Add 'I' STATE to secmarks

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-21 23:23:13 +01:00 · 2011-06-02 11:43:55 -07:00 · 2011-06-02 11:43:55 -07:00 · 254e1ed784
commit 254e1ed784
parent 561d461a25
5 changed files with 10 additions and 4 deletions
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@ -1604,6 +1604,7 @@ sub process_secmark_rule() {
 		 O => 'tcout'   , );

    my %state = ( N =>  'NEW' ,
+		  I => 'INVALID',
 		  NI => 'NEW,INVALID',
 		  E =>  'ESTABLISHED' ,
 		  ER => 'ESTABLISHED,RELATED',
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -2,7 +2,7 @@ Changes in Shorewall 4.4.20 Final

 1)  Set /proc/sys/net/bridge/bridge_nf_call_ip6?tables.

-2)  Add 'NI' STATE in secmarks.
+2)  Add 'I' and 'NI' STATEs in secmarks.

 Changes in Shorewall 4.4.20 RC 1

--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -253,7 +253,8 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
    versions are available in the configfiles directory within the
    tarball.

-11) The STATE subcolumn of the secmarks file now allow the value 'NI'
+11) The STATE subcolumn of the secmarks file now allows the values 'I'
+    which will match packets in the INVALID state, and 'NI'
    which will match packets in either NEW or INVALID state.

 ----------------------------------------------------------------------------
--- a/manpages/shorewall-secmarks.xml
+++ b/manpages/shorewall-secmarks.xml
@ -90,7 +90,7 @@

      <varlistentry>
        <term><emphasis role="bold">CHAIN:STATE -
-        {P|I|F|O|T}[:{N|NI|E|ER}]</emphasis></term>
+        {P|I|F|O|T}[:{N|I|NI|E|ER}]</emphasis></term>

        <listitem>
          <para>This column determines the CHAIN where the SElinux context is
@ -115,6 +115,8 @@
          <simplelist>
            <member>:N - NEW connection</member>

+            <member>:I - INVALID connection</member>
+
            <member>:NI - NEW or INVALID connection</member>

            <member>:E - ESTABLISHED connection</member>
--- a/manpages6/shorewall6-secmarks.xml
+++ b/manpages6/shorewall6-secmarks.xml
@ -90,7 +90,7 @@

      <varlistentry>
        <term><emphasis role="bold">CHAIN -
-        {P|I|F|O|T}[:{N|NI|E|ER}]</emphasis></term>
+        {P|I|F|O|T}[:{N|I|NI|E|ER}]</emphasis></term>

        <listitem>
          <simplelist>
@ -112,6 +112,8 @@
          <simplelist>
            <member>:N - NEW connection</member>

+            <member>:I - INVALID connection</member>
+
            <member>:NI - New or INVALID connection</member>

            <member>:E - ESTABLISHED connection</member>