holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity
94ad76f97d
shorewall_code/Shorewall/clib.ecn
teastep 94ad76f97d Implement library load on demand 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4400 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2006-08-22 20:20:42 +00:00

79 lines
2.2 KiB
Bash
Raw Blame History

#!/bin/sh
#
# Shorewall 3.2 -- /usr/share/shorewall/clib.ecn
#
# This program is under GPL [http://www.gnu.org/copyleft/gpl.htm]
#
# (c) 2005,2006 - Tom Eastep (teastep@shorewall.net)
#
# Complete documentation is available at http://shorewall.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of Version 2 of the GNU General Public License
# as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
#
# ECN Chain to an interface
#
ecn_chain() # $1 = interface
{
echo $(chain_base $1)_ecn
}
#
# Setup ECN disabling rules
#
setup_ecn() # $1 = file name
{
local interfaces=""
local hosts=
local h
progress_message2 "$DOING $1..."
while read interface host; do
expandv interface host
list_search $interface $ALL_INTERFACES || \
fatal_error "Unknown interface $interface"
list_search $interface $interfaces || \
interfaces="$interfaces $interface"
[ "x$host" = "x-" ] && host=
for h in $(separate_list ${host:-0.0.0.0/0}); do
hosts="$hosts $interface:$h"
done
done < $TMP_DIR/ecn
if [ -n "$interfaces" ]; then
progress_message "$DOING ECN control on${interfaces}..."
for interface in $interfaces; do
chain=$(ecn_chain $interface)
if havemanglechain $chain; then
flushmangle $chain
else
createmanglechain $chain
run_iptables -t mangle -A POSTROUTING -p tcp -o $interface -j $chain
run_iptables -t mangle -A OUTPUT -p tcp -o $interface -j $chain
fi
done
for host in $hosts; do
interface=${host%:*}
h=${host#*:}
run_iptables -t mangle -A $(ecn_chain $interface) -p tcp $(dest_ip_range $h) -j ECN --ecn-tcp-remove
progress_message_and_save " ECN Disabled to $h through $interface"
done
fi
}
CLIB_ECN_LOADED=Yes
View Git Blame Copy Permalink