forked from extern/shorewall_code
Fix arp_ignore (again); more ROUTE_FILTER and LOG_MARTIANS changes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6053 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
9c9546c55a
commit
82eaf6fe1a
@ -474,7 +474,26 @@ sub default_yes_no ( $$ ) {
|
||||
$config{$var} = $val;
|
||||
}
|
||||
}
|
||||
#
|
||||
# Check a tri-valued variable
|
||||
#
|
||||
sub check_trivalue( $ ) {
|
||||
my $var = $_[0];
|
||||
my $val = "\L$config{$var}";
|
||||
|
||||
if ( defined $val ) {
|
||||
if ( $val eq 'yes' ) {
|
||||
$config{$var} = 'yes';
|
||||
} elsif ( $val eq 'no' ) {
|
||||
$config{$var} = 'no';
|
||||
} elsif ( $val eq 'keep' ) {
|
||||
$config{$var} = '';
|
||||
} elsif ( $val ne '' ) {
|
||||
fatal_error "Invalid value ( $val ) for $var";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#
|
||||
# Produce a report of the detected capabilities
|
||||
#
|
||||
@ -792,19 +811,8 @@ sub get_configuration( $ ) {
|
||||
$config{IP_FORWARDING} = 'On';
|
||||
}
|
||||
|
||||
if ( $config{ROUTE_FILTER} ) {
|
||||
fatal_error "Invalid value ( $config{ROUTE_FILTER} ) for ROUTE_FILTER"
|
||||
unless $config{ROUTE_FILTER} =~ /^(Yes|No|Keep)$/i;
|
||||
} else {
|
||||
$config{ROUTE_FILTER} = 'Keep';
|
||||
}
|
||||
|
||||
if ( $config{LOG_MARTIANS} ) {
|
||||
fatal_error "Invalid value ( $config{LOG_MARTIANS} ) for LOG_MARTIANS"
|
||||
unless $config{LOG_MARTIANS} =~ /^(Yes|No|Keep)$/i;
|
||||
} else {
|
||||
$config{LOG_MARTIANS} = 'Keep';
|
||||
}
|
||||
check_trivalue ( 'ROUTE_FILTER' );
|
||||
check_trivalue ( 'LOG_MARTIANS' );
|
||||
|
||||
default_yes_no 'ADD_IP_ALIASES' , 'Yes';
|
||||
default_yes_no 'ADD_SNAT_ALIASES' , '';
|
||||
|
||||
@ -209,10 +209,14 @@ sub validate_interfaces_file()
|
||||
} elsif ( $type == ENUM_IF_OPTION ) {
|
||||
fatal_error "The $option option may not be used with a wild-card interface name" if $wildcard;
|
||||
if ( $option eq 'arp_ignore' ) {
|
||||
if ( $value =~ /^[1-3,8]$/ ) {
|
||||
$options{arp_ignore} = $value;
|
||||
if ( defined $value ) {
|
||||
if ( $value =~ /^[1-3,8]$/ ) {
|
||||
$options{arp_ignore} = $value;
|
||||
} else {
|
||||
fatal_error "Invalid value ($value) for arp_ignore";
|
||||
}
|
||||
} else {
|
||||
fatal_error "Invalid value ($value) for arp_ignore";
|
||||
$options{arp_ignore} = 1;
|
||||
}
|
||||
} else {
|
||||
fatal_error "Internal Error in validate_interfaces_file"
|
||||
|
||||
@ -95,12 +95,21 @@ sub setup_route_filtering() {
|
||||
|
||||
my $interfaces = find_interfaces_by_option 'routefilter';
|
||||
|
||||
if ( @$interfaces || ! ( $config{ROUTE_FILTER} =~ /keep/i ) ) {
|
||||
if ( @$interfaces || $config{ROUTE_FILTER} ) {
|
||||
|
||||
progress_message2 "$doing Kernel Route Filtering...";
|
||||
|
||||
save_progress_message "Setting up Route Filtering...";
|
||||
|
||||
|
||||
if ( $config{ROUTE_FILTER} ) {
|
||||
my $val = $config{ROUTE_FILTER} eq 'yes' ? 1 : 0;
|
||||
|
||||
emitj ( 'for file in /proc/sys/net/ipv4/conf/*; do',
|
||||
" [ -f \$file/rp_filter ] && echo $val > \$file/rp_filter",
|
||||
'done' );
|
||||
}
|
||||
|
||||
for my $interface ( @$interfaces ) {
|
||||
my $file = "/proc/sys/net/ipv4/conf/$interface/rp_filter";
|
||||
my $value = get_interface_option $interface, 'routefilter';
|
||||
@ -114,9 +123,9 @@ sub setup_route_filtering() {
|
||||
|
||||
emit 'echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter';
|
||||
|
||||
if ( $config{ROUTE_FILTER} =~ /yes/i ) {
|
||||
if ( $config{ROUTE_FILTER} eq 'yes' ) {
|
||||
emit 'echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter';
|
||||
} elsif ( $config{ROUTE_FILTER} =~ /no/i ) {
|
||||
} elsif ( $config{ROUTE_FILTER} eq 'no' ) {
|
||||
emit 'echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter';
|
||||
}
|
||||
|
||||
@ -131,12 +140,20 @@ sub setup_route_filtering() {
|
||||
sub setup_martian_logging() {
|
||||
my $interfaces = find_interfaces_by_option 'logmartians';
|
||||
|
||||
if ( @$interfaces || ! ( $config{LOG_MARTIANS} =~ /keep/i ) ) {
|
||||
if ( @$interfaces || $config{LOG_MARTIANS} ) {
|
||||
|
||||
progress_message2 "$doing Martian Logging...";
|
||||
|
||||
save_progress_message "Setting up Martian Logging...";
|
||||
|
||||
if ( $config{LOG_MARTIANS} ) {
|
||||
my $val = $config{LOG_MARTIANS} eq 'yes' ? 1 : 0;
|
||||
|
||||
emitj ( 'for file in /proc/sys/net/ipv4/conf/*; do',
|
||||
" [ -f \$file/log_martians ] && echo $val > \$file/log_martians",
|
||||
'done' );
|
||||
}
|
||||
|
||||
for my $interface ( @$interfaces ) {
|
||||
my $file = "/proc/sys/net/ipv4/conf/$interface/log_martians";
|
||||
my $value = get_interface_option $interface, 'logmartians';
|
||||
@ -149,10 +166,10 @@ sub setup_martian_logging() {
|
||||
emit "fi\n";
|
||||
}
|
||||
|
||||
if ( $config{LOG_MARTIANS} =~ /yes/i ) {
|
||||
if ( $config{LOG_MARTIANS} eq 'yes' ) {
|
||||
emit 'echo 1 > /proc/sys/net/ipv4/conf/all/log_martians';
|
||||
emit 'echo 1 > /proc/sys/net/ipv4/conf/default/log_martians';
|
||||
} elsif ( $config{LOG_MARTIANS} =~ /no/i ) {
|
||||
} elsif ( $config{LOG_MARTIANS} eq 'no' ) {
|
||||
emit 'echo 0 > /proc/sys/net/ipv4/conf/all/log_martians';
|
||||
emit 'echo 0 > /proc/sys/net/ipv4/conf/default/log_martians';
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user