
parent 9e6161cf9d
commit fbabd7d6ef
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Shorewall/firewall
View File

@ -1052,7 +1052,7 @@ verify_mark() # $1 = value to test
#
setup_providers()
{
local table number mark duplicate interface gateway options provider address copy route loose addresses
local table number mark duplicate interface gateway options provider address copy route loose addresses rulenum pref
copy_table() {
run_ip route show table $duplicate | while read net route; do
@ -1066,8 +1066,7 @@ setup_providers()
done
}
copy_and_edit_table() {
copy_and_edit_table() {
run_ip route show table $duplicate | while read net route; do
case $net in
default|nexthop)
@ -1137,7 +1136,7 @@ setup_providers()
run_and_save_command qt ip rule del fwmark $mark
ensure_and_save_command ip rule add fwmark $mark table $number
ensure_and_save_command ip rule add fwmark $mark pref $((10000 + $mark)) table $number
loose=
@ -1167,9 +1166,15 @@ setup_providers()
esac
done
rulenum=0
find_interface_addresses $interface | while read address; do
run_and_save_command qt ip rule del from $address
[ -n "$loose" ] || ensure_and_save_command ip rule add from $address table $number
if [ -z "$loose" ]; then
pref=$((20000 + $rulenum * 1000 + $mark ))
rulenum=$(($rulenum + 1))
ensure_and_save_command ip rule add from $address pref $pref table $number
fi
done
}
@ -5903,7 +5908,7 @@ setup_masq()
if [ -n "$networks" ]; then
for s in $networks; do
for destnet in $(separate_list $destnets); do
addnatrule $chain $(both_ip_ranges $s $destnet) $proto $ports -j $newchain
addnatrule $chain $(both_ip_ranges $s $destnet) $proto $ports $policy -j $newchain
done
done
else