holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add TRACK_PROVIDERS option

Browse Source
This commit is contained in:
Tom Eastep 2009-10-20 13:24:17 -07:00
parent 49f361124e
commit d0cda6b6ea
16 changed files with 54 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Samples/one-interface/shorewall.conf
View File

@ -191,6 +191,8 @@ AUTOMAKE=No
WIDE_TC_MARKS=Yes WIDE_TC_MARKS=Yes
TRACK_PROVIDERS=Yes
############################################################################### ###############################################################################
# P A C K E T D I S P O S I T I O N # P A C K E T D I S P O S I T I O N
############################################################################### ###############################################################################

2
Samples/three-interfaces/shorewall.conf
View File

@ -191,6 +191,8 @@ AUTOMAKE=No
WIDE_TC_MARKS=Yes WIDE_TC_MARKS=Yes
TRACK_PROVIDERS=Yes
############################################################################### ###############################################################################
# P A C K E T D I S P O S I T I O N # P A C K E T D I S P O S I T I O N
############################################################################### ###############################################################################

2
Samples/two-interfaces/shorewall.conf
View File

@ -198,6 +198,8 @@ AUTOMAKE=No
WIDE_TC_MARKS=Yes WIDE_TC_MARKS=Yes
TRACK_PROVIDERS=Yes
############################################################################### ###############################################################################
# P A C K E T D I S P O S I T I O N # P A C K E T D I S P O S I T I O N
############################################################################### ###############################################################################

2
Samples6/one-interface/shorewall6.conf
View File

@ -139,6 +139,8 @@ AUTOMAKE=No
WIDE_TC_MARKS=Yes WIDE_TC_MARKS=Yes
TRACK_PROVIDERS=Yes
############################################################################### ###############################################################################
# P A C K E T D I S P O S I T I O N # P A C K E T D I S P O S I T I O N
############################################################################### ###############################################################################

2
Samples6/three-interfaces/shorewall6.conf
View File

@ -139,6 +139,8 @@ AUTOMAKE=No
WIDE_TC_MARKS=Yes WIDE_TC_MARKS=Yes
TRACK_PROVIDERS=Yes
############################################################################### ###############################################################################
# P A C K E T D I S P O S I T I O N # P A C K E T D I S P O S I T I O N
############################################################################### ###############################################################################

2
Samples6/two-interfaces/shorewall6.conf
View File

@ -139,6 +139,8 @@ AUTOMAKE=No
WIDE_TC_MARKS=Yes WIDE_TC_MARKS=Yes
TRACK_PROVIDERS=Yes
############################################################################### ###############################################################################
# P A C K E T D I S P O S I T I O N # P A C K E T D I S P O S I T I O N
############################################################################### ###############################################################################

3
Shorewall/Perl/Shorewall/Config.pm
View File

@ -439,6 +439,7 @@ sub initialize( $ ) {
FAST_STOP => undef , FAST_STOP => undef ,
AUTOMAKE => undef , AUTOMAKE => undef ,
WIDE_TC_MARKS => undef, WIDE_TC_MARKS => undef,
TRACK_PROVIDERS => undef,
# #
# Packet Disposition # Packet Disposition
# #
@ -545,6 +546,7 @@ sub initialize( $ ) {
MANGLE_ENABLED => undef , MANGLE_ENABLED => undef ,
AUTOMAKE => undef , AUTOMAKE => undef ,
WIDE_TC_MARKS => undef, WIDE_TC_MARKS => undef,
TRACK_PROVIDERS => undef,
# #
# Packet Disposition # Packet Disposition
# #
@ -2404,6 +2406,7 @@ sub get_configuration( $ ) {
default_yes_no 'RESTORE_DEFAULT_ROUTE' , 'Yes'; default_yes_no 'RESTORE_DEFAULT_ROUTE' , 'Yes';
default_yes_no 'AUTOMAKE' , ''; default_yes_no 'AUTOMAKE' , '';
default_yes_no 'WIDE_TC_MARKS' , ''; default_yes_no 'WIDE_TC_MARKS' , '';
default_yes_no 'TRACK_PROVIDERS' , '';
$capabilities{XCONNMARK} = '' unless $capabilities{XCONNMARK_MATCH} and $capabilities{XMARK}; $capabilities{XCONNMARK} = '' unless $capabilities{XCONNMARK_MATCH} and $capabilities{XMARK};

3
Shorewall/Perl/Shorewall/Providers.pm
View File

@ -316,7 +316,8 @@ sub add_a_provider( ) {
} }
my ( $loose, $track, $balance , $default, $default_balance, $optional, $mtu ) = (0,1,0,0,$config{USE_DEFAULT_RT} ? 1 : 0,interface_is_optional( $interface ), '' ); my ( $loose, $track, $balance , $default, $default_balance, $optional, $mtu ) =
(0, $config{TRACK_PROVIDERS}, 0 , 0, $config{USE_DEFAULT_RT} ? 1 : 0, interface_is_optional( $interface ), '' );
unless ( $options eq '-' ) { unless ( $options eq '-' ) {
for my $option ( split_list $options, 'option' ) { for my $option ( split_list $options, 'option' ) {

2
Shorewall/changelog.txt
View File

@ -18,6 +18,8 @@ Changes in Shorewall 4.4.3
9) Make 'track' the default. 9) Make 'track' the default.
10) Add TRACK_PROVIDERS option.
Changes in Shorewall 4.4.2 Changes in Shorewall 4.4.2
1) BUGFIX: Correct detection of Persistent SNAT support 1) BUGFIX: Correct detection of Persistent SNAT support

2
Shorewall/configfiles/shorewall.conf
View File

@ -189,6 +189,8 @@ AUTOMAKE=No
WIDE_TC_MARKS=No WIDE_TC_MARKS=No
TRACK_PROVIDERS=No
############################################################################### ###############################################################################
# P A C K E T D I S P O S I T I O N # P A C K E T D I S P O S I T I O N
############################################################################### ###############################################################################

6
Shorewall/releasenotes.txt
View File

@ -222,9 +222,9 @@ None.
On non-Debian systems, new installs will now log all Shorewall On non-Debian systems, new installs will now log all Shorewall
commands to /var/log/shorewall-init.log. commands to /var/log/shorewall-init.log.
2) Because the 'track' provider option is so useful, it is now the 2) A new TRACK_PROVIDERS option has been added in shorewall.conf.
default. If, for some reason, you don't want 'track' then specify The value of this option becomes the default for the 'track'
'notrack' for the provider. provider option in /etc/shorewall/providers.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
N E W F E A T U R E S I N 4 . 4 . 0 N E W F E A T U R E S I N 4 . 4 . 0

2
Shorewall6/shorewall6.conf
View File

@ -145,6 +145,8 @@ AUTOMAKE=No
WIDE_TC_MARKS=No WIDE_TC_MARKS=No
TRACK_PROVIDERS=No
############################################################################### ###############################################################################
# P A C K E T D I S P O S I T I O N # P A C K E T D I S P O S I T I O N
############################################################################### ###############################################################################

9
docs/LennyToSqueeze.xml
View File

@ -700,15 +700,6 @@ NONAT loc - tcp 80</programlisting>
earlier.</para> earlier.</para>
</section> </section>
<section>
<title>/etc/shorewall/providers</title>
<para>Beginnins with Shorewall 4.4.3, the <option>track</option> option
is now the default. If, for some reason, you don't want the
<option>track</option> option then specify
<option>notrack</option>.</para>
</section>
<section id="extension"> <section id="extension">
<title>Extension Scripts</title> <title>Extension Scripts</title>

27
docs/MultiISP.xml
View File

@ -143,12 +143,11 @@
Shorewall can set up the correct marking rules for you.</para> Shorewall can set up the correct marking rules for you.</para>
<para>When you use the <emphasis role="bold">track</emphasis> option in <para>When you use the <emphasis role="bold">track</emphasis> option in
<filename>/etc/shorewall/providers</filename> (which is the default, <filename>/etc/shorewall/providers</filename>, connections from the
beginning with Shorewall 4.4.3), connections from the Internet are Internet are automatically routed back out of the correct interface and
automatically routed back out of the correct interface and through the through the correct ISP gateway. This works whether the connection is
correct ISP gateway. This works whether the connection is handled by the handled by the firewall itself or if it is routed or port-forwarded to a
firewall itself or if it is routed or port-forwarded to a system behind system behind the firewall.</para>
the firewall.</para>
<para>Shorewall will set up the routing and will update the <para>Shorewall will set up the routing and will update the
<filename>/etc/iproute2/rt_tables</filename> to include the table names <filename>/etc/iproute2/rt_tables</filename> to include the table names
@ -164,8 +163,7 @@
<listitem> <listitem>
<para>Packet marking for traffic control purposes may not be done <para>Packet marking for traffic control purposes may not be done
in the PREROUTING table for connections involving providers with in the PREROUTING table for connections involving providers with
'track' specified (see below -- note that 'track' defaults to on 'track' specified (see below).</para>
beginning with Shorewall 4.4.3).</para>
</listitem> </listitem>
<listitem> <listitem>
@ -333,9 +331,13 @@
<listitem> <listitem>
<para><important> <para><important>
<para>Beginning with Shorwall 4.3.3, <emphasis <para>Beginning with Shorwall 4.3.3, <emphasis
role="bold">track</emphasis> is the default. To disable role="bold">track</emphasis> defaults to the setting of
this option, you must specify <emphasis the <option>TRACK_PROVIDERS</option> option in <ulink
role="bold">notrack</emphasis> (see below).</para> url="manpages/shorewall.conf">shorewall.conf
</ulink>(5). To disable this option when you have
specified TRACK_PROVIDERS=Yes, you must specify
<emphasis role="bold">notrack</emphasis> (see
below).</para>
</important>If specified, connections FROM this interface </important>If specified, connections FROM this interface
are to be tracked so that responses may be routed back out are to be tracked so that responses may be routed back out
this same interface.</para> this same interface.</para>
@ -454,8 +456,7 @@
<listitem> <listitem>
<para>Added in Shorewall 4.4.3. This option turns off the <para>Added in Shorewall 4.4.3. This option turns off the
<emphasis role="bold">track</emphasis> option which is now <emphasis role="bold">track</emphasis> option.</para>
the default.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

9
manpages/shorewall-providers.xml
View File

@ -168,6 +168,13 @@
is the default. If, for some reason, you don't want is the default. If, for some reason, you don't want
<option>track</option> then specify <option>notrack</option> <option>track</option> then specify <option>notrack</option>
(see below).</para> (see below).</para>
<para>Beginning with Shorewall 4.4.3, <option>track</option>
defaults to the setting of the TRACK_PROVIDERS option in
<ulink url="shorwewall.conf.html">shorewall.conf</ulink> (5).
If you set TRACK_PROVIDERS=Yes and want to override that
setting for an individual provider, then specify
<option>notrack</option> (see below).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -204,7 +211,7 @@
<listitem> <listitem>
<para>Added in Shorewall 4.4.3. When specified, turns off <para>Added in Shorewall 4.4.3. When specified, turns off
<option>track</option> which is now the default.</para> <option>track</option>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

10
manpages6/shorewall6-providers.xml
View File

@ -154,9 +154,11 @@
provider.</para> provider.</para>
<para>Beginning with Shorewall 4.4.3, <option>track</option> <para>Beginning with Shorewall 4.4.3, <option>track</option>
is the default. If, for some reason, you don't want defaults to the setting of the TRACK_PROVIDERS option in
<option>track</option> then specify <option>notrack</option> <ulink url="shorwewall6.conf.html">shorewall6.conf</ulink>
(see below).</para> (5). If you set TRACK_PROVIDERS=Yes and want to override that
setting for an individual provider, then specify
<option>notrack</option> (see below).</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -177,7 +179,7 @@
<listitem> <listitem>
<para>Added in Shorewall 4.4.3. When specified, turns off <para>Added in Shorewall 4.4.3. When specified, turns off
<option>track</option> which is now the default.</para> <option>track</option>.</para>
</listitem> </listitem>
</varlistentry> </varlistentry>