forked from extern/shorewall_code
Allow simple configuration of a bridge with no IP address
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
4b6bff7693
commit
d8b0f496df
@ -1689,9 +1689,12 @@ sub add_interface_jumps {
|
||||
# Add the jumps to the interface chains from filter FORWARD, INPUT, OUTPUT
|
||||
#
|
||||
for my $interface ( @_ ) {
|
||||
my $forwardref = $filter_table->{forward_chain $interface};
|
||||
my $inputref = $filter_table->{input_chain $interface};
|
||||
my $outputref = $filter_table->{output_chain $interface};
|
||||
my $forwardref = $filter_table->{forward_chain $interface};
|
||||
my $inputref = $filter_table->{input_chain $interface};
|
||||
my $outputref = $filter_table->{output_chain $interface};
|
||||
my $interfaceref = find_interface($interface);
|
||||
|
||||
add_rule ( $filter_table->{FORWARD}, match_source_dev( $interface) . match_dest_dev( $interface) . '-j ACCEPT' ) unless $interfaceref->{nets} || ! $interfaceref->{options}{routeback};
|
||||
|
||||
add_jump( $filter_table->{FORWARD} , $forwardref , 0, match_source_dev( $interface ) ) unless $forward_jump_added{$interface} || ! use_forward_chain $interface, $forwardref;
|
||||
add_jump( $filter_table->{INPUT} , $inputref , 0, match_source_dev( $interface ) ) unless $input_jump_added{$interface} || ! use_input_chain $interface, $inputref;
|
||||
|
@ -223,7 +223,7 @@ sub initialize( $ ) {
|
||||
nosmurfs => SIMPLE_IF_OPTION + IF_OPTION_HOST,
|
||||
optional => SIMPLE_IF_OPTION,
|
||||
proxyarp => BINARY_IF_OPTION,
|
||||
routeback => SIMPLE_IF_OPTION + IF_OPTION_ZONEONLY + IF_OPTION_HOST,
|
||||
routeback => SIMPLE_IF_OPTION + IF_OPTION_HOST,
|
||||
routefilter => NUMERIC_IF_OPTION ,
|
||||
sourceroute => BINARY_IF_OPTION,
|
||||
tcpflags => SIMPLE_IF_OPTION + IF_OPTION_HOST,
|
||||
@ -251,7 +251,7 @@ sub initialize( $ ) {
|
||||
nosmurfs => SIMPLE_IF_OPTION + IF_OPTION_HOST,
|
||||
optional => SIMPLE_IF_OPTION,
|
||||
proxyndp => BINARY_IF_OPTION,
|
||||
routeback => SIMPLE_IF_OPTION + IF_OPTION_ZONEONLY + IF_OPTION_HOST,
|
||||
routeback => SIMPLE_IF_OPTION + IF_OPTION_HOST,
|
||||
sourceroute => BINARY_IF_OPTION,
|
||||
tcpflags => SIMPLE_IF_OPTION + IF_OPTION_HOST,
|
||||
mss => NUMERIC_IF_OPTION,
|
||||
@ -663,7 +663,7 @@ sub add_group_to_zone($$$$$)
|
||||
push @$new, $host;
|
||||
}
|
||||
|
||||
$zoneref->{options}{in_out}{routeback} = 1 if $options->{routeback};
|
||||
$zoneref->{options}{in_out}{routeback} = 1 if $options->{routeback} || $interfaces{$interface}{options}{routeback};
|
||||
|
||||
my $gtype = $type == IPSEC ? 'ipsec' : 'ip';
|
||||
|
||||
|
@ -38,6 +38,8 @@ Changes in Shorewall 4.4.9
|
||||
|
||||
18) Fix rare optimization bug.
|
||||
|
||||
19) Allow definition of an addressless bridge without a zone.
|
||||
|
||||
Changes in Shorewall 4.4.8
|
||||
|
||||
1) Correct handling of RATE LIMIT on NAT rules.
|
||||
|
@ -367,6 +367,25 @@ None.
|
||||
searches the current LOGFILE for Netfilter messages matching the
|
||||
supplied regex.
|
||||
|
||||
6) There are some instances where a bridge with no IP address is
|
||||
configured. Prior to Shorewall 4.4.9, this required the following:
|
||||
|
||||
/etc/shorewall/interfaces:
|
||||
#ZONE INTERFACE BROADCAST OPTIONS
|
||||
dummy br0 - routeback
|
||||
|
||||
/etc/shorewall/policy:
|
||||
#SOURCE DEST POLICY
|
||||
dummy all NONE
|
||||
all dummy NONE
|
||||
|
||||
Beginning in this release, a single entry will suffice:
|
||||
|
||||
/etc/shorewall/interfaces:
|
||||
#ZONE INTERFACE BROADCAST OPTIONS
|
||||
- br0 - routeback
|
||||
|
||||
|
||||
----------------------------------------------------------------------------
|
||||
V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S
|
||||
I N P R I O R R E L E A S E S
|
||||
|
Loading…
Reference in New Issue
Block a user