Add UNTRACKED match to the secmarks file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-11-18 11:01:49 -08:00
parent ab381ed95e
commit 5265cd5bb7
3 changed files with 31 additions and 6 deletions

View File

@ -2219,11 +2219,14 @@ sub process_secmark_rule() {
I => 'tcin' , I => 'tcin' ,
O => 'tcout' , ); O => 'tcout' , );
my %state = ( N => 'NEW' , my %state = ( N => 'NEW' ,
I => 'INVALID', I => 'INVALID',
NI => 'NEW,INVALID', U => 'UNTRACKED',
E => 'ESTABLISHED' , NI => 'NEW,INVALID',
ER => 'ESTABLISHED,RELATED', NU => 'NEW,UNTRACKED',
NIU => 'NEW,INVALID,UNTRACKED',
E => 'ESTABLISHED' ,
ER => 'ESTABLISHED,RELATED',
); );
my ( $chain , $state, $rest) = split ':', $chainin , 3; my ( $chain , $state, $rest) = split ':', $chainin , 3;

View File

@ -92,7 +92,7 @@
<varlistentry> <varlistentry>
<term><emphasis role="bold">CHAIN:STATE (chain) - <term><emphasis role="bold">CHAIN:STATE (chain) -
{P|I|F|O|T}[:{N|I|NI|E|ER}]</emphasis></term> {P|I|F|O|T}[:{N|I|U|NI|NU|NIU|NUI:E|ER}]</emphasis></term>
<listitem> <listitem>
<para>This column determines the CHAIN where the SElinux context is <para>This column determines the CHAIN where the SElinux context is
@ -125,6 +125,17 @@
<member>:ER - ESTABLISHED or RELATED connection</member> <member>:ER - ESTABLISHED or RELATED connection</member>
</simplelist> </simplelist>
<para>Beginning with Shorewall 4.5.10, the following additional
options are available</para>
<simplelist>
<member>:U - UNTRACKED connection</member>
<member>:NU - NEW or UNTRACKED connection</member>
<member>:NIU - NEW, INVALID or UNTRACKED connection.</member>
</simplelist>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>

View File

@ -122,6 +122,17 @@
<member>:ER - ESTABLISHED or RELATED connection</member> <member>:ER - ESTABLISHED or RELATED connection</member>
</simplelist> </simplelist>
<para>Beginning with Shorewall 4.5.10, the following additional
options are available</para>
<simplelist>
<member>:U - UNTRACKED connection</member>
<member>:NU - NEW or UNTRACKED connection</member>
<member>:NIU - NEW, INVALID or UNTRACKED connection.</member>
</simplelist>
</listitem> </listitem>
</varlistentry> </varlistentry>
</variablelist> </variablelist>