From 9728168b1a81298701df449e280762b2f420a042 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 9 Nov 2010 15:20:23 -0800 Subject: [PATCH] Fix NULL_ROUTE_RFC1918=Yes --- Shorewall/Perl/Shorewall/Providers.pm | 6 ++++-- Shorewall/changelog.txt | 2 ++ Shorewall/releasenotes.txt | 5 +++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm index 7960cfe57..db5588bb6 100644 --- a/Shorewall/Perl/Shorewall/Providers.pm +++ b/Shorewall/Perl/Shorewall/Providers.pm @@ -648,8 +648,10 @@ sub add_an_rtrule( ) { sub setup_null_routing() { save_progress_message "Null Routing the RFC 1918 subnets"; for ( rfc1918_networks ) { - emit( qq(run_ip route replace unreachable $_) ); - emit( qq(echo "qt \$IP -$family route del unreachable $_" >> \${VARDIR}/undo_routing) ); + emit( qq(if ! \$IP -4 route ls | grep -q '^$_.* dev '; then), + qq( run_ip route replace unreachable $_), + qq( echo "qt \$IP -4 route del unreachable $_" >> \${VARDIR}/undo_routing), + qq(fi\n) ); } } diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt index 75f18fb65..ee7d499ad 100644 --- a/Shorewall/changelog.txt +++ b/Shorewall/changelog.txt @@ -2,6 +2,8 @@ Changes in Shorewall 4.4.14.1 None. +3) Fix NULL_ROUTE_RFC1918 + Changes in Shorewall 4.4.14 1) Support ipset lists. diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt index 20f231d3b..52fb2b9b7 100644 --- a/Shorewall/releasenotes.txt +++ b/Shorewall/releasenotes.txt @@ -111,6 +111,11 @@ None. 13) If the current environment exported the VERBOSITY variable with a non-zero value, startup would fail. +2) If a route exists for an entire RFC1918 network (10.0.0.0/24, + 172.20.0.0/12 or 192.168.0.0/16) then setting + NULL_ROUTE_RFC1918=Yes would cause the route to replace with a + 'unreachable' one. + ---------------------------------------------------------------------------- I I. K N O W N P R O B L E M S R E M A I N I N G ----------------------------------------------------------------------------