extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 23:53:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add HELPER action.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-08-13 13:23:38 -07:00
parent bd3295b0e3
commit 44a550870c
4 changed files with 36 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -2482,7 +2482,8 @@ sub initialize_chain_table($) {
'NFQUEUE!' => STANDARD + NFQ,
'ADD' => STANDARD + SET,
'DEL' => STANDARD + SET,
'WHITELIST' => STANDARD
'WHITELIST' => STANDARD,
'HELPER' => STANDARD + HELPER + NATONLY, #Actually RAWONLY
);
for my $chain ( qw(OUTPUT PREROUTING) ) {
@ -2528,6 +2529,7 @@ sub initialize_chain_table($) {
'NFQUEUE!' => STANDARD + NFQ,
'ADD' => STANDARD + SET,
'DEL' => STANDARD + SET,
'HELPER' => STANDARD + HELPER + NATONLY, #Actually RAWONLY
);
for my $chain ( qw(OUTPUT PREROUTING) ) {

9
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -1465,7 +1465,7 @@ sub process_action( $) {
if ( $format == 1 ) {
($target, $source, $dest, $proto, $ports, $sports, $rate, $user, $mark ) =
split_line1 'action file', { target => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, rate => 6, user => 7, mark => 8 }, $rule_commands;
$origdest = $connlimit = $time = $headers = $condition = '-';
$origdest = $connlimit = $time = $headers = $condition = $helper = '-';
} else {
($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper )
= split_line1 'action file', \%rulecolumns, $action_commands;
@ -1594,7 +1594,7 @@ sub process_macro ( $$$$$$$$$$$$$$$$$$$) {
my $actiontype = $targets{$action} || find_macro( $action );
fatal_error "Invalid Action ($mtarget) in macro" unless $actiontype & ( ACTION + STANDARD + NATRULE + MACRO + CHAIN );
fatal_error( "Invalid Action ($mtarget) in macro", $actiontype ) unless $actiontype & ( ACTION + STANDARD + NATRULE + MACRO + CHAIN );
if ( $msource ) {
if ( $msource eq '-' ) {
@ -1850,6 +1850,11 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) {
COUNT => sub { $action = ''; } ,
LOG => sub { fatal_error 'LOG requires a log level' unless supplied $loglevel; } ,
HELPER => sub {
fatal_error "HELPER requires require that the helper be specified in the HELPER column" if $helper eq '-';
fatal_error "HELPER rules may only appear in the NEW section" unless $section eq 'NEW';
$action = ''; } ,
);
my $function = $functions{ $bt };

13
Shorewall/manpages/shorewall-rules.xml
View File

@ -503,6 +503,19 @@
rule, it is passed on to the next rule.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>HELPER</term>
<listitem>
<para>Added in Shorewall 4.5.7. This action requires that the
HELPER column contains the name of the Netfilter helper to be
associated with connections matching this connection. May only
be specified in the NEW section and is useful for being able
to specify a helper when the applicable policy is ACCEPT. No
destination zone should be specified in HELPER rules.</para>
</listitem>
</varlistentry>
</variablelist>
<para>The <replaceable>target</replaceable> may optionally be

13
Shorewall6/manpages/shorewall6-rules.xml
View File

@ -368,6 +368,19 @@
deprecated.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>HELPER</term>
<listitem>
<para>Added in Shorewall 4.5.7. This action requires that the
HELPER column contains the name of the Netfilter helper to be
associated with connections matching this connection. May only
be specified in the NEW section and is useful for being able
to specify a helper when the applicable policy is ACCEPT. No
destination zone should be specified in HELPER rules.</para>
</listitem>
</varlistentry>
</variablelist>
<para>The <emphasis role="bold">ACTION</emphasis> may optionally be