holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Apply logical->physical mapping to /proc settings

Browse Source
This commit is contained in:
Tom Eastep 2009-11-07 18:59:10 -08:00
parent b1706e10e3
commit 1238b771a2
2 changed files with 48 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
Shorewall/Perl/Shorewall/Proc.pm
View File

@ -56,27 +56,35 @@ sub setup_arp_filtering() {
save_progress_message "Setting up ARP filtering..."; save_progress_message "Setting up ARP filtering...";
for my $interface ( @$interfaces ) { for my $interface ( @$interfaces ) {
my $file = "/proc/sys/net/ipv4/conf/$interface/arp_filter";
my $value = get_interface_option $interface, 'arp_filter'; my $value = get_interface_option $interface, 'arp_filter';
my $optional = interface_is_optional $interface;
$interface = get_physical $interface;
my $file = "/proc/sys/net/ipv4/conf/$interface/arp_filter";
emit ( '', emit ( '',
"if [ -f $file ]; then", "if [ -f $file ]; then",
" echo $value > $file"); " echo $value > $file");
emit ( 'else', emit ( 'else',
" error_message \"WARNING: Cannot set ARP filtering on $interface\"" ) unless interface_is_optional( $interface ); " error_message \"WARNING: Cannot set ARP filtering on $interface\"" ) unless $optional;
emit "fi\n"; emit "fi\n";
} }
for my $interface ( @$interfaces1 ) { for my $interface ( @$interfaces1 ) {
my $file = "/proc/sys/net/ipv4/conf/$interface/arp_ignore";
my $value = get_interface_option $interface, 'arp_ignore'; my $value = get_interface_option $interface, 'arp_ignore';
my $optional = interface_is_optional $interface;
$interface = get_physical $interface;
my $file = "/proc/sys/net/ipv4/conf/$interface/arp_ignore";
assert( defined $value ); assert( defined $value );
emit ( "if [ -f $file ]; then", emit ( "if [ -f $file ]; then",
" echo $value > $file"); " echo $value > $file");
emit ( 'else', emit ( 'else',
" error_message \"WARNING: Cannot set ARP filtering on $interface\"" ) unless interface_is_optional( $interface ); " error_message \"WARNING: Cannot set ARP filtering on $interface\"" ) unless $optional;
emit "fi\n"; emit "fi\n";
} }
} }
@ -106,13 +114,17 @@ sub setup_route_filtering() {
} }
for my $interface ( @$interfaces ) { for my $interface ( @$interfaces ) {
my $file = "/proc/sys/net/ipv4/conf/$interface/rp_filter";
my $value = get_interface_option $interface, 'routefilter'; my $value = get_interface_option $interface, 'routefilter';
my $optional = interface_is_optional $interface;
$interface = get_physical $interface;
my $file = "/proc/sys/net/ipv4/conf/$interface/rp_filter";
emit ( "if [ -f $file ]; then" , emit ( "if [ -f $file ]; then" ,
" echo $value > $file" ); " echo $value > $file" );
emit ( 'else' , emit ( 'else' ,
" error_message \"WARNING: Cannot set route filtering on $interface\"" ) unless interface_is_optional( $interface); " error_message \"WARNING: Cannot set route filtering on $interface\"" ) unless $optional;
emit "fi\n"; emit "fi\n";
} }
@ -153,14 +165,18 @@ sub setup_martian_logging() {
} }
for my $interface ( @$interfaces ) { for my $interface ( @$interfaces ) {
my $file = "/proc/sys/net/ipv4/conf/$interface/log_martians";
my $value = get_interface_option $interface, 'logmartians'; my $value = get_interface_option $interface, 'logmartians';
my $optional = interface_is_optional $interface;
$interface = get_physical $interface;
my $file = "/proc/sys/net/ipv4/conf/$interface/log_martians";
emit ( "if [ -f $file ]; then" , emit ( "if [ -f $file ]; then" ,
" echo $value > $file" ); " echo $value > $file" );
emit ( 'else' , emit ( 'else' ,
" error_message \"WARNING: Cannot set Martian logging on $interface\"") unless interface_is_optional( $interface); " error_message \"WARNING: Cannot set Martian logging on $interface\"") unless $optional;
emit "fi\n"; emit "fi\n";
} }
} }
@ -180,13 +196,17 @@ sub setup_source_routing( $ ) {
save_progress_message 'Setting up Accept Source Routing...'; save_progress_message 'Setting up Accept Source Routing...';
for my $interface ( @$interfaces ) { for my $interface ( @$interfaces ) {
my $file = "/proc/sys/net/ipv$family/conf/$interface/accept_source_route";
my $value = get_interface_option $interface, 'sourceroute'; my $value = get_interface_option $interface, 'sourceroute';
my $optional = interface_is_optional $interface;
$interface = get_physical $interface;
my $file = "/proc/sys/net/ipv$family/conf/$interface/accept_source_route";
emit ( "if [ -f $file ]; then" , emit ( "if [ -f $file ]; then" ,
" echo $value > $file" ); " echo $value > $file" );
emit ( 'else' , emit ( 'else' ,
" error_message \"WARNING: Cannot set Accept Source Routing on $interface\"" ) unless interface_is_optional( $interface); " error_message \"WARNING: Cannot set Accept Source Routing on $interface\"" ) unless $optional;
emit "fi\n"; emit "fi\n";
} }
} }
@ -227,13 +247,17 @@ sub setup_forwarding( $$ ) {
save_progress_message 'Setting up IPv6 Interface Forwarding...'; save_progress_message 'Setting up IPv6 Interface Forwarding...';
for my $interface ( @$interfaces ) { for my $interface ( @$interfaces ) {
my $file = "/proc/sys/net/ipv6/conf/$interface/forwarding";
my $value = get_interface_option $interface, 'forward'; my $value = get_interface_option $interface, 'forward';
my $optional = interface_is_optional $interface;
$interface = get_physical $interface;
my $file = "/proc/sys/net/ipv6/conf/$interface/forwarding";
emit ( "if [ -f $file ]; then" , emit ( "if [ -f $file ]; then" ,
" echo $value > $file" ); " echo $value > $file" );
emit ( 'else' , emit ( 'else' ,
" error_message \"WARNING: Cannot set IPv6 forwarding on $interface\"" ) unless interface_is_optional( $interface); " error_message \"WARNING: Cannot set IPv6 forwarding on $interface\"" ) unless $optional;
emit "fi\n"; emit "fi\n";
} }

14
Shorewall/Perl/Shorewall/Proxyarp.pm
View File

@ -117,6 +117,8 @@ sub setup_proxy_arp() {
$first_entry = 0; $first_entry = 0;
} }
$interface = get_physical $interface;
$set{$interface} = 1; $set{$interface} = 1;
$reset{$external} = 1 unless $set{$external}; $reset{$external} = 1 unless $set{$external};
@ -143,10 +145,14 @@ sub setup_proxy_arp() {
for my $interface ( @$interfaces ) { for my $interface ( @$interfaces ) {
my $value = get_interface_option $interface, 'proxyarp'; my $value = get_interface_option $interface, 'proxyarp';
my $optional = interface_is_optional $interface;
$interface = get_physical $interface;
emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ] ; then" , emit ( "if [ -f /proc/sys/net/ipv4/conf/$interface/proxy_arp ] ; then" ,
" echo $value > /proc/sys/net/ipv4/conf/$interface/proxy_arp" ); " echo $value > /proc/sys/net/ipv4/conf/$interface/proxy_arp" );
emit ( 'else' , emit ( 'else' ,
" error_message \"WARNING: Unable to set/reset proxy ARP on $interface\"" ) unless interface_is_optional( $interface ); " error_message \"WARNING: Unable to set/reset proxy ARP on $interface\"" ) unless $optional;
emit "fi\n"; emit "fi\n";
} }
} }
@ -158,10 +164,14 @@ sub setup_proxy_arp() {
for my $interface ( @$interfaces ) { for my $interface ( @$interfaces ) {
my $value = get_interface_option $interface, 'proxyndp'; my $value = get_interface_option $interface, 'proxyndp';
my $optional = interface_is_optional $interface;
$interface = get_physical $interface;
emit ( "if [ -f /proc/sys/net/ipv6/conf/$interface/proxy_ndp ] ; then" , emit ( "if [ -f /proc/sys/net/ipv6/conf/$interface/proxy_ndp ] ; then" ,
" echo $value > /proc/sys/net/ipv6/conf/$interface/proxy_ndp" ); " echo $value > /proc/sys/net/ipv6/conf/$interface/proxy_ndp" );
emit ( 'else' , emit ( 'else' ,
" error_message \"WARNING: Unable to set/reset Proxy NDP on $interface\"" ) unless interface_is_optional( $interface ); " error_message \"WARNING: Unable to set/reset Proxy NDP on $interface\"" ) unless $optional;
emit "fi\n"; emit "fi\n";
} }
} }