extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-24 00:23:28 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add IPP2P UDP support -- Take 2

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2794 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-10-04 18:20:28 +00:00
parent 7277150a46
commit 8fe0a32fd3
1 changed files with 115 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

184
Shorewall/firewall
View File

@ -3143,6 +3143,30 @@ process_tc_rule()
mark="${mark%:*}" mark="${mark%:*}"
} }
do_ipp2p()
{
case $proto in
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
[ "x$port" = "x-" ] && port="ipp2p"
r="${r}-p tcp -m ipp2p --${port} "
;;
ipp2p-udp|IPP2P-UDP)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
[ "x$port" = "x-" ] && port="ipp2p"
r="${r}-p udp -m ipp2p --${port} "
;;
ipp2p-both|IPP2P-both)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
[ "x$port" = "x-" ] && port="ipp2p"
r="${r}-m ipp2p --${port} "
;;
*)
fatal_error "Unknown Protocol $proto. Rule: \"$rule\""
;;
esac
}
add_a_tc_rule() { add_a_tc_rule() {
r= r=
@ -3213,20 +3237,8 @@ process_tc_rule()
multiport= multiport=
case $proto in case $proto in
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP) ipp2p*|IPP2P*)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\"" do_ipp2p
[ "x$port" = "x-" ] && port="ipp2p"
r="${r}-p tcp -m ipp2p --${port} "
;;
ipp2p-udp|IPP2P-UDP)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
[ "x$port" = "x-" ] && port="ipp2p"
r="${r}-p udp -m ipp2p --${port} "
;;
ipp2p-both|IPP2P-both)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
[ "x$port" = "x-" ] && port="ipp2p"
r="${r}-m ipp2p --${port} "
;; ;;
icmp|ICMP|1) icmp|ICMP|1)
r="${r}-p icmp " r="${r}-p icmp "
@ -3538,6 +3550,28 @@ process_accounting_rule() {
rule="$rule -j $jumpchain" rule="$rule -j $jumpchain"
} }
do_ipp2p() {
case $proto in
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
rule="$rule -p tcp -m ipp2p --${port:-ipp2p}"
port=
;;
ipp2p-udp|IPP2P-udp)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
rule="$rule -p udp -m ipp2p --${port:-ipp2p}"
port=
;;
ipp2p-all|IPP2P-all)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
rule="$rule -m ipp2p --${port:-ipp2p}"
port=
;;
*)
fatal_error "Unknown Protocol $proto"
;;
esac
}
case $source in case $source in
*:*) *:*)
@ -3576,21 +3610,9 @@ process_accounting_rule() {
[ -n "$proto" ] && case $proto in [ -n "$proto" ] && case $proto in
-|any|all) -|any|all)
;; ;;
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP) ipp2p*|IPP2P*)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support" do_ipp2p
rule="$rule -p tcp -m ipp2p --${port:-ipp2p}" ;;
port=
;;
ipp2p-udp|IPP2P-udp)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
rule="$rule -p udp -m ipp2p --${port:-ipp2p}"
port=
;;
ipp2p-all|IPP2P-all)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
rule="$rule -m ipp2p --${port:-ipp2p}"
port=
;;
*) *)
rule="$rule -p $proto" rule="$rule -p $proto"
;; ;;
@ -3937,6 +3959,36 @@ add_an_action()
user= user=
} }
do_ipp2p() {
case $proto in
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=tcp
do_ports
;;
ipp2p-udpIPP2P-udp)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=udp
do_ports
;;
ipp2p-all|IPP2P-all)
[ -n "$port" ] && \
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=all
;;
*)
fatal_error "Unknown protocol $proto. Rule: \"$rule\""
;;
esac
}
# Set source variables. The 'cli' variable will hold the client match predicate(s). # Set source variables. The 'cli' variable will hold the client match predicate(s).
cli= cli=
@ -4008,25 +4060,8 @@ add_an_action()
icmp|ICMP|1) icmp|ICMP|1)
[ -n "$port" ] && dports="--icmp-type $port" [ -n "$port" ] && dports="--icmp-type $port"
;; ;;
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP) ipp2p*|IPP2P*)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\"" do_ipp2p
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=tcp
do_ports
ipp2p-udpIPP2P-udp)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=udp
do_ports
ipp2p-all|IPP2P-all)
[ -n "$port" ] && \
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=all
;; ;;
*) *)
[ -n "$port" ] && \ [ -n "$port" ] && \
@ -5266,6 +5301,36 @@ process_rule() # $1 = target
state= state=
} }
do_ipp2p() {
case $proto in
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=tcp
do_ports
;;
ipp2p-udp|IPP2P-UDP)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=udp
do_ports
;;
ipp2p-all|IPP2P-ALL)
[ -n "$port" ] && \
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=all
;;
*)
fatal_error "Unknown protocol $proto. Rule: \"$rule\""
;;
esac
}
# Set source variables. The 'cli' variable will hold the client match predicate(s). # Set source variables. The 'cli' variable will hold the client match predicate(s).
cli= cli=
@ -5347,27 +5412,8 @@ process_rule() # $1 = target
fatal_error "Port number not allowed with protocol \"all\"; rule: \"$rule\"" fatal_error "Port number not allowed with protocol \"all\"; rule: \"$rule\""
proto= proto=
;; ;;
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP) ipp2p*|IPP2P*)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\"" do_ipp2p
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=tcp
do_ports
;;
ipp2p-udp|IPP2P-UDP)
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=udp
do_ports
;;
ipp2p-all|IPP2P-ALL)
[ -n "$port" ] && \
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
dports="-m ipp2p --${port:-ipp2p}"
port=
proto=all
;; ;;
*) *)
[ -n "$port" ] && \ [ -n "$port" ] && \