diff --git a/Shorewall-core/lib.base b/Shorewall-core/lib.base index 0f2ca81c5..04c47e0e2 100644 --- a/Shorewall-core/lib.base +++ b/Shorewall-core/lib.base @@ -27,8 +27,8 @@ # and /usr/share/shorewall[6]-lite/shorecap. # -SHOREWALL_LIBVERSION=40407 -SHOREWALL_CAPVERSION=40427 +SHOREWALL_LIBVERSION=40500 +SHOREWALL_CAPVERSION=40500 [ -n "${g_program:=shorewall}" ] [ -n "${VARDIR:=/var/lib/$g_program}" ] diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli index a080c36eb..71bdb84d0 100644 --- a/Shorewall-core/lib.cli +++ b/Shorewall-core/lib.cli @@ -1923,6 +1923,7 @@ determine_capabilities() { IPTABLES_S= BASIC_FILTER= CT_TARGET= + STATISTIC_MATCH= chain=fooX$$ @@ -2120,6 +2121,7 @@ determine_capabilities() { qt $g_tool -A $chain -j ULOG && ULOG_TARGET=Yes qt $g_tool -A $chain -j NFLOG && NFLOG_TARGET=Yes qt $g_tool -A $chain -j MARK --set-mark 5 && MARK_ANYWHERE=Yes + qt $g_tool -A $chain -m statistic --mode nth --every 2 --packet 1 && STATISTIC_MATCH=Yes if [ $g_family -eq 4 ]; then qt $g_tool -A $chain -j ACCOUNT --addr 192.168.1.0/29 --tname $chain && ACCOUNT_TARGET=Yes @@ -2229,6 +2231,7 @@ report_capabilities() { report_capability "AUDIT Target" $AUDIT_TARGET report_capability "ipset V5" $IPSET_V5 report_capability "Condition Match" $CONDITION_MATCH + report_capability "Statistic Match" $STATISTIC_MATCH if [ $g_family -eq 4 ]; then report_capability "iptables -S" $IPTABLES_S @@ -2314,6 +2317,7 @@ report_capabilities1() { report_capability1 IPTABLES_S report_capability1 BASIC_FILTER report_capability1 CT_TARGET + report_capability1 STATISTIC_MATCH echo CAPVERSION=$SHOREWALL_CAPVERSION echo KERNELVERSION=$KERNELVERSION diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm index a3e4293be..dc4e585fe 100644 --- a/Shorewall/Perl/Shorewall/Config.pm +++ b/Shorewall/Perl/Shorewall/Config.pm @@ -289,6 +289,8 @@ my %capdesc = ( NAT_ENABLED => 'NAT', IPTABLES_S => 'iptables -S', BASIC_FILTER => 'Basic Filter', CT_TARGET => 'CT Target', + STATISTICS_MATCH => + 'Statistics Match', CAPVERSION => 'Capability Version', KERNELVERSION => 'Kernel Version', ); @@ -453,7 +455,7 @@ sub initialize( $ ) { STATEMATCH => '-m state --state', UNTRACKED => 0, VERSION => "4.4.22.1", - CAPVERSION => 40427 , + CAPVERSION => 40500 , ); # # From shorewall.conf file @@ -678,6 +680,7 @@ sub initialize( $ ) { IPTABLES_S => undef, BASIC_FILTER => undef, CT_TARGET => undef, + STATISTICS_MATCH => undef, CAPVERSION => undef, KERNELVERSION => undef, ); @@ -2759,6 +2762,10 @@ sub Ct_Target() { $ct_target; } +sub Statistics_Match() { + qt1( "$iptables -A $sillyname -m statistic --mode nth --every 2 --packet 1" ); +} + our %detect_capability = ( ACCOUNT_TARGET =>\&Account_Target, AUDIT_TARGET => \&Audit_Target, @@ -2813,6 +2820,7 @@ our %detect_capability = RAWPOST_TABLE => \&Rawpost_Table, REALM_MATCH => \&Realm_Match, RECENT_MATCH => \&Recent_Match, + STATISTICS_MATCH => \&Statistics_Match, TCPMSS_MATCH => \&Tcpmss_Match, TIME_MATCH => \&Time_Match, TPROXY_TARGET => \&Tproxy_Target,