extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-22 14:20:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix CT helpers

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2011-12-17 08:59:27 -08:00
parent 57d0550311
commit ba5db8753e
4 changed files with 27 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -66,6 +66,7 @@ our @EXPORT = qw(
get_action_logging get_action_logging
%chain_table %chain_table
%helpers
$raw_table $raw_table
$rawpost_table $rawpost_table
$nat_table $nat_table
@ -281,6 +282,7 @@ our $rawpost_table;
our $nat_table; our $nat_table;
our $mangle_table; our $mangle_table;
our $filter_table; our $filter_table;
our %helpers;
my $comment; my $comment;
my @comments; my @comments;
my $export; my $export;
@ -555,6 +557,20 @@ sub initialize( $$$ ) {
$ipset_rules = 0 if $hard; $ipset_rules = 0 if $hard;
%ipset_exists = (); %ipset_exists = ();
%helpers = ( amanda => 1,
ftp => 1,
h323 => 1,
irc => 1,
netbios_ns => 1,
netlink => 1,
proto_gre => 1,
proto_sctp => 1,
pptp => 1,
proto_udplite => 1,
sane => 1,
sip => 1,
tftp => 1 );
# #
# The chain table is initialized via a call to initialize_chain_table() after the configuration and capabilities have been determined. # The chain table is initialized via a call to initialize_chain_table() after the configuration and capabilities have been determined.
# #
@ -3986,6 +4002,8 @@ sub do_helper( $ ) {
return '' if $helper eq '-'; return '' if $helper eq '-';
warning_message "Unrecognized helper ($helper)" unless $helpers{$helper};
qq(-m helper --helper "$helper" ); qq(-m helper --helper "$helper" );
} }

2
Shorewall/Perl/Shorewall/Config.pm
View File

@ -2769,7 +2769,7 @@ our %detect_capability =
CONNMARK => \&Connmark, CONNMARK => \&Connmark,
CONNMARK_MATCH => \&Connmark_Match, CONNMARK_MATCH => \&Connmark_Match,
CONNTRACK_MATCH => \&Conntrack_Match, CONNTRACK_MATCH => \&Conntrack_Match,
CT_MATCH => \&Ct_Target, CT_TARGET => \&Ct_Target,
ENHANCED_REJECT => \&Enhanced_Reject, ENHANCED_REJECT => \&Enhanced_Reject,
EXMARK => \&Exmark, EXMARK => \&Exmark,
FLOW_FILTER => \&Flow_Filter, FLOW_FILTER => \&Flow_Filter,

8
Shorewall/Perl/Shorewall/Raw.pm
View File

@ -74,7 +74,11 @@ sub process_notrack_rule( $$$$$$$ ) {
} else { } else {
fatal_error "Invalid or missing CT option and arguments" unless supplied $option && supplied $args; fatal_error "Invalid or missing CT option and arguments" unless supplied $option && supplied $args;
if ( $option eq 'ctevents' ) { if ( $option eq 'helper' ) {
fatal_error "Invalid helper' ($args)" if $args =~ /,/;
warning_message "Unrecognized helper ($args)" unless $helpers{$args};
$action = "CT --helper $args";
} elsif ( $option eq 'ctevents' ) {
for ( split ',', $args ) { for ( split ',', $args ) {
fatal_error "Invalid 'ctevents' event ($_)" unless $valid_ctevent{$_}; fatal_error "Invalid 'ctevents' event ($_)" unless $valid_ctevent{$_};
} }
@ -85,7 +89,7 @@ sub process_notrack_rule( $$$$$$$ ) {
} elsif ( $option eq 'zone' ) { } elsif ( $option eq 'zone' ) {
fatal_error "Invalid zone id ($args)" unless $args =~ /^\d+$/; fatal_error "Invalid zone id ($args)" unless $args =~ /^\d+$/;
} else { } else {
fatal_error "Invalid CT optio ($option)"; fatal_error "Invalid CT option ($option)";
} }
} }
} }

1
Shorewall/helpers
View File

@ -48,6 +48,7 @@ loadmodule nf_conntrack_netlink
loadmodule nf_conntrack_pptp loadmodule nf_conntrack_pptp
loadmodule nf_conntrack_proto_gre loadmodule nf_conntrack_proto_gre
loadmodule nf_conntrack_proto_sctp loadmodule nf_conntrack_proto_sctp
loadmodule nf_conntrack_proto_udplite
loadmodule nf_conntrack_sip sip_direct_media=0 loadmodule nf_conntrack_sip sip_direct_media=0
loadmodule nf_conntrack_tftp loadmodule nf_conntrack_tftp
loadmodule nf_conntrack_sane loadmodule nf_conntrack_sane