forked from extern/shorewall_code
More corrections to undo_routing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
3031c37edd
commit
abdd6bec27
@ -260,7 +260,6 @@ sub start_provider( $$$ ) {
|
|||||||
|
|
||||||
emit "qt ip -$family route flush table $number";
|
emit "qt ip -$family route flush table $number";
|
||||||
emit "echo \"qt \$IP -$family route flush table $number\" > \${VARDIR}/undo_${table}_routing";
|
emit "echo \"qt \$IP -$family route flush table $number\" > \${VARDIR}/undo_${table}_routing";
|
||||||
emit "echo \". \${VARDIR}/undo_${table}_routing\" >> \${VARDIR}/undo_routing";
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -319,6 +318,7 @@ sub process_a_provider() {
|
|||||||
unless ( $options eq '-' ) {
|
unless ( $options eq '-' ) {
|
||||||
for my $option ( split_list $options, 'option' ) {
|
for my $option ( split_list $options, 'option' ) {
|
||||||
if ( $option eq 'track' ) {
|
if ( $option eq 'track' ) {
|
||||||
|
require_capability( 'MANGLE_ENABLED' , q(The 'track' option) , 's' );
|
||||||
$track = 1;
|
$track = 1;
|
||||||
} elsif ( $option eq 'notrack' ) {
|
} elsif ( $option eq 'notrack' ) {
|
||||||
$track = 0;
|
$track = 0;
|
||||||
@ -381,6 +381,8 @@ sub process_a_provider() {
|
|||||||
|
|
||||||
if ( $mark ne '-' ) {
|
if ( $mark ne '-' ) {
|
||||||
|
|
||||||
|
require_capability( 'MANGLE_ENABLED' , 'Provider marks' , '' );
|
||||||
|
|
||||||
$val = numeric_value $mark;
|
$val = numeric_value $mark;
|
||||||
|
|
||||||
fatal_error "Invalid Mark Value ($mark)" unless defined $val && $val;
|
fatal_error "Invalid Mark Value ($mark)" unless defined $val && $val;
|
||||||
@ -837,17 +839,16 @@ sub add_a_route( ) {
|
|||||||
|
|
||||||
sub setup_null_routing() {
|
sub setup_null_routing() {
|
||||||
save_progress_message "Null Routing the RFC 1918 subnets";
|
save_progress_message "Null Routing the RFC 1918 subnets";
|
||||||
|
emit "> \${VARDIR}undo_rfc1918_routing\n";
|
||||||
for ( rfc1918_networks ) {
|
for ( rfc1918_networks ) {
|
||||||
emit( qq(if ! \$IP -4 route ls | grep -q '^$_.* dev '; then),
|
emit( qq(if ! \$IP -4 route ls | grep -q '^$_.* dev '; then),
|
||||||
qq( run_ip route replace unreachable $_),
|
qq( run_ip route replace unreachable $_),
|
||||||
qq( echo "qt \$IP -4 route del unreachable $_" >> \${VARDIR}/undo_routing),
|
qq( echo "qt \$IP -4 route del unreachable $_" >> \${VARDIR}/undo_rfc1918_routing),
|
||||||
qq(fi\n) );
|
qq(fi\n) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
sub start_providers() {
|
sub start_providers() {
|
||||||
require_capability( 'MANGLE_ENABLED' , 'a non-empty providers file' , 's' );
|
|
||||||
|
|
||||||
emit ( '#',
|
emit ( '#',
|
||||||
'# Undo any changes made since the last time that we [re]started -- this will not restore the default route',
|
'# Undo any changes made since the last time that we [re]started -- this will not restore the default route',
|
||||||
'#',
|
'#',
|
||||||
@ -865,11 +866,7 @@ sub start_providers() {
|
|||||||
emit ( '#',
|
emit ( '#',
|
||||||
'# Capture the default route(s) if we don\'t have it (them) already.',
|
'# Capture the default route(s) if we don\'t have it (them) already.',
|
||||||
'#',
|
'#',
|
||||||
"[ -f \${VARDIR}/default_route ] || \$IP -$family route list | save_default_route > \${VARDIR}/default_route",
|
"[ -f \${VARDIR}/default_route ] || \$IP -$family route list | save_default_route > \${VARDIR}/default_route" );
|
||||||
'#',
|
|
||||||
'# Initialize the file that holds \'undo\' commands',
|
|
||||||
'#',
|
|
||||||
'> ${VARDIR}/undo_routing' );
|
|
||||||
|
|
||||||
save_progress_message 'Adding Providers...';
|
save_progress_message 'Adding Providers...';
|
||||||
|
|
||||||
@ -877,24 +874,14 @@ sub start_providers() {
|
|||||||
emit 'FALLBACK_ROUTE=';
|
emit 'FALLBACK_ROUTE=';
|
||||||
emit '';
|
emit '';
|
||||||
|
|
||||||
emit '';
|
for my $provider ( qw/main default/ ) {
|
||||||
emit qq(> \${VARDIR}/undo_main_routing);
|
|
||||||
emit qq(echo ". \${VARDIR}/undo_main_routing" >> \${VARDIR}/undo_routing\n);
|
|
||||||
emit '';
|
|
||||||
emit $_ for @{$providers{main}{routes}};
|
|
||||||
emit '';
|
|
||||||
emit $_ for @{$providers{main}{rules}};
|
|
||||||
|
|
||||||
if ( @{$providers{default}{rules}} || @{$providers{default}{rules}} ) {
|
|
||||||
emit '';
|
emit '';
|
||||||
emit qq(> \${VARDIR}/undo_default_routing);
|
emit qq(> \${VARDIR}/undo_${provider}_routing );
|
||||||
emit qq(echo ". \${VARDIR}/undo_default_routing" >> \${VARDIR}/undo_routing\n);
|
|
||||||
emit '';
|
emit '';
|
||||||
emit $_ for @{$providers{default}{routes}};
|
emit $_ for @{$providers{$provider}{routes}};
|
||||||
emit '';
|
emit '';
|
||||||
emit $_ for @{$providers{default}{rules}};
|
emit $_ for @{$providers{$provider}{rules}};
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sub finish_providers() {
|
sub finish_providers() {
|
||||||
@ -904,8 +891,8 @@ sub finish_providers() {
|
|||||||
if ( $config{USE_DEFAULT_RT} ) {
|
if ( $config{USE_DEFAULT_RT} ) {
|
||||||
emit ( 'run_ip rule add from ' . ALLIP . ' table ' . MAIN_TABLE . ' pref 999',
|
emit ( 'run_ip rule add from ' . ALLIP . ' table ' . MAIN_TABLE . ' pref 999',
|
||||||
"\$IP -$family rule del from " . ALLIP . ' table ' . MAIN_TABLE . ' pref 32766',
|
"\$IP -$family rule del from " . ALLIP . ' table ' . MAIN_TABLE . ' pref 32766',
|
||||||
qq(echo "qt \$IP -$family rule add from ) . ALLIP . ' table ' . MAIN_TABLE . ' pref 32766" >> ${VARDIR}/undo_routing',
|
qq(echo "qt \$IP -$family rule add from ) . ALLIP . ' table ' . MAIN_TABLE . ' pref 32766" >> ${VARDIR}/undo_main_routing',
|
||||||
qq(echo "qt \$IP -$family rule del from ) . ALLIP . ' table ' . MAIN_TABLE . ' pref 999" >> ${VARDIR}/undo_routing',
|
qq(echo "qt \$IP -$family rule del from ) . ALLIP . ' table ' . MAIN_TABLE . ' pref 999" >> ${VARDIR}/undo_main_routing',
|
||||||
'' );
|
'' );
|
||||||
$table = DEFAULT_TABLE;
|
$table = DEFAULT_TABLE;
|
||||||
}
|
}
|
||||||
@ -1125,10 +1112,6 @@ sub setup_providers() {
|
|||||||
emit "restore_default_route $config{USE_DEFAULT_RT}";
|
emit "restore_default_route $config{USE_DEFAULT_RT}";
|
||||||
|
|
||||||
if ( $config{NULL_ROUTE_RFC1918} ) {
|
if ( $config{NULL_ROUTE_RFC1918} ) {
|
||||||
emit ( '#',
|
|
||||||
'# Initialize the file that holds \'undo\' commands',
|
|
||||||
'#',
|
|
||||||
'> ${VARDIR}/undo_routing' );
|
|
||||||
setup_null_routing;
|
setup_null_routing;
|
||||||
emit "\nrun_ip route flush cache";
|
emit "\nrun_ip route flush cache";
|
||||||
}
|
}
|
||||||
|
|||||||
@ -492,6 +492,8 @@ get_device_mtu1() # $1 = device
|
|||||||
# Undo changes to routing
|
# Undo changes to routing
|
||||||
#
|
#
|
||||||
undo_routing() {
|
undo_routing() {
|
||||||
|
local undofiles
|
||||||
|
local f
|
||||||
|
|
||||||
if [ -z "$g_noroutes" ]; then
|
if [ -z "$g_noroutes" ]; then
|
||||||
#
|
#
|
||||||
@ -504,10 +506,16 @@ undo_routing() {
|
|||||||
#
|
#
|
||||||
# Restore the rest of the routing table
|
# Restore the rest of the routing table
|
||||||
#
|
#
|
||||||
if [ -f ${VARDIR}/undo_routing ]; then
|
undofiles="$(ls ${VARDIR}/undo_*routing 2> /dev/null)"
|
||||||
. ${VARDIR}/undo_routing
|
|
||||||
progress_message "Shorewall-generated routing tables and routing rules removed"
|
if [ -n "$undofiles" ]; then
|
||||||
rm -f ${VARDIR}/undo_*routing
|
for f in $undofiles; do
|
||||||
|
. $f
|
||||||
|
done
|
||||||
|
|
||||||
|
rm -f $undofiles
|
||||||
|
|
||||||
|
progress_message "Shorewall-generated routing tables and routing rules removed"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user