extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-22 15:43:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Don't require a helper in the CT action.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2015-05-16 09:08:32 -07:00
parent 86ef3d3e35
commit 9329e7c36c
4 changed files with 24 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -765,7 +765,6 @@ sub initialize( $$$ ) {
RETURN => 1,
QUEUE => 1,
CLASSIFY => 1,
CT => 1,
DNAT => 1,
MASQUERADE => 1,
NETMAP => 1,

15
Shorewall/Perl/Shorewall/Raw.pm
View File

@ -148,16 +148,21 @@ sub process_conntrack_rule( $$$$$$$$$$ ) {
$disposition = "helper";
if ( $args =~ /^([-\w.]+)\((.+)\)$/ ) {
if ( $args =~ /^([-\w.]*)\((.+)\)$/ ) {
$args = $1;
$modifiers = $2;
}
fatal_error "Invalid helper' ($args)" if $args =~ /,/;
validate_helper( $args, $proto );
$action = "CT --helper $helpers_aliases{$args}";
$exception_rule = do_proto( $proto, '-', '-' );
if ( supplied $args ) {
fatal_error "Invalid helper' ($args)" if $args =~ /,/;
validate_helper( $args, $proto );
$action = "CT --helper $helpers_aliases{$args}";
} else {
$action = "CT ";
}
$exception_rule = do_proto( $proto, '-', '-' );
for my $mod ( split_list1( $modifiers, 'ctevents' ) ) {
fatal_error "Invalid helper option ($mod)" unless $mod =~ /^(\w+)=(.+)$/;
$mod = $1;

10
Shorewall/manpages/shorewall-conntrack.xml
View File

@ -90,7 +90,7 @@
role="bold">NOTRACK</emphasis>|<emphasis
role="bold">CT</emphasis>:<emphasis
role="bold">helper</emphasis>:<replaceable>name</replaceable>[(<replaceable>arg</replaceable>=<replaceable>val</replaceable>[,...])|<emphasis
role="bold">CT:notrack</emphasis>|DROP|LOG|ULOG(<replaceable>ulog-parameters</replaceable>):NFLOG(<replaceable>nflog-parameters</replaceable>)|IPTABLES(<replaceable>target</replaceable>)}[<replaceable>log-level</replaceable>[:<replaceable>log-tag</replaceable>]][:<replaceable>chain-designator</replaceable>]</term>
role="bold">CT:helper:(<replaceable>arg</replaceable>=<replaceable>val</replaceable>[,...])|CT:notrack</emphasis>|DROP|LOG|ULOG(<replaceable>ulog-parameters</replaceable>):NFLOG(<replaceable>nflog-parameters</replaceable>)|IPTABLES(<replaceable>target</replaceable>)}[<replaceable>log-level</replaceable>[:<replaceable>log-tag</replaceable>]][:<replaceable>chain-designator</replaceable>]</term>
<listitem>
<para>This column is only present when FORMAT &gt;= 2. Values other
@ -114,7 +114,8 @@
<replaceable>name</replaceable> to this connection. This is more
flexible than loading the conntrack helper with preset ports. If
a <replaceable>log-level</replaceable> is specified, the packet
will also be logged at that level.</para>
will also be logged at that level. Beginning with Shorewall
4.6.10, the helper name is optional</para>
<para>At this writing, the available helpers are:</para>
@ -242,6 +243,11 @@
expectation events for this connection.</para>
</listitem>
</itemizedlist>
<para>Beginning with Shorewall 4.6.10, the parenthesized list of
<replaceable>arg</replaceable>=<replaceable>val</replaceable>
pairs may be given without a helper name (e.g.,
CT:helper:(ctevents=assured,destroyed)).</para>
</listitem>
<listitem>

6
Shorewall6/manpages/shorewall6-conntrack.xml
View File

@ -90,6 +90,7 @@
role="bold">NOTRACK</emphasis>|<emphasis
role="bold">CT</emphasis>:<emphasis
role="bold">helper</emphasis>:<replaceable>name</replaceable>[(<replaceable>arg</replaceable>=<replaceable>val</replaceable>[,...])|<emphasis
role="bold">CT:helper:(<replaceable>arg</replaceable>=<replaceable>val</replaceable>[,...])</emphasis>|<emphasis
role="bold">CT:notrack</emphasis>|DROP|LOG|NFLOG(<replaceable>nflog-parameters</replaceable>)|IP6TABLES(<replaceable>target</replaceable>)}[:<replaceable>log-level</replaceable>[:<replaceable>log-tag</replaceable>]][:<replaceable>chain-designator</replaceable>]</term>
<listitem>
@ -242,6 +243,11 @@
expectation events for this connection.</para>
</listitem>
</itemizedlist>
<para>Beginning with Shorewall 4.6.10, the parenthesized list of
<replaceable>arg</replaceable>=<replaceable>val</replaceable>
pairs may be given without a helper name (e.g.,
CT:helper:(ctevents=assured,destroyed)).</para>
</listitem>
<listitem>