diff --git a/Samples/one-interface/shorewall.conf b/Samples/one-interface/shorewall.conf
index 7c92395ca..4c0d234ab 100644
--- a/Samples/one-interface/shorewall.conf
+++ b/Samples/one-interface/shorewall.conf
@@ -191,6 +191,8 @@ AUTOMAKE=No
WIDE_TC_MARKS=Yes
+TRACK_PROVIDERS=Yes
+
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/Samples/three-interfaces/shorewall.conf b/Samples/three-interfaces/shorewall.conf
index 2f22a0e60..3d2256bea 100644
--- a/Samples/three-interfaces/shorewall.conf
+++ b/Samples/three-interfaces/shorewall.conf
@@ -191,6 +191,8 @@ AUTOMAKE=No
WIDE_TC_MARKS=Yes
+TRACK_PROVIDERS=Yes
+
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/Samples/two-interfaces/shorewall.conf b/Samples/two-interfaces/shorewall.conf
index 1df60024a..3bfb589be 100644
--- a/Samples/two-interfaces/shorewall.conf
+++ b/Samples/two-interfaces/shorewall.conf
@@ -198,6 +198,8 @@ AUTOMAKE=No
WIDE_TC_MARKS=Yes
+TRACK_PROVIDERS=Yes
+
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/Samples6/one-interface/shorewall6.conf b/Samples6/one-interface/shorewall6.conf
index 239c0ec7f..eafb77a0a 100644
--- a/Samples6/one-interface/shorewall6.conf
+++ b/Samples6/one-interface/shorewall6.conf
@@ -139,6 +139,8 @@ AUTOMAKE=No
WIDE_TC_MARKS=Yes
+TRACK_PROVIDERS=Yes
+
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/Samples6/three-interfaces/shorewall6.conf b/Samples6/three-interfaces/shorewall6.conf
index 3f49c09d9..a1576f5c9 100644
--- a/Samples6/three-interfaces/shorewall6.conf
+++ b/Samples6/three-interfaces/shorewall6.conf
@@ -139,6 +139,8 @@ AUTOMAKE=No
WIDE_TC_MARKS=Yes
+TRACK_PROVIDERS=Yes
+
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/Samples6/two-interfaces/shorewall6.conf b/Samples6/two-interfaces/shorewall6.conf
index 0d6f7c65a..6d369784f 100644
--- a/Samples6/two-interfaces/shorewall6.conf
+++ b/Samples6/two-interfaces/shorewall6.conf
@@ -139,6 +139,8 @@ AUTOMAKE=No
WIDE_TC_MARKS=Yes
+TRACK_PROVIDERS=Yes
+
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 5a62a797a..e1f335b8c 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -439,6 +439,7 @@ sub initialize( $ ) {
FAST_STOP => undef ,
AUTOMAKE => undef ,
WIDE_TC_MARKS => undef,
+ TRACK_PROVIDERS => undef,
#
# Packet Disposition
#
@@ -545,6 +546,7 @@ sub initialize( $ ) {
MANGLE_ENABLED => undef ,
AUTOMAKE => undef ,
WIDE_TC_MARKS => undef,
+ TRACK_PROVIDERS => undef,
#
# Packet Disposition
#
@@ -2404,6 +2406,7 @@ sub get_configuration( $ ) {
default_yes_no 'RESTORE_DEFAULT_ROUTE' , 'Yes';
default_yes_no 'AUTOMAKE' , '';
default_yes_no 'WIDE_TC_MARKS' , '';
+ default_yes_no 'TRACK_PROVIDERS' , '';
$capabilities{XCONNMARK} = '' unless $capabilities{XCONNMARK_MATCH} and $capabilities{XMARK};
diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index 353422460..493064392 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -316,7 +316,8 @@ sub add_a_provider( ) {
}
- my ( $loose, $track, $balance , $default, $default_balance, $optional, $mtu ) = (0,1,0,0,$config{USE_DEFAULT_RT} ? 1 : 0,interface_is_optional( $interface ), '' );
+ my ( $loose, $track, $balance , $default, $default_balance, $optional, $mtu ) =
+ (0, $config{TRACK_PROVIDERS}, 0 , 0, $config{USE_DEFAULT_RT} ? 1 : 0, interface_is_optional( $interface ), '' );
unless ( $options eq '-' ) {
for my $option ( split_list $options, 'option' ) {
diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 55a3c1352..913d17a30 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -18,6 +18,8 @@ Changes in Shorewall 4.4.3
9) Make 'track' the default.
+10) Add TRACK_PROVIDERS option.
+
Changes in Shorewall 4.4.2
1) BUGFIX: Correct detection of Persistent SNAT support
diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf
index 1106ae6f4..952f83a19 100644
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@@ -189,6 +189,8 @@ AUTOMAKE=No
WIDE_TC_MARKS=No
+TRACK_PROVIDERS=No
+
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 4583441a5..614e839c9 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -222,9 +222,9 @@ None.
On non-Debian systems, new installs will now log all Shorewall
commands to /var/log/shorewall-init.log.
-2) Because the 'track' provider option is so useful, it is now the
- default. If, for some reason, you don't want 'track' then specify
- 'notrack' for the provider.
+2) A new TRACK_PROVIDERS option has been added in shorewall.conf.
+ The value of this option becomes the default for the 'track'
+ provider option in /etc/shorewall/providers.
----------------------------------------------------------------------------
N E W F E A T U R E S I N 4 . 4 . 0
diff --git a/Shorewall6/shorewall6.conf b/Shorewall6/shorewall6.conf
index 19b00b3b3..b58a1a254 100644
--- a/Shorewall6/shorewall6.conf
+++ b/Shorewall6/shorewall6.conf
@@ -145,6 +145,8 @@ AUTOMAKE=No
WIDE_TC_MARKS=No
+TRACK_PROVIDERS=No
+
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
diff --git a/docs/LennyToSqueeze.xml b/docs/LennyToSqueeze.xml
index ffb5a30e2..9793e7727 100644
--- a/docs/LennyToSqueeze.xml
+++ b/docs/LennyToSqueeze.xml
@@ -700,15 +700,6 @@ NONAT loc - tcp 80
earlier.
-
- /etc/shorewall/providers
-
- Beginnins with Shorewall 4.4.3, the option
- is now the default. If, for some reason, you don't want the
- option then specify
- .
-
-
Extension Scripts
diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml
index 9449fadb8..f706438a2 100644
--- a/docs/MultiISP.xml
+++ b/docs/MultiISP.xml
@@ -143,12 +143,11 @@
Shorewall can set up the correct marking rules for you.
When you use the track option in
- /etc/shorewall/providers (which is the default,
- beginning with Shorewall 4.4.3), connections from the Internet are
- automatically routed back out of the correct interface and through the
- correct ISP gateway. This works whether the connection is handled by the
- firewall itself or if it is routed or port-forwarded to a system behind
- the firewall.
+ /etc/shorewall/providers, connections from the
+ Internet are automatically routed back out of the correct interface and
+ through the correct ISP gateway. This works whether the connection is
+ handled by the firewall itself or if it is routed or port-forwarded to a
+ system behind the firewall.
Shorewall will set up the routing and will update the
/etc/iproute2/rt_tables to include the table names
@@ -164,8 +163,7 @@
Packet marking for traffic control purposes may not be done
in the PREROUTING table for connections involving providers with
- 'track' specified (see below -- note that 'track' defaults to on
- beginning with Shorewall 4.4.3).
+ 'track' specified (see below).
@@ -333,9 +331,13 @@
Beginning with Shorwall 4.3.3, track is the default. To disable
- this option, you must specify notrack (see below).
+ role="bold">track defaults to the setting of
+ the option in shorewall.conf
+ (5). To disable this option when you have
+ specified TRACK_PROVIDERS=Yes, you must specify
+ notrack (see
+ below).
If specified, connections FROM this interface
are to be tracked so that responses may be routed back out
this same interface.
@@ -454,8 +456,7 @@
Added in Shorewall 4.4.3. This option turns off the
- track option which is now
- the default.
+ track option.
diff --git a/manpages/shorewall-providers.xml b/manpages/shorewall-providers.xml
index 39422b1b3..eb53d3cbd 100644
--- a/manpages/shorewall-providers.xml
+++ b/manpages/shorewall-providers.xml
@@ -168,6 +168,13 @@
is the default. If, for some reason, you don't want
then specify
(see below).
+
+ Beginning with Shorewall 4.4.3,
+ defaults to the setting of the TRACK_PROVIDERS option in
+ shorewall.conf (5).
+ If you set TRACK_PROVIDERS=Yes and want to override that
+ setting for an individual provider, then specify
+ (see below).
@@ -204,7 +211,7 @@
Added in Shorewall 4.4.3. When specified, turns off
- which is now the default.
+ .
diff --git a/manpages6/shorewall6-providers.xml b/manpages6/shorewall6-providers.xml
index bd137bc93..62e25680f 100644
--- a/manpages6/shorewall6-providers.xml
+++ b/manpages6/shorewall6-providers.xml
@@ -154,9 +154,11 @@
provider.
Beginning with Shorewall 4.4.3,
- is the default. If, for some reason, you don't want
- then specify
- (see below).
+ defaults to the setting of the TRACK_PROVIDERS option in
+ shorewall6.conf
+ (5). If you set TRACK_PROVIDERS=Yes and want to override that
+ setting for an individual provider, then specify
+ (see below).
@@ -177,7 +179,7 @@
Added in Shorewall 4.4.3. When specified, turns off
- which is now the default.
+ .