diff --git a/Shorewall-common/shorewall b/Shorewall-common/shorewall index 6abf579f3..d95ee651b 100755 --- a/Shorewall-common/shorewall +++ b/Shorewall-common/shorewall @@ -216,6 +216,9 @@ get_config() { No|NO|no) TC_ENABLED= ;; + RTC) + NORTC=Yes + ;; esac [ -n "LOGFORMAT" ] && LOGFORMAT="${LOGFORMAT%%%*}" @@ -480,6 +483,16 @@ start_command() { DEBUG=Yes option=${option#d} ;; + n*) + NORTC=Yes + RTCONLY= + option=${option#n} + ;; + r*) + RTCONLY=Yes + NORTC= + option=${option#r} + ;; f*) FAST=Yes option=${option#f} @@ -524,7 +537,8 @@ start_command() { ;; esac - export NOROUTES + export NORTC + export RTCONLY export PURGE if [ -n "$FAST" ]; then @@ -766,9 +780,15 @@ restart_command() { option=${option#f} ;; n*) - NOROUTES=Yes + NORTC=Yes + RTCONLY= option=${option#n} ;; + r*) + RTCONLY=Yes + NORTC= + option=${option#r} + ;; C) [ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name" SHOREWALL_COMPILER=$2 @@ -818,7 +838,8 @@ restart_command() { [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled" - export NOROUTES + export NORTC + export RTCONLY export PURGE if [ -z "$FAST" ]; then @@ -896,7 +917,8 @@ refresh_command() { [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled" - export NOROUTES + export NORTC + export RTCONLY progress_message3 "Compiling..." @@ -939,9 +961,15 @@ safe_commands() { option= ;; n*) - NOROUTES=Yes + NORTC=Yes + RTCONLY= option=${option#n} ;; + r*) + RTCONLY=Yes + NORTC= + option=${option#r} + ;; C) [ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name" SHOREWALL_COMPILER=$2 @@ -1088,9 +1116,15 @@ try_command() { option= ;; n*) - NOROUTES=Yes + NORTC=Yes + RTCONLY= option=${option#n} ;; + r*) + RTCONLY=Yes + NORTC= + option=${option#r} + ;; C) [ $# -gt 1 ] || fatal_error "-C must be followed by a compiler name" SHOREWALL_COMPILER=$2 @@ -1485,7 +1519,8 @@ IPT_OPTIONS="-nv" FAST= VERBOSE_OFFSET=0 USE_VERBOSITY= -NOROUTES= +NORTC= +RTC= PURGE= EXPORT= export TIMESTAMP= @@ -1562,9 +1597,15 @@ while [ $finished -eq 0 ]; do esac ;; n*) - NOROUTES=Yes + NORTC=Yes + RTCONLY= option=${option#n} ;; + r*) + RTCONLY=Yes + NORTC= + option=${option#r} + ;; t*) TIMESTAMP=Yes option=${option#t} @@ -1724,14 +1765,16 @@ case "$COMMAND" in [ $# -ne 1 ] && usage 1 get_config - export NOROUTES + export NORTC + export RTCONLY mutex_on $SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND mutex_off ;; reset) get_config - export NOROUTE + export NORTC + export RTCONLY shift mutex_on $SHOREWALL_SHELL $FIREWALL $debugging $nolock reset $@ diff --git a/Shorewall-perl/Shorewall/Compiler.pm b/Shorewall-perl/Shorewall/Compiler.pm index 6c0ed74ef..9a3b4bc5d 100644 --- a/Shorewall-perl/Shorewall/Compiler.pm +++ b/Shorewall-perl/Shorewall/Compiler.pm @@ -415,7 +415,7 @@ EOF if [ -f ${VARDIR}/proxyarp ]; then while read address interface external haveroute; do qt arp -i $external -d $address pub - [ -z "${haveroute}${NOTCR}" ] && qt ip route del $address dev $interface + [ -z "${haveroute}${NORTC}" ] && qt ip route del $address dev $interface f=/proc/sys/net/ipv4/conf/$interface/proxy_arp [ -f $f ] && echo 0 > $f done < ${VARDIR}/proxyarp @@ -710,7 +710,7 @@ sub generate_script_4($) { } emit ( '', - 'if [ -n "$TCRONLY" ]; then' , + 'if [ -n "$RTCONLY" ]; then' , ' delete_tc1' , 'else' ); @@ -758,7 +758,7 @@ sub generate_script_4($) { } - emit qq([ -n "\$NOTCR" ] && delete_tc1\n) if $config{CLEAR_TC}; + emit qq([ -n "\$NORTC" ] && delete_tc1\n) if $config{CLEAR_TC}; pop_indent; @@ -768,11 +768,11 @@ sub generate_script_4($) { emit ''; - emit( '[ -n "$TCRONLY" ] || setup_common_rules', + emit( '[ -n "$RTCONLY" ] || setup_common_rules', '', - '[ -n "$NOTCR" ] || setup_routing_and_traffic_shaping', + '[ -n "$NORTC" ] || setup_routing_and_traffic_shaping', '', - 'if [ -z "$TCRONLY" ]; then' ); + 'if [ -z "$RTCONLY" ]; then' ); push_indent; diff --git a/Shorewall-perl/Shorewall/Config.pm b/Shorewall-perl/Shorewall/Config.pm index 6a09d4005..7f9394380 100644 --- a/Shorewall-perl/Shorewall/Config.pm +++ b/Shorewall-perl/Shorewall/Config.pm @@ -2183,6 +2183,8 @@ sub get_configuration( $ ) { $globals{TC_SCRIPT} = $file; } elsif ( $val eq 'internal' ) { $config{TC_ENABLED} = 'Internal'; + } elsif ( $val eq 'rtc' ) { + $config{TC_ENABLED} = 'RTC'; } else { fatal_error "Invalid value ($config{TC_ENABLED}) for TC_ENABLED" unless $val eq 'no'; $config{TC_ENABLED} = ''; diff --git a/Shorewall-perl/Shorewall/Proc.pm b/Shorewall-perl/Shorewall/Proc.pm index 79340c3ee..d0598a2e0 100644 --- a/Shorewall-perl/Shorewall/Proc.pm +++ b/Shorewall-perl/Shorewall/Proc.pm @@ -123,7 +123,7 @@ sub setup_route_filtering() { emit 'echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter'; } - emit "[ -n \"\$NOTCR\" ] || ip -4 route flush cache"; + emit "[ -n \"\$NORTC\" ] || ip -4 route flush cache"; } } diff --git a/Shorewall-perl/Shorewall/Providers.pm b/Shorewall-perl/Shorewall/Providers.pm index b72d9929c..714e6795a 100644 --- a/Shorewall-perl/Shorewall/Providers.pm +++ b/Shorewall-perl/Shorewall/Providers.pm @@ -568,7 +568,7 @@ sub setup_providers() { fatal_error "A non-empty providers file is not permitted with MANGLE_ENABLED=No" unless $config{MANGLE_ENABLED}; - emit "\nif [ -z \"\$NOTCR\" ]; then"; + emit "\nif [ -z \"\$NORTC\" ]; then"; push_indent; @@ -708,7 +708,7 @@ sub setup_providers() { emit "\nundo_routing"; emit 'restore_default_route'; if ( $config{NULL_ROUTE_RFC1918} ) { - emit "\nif [ -z \"\$NOTCR\" ]; then"; + emit "\nif [ -z \"\$NORTC\" ]; then"; push_indent; diff --git a/Shorewall-perl/prog.footer b/Shorewall-perl/prog.footer index 24c4d7af4..78b5ce0c3 100644 --- a/Shorewall-perl/prog.footer +++ b/Shorewall-perl/prog.footer @@ -1,4 +1,4 @@ -# + # # Give Usage Information # usage() { @@ -46,22 +46,22 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do option=${option#q} ;; r*) - if [ -n "$NOTCR" ]; then + if [ -n "$NORTC" ]; then error_message "The -n and -r options are mutually exclusive" exit 1 fi - TCRONLY=Yes + RTCONLY=Yes option=${option#r} PRODUCT="$PRODUCT Traffic Control and Routing" ;; n*) - if [ -n "$TCRONLY" ]; then + if [ -n "$RTCONLY" ]; then error_message "The -n and -r options are mutually exclusive" exit 1 fi - NOTCR=Yes + NORTC=Yes option=${option#n} ;; *) @@ -82,7 +82,7 @@ COMMAND="$1" case "$COMMAND" in start) [ $# -ne 1 ] && usage 2 - if [ -n "$TCRONLY" ]; then + if [ -n "$RTCONLY" ]; then progress_message3 "Starting $PRODUCT...." define_firewall status=$? @@ -101,7 +101,7 @@ case "$COMMAND" in stop) [ $# -ne 1 ] && usage 2 progress_message3 "Stopping $PRODUCT...." - if [ -n "$TCRONLY" ]; then + if [ -n "$RTCONLY" ]; then delete_tc1 else stop_firewall @@ -111,7 +111,7 @@ case "$COMMAND" in progress_message3 "done." ;; reset) - if [ -n "${NOTCR}$"{TCRONLY} ]; then + if [ -n "${NORTC}$"{RTCONLY} ]; then error_message "The -n and -r options may not be used with 'reset'" status=1 elif ! shorewall_is_started ; then @@ -160,7 +160,7 @@ case "$COMMAND" in ;; refresh) [ $# -ne 1 ] && usage 2 - if [ -n "${NOTCR}$"{TCRONLY} ]; then + if [ -n "${NORTC}$"{RTCONLY} ]; then error_message "The -n and -r options may not be used with 'refresh'" status=1 elif shorewall_is_started; then @@ -175,7 +175,7 @@ case "$COMMAND" in ;; restore) [ $# -ne 1 ] && usage 2 - if [ -n "${NOTCR}$"{TCRONLY} ]; then + if [ -n "${NORTC}$"{RTCONLY} ]; then error_message "The -n and -r options may not be used with 'restart'" status=1 else @@ -188,7 +188,7 @@ case "$COMMAND" in ;; clear) [ $# -ne 1 ] && usage 2 - if [ -n "${NOTCR}$"{TCRONLY} ]; then + if [ -n "${NORTC}$"{RTCONLY} ]; then error_message "The -n and -r options may not be used with 'clear'" status=1 else diff --git a/Shorewall-perl/prog.footer6 b/Shorewall-perl/prog.footer6 index 91c076327..31bd3a520 100644 --- a/Shorewall-perl/prog.footer6 +++ b/Shorewall-perl/prog.footer6 @@ -46,22 +46,22 @@ while [ $finished -eq 0 -a $# -gt 0 ]; do option=${option#q} ;; r*) - if [ -n "$NOTCR" ]; then + if [ -n "$NORTC" ]; then error_message "The -n and -r options are mutually exclusive" exit 1 fi - TCRONLY=Yes + RTCONLY=Yes option=${option#r} PRODUCT="$PRODUCT Traffic Control and Routing" ;; n*) - if [ -n "$TCRONLY" ]; then + if [ -n "$RTCONLY" ]; then error_message "The -n and -r options are mutually exclusive" exit 1 fi - NOTCR=Yes + NORTC=Yes option=${option#n} ;; *) @@ -87,7 +87,7 @@ else case "$COMMAND" in start) [ $# -ne 1 ] && usage 2 - if [ -n "$TCRONLY" ]; then + if [ -n "$RTCONLY" ]; then progress_message3 "Starting $PRODUCT...." define_firewall status=$? @@ -106,7 +106,7 @@ else stop) [ $# -ne 1 ] && usage 2 progress_message3 "Stopping $PRODUCT...." - if [ -n "$TCRONLY" ]; then + if [ -n "$RTCONLY" ]; then delete_tc1 else stop_firewall @@ -116,7 +116,7 @@ else progress_message3 "done." ;; reset) - if [ -n "${NOTCR}$"{TCRONLY} ]; then + if [ -n "${NORTC}$"{RTCONLY} ]; then error_message "The -n and -r options may not be used with 'reset'" status=1 elif ! shorewall6_is_started ; then @@ -148,7 +148,7 @@ else ;; restart) [ $# -ne 1 ] && usage 2 - if [ -n "$TCRONLY" ]; then + if [ -n "$RTCONLY" ]; then progress_message3 "Restarting $PRODUCT...." define_firewall status=$? @@ -171,7 +171,7 @@ else ;; refresh) [ $# -ne 1 ] && usage 2 - if [ -n "${NOTCR}$"{TCRONLY} ]; then + if [ -n "${NORTC}$"{RTCONLY} ]; then error_message "The -n and -r options may not be used with 'refresh'" status=1 elif shorewall6_is_started; then @@ -186,7 +186,7 @@ else ;; restore) [ $# -ne 1 ] && usage 2 - if [ -n "${NOTCR}$"{TCRONLY} ]; then + if [ -n "${NORTC}$"{RTCONLY} ]; then error_message "The -n and -r options may not be used with 'restore'" status=1 else @@ -199,7 +199,7 @@ else ;; clear) [ $# -ne 1 ] && usage 2 - if [ -n "${NOTCR}$"{TCRONLY} ]; then + if [ -n "${NORTC}$"{RTCONLY} ]; then error_message "The -n and -r options may not be used with 'clear'" status=1 else diff --git a/Shorewall6/shorewall6 b/Shorewall6/shorewall6 index 573fe684c..6af415e0d 100755 --- a/Shorewall6/shorewall6 +++ b/Shorewall6/shorewall6 @@ -216,6 +216,10 @@ get_config() { No|NO|no) TC_ENABLED= ;; + RTC) + NORTC=Yes + RTCONLY= + ;; esac [ -n "LOGFORMAT" ] && LOGFORMAT="${LOGFORMAT%%%*}" @@ -466,7 +470,8 @@ start_command() { ;; esac - export NOROUTES + export NORTC + export RTCONLY export PURGE if [ -n "$FAST" ]; then @@ -685,9 +690,15 @@ restart_command() { option=${option#f} ;; n*) - NOROUTES=Yes + NORTC=Yes + RTCONLY= option=${option#n} ;; + r*) + RTCONLY=Yes + NORTC= + option=${option#r} + ;; p*) [ -n "$(which conntrack)" ] || fatal_error "The '-p' option requires the conntrack utility which does not appear to be installed on this system" PURGE=Yes @@ -731,7 +742,8 @@ restart_command() { [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled" - export NOROUTES + export NORTC + export RTCONLY export PURGE if [ -z "$FAST" ]; then @@ -803,7 +815,8 @@ refresh_command() { [ -n "$STARTUP_ENABLED" ] || fatal_error "Startup is disabled" - export NOROUTES + export NORTC + export RTCONLY progress_message3 "Compiling..." @@ -846,9 +859,15 @@ safe_commands() { option= ;; n*) - NOROUTES=Yes + NORTC=Yes + RTCONLY= option=${option#n} ;; + r*) + RTCONLY=Yes + NORTC= + option=${option#r} + ;; *) usage 1 ;; @@ -989,9 +1008,15 @@ try_command() { option= ;; n*) - NOROUTES=Yes + NORTC=Yes + RTCONLY= option=${option#n} ;; + r*) + RTCONLY=Yes + NORTC= + option=${option#r} + ;; *) usage 1 ;; @@ -1364,7 +1389,8 @@ IPT_OPTIONS="-nv" FAST= VERBOSE_OFFSET=0 USE_VERBOSITY= -NOROUTES= +NORTC= +RTCONLY= PURGE= EXPORT= export TIMESTAMP= @@ -1441,9 +1467,15 @@ while [ $finished -eq 0 ]; do esac ;; n*) - NOROUTES=Yes + NORTC=Yes + RTCONLY= option=${option#n} ;; + r*) + RTCONLY=Yes + NORTC= + option=${option#r} + ;; t*) TIMESTAMP=Yes option=${option#t} @@ -1583,14 +1615,16 @@ case "$COMMAND" in [ $# -ne 1 ] && usage 1 get_config [ -x $FIREWALL ] || fatal_error "Shorewall6 has never been started" - export NOROUTES + export NORTC + export RTCONLY mutex_on $SHOREWALL_SHELL $FIREWALL $debugging $nolock $COMMAND mutex_off ;; reset) get_config - export NOROUTE + export NORTC + export RTCONLY shift mutex_on [ -x $FIREWALL ] || fatal_error "Shorewall6 has never been started"