mirror of
https://gitlab.com/shorewall/code.git
synced 2024-12-24 23:28:59 +01:00
Add support for HAProxy
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
2778e8c6b5
commit
4c33c2b957
@ -454,6 +454,27 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
HADIVERT => {
|
||||||
|
defaultchain => REALPREROUTING,
|
||||||
|
allowedchains => PREROUTING | REALPREROUTING,
|
||||||
|
minparams => 0,
|
||||||
|
maxparams => 0,
|
||||||
|
function => sub () {
|
||||||
|
fatal_error 'DIVERT is only allowed in the PREROUTING chain' if $designator && $designator != PREROUTING;
|
||||||
|
my $mark = in_hex( $globals{TPROXY_MARK} ) . '/' . in_hex( $globals{TPROXY_MARK} );
|
||||||
|
|
||||||
|
unless ( $divertref ) {
|
||||||
|
$divertref = new_chain( 'mangle', 'divert' );
|
||||||
|
add_ijump( $divertref , j => 'MARK', targetopts => "--set-mark $mark" );
|
||||||
|
add_ijump( $divertref , j => 'ACCEPT' );
|
||||||
|
}
|
||||||
|
|
||||||
|
$target = 'divert';
|
||||||
|
|
||||||
|
$matches = '-m socket ';
|
||||||
|
},
|
||||||
|
},
|
||||||
|
|
||||||
DROP => {
|
DROP => {
|
||||||
defaultchain => 0,
|
defaultchain => 0,
|
||||||
allowedchains => PREROUTING | FORWARD | OUTPUT | POSTROUTING,
|
allowedchains => PREROUTING | FORWARD | OUTPUT | POSTROUTING,
|
||||||
|
Loading…
Reference in New Issue
Block a user