mirror of
https://github.com/CumulusNetworks/ifupdown2.git
synced 2024-05-06 15:54:50 +00:00
70a6640ce1
closes #58 In linux its possible to assign a vlan-aware bridge an ip address For some use cases is it useful to restrict users from configuring ips on bridges VA. This patch will let admins and distributions decide if it is necessary to warn the user in such case. The patch introduces a new 'address' policy: vlan_aware_bridge_address_support: yes|no|on|off|0|1 (default to yes) [16:46:09] root:~ # cat /var/lib/ifupdown2/policy.d/address.json { "address": { "module_globals": { "enable_l3_iface_forwarding_checks": "yes" }, "defaults": { "mtu": "1500", "ip-forward": "on", "ip6-forward": "on" } } } [16:46:16] root:~ # ifquery -a auto lo iface lo inet loopback auto eth0 iface eth0 inet dhcp auto bridge iface bridge bridge-ports swp1 bridge-vlan-aware yes address 10.10.10.10/32 [16:46:20] root:~ # ifup -a --syntax-check [16:46:22] root:~ # echo $? 0 [16:46:33] root:~ # nano /var/lib/ifupdown2/policy.d/address.json [16:46:47] root:~ # cat /var/lib/ifupdown2/policy.d/address.json { "address": { "module_globals": { "enable_l3_iface_forwarding_checks": "yes", "vlan_aware_bridge_address_support": "no" }, "defaults": { "mtu": "1500", "ip-forward": "on", "ip6-forward": "on" } } } [16:46:48] root:~ # ifup -a --syntax-check warning: bridge: ignoring ip address. Assigning an IP address is not allowed on bridge vlan aware interfaces [16:46:51] root:~ # echo $? 1 [16:46:52] root:~ # Reviewed-by: Roopa Prabhu <roopa@cumulusnetworks.com> Signed-off-by: Julien Fortin <julien@cumulusnetworks.com>
15 KiB
15 KiB