holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Obviate the need for 'loose'

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2389 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-07-21 19:48:33 +00:00
parent 9e6161cf9d
commit fbabd7d6ef
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Shorewall/firewall
View File

@ -1052,7 +1052,7 @@ verify_mark() # $1 = value to test
# #
setup_providers() setup_providers()
{ {
local table number mark duplicate interface gateway options provider address copy route loose addresses local table number mark duplicate interface gateway options provider address copy route loose addresses rulenum pref
copy_table() { copy_table() {
run_ip route show table $duplicate | while read net route; do run_ip route show table $duplicate | while read net route; do
@ -1066,8 +1066,7 @@ setup_providers()
done done
} }
copy_and_edit_table() { copy_and_edit_table() {
run_ip route show table $duplicate | while read net route; do run_ip route show table $duplicate | while read net route; do
case $net in case $net in
default|nexthop) default|nexthop)
@ -1137,7 +1136,7 @@ setup_providers()
run_and_save_command qt ip rule del fwmark $mark run_and_save_command qt ip rule del fwmark $mark
ensure_and_save_command ip rule add fwmark $mark table $number ensure_and_save_command ip rule add fwmark $mark pref $((10000 + $mark)) table $number
loose= loose=
@ -1167,9 +1166,15 @@ setup_providers()
esac esac
done done
rulenum=0
find_interface_addresses $interface | while read address; do find_interface_addresses $interface | while read address; do
run_and_save_command qt ip rule del from $address run_and_save_command qt ip rule del from $address
[ -n "$loose" ] || ensure_and_save_command ip rule add from $address table $number if [ -z "$loose" ]; then
pref=$((20000 + $rulenum * 1000 + $mark ))
rulenum=$(($rulenum + 1))
ensure_and_save_command ip rule add from $address pref $pref table $number
fi
done done
} }
@ -5903,7 +5908,7 @@ setup_masq()
if [ -n "$networks" ]; then if [ -n "$networks" ]; then
for s in $networks; do for s in $networks; do
for destnet in $(separate_list $destnets); do for destnet in $(separate_list $destnets); do
addnatrule $chain $(both_ip_ranges $s $destnet) $proto $ports -j $newchain addnatrule $chain $(both_ip_ranges $s $destnet) $proto $ports $policy -j $newchain
done done
done done
else else