mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-22 07:33:43 +01:00
Detect which matches are available.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
223ed5b3a3
commit
21770a89d6
@ -2020,6 +2020,16 @@ determine_capabilities() {
|
||||
GEOIP_MATCH=
|
||||
RPFILTER_MATCH=
|
||||
NFACCT_MATCH=
|
||||
AMANDA_HELPER=
|
||||
FTP_HELPER=
|
||||
IRC_HELPER=
|
||||
NETBIOS_NS_HELPER=
|
||||
H323_HELPERS=
|
||||
PPTP_HELPER=
|
||||
SANE_HELPER=
|
||||
SIP_HELPER=
|
||||
SNMP_HELPER=
|
||||
TFTP_HELPER=
|
||||
|
||||
chain=fooX$$
|
||||
|
||||
@ -2177,9 +2187,24 @@ determine_capabilities() {
|
||||
qt $g_tool -t rawpost -L -n && RAWPOST_TABLE=Yes
|
||||
|
||||
if [ -n "$RAW_TABLE" ]; then
|
||||
qt $g_tool -t raw -F $chain
|
||||
qt $g_tool -t raw -X $chain
|
||||
qt $g_tool -t raw -N $chain
|
||||
qt $g_tool -t raw -A $chain -j CT --notrack && CT_TARGET=Yes
|
||||
qt $g_tool -t raw -N $chain
|
||||
|
||||
if qt $g_tool -t raw -A $chain -j CT --notrack; then
|
||||
CT_TARGET=Yes
|
||||
qt $g_tool -t raw -A $chain -p udp --dport 10080 -j CT --helper amanda && AMANDA_HELPER=Yes
|
||||
qt $g_tool -t raw -A $chain -p tcp --dport 21 -j CT --helper ftp && FTP_HELPER=Yes
|
||||
qt $g_tool -t raw -A $chain -p udp --dport 1719 -j CT --helper RAS && H323_HELPERS=Yes
|
||||
qt $g_tool -t raw -A $chain -p tcp --dport 6667 -j CT --helper irc && IRC_HELPER=Yes
|
||||
qt $g_tool -t raw -A $chain -p udp --dport 137 -j CT --helper netbios-ns && NETBIOS_NS_HELPER=Yes
|
||||
qt $g_tool -t raw -A $chain -p tcp --dport 1729 -j CT --helper pptp && PPTP_HELPER=Yes
|
||||
qt $g_tool -t raw -A $chain -p tcp --dport 6566 -j CT --helper sane && SANE_HELPER=Yes
|
||||
qt $g_tool -t raw -A $chain -p udp --dport 5060 -j CT --helper sip && SIP_HELPER=Yes
|
||||
qt $g_tool -t raw -A $chain -p udp --dport 161 -j CT --helper snmp && SNMP_HELPER=Yes
|
||||
qt $g_tool -t raw -A $chain -p udp --dport 69 -j CT --helper tftp && TFTP_HELPER=Yes
|
||||
fi
|
||||
|
||||
qt $g_tool -t raw -F $chain
|
||||
qt $g_tool -t raw -X $chain
|
||||
fi
|
||||
@ -2360,6 +2385,16 @@ report_capabilities() {
|
||||
report_capability "Geo IP match" $GEOIP_MATCH
|
||||
report_capability "RPFilter match" $RPFILTER_MATCH
|
||||
report_capability "NFAcct match" $NFACCT_MATCH
|
||||
report_capability "Amanda Helper" $AMANDA_HELPER
|
||||
report_capability "FTP Helper" $FTP_HELPER
|
||||
report_capability "IRC Helper" $IRC_HELPER
|
||||
report_capability "Netbios_ns Helper" $NETBIOS_NS_HELPER
|
||||
report_capability "H323 Helpers" H323_HELPERS
|
||||
report_capability "PPTP Helper" $PPTP_HELPER
|
||||
report_capability "SANE Helper" $SANE_HELPER
|
||||
report_capability "SIP Helper" $SIP_HELPER
|
||||
report_capability "SNMP Helper" $SNMP_HELPER
|
||||
report_capability "TFTP Helper" $TFTP_HELPER
|
||||
|
||||
if [ $g_family -eq 4 ]; then
|
||||
report_capability "iptables -S (IPTABLES_S)" $IPTABLES_S
|
||||
@ -2453,6 +2488,15 @@ report_capabilities1() {
|
||||
report_capability1 GEOIP_MATCH
|
||||
report_capability1 RPFILTER_MATCH
|
||||
report_capability1 NFACCT_MATCH
|
||||
report_capability1 AMANDA_HELPER
|
||||
report_capability1 FTP_HELPER
|
||||
report_capability1 IRC_HELPER
|
||||
report_capability1 NETBIOS_NS_HELPER
|
||||
report_capability1 H323_HELPERS
|
||||
report_capability1 PPTP_HELPER
|
||||
report_capability1 SANE_HELPER
|
||||
report_capability1 SNMP_HELPER
|
||||
report_capability1 TFTP_HELPER
|
||||
|
||||
echo CAPVERSION=$SHOREWALL_CAPVERSION
|
||||
echo KERNELVERSION=$KERNELVERSION
|
||||
|
||||
@ -28,7 +28,7 @@ package Shorewall::Chains;
|
||||
require Exporter;
|
||||
|
||||
use Scalar::Util 'reftype';
|
||||
use Digest::SHA1 qw(sha1);
|
||||
use Digest::SHA qw(sha1);
|
||||
use File::Basename;
|
||||
use Shorewall::Config qw(:DEFAULT :internal);
|
||||
use Shorewall::Zones;
|
||||
@ -331,7 +331,19 @@ our $rawpost_table;
|
||||
our $nat_table;
|
||||
our $mangle_table;
|
||||
our $filter_table;
|
||||
our %helpers;
|
||||
our %helpers = ( amanda => UDP,
|
||||
ftp => TCP,
|
||||
irc => TCP,
|
||||
'netbios-ns' => UDP,
|
||||
pptp => TCP,
|
||||
'Q.931' => TCP,
|
||||
RAS => UDP,
|
||||
sane => TCP,
|
||||
sip => UDP,
|
||||
snmp => UDP,
|
||||
tftp => UDP,
|
||||
);
|
||||
|
||||
my $comment;
|
||||
my @comments;
|
||||
my $export;
|
||||
@ -654,19 +666,6 @@ sub initialize( $$$ ) {
|
||||
|
||||
%ipset_exists = ();
|
||||
|
||||
%helpers = ( amanda => UDP,
|
||||
ftp => TCP,
|
||||
irc => TCP,
|
||||
'netbios-ns' => UDP,
|
||||
pptp => TCP,
|
||||
'Q.931' => TCP,
|
||||
RAS => UDP,
|
||||
sane => TCP,
|
||||
sip => UDP,
|
||||
snmp => UDP,
|
||||
tftp => UDP,
|
||||
);
|
||||
|
||||
%isocodes = ();
|
||||
%nfobjects = ();
|
||||
|
||||
@ -4341,6 +4340,8 @@ sub validate_helper( $;$ ) {
|
||||
# Recognized helper
|
||||
#
|
||||
if ( supplied $proto ) {
|
||||
require_capability $helpers_map{$helper}, "Helper $helper", 's';
|
||||
|
||||
my $protonum = -1;
|
||||
|
||||
fatal_error "Unknown PROTO ($protonum)" unless defined ( $protonum = resolve_proto( $proto ) );
|
||||
|
||||
@ -144,6 +144,8 @@ our %EXPORT_TAGS = ( internal => [ qw( create_temp_script
|
||||
%config_files
|
||||
%shorewallrc
|
||||
|
||||
%helpers_map
|
||||
|
||||
@auditoptions
|
||||
|
||||
F_IPV4
|
||||
@ -314,6 +316,17 @@ my %capdesc = ( NAT_ENABLED => 'NAT',
|
||||
GEOIP_MATCH => 'GeoIP Match' ,
|
||||
RPFILTER_MATCH => 'RPFilter Match',
|
||||
NFACCT_MATCH => 'NFAcct Match',
|
||||
AMANDA_HELPER => 'Amanda Helper',
|
||||
FTP_HELPER => 'FTP Helper',
|
||||
H323_HELPERS => 'H323 Helpers',
|
||||
IRC_HELPER => 'IRC Helper',
|
||||
NETBIOS_NS_HELPER =>
|
||||
'Amanda Helper',
|
||||
PPTP_HELPER => 'PPTP Helper',
|
||||
SANE_HELPER => 'Amanda Helper',
|
||||
SIP_HELPER => 'SIP Helper',
|
||||
SNMP_HELPER => 'SNMP Helper',
|
||||
TFTP_HELPER => 'TFTP Helper',
|
||||
#
|
||||
# Constants
|
||||
#
|
||||
@ -322,6 +335,19 @@ my %capdesc = ( NAT_ENABLED => 'NAT',
|
||||
KERNELVERSION => 'Kernel Version',
|
||||
);
|
||||
|
||||
our %helpers_map = ( amanda => 'AMANDA_HELPER',
|
||||
ftp => 'FTP_HELPER',
|
||||
irc => 'IRC_HELPER',
|
||||
'netbios-ns' => 'NETBIOS_NS_HELPER',
|
||||
pptp => 'PPTP_HELPER',
|
||||
'Q.931' => 'H323_HELPERS',
|
||||
RAS => 'H323_HELPERS',
|
||||
sane => 'SANE_HELPER',
|
||||
sip => 'SIP_HELPER',
|
||||
snmp => 'SNMP_HELPER',
|
||||
tftp => 'TFTP_HELPER',
|
||||
);
|
||||
|
||||
our %config_files = ( #accounting => 1,
|
||||
actions => 1,
|
||||
blacklist => 1,
|
||||
@ -773,6 +799,17 @@ sub initialize( $;$ ) {
|
||||
GEOIP_MATCH => undef,
|
||||
RPFILTER_MATCH => undef,
|
||||
NFACCT_MATCH => undef,
|
||||
AMANDA_HELPER => undef,
|
||||
FTP_HELPER => undef,
|
||||
H323_HELPERS => undef,
|
||||
IRC_HELPER => undef,
|
||||
NETBIOS_NS_HELPER => undef,
|
||||
PPTP_HELPER => undef,
|
||||
SANE_HELPER => undef,
|
||||
SIP_HELPER => undef,
|
||||
SNMP_HELPER => undef,
|
||||
TFTP_HELPER => undef,
|
||||
|
||||
CAPVERSION => undef,
|
||||
LOG_OPTIONS => 1,
|
||||
KERNELVERSION => undef,
|
||||
@ -949,6 +986,12 @@ sub cleanup() {
|
||||
qt1( "$iptables -X $sillyname1" );
|
||||
qt1( "$iptables -t mangle -F $sillyname" );
|
||||
qt1( "$iptables -t mangle -X $sillyname" );
|
||||
qt1( "$iptables -t nat -F $sillyname" );
|
||||
qt1( "$iptables -t nat -X $sillyname" );
|
||||
qt1( "$iptables -t raw -F $sillyname" );
|
||||
qt1( "$iptables -t raw -X $sillyname" );
|
||||
qt1( "$iptables -t rawpost -F $sillyname" );
|
||||
qt1( "$iptables -t rawpost -X $sillyname" );
|
||||
$sillyname = '';
|
||||
}
|
||||
}
|
||||
@ -3200,17 +3243,56 @@ sub Ct_Target() {
|
||||
if ( have_capability 'RAW_TABLE' ) {
|
||||
qt1( "$iptables -t raw -N $sillyname" );
|
||||
$ct_target = qt1( "$iptables -t raw -A $sillyname -j CT --notrack" );
|
||||
qt1( "$iptables -t raw -F $sillyname" );
|
||||
qt1( "$iptables -t raw -X $sillyname" );
|
||||
}
|
||||
|
||||
$ct_target;
|
||||
}
|
||||
|
||||
sub Amanda_Helper() {
|
||||
have_capability 'CT_TARGET' && qt1( "$iptables -t raw -A $sillyname -p udp --dport 10080 -j CT --helper amanda" );
|
||||
}
|
||||
|
||||
sub FTP_Helper() {
|
||||
have_capability 'CT_TARGET' && qt1( "$iptables -t raw -A $sillyname -p tcp --dport 21 -j CT --helper ftp" );
|
||||
}
|
||||
|
||||
sub H323_Helpers() {
|
||||
have_capability 'CT_TARGET' && qt1( "$iptables -t raw -A $sillyname -p udp --dport 1719 -j CT --helper RAS" );
|
||||
}
|
||||
|
||||
sub IRC_Helper() {
|
||||
have_capability 'CT_TARGET' && qt1( "$iptables -t raw -A $sillyname -p tcp --dport 6667 -j CT --helper irc" );
|
||||
}
|
||||
|
||||
sub Netbios_ns_Helper() {
|
||||
have_capability 'CT_TARGET' && qt1( "$iptables -t raw -A $sillyname -p udp --dport 137 -j CT --helper netbios-ns" );
|
||||
}
|
||||
|
||||
sub PPTP_Helper() {
|
||||
have_capability 'CT_TARGET' && qt1( "$iptables -t raw -A $sillyname -p tcp --dport 1729 -j CT --helper pptp" );
|
||||
}
|
||||
|
||||
sub SANE_Helper() {
|
||||
have_capability 'CT_TARGET' && qt1( "$iptables -t raw -A $sillyname -p tcp --dport 6566 -j CT --helper sane" );
|
||||
}
|
||||
|
||||
sub SIP_Helper() {
|
||||
have_capability 'CT_TARGET' && qt1( "$iptables -t raw -A $sillyname -p udp --dport 5060 -j CT --helper sip" );
|
||||
}
|
||||
|
||||
sub SNMP_Helper() {
|
||||
have_capability 'CT_TARGET' && qt1( "$iptables -t raw -A $sillyname -p udp --dport 161 -j CT --helper snmp" );
|
||||
}
|
||||
|
||||
sub TFTP_Helper() {
|
||||
have_capability 'CT_TARGET' && qt1( "$iptables -t raw -A $sillyname -p udp --dport 69 -j CT --helper tftp" );
|
||||
}
|
||||
|
||||
sub Statistic_Match() {
|
||||
qt1( "$iptables -A $sillyname -m statistic --mode nth --every 2 --packet 1" );
|
||||
}
|
||||
|
||||
|
||||
sub Imq_Target() {
|
||||
have_capability 'MANGLE_ENABLED' && qt1( "$iptables -t mangle -A $sillyname -j IMQ --todev 0" );
|
||||
}
|
||||
@ -3245,6 +3327,7 @@ sub GeoIP_Match() {
|
||||
|
||||
our %detect_capability =
|
||||
( ACCOUNT_TARGET =>\&Account_Target,
|
||||
AMANDA_HELPER => \&Amanda_Helper,
|
||||
AUDIT_TARGET => \&Audit_Target,
|
||||
ADDRTYPE => \&Addrtype,
|
||||
BASIC_FILTER => \&Basic_Filter,
|
||||
@ -3261,9 +3344,11 @@ our %detect_capability =
|
||||
ENHANCED_REJECT => \&Enhanced_Reject,
|
||||
EXMARK => \&Exmark,
|
||||
FLOW_FILTER => \&Flow_Filter,
|
||||
FTP_HELPER => \&FTP_Helper,
|
||||
FWMARK_RT_MASK => \&Fwmark_Rt_Mask,
|
||||
GEOIP_MATCH => \&GeoIP_Match,
|
||||
GOTO_TARGET => \&Goto_Target,
|
||||
H323_HELPERS => \&H323_Helpers,
|
||||
HASHLIMIT_MATCH => \&Hashlimit_Match,
|
||||
HEADER_MATCH => \&Header_Match,
|
||||
HELPER_MATCH => \&Helper_Match,
|
||||
@ -3272,6 +3357,7 @@ our %detect_capability =
|
||||
IPP2P_MATCH => \&Ipp2p_Match,
|
||||
IPRANGE_MATCH => \&IPRange_Match,
|
||||
IPSET_MATCH => \&IPSet_Match,
|
||||
IRC_HELPER => \&IRC_Helper,
|
||||
OLD_IPSET_MATCH => \&Old_IPSet_Match,
|
||||
IPSET_V5 => \&IPSET_V5,
|
||||
IPTABLES_S => \&Iptables_S,
|
||||
@ -3287,6 +3373,7 @@ our %detect_capability =
|
||||
MARK_ANYWHERE => \&Mark_Anywhere,
|
||||
MULTIPORT => \&Multiport,
|
||||
NAT_ENABLED => \&Nat_Enabled,
|
||||
NETBIOS_NS_HELPER => \&Netbios_ns_Helper,
|
||||
NEW_CONNTRACK_MATCH => \&New_Conntrack_Match,
|
||||
NFACCT_MATCH => \&NFAcct_Match,
|
||||
NFQUEUE_TARGET => \&Nfqueue_Target,
|
||||
@ -3299,13 +3386,18 @@ our %detect_capability =
|
||||
PHYSDEV_BRIDGE => \&Physdev_Bridge,
|
||||
PHYSDEV_MATCH => \&Physdev_Match,
|
||||
POLICY_MATCH => \&Policy_Match,
|
||||
PPTP_HELPER => \&PPTP_Helper,
|
||||
RAW_TABLE => \&Raw_Table,
|
||||
RAWPOST_TABLE => \&Rawpost_Table,
|
||||
REALM_MATCH => \&Realm_Match,
|
||||
RECENT_MATCH => \&Recent_Match,
|
||||
RPFILTER_MATCH => \&RPFilter_Match,
|
||||
SANE_HELPER => \&SANE_Helper,
|
||||
SIP_HELPER => \&SIP_Helper,
|
||||
SNMP_HELPER => \&SNMP_Helper,
|
||||
STATISTIC_MATCH => \&Statistic_Match,
|
||||
TCPMSS_MATCH => \&Tcpmss_Match,
|
||||
TFTP_HELPER => \&TFTP_Helper,
|
||||
TIME_MATCH => \&Time_Match,
|
||||
TPROXY_TARGET => \&Tproxy_Target,
|
||||
USEPKTTYPE => \&Usepkttype,
|
||||
@ -3446,6 +3538,12 @@ sub determine_capabilities() {
|
||||
$capabilities{RPFILTER_MATCH} = detect_capability( 'RPFILTER_MATCH' );
|
||||
$capabilities{NFACCT_MATCH} = detect_capability( 'NFACCT_MATCH' );
|
||||
|
||||
if ( $capabilities{CT_TARGET} ) {
|
||||
for ( values %helpers_map ) {
|
||||
$capabilities{$_} = detect_capability $_;
|
||||
}
|
||||
}
|
||||
|
||||
qt1( "$iptables -F $sillyname" );
|
||||
qt1( "$iptables -X $sillyname" );
|
||||
qt1( "$iptables -F $sillyname1" );
|
||||
@ -3461,6 +3559,11 @@ sub determine_capabilities() {
|
||||
qt1( "$iptables -t nat -X $sillyname" );
|
||||
}
|
||||
|
||||
if ( $capabilities{RAW_ENABLED} ) {
|
||||
qt1( "$iptables -t raw -F $sillyname" );
|
||||
qt1( "$iptables -t raw -X $sillyname" );
|
||||
}
|
||||
|
||||
$sillyname = $sillyname1 = undef;
|
||||
}
|
||||
}
|
||||
@ -3743,7 +3846,9 @@ sub read_capabilities() {
|
||||
next;
|
||||
}
|
||||
|
||||
$capabilities{$var} = $val =~ /^\"([^\"]*)\"$/ ? $1 : $val;
|
||||
$val = $val =~ /^\"([^\"]*)\"$/ ? $1 : $val;
|
||||
|
||||
$capabilities{$var} = $val ne '';
|
||||
} else {
|
||||
fatal_error "Unrecognized capabilities entry";
|
||||
}
|
||||
|
||||
@ -9,17 +9,38 @@ FORMAT 2
|
||||
# PORT(S) PORT(S) GROUP
|
||||
?IF $AUTOHELPERS && __CT_TARGET
|
||||
COMMENT AUTOHELPERS
|
||||
CT:helper:ftp all - tcp 21
|
||||
?IF __AMANDA_HELPER
|
||||
CT:helper:amanda all - udp 10080
|
||||
?ENDIF
|
||||
?IF __FTP_HELPER
|
||||
CT:helper:ftp all - tcp 21
|
||||
?ENDIF
|
||||
?IF __H323_HELPERS
|
||||
COMMENT AUTOHELPERS - H323
|
||||
CT:helper:RAS all - udp 1719
|
||||
CT:helper:Q.931 all - tcp 1720
|
||||
COMMENT AUTOHELPERS
|
||||
CT:helper:sip all - udp 5060
|
||||
CT:helper:tftp all - udp 69
|
||||
CT:helper:sane all - tcp 6566
|
||||
?ENDIF
|
||||
?IF __IRC_HELPER
|
||||
CT:helper:irc all - tcp 6667
|
||||
?ENDIF
|
||||
?IF __NETBIOS_NS_HELPER
|
||||
CT:helper:netbios-ns all - udp 137
|
||||
?ENDIF
|
||||
?IF __PPTP_HELPER
|
||||
CT:helper:pptp all - tcp 1729
|
||||
?ENDIF
|
||||
?IF __SANE_HELPER
|
||||
CT:helper:sane all - tcp 6566
|
||||
?ENDIF
|
||||
?IF __SIP_HELPER
|
||||
CT:helper:sip all - udp 5060
|
||||
?ENDIF
|
||||
?IF __SNMP_HELPER
|
||||
CT:helper:snmp all - udp 161
|
||||
?ENDIF
|
||||
?IF __TFTP_HELPER
|
||||
CT:helper:tftp all - udp 69
|
||||
?ENDIF
|
||||
COMMENT
|
||||
?ENDIF
|
||||
|
||||
@ -76,8 +76,104 @@
|
||||
|
||||
<para>Attach the helper identified by the
|
||||
<replaceable>name</replaceable> to this connection. This is more
|
||||
flexible than loading the conntrack helper with preset ports.
|
||||
May be followed by an option list of
|
||||
flexible than loading the conntrack helper with preset
|
||||
ports.</para>
|
||||
|
||||
<para>At this writing, the available helpers are:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term>amanda</term>
|
||||
|
||||
<listitem>
|
||||
<para>Requires that the amanda netfilter helper is
|
||||
present.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>ftp</term>
|
||||
|
||||
<listitem>
|
||||
<para>Requires that the FTP netfilter helper is
|
||||
present.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>irc</term>
|
||||
|
||||
<listitem>
|
||||
<para>Requires that the IRC netfilter helper is
|
||||
present.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>netbios-ns</term>
|
||||
|
||||
<listitem>
|
||||
<para>Requires that the netbios_ns (sic) helper is
|
||||
present.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>RAS and Q.931</term>
|
||||
|
||||
<listitem>
|
||||
<para>These require that the H323 netfilter helper is
|
||||
present.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>pptp</term>
|
||||
|
||||
<listitem>
|
||||
<para>Requires that the pptp netfilter helper is
|
||||
present.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>sane</term>
|
||||
|
||||
<listitem>
|
||||
<para>Requires that the SANE netfilter helper is
|
||||
present.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>sip</term>
|
||||
|
||||
<listitem>
|
||||
<para>Requires that the SIP netfilter helper is
|
||||
present.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>snmp</term>
|
||||
|
||||
<listitem>
|
||||
<para>Requires that the SNMP netfilter helper is
|
||||
present.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>tftp</term>
|
||||
|
||||
<listitem>
|
||||
<para>Requires that the TFTP netfilter helper is
|
||||
present.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<para>May be followed by an option list of
|
||||
<replaceable>arg</replaceable>=<replaceable>val</replaceable>
|
||||
pairs in parentheses:</para>
|
||||
|
||||
|
||||
@ -9,14 +9,38 @@ FORMAT 2
|
||||
# PORT(S) PORT(S) GROUP
|
||||
?IF $AUTOHELPERS && __CT_TARGET
|
||||
COMMENT AUTOHELPERS
|
||||
CT:helper:ftp all - tcp 21
|
||||
?IF __AMANDA_HELPER
|
||||
CT:helper:amanda all - udp 10080
|
||||
?ENDIF
|
||||
?IF __FTP_HELPER
|
||||
CT:helper:ftp all - tcp 21
|
||||
?ENDIF
|
||||
?IF __H323_HELPERS
|
||||
COMMENT AUTOHELPERS - H323
|
||||
CT:helper:RAS all - udp 1719
|
||||
CT:helper:Q.931 all - tcp 1720
|
||||
COMMENT AUTOHELPERS
|
||||
CT:helper:sip all - udp 5060
|
||||
CT:helper:tftp all - udp 69
|
||||
?ENDIF
|
||||
?IF __IRC_HELPER
|
||||
CT:helper:irc all - tcp 6667
|
||||
?ENDIF
|
||||
?IF __NETBIOS_NS_HELPER
|
||||
CT:helper:netbios-ns all - udp 137
|
||||
?ENDIF
|
||||
?IF __PPTP_HELPER
|
||||
CT:helper:pptp all - tcp 1729
|
||||
?ENDIF
|
||||
?IF __SANE_HELPER
|
||||
CT:helper:sane all - tcp 6566
|
||||
?ENDIF
|
||||
?IF __SIP_HELPER
|
||||
CT:helper:sip all - udp 5060
|
||||
?ENDIF
|
||||
?IF __SNMP_HELPER
|
||||
CT:helper:snmp all - udp 161
|
||||
?ENDIF
|
||||
?IF __TFTP_HELPER
|
||||
CT:helper:tftp all - udp 69
|
||||
?ENDIF
|
||||
COMMENT
|
||||
?ENDIF
|
||||
|
||||
Loading…
Reference in New Issue
Block a user