forked from extern/shorewall_code
Make 'physical' work as a general logical name facility
This commit is contained in:
parent
83621ff416
commit
4d977306f9
@ -673,7 +673,7 @@ sub chain_base($) {
|
|||||||
#
|
#
|
||||||
sub forward_chain($)
|
sub forward_chain($)
|
||||||
{
|
{
|
||||||
$_[0] . '_fwd';
|
physical_name( $_[0] ) . '_fwd';
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -709,7 +709,7 @@ sub use_forward_chain($) {
|
|||||||
#
|
#
|
||||||
sub input_chain($)
|
sub input_chain($)
|
||||||
{
|
{
|
||||||
$_[0] . '_in';
|
physical_name( $_[0] ) . '_in';
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -767,7 +767,7 @@ sub use_input_chain($) {
|
|||||||
#
|
#
|
||||||
sub output_chain($)
|
sub output_chain($)
|
||||||
{
|
{
|
||||||
$_[0] . '_out';
|
physical_name( $_[0] ) . '_out';
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -811,7 +811,7 @@ sub use_output_chain($) {
|
|||||||
#
|
#
|
||||||
sub masq_chain($)
|
sub masq_chain($)
|
||||||
{
|
{
|
||||||
$_[0] . '_masq';
|
physical_name( $_[0] ) . '_masq';
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -826,7 +826,7 @@ sub syn_flood_chain ( $ ) {
|
|||||||
#
|
#
|
||||||
sub mac_chain( $ )
|
sub mac_chain( $ )
|
||||||
{
|
{
|
||||||
$_[0] . '_mac';
|
physical_name( $_[0] ) . '_mac';
|
||||||
}
|
}
|
||||||
|
|
||||||
sub macrecent_target($)
|
sub macrecent_target($)
|
||||||
@ -855,7 +855,7 @@ sub notrack_chain( $ )
|
|||||||
#
|
#
|
||||||
sub snat_chain( $ )
|
sub snat_chain( $ )
|
||||||
{
|
{
|
||||||
$_[0] . '_snat';
|
physical_name( $_[0] ) . '_snat';
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -863,7 +863,7 @@ sub snat_chain( $ )
|
|||||||
#
|
#
|
||||||
sub ecn_chain( $ )
|
sub ecn_chain( $ )
|
||||||
{
|
{
|
||||||
$_[0] . '_ecn';
|
physical_name( $_[0] ) . '_ecn';
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -871,7 +871,7 @@ sub ecn_chain( $ )
|
|||||||
#
|
#
|
||||||
sub first_chains( $ ) #$1 = interface
|
sub first_chains( $ ) #$1 = interface
|
||||||
{
|
{
|
||||||
my $c = $_[0];
|
my $c = physical_name $_[0];
|
||||||
|
|
||||||
( $c . '_fwd', $c . '_in' );
|
( $c . '_fwd', $c . '_in' );
|
||||||
}
|
}
|
||||||
@ -2136,10 +2136,11 @@ sub interface_address( $ ) {
|
|||||||
# Record that the ruleset requires the first IP address on the passed interface
|
# Record that the ruleset requires the first IP address on the passed interface
|
||||||
#
|
#
|
||||||
sub get_interface_address ( $ ) {
|
sub get_interface_address ( $ ) {
|
||||||
my ( $interface ) = physical_name $_[0];
|
my ( $logical ) = $_[0];
|
||||||
|
|
||||||
|
my $interface = physical_name( $logical );
|
||||||
my $variable = interface_address( $interface );
|
my $variable = interface_address( $interface );
|
||||||
my $function = interface_is_optional( $interface ) ? 'find_first_interface_address_if_any' : 'find_first_interface_address';
|
my $function = interface_is_optional( $logical ) ? 'find_first_interface_address_if_any' : 'find_first_interface_address';
|
||||||
|
|
||||||
$global_variables |= ALL_COMMANDS;
|
$global_variables |= ALL_COMMANDS;
|
||||||
|
|
||||||
@ -2209,7 +2210,7 @@ sub get_interface_gateway ( $ ) {
|
|||||||
my ( $logical ) = $_[0];
|
my ( $logical ) = $_[0];
|
||||||
|
|
||||||
my $interface = physical_name $logical;
|
my $interface = physical_name $logical;
|
||||||
my $variable = interface_gateway( $interface );
|
my $variable = interface_gateway( $interface );
|
||||||
|
|
||||||
my $routine = $config{USE_DEFAULT_RT} ? 'detect_dynamic_gateway' : 'detect_gateway';
|
my $routine = $config{USE_DEFAULT_RT} ? 'detect_dynamic_gateway' : 'detect_gateway';
|
||||||
|
|
||||||
@ -2241,7 +2242,7 @@ sub get_interface_addresses ( $ ) {
|
|||||||
my ( $logical ) = $_[0];
|
my ( $logical ) = $_[0];
|
||||||
|
|
||||||
my $interface = physical_name( $logical );
|
my $interface = physical_name( $logical );
|
||||||
my $variable = interface_addresses( $interface );
|
my $variable = interface_addresses( $interface );
|
||||||
|
|
||||||
$global_variables |= NOT_RESTORE;
|
$global_variables |= NOT_RESTORE;
|
||||||
|
|
||||||
@ -2271,7 +2272,7 @@ sub get_interface_nets ( $ ) {
|
|||||||
my ( $logical ) = $_[0];
|
my ( $logical ) = $_[0];
|
||||||
|
|
||||||
my $interface = physical_name( $logical );
|
my $interface = physical_name( $logical );
|
||||||
my $variable = interface_nets( $interface );
|
my $variable = interface_nets( $interface );
|
||||||
|
|
||||||
$global_variables |= ALL_COMMANDS;
|
$global_variables |= ALL_COMMANDS;
|
||||||
|
|
||||||
@ -2302,7 +2303,7 @@ sub get_interface_mac( $$$ ) {
|
|||||||
my ( $ipaddr, $logical , $table ) = @_;
|
my ( $ipaddr, $logical , $table ) = @_;
|
||||||
|
|
||||||
my $interface = physical_name( $logical );
|
my $interface = physical_name( $logical );
|
||||||
my $variable = interface_mac( $interface , $table );
|
my $variable = interface_mac( $interface , $table );
|
||||||
|
|
||||||
$global_variables |= NOT_RESTORE;
|
$global_variables |= NOT_RESTORE;
|
||||||
|
|
||||||
|
@ -513,13 +513,13 @@ sub add_a_provider( ) {
|
|||||||
if ( $shared ) {
|
if ( $shared ) {
|
||||||
emit ( " error_message \"WARNING: Gateway $gateway is not reachable -- Provider $table ($number) not Added\"" );
|
emit ( " error_message \"WARNING: Gateway $gateway is not reachable -- Provider $table ($number) not Added\"" );
|
||||||
} else {
|
} else {
|
||||||
emit ( " error_message \"WARNING: Interface $interface is not usable -- Provider $table ($number) not Added\"" );
|
emit ( " error_message \"WARNING: Interface $physical is not usable -- Provider $table ($number) not Added\"" );
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if ( $shared ) {
|
if ( $shared ) {
|
||||||
emit( " fatal_error \"Gateway $gateway is not reachable -- Provider $table ($number) Cannot be Added\"" );
|
emit( " fatal_error \"Gateway $gateway is not reachable -- Provider $table ($number) Cannot be Added\"" );
|
||||||
} else {
|
} else {
|
||||||
emit( " fatal_error \"Interface $interface is not usable -- Provider $table ($number) Cannot be Added\"" );
|
emit( " fatal_error \"Interface $physical is not usable -- Provider $table ($number) Cannot be Added\"" );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1040,7 +1040,6 @@ sub setup_traffic_shaping() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
for my $device ( @tcdevices ) {
|
for my $device ( @tcdevices ) {
|
||||||
my $dev = chain_base( $device );
|
|
||||||
my $devref = $tcdevices{$device};
|
my $devref = $tcdevices{$device};
|
||||||
my $defmark = in_hexp ( $devref->{default} || 0 );
|
my $defmark = in_hexp ( $devref->{default} || 0 );
|
||||||
my $devnum = in_hexp $devref->{number};
|
my $devnum = in_hexp $devref->{number};
|
||||||
@ -1048,6 +1047,8 @@ sub setup_traffic_shaping() {
|
|||||||
|
|
||||||
$device = physical_name $device;
|
$device = physical_name $device;
|
||||||
|
|
||||||
|
my $dev = chain_base( $device );
|
||||||
|
|
||||||
emit "if interface_is_up $device; then";
|
emit "if interface_is_up $device; then";
|
||||||
|
|
||||||
push_indent;
|
push_indent;
|
||||||
@ -1225,7 +1226,7 @@ sub setup_tc() {
|
|||||||
$mark_part = $config{HIGH_ROUTE_MARKS} ? $config{WIDE_TC_MARKS} ? '-m mark --mark 0/0xFF0000' : '-m mark --mark 0/0xFF00' : '-m mark --mark 0/0xFF';
|
$mark_part = $config{HIGH_ROUTE_MARKS} ? $config{WIDE_TC_MARKS} ? '-m mark --mark 0/0xFF0000' : '-m mark --mark 0/0xFF00' : '-m mark --mark 0/0xFF';
|
||||||
|
|
||||||
for my $interface ( @routemarked_interfaces ) {
|
for my $interface ( @routemarked_interfaces ) {
|
||||||
add_rule $mangle_table->{PREROUTING} , "-i $interface -j tcpre";
|
add_rule $mangle_table->{PREROUTING} , match_source_dev( $interface ) . "-j tcpre";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -871,9 +871,9 @@ sub process_interface( $ ) {
|
|||||||
fatal_error "Duplicate $option option" if $nets;
|
fatal_error "Duplicate $option option" if $nets;
|
||||||
if ( $value eq 'dynamic' ) {
|
if ( $value eq 'dynamic' ) {
|
||||||
require_capability( 'IPSET_MATCH', 'Dynamic nets', '');
|
require_capability( 'IPSET_MATCH', 'Dynamic nets', '');
|
||||||
$value = "+${zone}_${interface}";
|
$value = "+${zone}_${physical}";
|
||||||
$hostoptions{dynamic} = 1;
|
$hostoptions{dynamic} = 1;
|
||||||
$ipsets{"${zone}_${interface}"} = 1;
|
$ipsets{"${zone}_${physical}"} = 1;
|
||||||
} else {
|
} else {
|
||||||
$hostoptions{multicast} = 1;
|
$hostoptions{multicast} = 1;
|
||||||
}
|
}
|
||||||
@ -891,9 +891,9 @@ sub process_interface( $ ) {
|
|||||||
} elsif ( $type == STRING_IF_OPTION ) {
|
} elsif ( $type == STRING_IF_OPTION ) {
|
||||||
fatal_error "The $option option requires a value" unless defined $value;
|
fatal_error "The $option option requires a value" unless defined $value;
|
||||||
|
|
||||||
if ( $option == 'physical' ) {
|
if ( $option eq 'physical' ) {
|
||||||
fatal_error "Invalid Physical interface name ($value)" unless $value =~ /^[\w.@%-]+\+?$/;
|
fatal_error "Invalid Physical interface name ($value)" unless $value =~ /^[\w.@%-]+\+?$/;
|
||||||
fatal_error "The 'physical' option is only allowed on bridge ports" unless $port;
|
# fatal_error "The 'physical' option is only allowed on bridge ports" unless $port;
|
||||||
my $wildphy = $value =~ /\+$/ ? 1 : 0;
|
my $wildphy = $value =~ /\+$/ ? 1 : 0;
|
||||||
fatal_error "The type of 'physical' name ($value) doesn't match the type of interface name ($interface)" unless $wildphy == $wildcard;
|
fatal_error "The type of 'physical' name ($value) doesn't match the type of interface name ($interface)" unless $wildphy == $wildcard;
|
||||||
$physical = $value;
|
$physical = $value;
|
||||||
@ -1232,9 +1232,10 @@ sub process_host( ) {
|
|||||||
|
|
||||||
if ( $hosts eq 'dynamic' ) {
|
if ( $hosts eq 'dynamic' ) {
|
||||||
require_capability( 'IPSET_MATCH', 'Dynamic nets', '');
|
require_capability( 'IPSET_MATCH', 'Dynamic nets', '');
|
||||||
$hosts = "+${zone}_${interface}";
|
my $physical = physical_name $interface;
|
||||||
|
$hosts = "+${zone}_${physical}";
|
||||||
$optionsref->{dynamic} = 1;
|
$optionsref->{dynamic} = 1;
|
||||||
$ipsets{"${zone}_${interface}"} = 1;
|
$ipsets{"${zone}_${physical}"} = 1;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user