Andrew Niemantsverdriet wrote: > I am resubmitting my question. I have to have two bridges for one > virtual machine. So if you would look at the code and see what can be > done I would appreciate it.
Attached is a lightly-tested patch against 4.4.3.
cd /usr/share/shorewall/Shorewall
patch -p4 < <path to>/bridges.diff
Please let me know if you have problems.
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index b9097bb..5ee3bdf 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -1726,6 +1726,7 @@ sub match_source_dev( $ ) {
return '' if $interface eq '+';
my $interfaceref = known_interface( $interface );
if ( $interfaceref && $interfaceref->{options}{port} ) {
+ $interface =~ s/\++/+/;
"-i $interfaceref->{bridge} -m physdev --physdev-in $interface ";
} else {
"-i $interface ";
@@ -1741,6 +1742,7 @@ sub match_dest_dev( $ ) {
my $interfaceref = known_interface( $interface );
if ( $interfaceref && $interfaceref->{options}{port} ) {
if ( $capabilities{PHYSDEV_BRIDGE} ) {
+ $interface =~ s/\++/+/;
"-o $interfaceref->{bridge} -m physdev --physdev-is-bridged --physdev-out $interface ";
} else {
"-o $interfaceref->{bridge} -m physdev --physdev-out $interface ";
diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm
index 1ada59b..bc1ce22 100644
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@@ -503,6 +503,9 @@ sub zone_report()
if ( $hosts ) {
my $grouplist = join ',', ( @$hosts );
$grouplist = join '!', ( $grouplist, $exclusions) if $exclusions;
+
+ $interface =~ s/\++/+/;
+
if ( $family == F_IPV4 ) {
progress_message_nocompress " $interface:$grouplist";
} else {
@@ -560,6 +563,8 @@ sub dump_zone_contents()
$grouplist = join '!', ( $grouplist, $exclusions ) if $exclusions;
+ $interface =~ s/\++/+/;
+
if ( $family == F_IPV4 ) {
$entry .= " $interface:$grouplist";
} else {
@@ -733,7 +738,18 @@ sub process_interface( $ ) {
fatal_error qq("Virtual" interfaces are not supported -- see http://www.shorewall.net/Shorewall_and_Aliased_Interfaces.html) if $port =~ /^\d+$/;
require_capability( 'PHYSDEV_MATCH', 'Bridge Ports', '');
fatal_error "Your iptables is not recent enough to support bridge ports" unless $capabilities{KLUDGEFREE};
- fatal_error "Duplicate Interface ($port)" if $interfaces{$port};
+
+ fatal_error "Invalid Interface Name ($interface:$port)" unless $port eq '' || $port =~ /^[...@%-]+\+?$/;
+
+ if ( $port =~ /\+$/ ) {
+ while ( $interfaces{$port} ) {
+ fatal_error "Duplicate Interface ($interface:$port)" if $interfaces{$port}{bridge} eq $interface;
+ $port .= '+';
+ }
+ } else {
+ fatal_error "Duplicate Interface ($port)" if $interfaces{$port};
+ }
+
fatal_error "$interface is not a defined bridge" unless $interfaces{$interface} && $interfaces{$interface}{options}{bridge};
fatal_error "Bridge Ports may only be associated with 'bport' zones" if $zone && $zoneref->{type} != BPORT;
@@ -747,8 +763,6 @@ sub process_interface( $ ) {
next if $port eq '';
- fatal_error "Invalid Interface Name ($interface:$port)" unless $port =~ /^[...@%-]+\+?$/;
-
$bridge = $interface;
$interface = $port;
} else {
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
