bridge: vlan-aware: add new boolean policy "vlan_aware_bridge_address_support"
closes #58
In linux its possible to assign a vlan-aware bridge an ip address
For some use cases is it useful to restrict users from configuring
ips on bridges VA. This patch will let admins and distributions
decide if it is necessary to warn the user in such case.
The patch introduces a new 'address' policy:
vlan_aware_bridge_address_support: yes|no|on|off|0|1 (default to yes)
[16:46:09] root:~ # cat /var/lib/ifupdown2/policy.d/address.json
{
"address": {
"module_globals": {
"enable_l3_iface_forwarding_checks": "yes"
},
"defaults": {
"mtu": "1500",
"ip-forward": "on",
"ip6-forward": "on"
}
}
}
[16:46:16] root:~ # ifquery -a
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto bridge
iface bridge
bridge-ports swp1
bridge-vlan-aware yes
address 10.10.10.10/32
[16:46:20] root:~ # ifup -a --syntax-check
[16:46:22] root:~ # echo $?
0
[16:46:33] root:~ # nano /var/lib/ifupdown2/policy.d/address.json
[16:46:47] root:~ # cat /var/lib/ifupdown2/policy.d/address.json
{
"address": {
"module_globals": {
"enable_l3_iface_forwarding_checks": "yes",
"vlan_aware_bridge_address_support": "no"
},
"defaults": {
"mtu": "1500",
"ip-forward": "on",
"ip6-forward": "on"
}
}
}
[16:46:48] root:~ # ifup -a --syntax-check
warning: bridge: ignoring ip address. Assigning an IP address is not allowed on bridge vlan aware interfaces
[16:46:51] root:~ # echo $?
1
[16:46:52] root:~ #