From 45b9ddf1887550cf1d30852159ade2ace2f461f6 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 17 Jan 2017 08:58:09 -0800 Subject: [PATCH] Add BALANCE_PROVIDERS option Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Config.pm | 5 ++++ Shorewall/Perl/Shorewall/Providers.pm | 8 +++--- Shorewall/Samples/Universal/shorewall.conf | 2 ++ .../Samples/one-interface/shorewall.conf | 2 ++ .../Samples/three-interfaces/shorewall.conf | 2 ++ .../Samples/two-interfaces/shorewall.conf | 2 ++ Shorewall/configfiles/shorewall.conf | 2 ++ Shorewall/manpages/shorewall.conf.xml | 25 +++++++++++++++++-- Shorewall6/Samples6/Universal/shorewall6.conf | 2 ++ .../Samples6/one-interface/shorewall6.conf | 2 ++ .../Samples6/three-interfaces/shorewall6.conf | 2 ++ .../Samples6/two-interfaces/shorewall6.conf | 2 ++ Shorewall6/configfiles/shorewall6.conf | 2 ++ Shorewall6/manpages/shorewall6.conf.xml | 25 +++++++++++++++++-- docs/MultiISP.xml | 12 +++++++++ 15 files changed, 87 insertions(+), 8 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index de9ed994c..b7b4dbf9f 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -904,6 +904,7 @@ sub initialize( $;$$) { VERBOSE_MESSAGES => undef , ZERO_MARKS => undef , FIREWALL => undef , + BALANCE_PROVIDERS => undef , # # Packet Disposition # @@ -5279,6 +5280,7 @@ sub update_config_file( $ ) { } update_default( 'USE_DEFAULT_RT', 'No' ); + update_default( 'BALANCE_PROVIDERS', 'Yes' ); update_default( 'EXPORTMODULES', 'No' ); update_default( 'RESTART', 'reload' ); update_default( 'PAGER', $shorewallrc1{DEFAULT_PAGER} ); @@ -6286,6 +6288,9 @@ sub get_configuration( $$$$ ) { default_yes_no 'RESTORE_DEFAULT_ROUTE' , 'Yes'; default_yes_no 'AUTOMAKE' , ''; default_yes_no 'TRACK_PROVIDERS' , ''; + default_yes_no 'BALANCE_PROVIDERS' , 'Yes'; + + $config{BALANCE_PROVIDERS} = '' unless $config{USE_DEFAULT_RT}; unless ( ( $config{NULL_ROUTE_RFC1918} || '' ) =~ /^(?:blackhole|unreachable|prohibit)$/ ) { default_yes_no( 'NULL_ROUTE_RFC1918', '' ); diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index c284e0f42..ebde77d01 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -519,11 +519,11 @@ sub process_a_provider( $ ) { my ( $loose, $track, $balance, $default, $default_balance, $optional, $mtu, $tproxy, $local, $load, $what, $hostroute, $persistent ); if ( $pseudo ) { - ( $loose, $track, $balance , $default, $default_balance, $optional, $mtu, $tproxy , $local, $load, $what , $hostroute, $persistent ) = - ( 0, 0 , 0 , 0, 0, 1 , '' , 0 , 0, 0, 'interface', 0, 0); + ( $loose, $track, $balance , $default, $default_balance, $optional, $mtu, $tproxy , $local, $load, $what , $hostroute, $persistent ) = + ( 0, 0 , 0 , 0, 0, 1 , '' , 0 , 0, 0, 'interface', 0, 0); } else { - ( $loose, $track, $balance , $default, $default_balance, $optional, $mtu, $tproxy , $local, $load, $what , $hostroute, $persistent )= - ( 0, $config{TRACK_PROVIDERS}, 0 , 0, $config{USE_DEFAULT_RT} ? 1 : 0, interface_is_optional( $interface ), '' , 0 , 0, 0, 'provider', 1, 0); + ( $loose, $track, $balance , $default, $default_balance, $optional, $mtu, $tproxy , $local, $load, $what , $hostroute, $persistent )= + ( 0, $config{TRACK_PROVIDERS}, 0 , 0, $config{BALANCE_PROVIDERS} ? 1 : 0, interface_is_optional( $interface ), '' , 0 , 0, 0, 'provider', 1, 0); } unless ( $options eq '-' ) { diff --git a/Shorewall/Samples/Universal/shorewall.conf b/Shorewall/Samples/Universal/shorewall.conf index ed9a3c0c5..07a81e41f 100644 --- a/Shorewall/Samples/Universal/shorewall.conf +++ b/Shorewall/Samples/Universal/shorewall.conf @@ -140,6 +140,8 @@ AUTOHELPERS=Yes AUTOMAKE=Yes +BALANCE_PROVIDERS=No + BASIC_FILTERS=No BLACKLIST="NEW,INVALID,UNTRACKED" diff --git a/Shorewall/Samples/one-interface/shorewall.conf b/Shorewall/Samples/one-interface/shorewall.conf index 5aaf63567..b114dc74c 100644 --- a/Shorewall/Samples/one-interface/shorewall.conf +++ b/Shorewall/Samples/one-interface/shorewall.conf @@ -151,6 +151,8 @@ AUTOHELPERS=Yes AUTOMAKE=Yes +BALANCE_PROVIDERS=No + BASIC_FILTERS=No BLACKLIST="NEW,INVALID,UNTRACKED" diff --git a/Shorewall/Samples/three-interfaces/shorewall.conf b/Shorewall/Samples/three-interfaces/shorewall.conf index a6320090b..b9596d074 100644 --- a/Shorewall/Samples/three-interfaces/shorewall.conf +++ b/Shorewall/Samples/three-interfaces/shorewall.conf @@ -148,6 +148,8 @@ AUTOHELPERS=Yes AUTOMAKE=Yes +BALANCE_PROVIDERS=No + BASIC_FILTERS=No BLACKLIST="NEW,INVALID,UNTRACKED" diff --git a/Shorewall/Samples/two-interfaces/shorewall.conf b/Shorewall/Samples/two-interfaces/shorewall.conf index 6f8ba4cd5..cbb8a6d39 100644 --- a/Shorewall/Samples/two-interfaces/shorewall.conf +++ b/Shorewall/Samples/two-interfaces/shorewall.conf @@ -151,6 +151,8 @@ AUTOHELPERS=Yes AUTOMAKE=Yes +BALANCE_PROVIDERS=No + BASIC_FILTERS=No BLACKLIST="NEW,INVALID,UNTRACKED" diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf index b124e251f..367540d92 100644 --- a/Shorewall/configfiles/shorewall.conf +++ b/Shorewall/configfiles/shorewall.conf @@ -140,6 +140,8 @@ AUTOHELPERS=Yes AUTOMAKE=Yes +BALANCE_PROVIDERS=No + BASIC_FILTERS=No BLACKLIST="NEW,INVALID,UNTRACKED" diff --git a/Shorewall/manpages/shorewall.conf.xml b/Shorewall/manpages/shorewall.conf.xml index 6faa5a992..bfc550af8 100644 --- a/Shorewall/manpages/shorewall.conf.xml +++ b/Shorewall/manpages/shorewall.conf.xml @@ -443,6 +443,23 @@ + + BALANCE_PROVIDERS=[Yes|No] + + + Added in Shorewall 5.1.1. When USE_DEFAULT_RT=Yes, this option + determines whether the provider option (see + shorewall-providers(5)) is + the default. When BALANCE_PROVIDERS=Yes (the default), then the + option is assumed unless the + , , + or option is + specified. + + + BASIC_FILTERS=[Yes|No] @@ -2831,8 +2848,12 @@ INLINE - - - ;; -j REJECT - balance is assumed unless - loose is specified. + If running Shorewall 5.1.0 or earlier or if + BALANCE_PROVIDERS=Yes (Shorewall 5.1.1 or later), then the + balance provider option is + assumed unless the , + , or + option is specified. diff --git a/Shorewall6/Samples6/Universal/shorewall6.conf b/Shorewall6/Samples6/Universal/shorewall6.conf index f04b486b2..2e13fa02b 100644 --- a/Shorewall6/Samples6/Universal/shorewall6.conf +++ b/Shorewall6/Samples6/Universal/shorewall6.conf @@ -133,6 +133,8 @@ AUTOHELPERS=Yes AUTOMAKE=Yes +BALANCE_PROVIDERS=No + BASIC_FILTERS=No BLACKLIST="NEW,INVALID,UNTRACKED" diff --git a/Shorewall6/Samples6/one-interface/shorewall6.conf b/Shorewall6/Samples6/one-interface/shorewall6.conf index 45fbbda26..4a34846b3 100644 --- a/Shorewall6/Samples6/one-interface/shorewall6.conf +++ b/Shorewall6/Samples6/one-interface/shorewall6.conf @@ -134,6 +134,8 @@ AUTOHELPERS=Yes AUTOMAKE=Yes +BALANCE_PROVIDERS=No + BASIC_FILTERS=No BLACKLIST="NEW,INVALID,UNTRACKED" diff --git a/Shorewall6/Samples6/three-interfaces/shorewall6.conf b/Shorewall6/Samples6/three-interfaces/shorewall6.conf index 57231364e..ff578879b 100644 --- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf +++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf @@ -133,6 +133,8 @@ AUTOHELPERS=Yes AUTOMAKE=Yes +BALANCE_PROVIDERS=No + BASIC_FILTERS=No BLACKLIST="NEW,INVALID,UNTRACKED" diff --git a/Shorewall6/Samples6/two-interfaces/shorewall6.conf b/Shorewall6/Samples6/two-interfaces/shorewall6.conf index 92b0744e7..0b125aac5 100644 --- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf +++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf @@ -133,6 +133,8 @@ AUTOHELPERS=Yes AUTOMAKE=Yes +BALANCE_PROVIDERS=No + BASIC_FILTERS=No BLACKLIST="NEW,INVALID,UNTRACKED" diff --git a/Shorewall6/configfiles/shorewall6.conf b/Shorewall6/configfiles/shorewall6.conf index 0ad266ca8..02819a2cc 100644 --- a/Shorewall6/configfiles/shorewall6.conf +++ b/Shorewall6/configfiles/shorewall6.conf @@ -133,6 +133,8 @@ AUTOHELPERS=Yes AUTOMAKE=Yes +BALANCE_PROVIDERS=No + BASIC_FILTERS=No BLACKLIST="NEW,INVALID,UNTRACKED" diff --git a/Shorewall6/manpages/shorewall6.conf.xml b/Shorewall6/manpages/shorewall6.conf.xml index ebee8e8c5..09fcab205 100644 --- a/Shorewall6/manpages/shorewall6.conf.xml +++ b/Shorewall6/manpages/shorewall6.conf.xml @@ -374,6 +374,23 @@ + + BALANCE_PROVIDERS=[Yes|No] + + + Added in Shorewall 5.1.1. When USE_DEFAULT_RT=Yes, this option + determines whether the provider option (see + shorewall6-providers(5)) is + the default. When BALANCE_PROVIDERS=Yes (the default), then the + option is assumed unless the + , , + or option is + specified. + + + BASIC_FILTERS=[Yes|No] @@ -2475,8 +2492,12 @@ INLINE - - - ;; -j REJECT - balance is assumed unless - loose is specified. + If running Shorewall 5.1.0 or earlier or if + BALANCE_PROVIDERS=Yes (Shorewall 5.1.1 or later), then the + balance provider option is + assumed unless the , + , or + option is specified. diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml index 940e24e68..9edf02353 100644 --- a/docs/MultiISP.xml +++ b/docs/MultiISP.xml @@ -484,6 +484,18 @@ fi url="FAQ.htm#faq58">FAQ 58. + + Prior to Shorewall 5.1.1, balance=1 is the default when + USE_DEFAULT_RT=Yes and neither the + , , + or option is + specified. Beginning with Shorewall 5.1.1, balance=1 is the default when both + USE_DEFAULT_RT=Yes and BALANCE_PROVIDERS=Yes and neither the + , , + nor option is + specified.