diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index 3c5915753..54788c25b 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -1104,7 +1104,11 @@ sub add_a_route( ) { fatal_error 'DEST must be specified' if $dest eq '-'; $dest = validate_net ( $dest, 0 ); - validate_address ( $gateway, 1 ) if $gateway ne '-'; + if ( $gateway eq 'blackhole' ) { + fatal_error q('blackhole' routes may not specify a DEVICE) unless $device eq '-'; + } else { + validate_address ( $gateway, 1 ) if $gateway ne '-'; + } my $providerref = $providers{$provider}; my $number = $providerref->{number}; @@ -1117,6 +1121,9 @@ sub add_a_route( ) { if ( $device ne '-' ) { push @$routes, qq(run_ip route add $dest via $gateway dev $physical table $number); emit qq(echo "qt \$IP -$family route del $dest via $gateway dev $physical table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE; + } elsif ( $gateway eq 'blackhole' ) { + push @$routes, qq(run_ip route add blackhole $dest table $number); + emit qq(echo "\$IP -$family route del blackhole $dest table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE; } else { push @$routes, qq(run_ip route add $dest via $gateway table $number); emit qq(echo "\$IP -$family route del $dest via $gateway table $number" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE; diff --git a/Shorewall/manpages/shorewall-routes.xml b/Shorewall/manpages/shorewall-routes.xml index e033ffa2d..f8e653a7e 100644 --- a/Shorewall/manpages/shorewall-routes.xml +++ b/Shorewall/manpages/shorewall-routes.xml @@ -53,6 +53,9 @@ If specified, gives the IP address of the gateway to the DEST. + + Beginning with Shorewall 4.5.15, you may specify blackhole in + this column to create a route. @@ -62,8 +65,9 @@ Specifies the device route. If neither DEVICE nor GATEWAY is given, then the INTERFACE specified for the PROVIDER in shorewall-providers - (5). + url="shorewall-providers.html">shorewall-providers (5). This + column must be omitted if is specified in + the GATEWAY column. diff --git a/Shorewall6/manpages/shorewall6-routes.xml b/Shorewall6/manpages/shorewall6-routes.xml index a3077f473..1db3850e4 100644 --- a/Shorewall6/manpages/shorewall6-routes.xml +++ b/Shorewall6/manpages/shorewall6-routes.xml @@ -53,6 +53,9 @@ If specified, gives the IP address of the gateway to the DEST. + + Beginning with Shorewall 4.5.15, you may specify blackhole in + this column to create a route. @@ -62,8 +65,9 @@ Specifies the device route. If neither DEVICE nor GATEWAY is given, then the INTERFACE specified for the PROVIDER in shorewall6-providers - (5). + url="shorewall6-providers.html">shorewall6-providers (5). + This column must be omitted if is + specified in the GATEWAY column.