forked from extern/shorewall_code
Configure /proc during 'enable' processing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
cedf203c21
commit
5d21b55ecc
@ -40,7 +40,7 @@ our @EXPORT = qw(
|
|||||||
setup_source_routing
|
setup_source_routing
|
||||||
setup_forwarding
|
setup_forwarding
|
||||||
);
|
);
|
||||||
our @EXPORT_OK = qw( );
|
our @EXPORT_OK = qw( setup_interface_proc );
|
||||||
our $VERSION = 'MODULEVERSION';
|
our $VERSION = 'MODULEVERSION';
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -277,4 +277,45 @@ sub setup_forwarding( $$ ) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub setup_interface_proc( $ ) {
|
||||||
|
my $interface = shift;
|
||||||
|
my $physical = get_physical $interface;
|
||||||
|
my $value;
|
||||||
|
my @emitted;
|
||||||
|
|
||||||
|
if ( interface_has_option( $interface, 'arp_filter' , $value ) ) {
|
||||||
|
push @emitted, "echo $value > /proc/sys/net/ipv4/conf/$physical/arp_filter";
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( interface_has_option( $interface, 'arp_ignore' , $value ) ) {
|
||||||
|
push @emitted, "echo $value > /proc/sys/net/ipv4/conf/$physical/arp_ignore";
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( interface_has_option( $interface, 'routefilter' , $value ) ) {
|
||||||
|
push @emitted, "echo $value > /proc/sys/net/ipv4/conf/$physical/rp_filter";
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( interface_has_option( $interface, 'logmartians' , $value ) ) {
|
||||||
|
push @emitted, "echo $value > /proc/sys/net/ipv4/conf/$physical/log_martians";
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( interface_has_option( $interface, 'sourceroute' , $value ) ) {
|
||||||
|
push @emitted, "echo $value > /proc/sys/net/ipv4/conf/$physical/accept_source_route";
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( interface_has_option( $interface, 'sourceroute' , $value ) ) {
|
||||||
|
push @emitted, "echo $value > /proc/sys/net/ipv4/conf/$physical/accept_source_route";
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( @emitted ) {
|
||||||
|
emit( '',
|
||||||
|
'if [ $COMMAND = enable ]; then' );
|
||||||
|
push_indent;
|
||||||
|
emit "$_" for @emitted;
|
||||||
|
pop_indent;
|
||||||
|
emit "fi\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
1;
|
1;
|
||||||
|
@ -29,6 +29,7 @@ use Shorewall::Config qw(:DEFAULT :internal);
|
|||||||
use Shorewall::IPAddrs;
|
use Shorewall::IPAddrs;
|
||||||
use Shorewall::Zones;
|
use Shorewall::Zones;
|
||||||
use Shorewall::Chains qw(:DEFAULT :internal);
|
use Shorewall::Chains qw(:DEFAULT :internal);
|
||||||
|
use Shorewall::Proc qw( setup_interface_proc );
|
||||||
|
|
||||||
use strict;
|
use strict;
|
||||||
|
|
||||||
@ -143,6 +144,8 @@ sub copy_table( $$$ ) {
|
|||||||
#
|
#
|
||||||
my $filter = $family == F_IPV6 ? q(sed 's/ via :: / /' | ) : '';
|
my $filter = $family == F_IPV6 ? q(sed 's/ via :: / /' | ) : '';
|
||||||
|
|
||||||
|
emit '';
|
||||||
|
|
||||||
if ( $realm ) {
|
if ( $realm ) {
|
||||||
emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ realm [[:alnum:]_]+//' | while read net route; do" )
|
emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ realm [[:alnum:]_]+//' | while read net route; do" )
|
||||||
} else {
|
} else {
|
||||||
@ -174,6 +177,8 @@ sub copy_and_edit_table( $$$$ ) {
|
|||||||
# Shell and iptables use a different wildcard character
|
# Shell and iptables use a different wildcard character
|
||||||
#
|
#
|
||||||
$copy =~ s/\+/*/;
|
$copy =~ s/\+/*/;
|
||||||
|
|
||||||
|
emit '';
|
||||||
|
|
||||||
if ( $realm ) {
|
if ( $realm ) {
|
||||||
emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ realm [[:alnum:]]+//' | while read net route; do" )
|
emit ( "\$IP -$family -o route show table $duplicate | sed -r 's/ realm [[:alnum:]]+//' | while read net route; do" )
|
||||||
@ -441,7 +446,6 @@ sub add_a_provider( $ ) {
|
|||||||
} else {
|
} else {
|
||||||
start_provider( $table, $number, "if interface_is_usable $physical; then" );
|
start_provider( $table, $number, "if interface_is_usable $physical; then" );
|
||||||
}
|
}
|
||||||
|
|
||||||
$provider_interfaces{$interface} = $table;
|
$provider_interfaces{$interface} = $table;
|
||||||
|
|
||||||
if ( $gatewaycase eq 'none' ) {
|
if ( $gatewaycase eq 'none' ) {
|
||||||
@ -453,6 +457,8 @@ sub add_a_provider( $ ) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
setup_interface_proc( $interface );
|
||||||
|
|
||||||
if ( $mark ne '-' ) {
|
if ( $mark ne '-' ) {
|
||||||
my $mask = have_capability 'FWMARK_RT_MASK' ? '/' . in_hex $globals{PROVIDER_MASK} : '';
|
my $mask = have_capability 'FWMARK_RT_MASK' ? '/' . in_hex $globals{PROVIDER_MASK} : '';
|
||||||
|
|
||||||
|
@ -73,6 +73,7 @@ our @EXPORT = qw( NOTHING
|
|||||||
find_interfaces_by_option
|
find_interfaces_by_option
|
||||||
find_interfaces_by_option1
|
find_interfaces_by_option1
|
||||||
get_interface_option
|
get_interface_option
|
||||||
|
interface_has_option
|
||||||
set_interface_option
|
set_interface_option
|
||||||
interface_zones
|
interface_zones
|
||||||
verify_required_interfaces
|
verify_required_interfaces
|
||||||
@ -1409,6 +1410,22 @@ sub get_interface_option( $$ ) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Return the value of an option for an interface
|
||||||
|
#
|
||||||
|
sub interface_has_option( $$\$ ) {
|
||||||
|
my ( $interface, $option, $value ) = @_;
|
||||||
|
|
||||||
|
my $ref = $interfaces{$interface};
|
||||||
|
|
||||||
|
$ref = known_interface( $interface ) unless $ref;
|
||||||
|
|
||||||
|
if ( exists $ref->{options}{$option} ) {
|
||||||
|
$$value = $ref->{options}{$option};
|
||||||
|
1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Set an option for an interface
|
# Set an option for an interface
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user