forked from extern/shorewall_code
Allow 'routeback=0'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
52eb29d01e
commit
4bd35a0b93
@ -265,7 +265,7 @@ our %prohibitunmanaged = (
|
||||
upnpclient => 1,
|
||||
);
|
||||
|
||||
our %defaultinterfaceoptions = ( routefilter => 1 , wait => 60, accept_ra => 1 , ignore => 3 );
|
||||
our %defaultinterfaceoptions = ( routefilter => 1 , wait => 60, accept_ra => 1 , ignore => 3, routeback => 1 );
|
||||
|
||||
our %maxoptionvalue = ( routefilter => 2, mss => 100000 , wait => 120 , ignore => NO_UPDOWN | NO_SFILTER, accept_ra => 2 );
|
||||
|
||||
@ -343,7 +343,7 @@ sub initialize( $$ ) {
|
||||
optional => SIMPLE_IF_OPTION,
|
||||
proxyarp => BINARY_IF_OPTION,
|
||||
required => SIMPLE_IF_OPTION,
|
||||
routeback => SIMPLE_IF_OPTION + IF_OPTION_ZONEONLY + IF_OPTION_HOST + IF_OPTION_VSERVER,
|
||||
routeback => BINARY_IF_OPTION + IF_OPTION_ZONEONLY + IF_OPTION_HOST + IF_OPTION_VSERVER,
|
||||
routefilter => NUMERIC_IF_OPTION ,
|
||||
rpfilter => SIMPLE_IF_OPTION,
|
||||
sfilter => IPLIST_IF_OPTION,
|
||||
@ -388,7 +388,7 @@ sub initialize( $$ ) {
|
||||
optional => SIMPLE_IF_OPTION,
|
||||
proxyndp => BINARY_IF_OPTION,
|
||||
required => SIMPLE_IF_OPTION,
|
||||
routeback => SIMPLE_IF_OPTION + IF_OPTION_ZONEONLY + IF_OPTION_HOST + IF_OPTION_VSERVER,
|
||||
routeback => BINARY_IF_OPTION + IF_OPTION_ZONEONLY + IF_OPTION_HOST + IF_OPTION_VSERVER,
|
||||
rpfilter => SIMPLE_IF_OPTION,
|
||||
sfilter => IPLIST_IF_OPTION,
|
||||
sourceroute => BINARY_IF_OPTION,
|
||||
@ -1218,7 +1218,7 @@ sub process_interface( $$ ) {
|
||||
} elsif ( $type == BINARY_IF_OPTION ) {
|
||||
$value = 1 unless defined $value;
|
||||
fatal_error "Option value for '$option' must be 0 or 1" unless ( $value eq '0' || $value eq '1' );
|
||||
fatal_error "The '$option' option may not be used with a wild-card interface name" if $wildcard;
|
||||
fatal_error "The '$option' option may not be used with a wild-card interface name" if $wildcard && ! $type && IF_OPTION_WILDOK;
|
||||
$options{$option} = $value;
|
||||
$hostoptions{$option} = $value if $hostopt;
|
||||
} elsif ( $type == ENUM_IF_OPTION ) {
|
||||
@ -1325,10 +1325,10 @@ sub process_interface( $$ ) {
|
||||
if ( $options{bridge} ) {
|
||||
require_capability( 'PHYSDEV_MATCH', 'The "bridge" option', 's');
|
||||
fatal_error "Bridges may not have wildcard names" if $wildcard;
|
||||
$hostoptions{routeback} = $options{routeback} = 1;
|
||||
$hostoptions{routeback} = $options{routeback} = 1 unless supplied $options{routeback};
|
||||
}
|
||||
|
||||
$hostoptions{routeback} = $options{routeback} = is_a_bridge( $physical ) unless $export || $options{routeback} || $options{unmanaged};
|
||||
$hostoptions{routeback} = $options{routeback} = is_a_bridge( $physical ) unless $export || supplied $options{routeback} || $options{unmanaged};
|
||||
|
||||
$hostoptionsref = \%hostoptions;
|
||||
} else {
|
||||
|
||||
@ -210,7 +210,7 @@ loc eth2 -</programlisting>
|
||||
changed; the value assigned to the setting will be the value
|
||||
specified (if any) or 1 if no value is given.</para>
|
||||
|
||||
<para/>
|
||||
<para></para>
|
||||
|
||||
<note>
|
||||
<para>This option does not work with a wild-card
|
||||
@ -244,7 +244,7 @@ loc eth2 -</programlisting>
|
||||
|
||||
<para>8 - do not reply for all local addresses</para>
|
||||
|
||||
<para/>
|
||||
<para></para>
|
||||
|
||||
<note>
|
||||
<para>This option does not work with a wild-card
|
||||
@ -252,7 +252,7 @@ loc eth2 -</programlisting>
|
||||
the INTERFACE column.</para>
|
||||
</note>
|
||||
|
||||
<para/>
|
||||
<para></para>
|
||||
|
||||
<warning>
|
||||
<para>Do not specify <emphasis
|
||||
@ -411,7 +411,7 @@ loc eth2 -</programlisting>
|
||||
1
|
||||
teastep@lists:~$ </programlisting>
|
||||
|
||||
<para/>
|
||||
<para></para>
|
||||
|
||||
<note>
|
||||
<para>This option does not work with a wild-card
|
||||
@ -576,7 +576,7 @@ loc eth2 -</programlisting>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">routeback</emphasis></term>
|
||||
<term><emphasis role="bold">routeback[={0|1}]</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>If specified, indicates that Shorewall should include
|
||||
@ -591,6 +591,12 @@ loc eth2 -</programlisting>
|
||||
<option>sfilter</option> (see below) or
|
||||
<option>routefilter</option> on all interfaces (see
|
||||
below).</para>
|
||||
|
||||
<para>Beginning with Shorewall 4.5.18, you may specify this
|
||||
option to explicitly reset (e.g., <emphasis
|
||||
role="bold">routeback=0</emphasis>). This can be used to
|
||||
override Shorewall's default setting for bridge devices which
|
||||
is <emphasis role="bold">routeback=1</emphasis>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
@ -413,7 +413,7 @@ loc eth2 -</programlisting>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">routeback</emphasis></term>
|
||||
<term><emphasis role="bold">routeback[={0|1}]</emphasis></term>
|
||||
|
||||
<listitem>
|
||||
<para>If specified, indicates that shorewall6 should include
|
||||
@ -427,6 +427,12 @@ loc eth2 -</programlisting>
|
||||
<option>rpfilter</option> (see below) if you are running
|
||||
Shorewall 4.5.7 or later; otherwise, you should specify
|
||||
<option>sfilter</option> (see below).</para>
|
||||
|
||||
<para>Beginning with Shorewall 4.5.18, you may specify this
|
||||
option to explicitly reset (e.g., <emphasis
|
||||
role="bold">routeback=0</emphasis>). This can be used to
|
||||
override Shorewall's default setting for bridge devices which
|
||||
is <emphasis role="bold">routeback=1</emphasis>.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user