diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm index 51ebfc27a..8bd3f2cdb 100644 --- a/Shorewall/Perl/Shorewall/Misc.pm +++ b/Shorewall/Perl/Shorewall/Misc.pm @@ -1887,7 +1887,7 @@ EOF emit 'delete_tc1' if $config{CLEAR_TC}; emit( 'undo_routing', - 'restore_default_route' + "restore_default_route $config{USE_DEFAULT_RT}" ); my @chains = $config{ADMINISABSENTMINDED} ? qw/INPUT FORWARD/ : qw/INPUT OUTPUT FORWARD/; diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index f9567c05c..e30110801 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -758,13 +758,21 @@ sub finish_providers() { emit ( 'if [ -n "$DEFAULT_ROUTE" ]; then' ); emit ( " run_ip route replace default scope global table $table \$DEFAULT_ROUTE" ); - emit ( " qt \$IP -$family route del default table " . MAIN_TABLE ) if $config{USE_DEFAULT_RT}; + + if ( $config{USE_DEFAULT_RT} ) { + emit ( " while qt \$IP -$family route del default table " . MAIN_TABLE . '; do', + ' true', + ' done', + '' + ); + } + emit ( " progress_message \"Default route '\$(echo \$DEFAULT_ROUTE | sed 's/\$\\s*//')' Added\"", 'else', ' error_message "WARNING: No Default route added (all \'balance\' providers are down)"' ); if ( $config{RESTORE_DEFAULT_ROUTE} ) { - emit ' restore_default_route && error_message "NOTICE: Default route restored"' + emit qq( restore_default_route $config{USE_DEFAULT_RT} && error_message "NOTICE: Default route restored") } else { emit qq( qt \$IP -$family route del default table $table && error_message "WARNING: Default route deleted from table $table"); } @@ -775,7 +783,7 @@ sub finish_providers() { emit ( '#', '# We don\'t have any \'balance\' providers so we restore any default route that we\'ve saved', '#', - 'restore_default_route' , + "restore_default_route $config{USE_DEFAULT_RT}" , '' ); } @@ -871,7 +879,7 @@ sub setup_providers() { push_indent; emit "\nundo_routing"; - emit 'restore_default_route'; + emit "restore_default_route $config{USE_DEFAULT_RT}"; if ( $config{NULL_ROUTE_RFC1918} ) { emit ( '#', diff --git a/Shorewall/Perl/prog.header b/Shorewall/Perl/prog.header index 3c37d43a6..817d5206f 100644 --- a/Shorewall/Perl/prog.header +++ b/Shorewall/Perl/prog.header @@ -518,7 +518,27 @@ save_default_route() { # # Restore the default route that was in place before the initial 'shorewall start' # -restore_default_route() { +replace_default_route() { + if [ -n "$default_route" ]; then + case "$default_route" in + *metric*) + # + # Don't restore a default route with a metric unless USE_DEFAULT_RT=Yes. Otherwise, we only replace the one with metric 0 + # + [ -n "$1" ] && qt $IP -4 route replace $default_route && progress_message "Default Route (${default_route# }) restored" + default_route= + ;; + *) + qt $IP -4 route replace $default_route && progress_message "Default Route (${default_route# }) restored" + result=0 + default_route= + ;; + esac + fi +} + +restore_default_route() # $1 = USE_DEFAULT_RT +{ local result if [ -z "$g_noroutes" -a -f ${VARDIR}/default_route ]; then @@ -530,25 +550,7 @@ restore_default_route() { while read route ; do case $route in default*) - if [ -n "$default_route" ]; then - case "$default_route" in - *metric*) - # - # Don't restore a route with a metric -- we only replace the one with metric == 0 - # - qt $IP -4 route delete default metric 0 && \ - progress_message "Default Route with metric 0 deleted" - ;; - *) - qt $IP -4 route replace $default_route && \ - result=0 && \ - progress_message "Default Route (${default_route# }) restored" - ;; - esac - - break - fi - + replace_default_route $1 default_route="$default_route $route" ;; *) @@ -557,6 +559,15 @@ restore_default_route() { esac done < ${VARDIR}/default_route + replace_default_route $1 + + if [ $result = 1 ]; then + # + # We added a default route with metric 0 but there wasn't one previously + # + qt -4 ip route del default metric 0 && progress_message "Default route with metric 0 deleted" + fi + rm -f ${VARDIR}/default_route fi diff --git a/Shorewall/Perl/prog.header6 b/Shorewall/Perl/prog.header6 index e708e88d4..f8f0d71ee 100644 --- a/Shorewall/Perl/prog.header6 +++ b/Shorewall/Perl/prog.header6 @@ -506,7 +506,14 @@ save_default_route() { # # Restore the default route that was in place before the initial 'shorewall start' # -restore_default_route() { +replace_default_route() { + qt $IP -6 route replace $default_route && \ + result=0 && \ + progress_message "Default Route (${default_route# }) restored" +} + +restore_default_route() # $1 = USE_DEFAULT_RT +{ local result if [ -z "$g_noroutes" -a -f ${VARDIR}/default_route ]; then @@ -517,24 +524,21 @@ restore_default_route() { while read route ; do case $route in - default) + default*) if [ -n "$default_route" ]; then case "$default_route" in *metric*) - # - # Don't restore a route with a metric -- we only replace the one with metric == 0 - # - qt $IP -6 route delete default metric 0 && \ - progress_message "Default Route with metric 0 deleted" + # + # Don't restore a default route with a metric unless USE_DEFAULT_RT=Yes. Otherwise, we only replace the one with metric 0 + # + [ -n "$1" ] && replace_default_route + default_route= ;; *) - qt $IP -6 route replace $default_route && \ - result=0 && \ - progress_message "Default Route (${default_route# }) restored" + replace_default_route + default_route= ;; esac - - break fi default_route="$default_route $route" @@ -545,6 +549,15 @@ restore_default_route() { esac done < ${VARDIR}/default_route + if [ -n "$default_route" ]; then + replace_default_route + elif [ $result = 1 ]; then + # + # We added a default route with metric 0 but there wasn't one previously + # + qt -6 ip route del default metric 0 && progress_message "Default route with metric 0 deleted" + fi + rm -f ${VARDIR}/default_route fi