forked from extern/shorewall_code
Finish 'detectnets'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6054 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
82eaf6fe1a
commit
e4c8d85fb9
@ -115,6 +115,36 @@ sub add_group_to_zone($$$$$)
|
||||
push @{$arrayref}, \%h;
|
||||
}
|
||||
|
||||
sub get_routed_networks ( $$ ) {
|
||||
my ( $interface , $error_message ) = @_;
|
||||
my @networks;
|
||||
|
||||
if ( open IP , '-|' , "ip route show dev $interface 2> /dev/null" ) {
|
||||
while ( my $route = <IP> ) {
|
||||
$route =~ s/^\s+//;
|
||||
my $network = ( split /\s+/, $route )[0];
|
||||
if ( $network eq 'default' ) {
|
||||
if ( $error_message ) {
|
||||
fatal_error $error_message;
|
||||
} else {
|
||||
warning_message "default route ignored on interface $interface";
|
||||
}
|
||||
} else {
|
||||
my ( $address, $vlsm ) = split '/', $network;
|
||||
$vlsm = 32 unless defined $vlsm;
|
||||
push @networks, "$address/$vlsm";
|
||||
}
|
||||
}
|
||||
close IP
|
||||
} else {
|
||||
fatal_error "Cannot get routes through interface $interface";
|
||||
}
|
||||
|
||||
fatal_error "detectnets: There are no routes through interface $interface" unless @networks;
|
||||
|
||||
@networks;
|
||||
}
|
||||
|
||||
#
|
||||
# Parse the interfaces file.
|
||||
#
|
||||
@ -186,12 +216,10 @@ sub validate_interfaces_file()
|
||||
|
||||
my $optionsref = {};
|
||||
|
||||
if ( $options )
|
||||
{
|
||||
my %options;
|
||||
|
||||
for my $option (split ',', $options )
|
||||
{
|
||||
my %options;
|
||||
|
||||
if ( $options ) {
|
||||
for my $option (split ',', $options ) {
|
||||
next if $option eq '-';
|
||||
|
||||
( $option, my $value ) = split /=/, $option;
|
||||
@ -219,19 +247,22 @@ sub validate_interfaces_file()
|
||||
$options{arp_ignore} = 1;
|
||||
}
|
||||
} else {
|
||||
fatal_error "Internal Error in validate_interfaces_file"
|
||||
fatal_error "Internal Error in validate_interfaces_file";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$zoneref->{options}{in_out}{routeback} = 1 if $options{routeback};
|
||||
|
||||
$interfaces{$interface}{options} = $optionsref = \%options;
|
||||
|
||||
}
|
||||
|
||||
$interfaces{$interface}{options} = $optionsref = \%options;
|
||||
|
||||
push @interfaces, $interface;
|
||||
|
||||
add_group_to_zone( $zone, $zoneref->{type}, $interface, \@allipv4, $optionsref ) if $zone;
|
||||
my @networks = $options{detectnets} ? get_routed_networks( $interface , "detectnets not allowed on interface with default route - $interface" ) : @allipv4;
|
||||
|
||||
add_group_to_zone( $zone, $zoneref->{type}, $interface, \@networks, $optionsref ) if $zone;
|
||||
|
||||
$interfaces{$interface}{zone} = $zone; #Must follow the call to add_group_to_zone()
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user