mirror of
https://gitlab.com/shorewall/code.git
synced 2025-06-24 11:41:26 +02:00
Add 'Basic Filter' capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
f3b5d5585f
commit
8b8140cc9f
@ -282,6 +282,7 @@ my %capdesc = ( NAT_ENABLED => 'NAT',
|
||||
RAWPOST_TABLE => 'Rawpost Table',
|
||||
CONDITION_MATCH => 'Condition Match',
|
||||
IPTABLES_S => 'iptables -S',
|
||||
BASIC_FILTER => 'Basic Filter',
|
||||
CAPVERSION => 'Capability Version',
|
||||
KERNELVERSION => 'Kernel Version',
|
||||
);
|
||||
@ -446,7 +447,7 @@ sub initialize( $ ) {
|
||||
STATEMATCH => '-m state --state',
|
||||
UNTRACKED => 0,
|
||||
VERSION => "4.4.22.1",
|
||||
CAPVERSION => 40424 ,
|
||||
CAPVERSION => 40425 ,
|
||||
);
|
||||
#
|
||||
# From shorewall.conf file
|
||||
@ -668,6 +669,7 @@ sub initialize( $ ) {
|
||||
AUDIT_TARGET => undef,
|
||||
CONDITION_MATCH => undef,
|
||||
IPTABLES_S => undef,
|
||||
BASIC_FILTER => undef,
|
||||
CAPVERSION => undef,
|
||||
KERNELVERSION => undef,
|
||||
);
|
||||
@ -2675,6 +2677,10 @@ sub Flow_Filter() {
|
||||
$tc && system( "$tc filter add flow help 2>&1 | grep -q ^Usage" ) == 0;
|
||||
}
|
||||
|
||||
sub Basic_Filter() {
|
||||
$tc && system( "$tc filter add basic help 2>&1 | grep -q ^Usage" ) == 0;
|
||||
}
|
||||
|
||||
sub Fwmark_Rt_Mask() {
|
||||
$ip && system( "$ip rule add help 2>&1 | grep -q /MASK" ) == 0;
|
||||
}
|
||||
@ -2711,6 +2717,7 @@ our %detect_capability =
|
||||
( ACCOUNT_TARGET =>\&Account_Target,
|
||||
AUDIT_TARGET => \&Audit_Target,
|
||||
ADDRTYPE => \&Addrtype,
|
||||
BASIC_FILTER => \&Basic_Filter,
|
||||
CLASSIFY_TARGET => \&Classify_Target,
|
||||
CONDITION_MATCH => \&Condition_Match,
|
||||
COMMENTS => \&Comments,
|
||||
@ -2889,6 +2896,7 @@ sub determine_capabilities() {
|
||||
$capabilities{IPSET_V5} = detect_capability( 'IPSET_V5' );
|
||||
$capabilities{CONDITION_MATCH} = detect_capability( 'CONDITION_MATCH' );
|
||||
$capabilities{IPTABLES_S} = detect_capability( 'IPTABLES_S' );
|
||||
$capabilities{BASIC_FILTER} = detect_capability( 'BASIC_FILTER' );
|
||||
|
||||
|
||||
qt1( "$iptables -F $sillyname" );
|
||||
|
||||
@ -28,7 +28,7 @@
|
||||
#
|
||||
|
||||
SHOREWALL_LIBVERSION=40407
|
||||
SHOREWALL_CAPVERSION=40424
|
||||
SHOREWALL_CAPVERSION=40425
|
||||
|
||||
[ -n "${VARDIR:=/var/lib/shorewall}" ]
|
||||
[ -n "${SHAREDIR:=/usr/share/shorewall}" ]
|
||||
|
||||
@ -1733,6 +1733,7 @@ determine_capabilities() {
|
||||
AUDIT_TARGET=
|
||||
CONDITION_MATCH=
|
||||
IPTABLES_S=
|
||||
BASIC_FILTER=
|
||||
|
||||
chain=fooX$$
|
||||
|
||||
@ -1891,6 +1892,7 @@ determine_capabilities() {
|
||||
qt $IPTABLES -X $chain1
|
||||
|
||||
[ -n "$TC" ] && $TC filter add flow help 2>&1 | grep -q ^Usage && FLOW_FILTER=Yes
|
||||
[ -n "$TC" ] && $TC filter add basic help 2>&1 | grep -q ^Usage && BASIC_FILTER=Yes
|
||||
[ -n "$IP" ] && $IP rule add help 2>&1 | grep -q /MASK && FWMARK_RT_MASK=Yes
|
||||
|
||||
CAPVERSION=$SHOREWALL_CAPVERSION
|
||||
@ -1981,6 +1983,7 @@ report_capabilities() {
|
||||
report_capability "ipset V5" $IPSET_V5
|
||||
report_capability "Condition Match" $CONDITION_MATCH
|
||||
report_capability "iptables -S" $IPTABLES_S
|
||||
report_capability "Basic Filter" $BASIC_FILTER
|
||||
fi
|
||||
|
||||
[ -n "$PKTTYPE" ] || USEPKTTYPE=
|
||||
@ -2053,6 +2056,7 @@ report_capabilities1() {
|
||||
report_capability1 IPSET_V5
|
||||
report_capability1 CONDITION_MATCH
|
||||
report_capability1 IPTABLES_S
|
||||
report_capability1 BASIC_FILTER
|
||||
|
||||
echo CAPVERSION=$SHOREWALL_CAPVERSION
|
||||
echo KERNELVERSION=$KERNELVERSION
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
#
|
||||
|
||||
SHOREWALL_LIBVERSION=40407
|
||||
SHOREWALL_CAPVERSION=40424
|
||||
SHOREWALL_CAPVERSION=40425
|
||||
|
||||
[ -n "${VARDIR:=/var/lib/shorewall6}" ]
|
||||
[ -n "${SHAREDIR:=/usr/share/shorewall6}" ]
|
||||
|
||||
@ -1560,6 +1560,7 @@ determine_capabilities() {
|
||||
IPSET_V5=
|
||||
CONDITION_MATCH=
|
||||
IPTABLES_S=
|
||||
BASIC_FILTER=
|
||||
|
||||
chain=fooX$$
|
||||
|
||||
@ -1721,6 +1722,7 @@ determine_capabilities() {
|
||||
qt $IP6TABLES -X $chain1
|
||||
|
||||
[ -n "$TC" ] && $TC filter add flow help 2>&1 | grep -q ^Usage && FLOW_FILTER=Yes
|
||||
[ -n "$TC" ] && $TC filter add basic help 2>&1 | grep -q ^Usage && BASIC_FILTER=Yes
|
||||
[ -n "$IP" ] && $IP rule add help 2>&1 | grep -q /MASK && FWMARK_RT_MASK=Yes
|
||||
|
||||
CAPVERSION=$SHOREWALL_CAPVERSION
|
||||
@ -1808,6 +1810,7 @@ report_capabilities() {
|
||||
report_capability "ipset V5" $IPSET_V5
|
||||
report_capability "Condition Match" $CONDITION_MATCH
|
||||
report_capability "ip6tables -S" $IPTABLES_S
|
||||
report_capability "Basic Filter" $BASIC_FILTER
|
||||
fi
|
||||
|
||||
[ -n "$PKTTYPE" ] || USEPKTTYPE=
|
||||
@ -1877,6 +1880,7 @@ report_capabilities1() {
|
||||
report_capability1 IPSET_V5
|
||||
report_capability1 CONDITION_MATCH
|
||||
report_capability1 IPTABLES_S
|
||||
report_capability1 BASIC_FILTER
|
||||
|
||||
echo CAPVERSION=$SHOREWALL_CAPVERSION
|
||||
echo KERNELVERSION=$KERNELVERSION
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user