extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-08 08:44:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add IPP2P UDP support -- Take 3

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2795 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-10-04 18:46:35 +00:00
parent 8fe0a32fd3
commit 79fead0fae
6 changed files with 45 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/accounting
View File

@ -47,9 +47,9 @@
# Format the same as the SOURCE column.
#
# PROTOCOL A protocol name (from /etc/protocols), a protocol
# number, "ipp2p", "ipp2p-udp" or "ipp2p-all"
# number, "ipp2p", "ipp2p:udp" or "ipp2p:all"
#
# DEST PORT(S) Destination Port number. If the PROTOCOL is "ipp2p*"
# DEST PORT(S) Destination Port number. If the PROTOCOL is "ipp2p"
# then this column must contain an ipp2p option
# ("iptables -m ipp2p --help") without the leading
# "--". If no option is given in this column, "ipp2p"

2
Shorewall/changelog.txt
View File

@ -18,6 +18,8 @@ Changes in 2.5.7
9) Do not touch mangle chain during "refresh".
10) Implement support for UDP IPP2P Matching.
Changes in 2.5.6
1) Finish install/fallback cleanup.

59
Shorewall/firewall
View File

@ -3145,24 +3145,23 @@ process_tc_rule()
do_ipp2p()
{
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
case $proto in
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
ipp2p|IPP2P|ipp2p:tcp|IPP2P:TCP)
[ "x$port" = "x-" ] && port="ipp2p"
r="${r}-p tcp -m ipp2p --${port} "
;;
ipp2p-udp|IPP2P-UDP)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
ipp2p:udp|IPP2P:UDP)
[ "x$port" = "x-" ] && port="ipp2p"
r="${r}-p udp -m ipp2p --${port} "
;;
ipp2p-both|IPP2P-both)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
ipp2p:all|IPP2P:ALL)
[ "x$port" = "x-" ] && port="ipp2p"
r="${r}-m ipp2p --${port} "
;;
*)
fatal_error "Unknown Protocol $proto. Rule: \"$rule\""
fatal_error "Invalid IPP2P Protocol ${proto#*:}. Rule: \"$rule\""
;;
esac
}
@ -3237,7 +3236,7 @@ process_tc_rule()
multiport=
case $proto in
ipp2p*|IPP2P*)
ipp2p|IPP2P|ipp2p:*|IPP2P:*)
do_ipp2p
;;
icmp|ICMP|1)
@ -3551,24 +3550,22 @@ process_accounting_rule() {
}
do_ipp2p() {
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
case $proto in
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
ipp2p|IPP2P|ipp2p:tcp|IPP2P:TCP)
rule="$rule -p tcp -m ipp2p --${port:-ipp2p}"
port=
;;
ipp2p-udp|IPP2P-udp)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
ipp2p:udp|IPP2P:UDP)
rule="$rule -p udp -m ipp2p --${port:-ipp2p}"
port=
;;
ipp2p-all|IPP2P-all)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
ipp2p:all|IPP2P:ALL)
rule="$rule -m ipp2p --${port:-ipp2p}"
port=
;;
*)
fatal_error "Unknown Protocol $proto"
fatal_error "Invalid IPP2P Protocol ${proto#*:}"
;;
esac
}
@ -3610,7 +3607,7 @@ process_accounting_rule() {
[ -n "$proto" ] && case $proto in
-|any|all)
;;
ipp2p*|IPP2P*)
ipp2p|IPP2P|ipp2p:*|IPP2P:*)
do_ipp2p
;;
*)
@ -3960,31 +3957,30 @@ add_an_action()
}
do_ipp2p() {
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
case $proto in
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
ipp2p|IPP2P|ipp2p:tcp|IPP2P:TCP)
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=tcp
do_ports
;;
ipp2p-udpIPP2P-udp)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
ipp2p:udpIPP2P:UDP)
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=udp
do_ports
;;
ipp2p-all|IPP2P-all)
ipp2p:all|IPP2P:ALL)
[ -n "$port" ] && \
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=all
;;
*)
fatal_error "Unknown protocol $proto. Rule: \"$rule\""
fatal_error "Invalid IPP2P protocol ${proto#*:}. Rule: \"$rule\""
;;
esac
}
@ -4060,7 +4056,7 @@ add_an_action()
icmp|ICMP|1)
[ -n "$port" ] && dports="--icmp-type $port"
;;
ipp2p*|IPP2P*)
ipp2p|IPP2P|ipp2p:*|IPP2P:*)
do_ipp2p
;;
*)
@ -5302,31 +5298,30 @@ process_rule() # $1 = target
}
do_ipp2p() {
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
case $proto in
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
ipp2p|IPP2P|ipp2p:tcp|IPP2P:TCP)
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=tcp
do_ports
;;
ipp2p-udp|IPP2P-UDP)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
ipp2p:udp|IPP2P:UDP)
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=udp
do_ports
;;
ipp2p-all|IPP2P-ALL)
ipp2p:all|IPP2P:ALL)
[ -n "$port" ] && \
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=all
;;
*)
fatal_error "Unknown protocol $proto. Rule: \"$rule\""
fatal_error "Invalid IPP2P protocol ${proto#*:}. Rule: \"$rule\""
;;
esac
}
@ -5412,7 +5407,7 @@ process_rule() # $1 = target
fatal_error "Port number not allowed with protocol \"all\"; rule: \"$rule\""
proto=
;;
ipp2p*|IPP2P*)
ipp2p|IPP2P|ipp2p:*|IPP2P:*)
do_ipp2p
;;
*)

10
Shorewall/releasenotes.txt
View File

@ -39,6 +39,16 @@ New Features in 2.5.7:
in shorewall.conf. This is done to ensure that "shorewall refresh" will
work correctly.
6) Shorewall now supports UDP IPP2P matching. In addition to the "ipp2p"
keyword in the PROTOCOL column of the relevant files, the following
values may be specified:
ipp2p:tcp Equivalent to ipp2p and matches TCP traffic
only.
ipp2p:udp Matches UDP traffic.
ipp2p:all Matches both UDP and TCP traffic. You may
not specify a SOURCE PORT with this PROTOCOL.
Migration Considerations:
1) The "monitor" command has been eliminated.

4
Shorewall/rules
View File

@ -269,7 +269,7 @@
# request should be redirected to.
#
# PROTO Protocol - Must be "tcp", "udp", "icmp", "ipp2p",
# "ipp2p-udp", "ipp2p-all" a number, or "all".
# "ipp2p:udp", "ipp2p:all" a number, or "all".
# "ipp2p*" requires ipp2p match support in your kernel
# and iptables.
#
@ -278,7 +278,7 @@
# ranges; if the protocol is "icmp", this column is
# interpreted as the destination icmp-type(s).
#
# If the protocol is ipp2p*, this column is interpreted
# If the protocol is ipp2p, this column is interpreted
# as an ipp2p option without the leading "--" (example
# "bit" for bit-torrent). If no port is given, "ipp2p" is
# assumed.

4
Shorewall/tcrules
View File

@ -109,7 +109,7 @@
# contain an interface name.
#
# PROTO Protocol - Must be "tcp", "udp", "icmp", "ipp2p",
# "ipp2p-udp", "ipp2p-all" a number, or "all".
# "ipp2p:udp", "ipp2p:all" a number, or "all".
# "ipp2p" requires ipp2p match support in your kernel
# and iptables.
#
@ -118,7 +118,7 @@
# ranges; if the protocol is "icmp", this column is
# interpreted as the destination icmp-type(s).
#
# If the protocol is ipp2p*, this column is interpreted
# If the protocol is ipp2p, this column is interpreted
# as an ipp2p option without the leading "--" (example
# "bit" for bit-torrent). If no PORT is given, "ipp2p" is
# assumed.