On 03/16/2013 06:21 PM, Mr Dash Four wrote: > Now, the bug I found: > > routes > ~~~~ > main 10.0.0.0/8 blackhole > main 10.0.0.0/8 prohibit > > generates: > > run_ip route add blackhole 10.0.0.0/8 table 254 > run_ip route add prohibit 10.0.0.0/8 table 254 > > That is not going to work (ip will complain that the route already > exists). A much cleaner solution to this would be if shorewall could > spot the overlap during compile time (don't know how doable that would > be), or, if that is not possible, to change "add" with replace, in which > case the latest route added will take precedence.
The attached patch replaces 'add' with 'replace'. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Providers.pm b/Shorewall/Perl/Shorewall/Providers.pm
index 87d43b8..c23be2c 100644
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -1147,18 +1147,18 @@ sub add_a_route( ) {
if ( $gateway ne '-' ) {
if ( $device ne '-' ) {
- push @$routes, qq(run_ip route add $dest via $gateway dev $physical table $number);
+ push @$routes, qq(run_ip route replace $dest via $gateway dev $physical table $number);
push @$routes, q(echo "$IP ) . qq(-$family route del $dest via $gateway dev $physical table $number > /dev/null 2>&1" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
} elsif ( $null ) {
- push @$routes, qq(run_ip route add $null $dest table $number);
+ push @$routes, qq(run_ip route replace $null $dest table $number);
push @$routes, q(echo "$IP ) . qq(-$family route del $null $dest table $number > /dev/null 2>&1" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
} else {
- push @$routes, qq(run_ip route add $dest via $gateway table $number);
+ push @$routes, qq(run_ip route replace $dest via $gateway table $number);
push @$routes, q(echo "$IP ) . qq(-$family route del $dest via $gateway table $number > /dev/null 2>&1" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
}
} else {
fatal_error "You must specify a device for this route" unless $physical;
- push @$routes, qq(run_ip route add $dest dev $physical table $number);
+ push @$routes, qq(run_ip route replace $dest dev $physical table $number);
push @$routes, q(echo "$IP ) . qq(-$family route del $dest dev $physical table $number > /dev/null 2>&1" >> \${VARDIR}/undo_${provider}_routing) if $number >= DEFAULT_TABLE;
}
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
