mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-15 12:14:32 +01:00
Map NOTRACK to 'CT --notrack' if CT_TARGET is available.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
15fd345545
commit
779243094e
@ -74,7 +74,13 @@ sub process_conntrack_rule( $$$$$$$$$ ) {
|
||||
my $exception_rule = '';
|
||||
my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user );
|
||||
|
||||
unless ( $action eq 'NOTRACK' ) {
|
||||
if ( $action eq 'NOTRACK' ) {
|
||||
#
|
||||
# A patch that deimplements the NOTRACK target has been posted on the
|
||||
# Netfilter development list
|
||||
#
|
||||
$target = 'CT--notrack' if have_capability 'CT_TARGET';
|
||||
} else {
|
||||
( $target, my ( $option, $args, $junk ) ) = split ':', $action, 4;
|
||||
|
||||
fatal_error "Invalid notrack ACTION ( $action )" if $junk || $target ne 'CT';
|
||||
|
Loading…
Reference in New Issue
Block a user