extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-26 09:33:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add DROP target to the conntrack file.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2012-11-18 11:35:40 -08:00
parent 5265cd5bb7
commit c6ffdd67e2
3 changed files with 25 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall/Perl/Shorewall/Raw.pm
View File

@ -80,7 +80,7 @@ sub process_conntrack_rule( $$$$$$$$$ ) {
# Netfilter development list # Netfilter development list
# #
$action = 'CT --notrack' if have_capability 'CT_TARGET'; $action = 'CT --notrack' if have_capability 'CT_TARGET';
} else { } elsif ( $action ne 'DROP' ) {
( $target, my ( $option, $args, $junk ) ) = split ':', $action, 4; ( $target, my ( $option, $args, $junk ) ) = split ':', $action, 4;
fatal_error "Invalid notrack ACTION ( $action )" if $junk || $target ne 'CT'; fatal_error "Invalid notrack ACTION ( $action )" if $junk || $target ne 'CT';

19
Shorewall/manpages/shorewall-conntrack.xml
View File

@ -67,8 +67,8 @@
<listitem> <listitem>
<para>This column is only present when FORMAT = 2. Values other than <para>This column is only present when FORMAT = 2. Values other than
NOTRACK require <firstterm>CT Target </firstterm>support in your NOTRACK or DROP require <firstterm>CT Target </firstterm>support in
iptables and kernel.</para> your iptables and kernel.</para>
<itemizedlist> <itemizedlist>
<listitem> <listitem>
@ -78,6 +78,13 @@
<para>Disables connection tracking for this packet.</para> <para>Disables connection tracking for this packet.</para>
</listitem> </listitem>
<listitem>
<para><option>DROP</option></para>
<para>Added in Shorewall 4.5.10. Silently discard the
packet.</para>
</listitem>
<listitem> <listitem>
<para><option>helper</option>:<replaceable>name</replaceable></para> <para><option>helper</option>:<replaceable>name</replaceable></para>
@ -143,6 +150,14 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term/>
<listitem>
<para/>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term>sane</term> <term>sane</term>

7
Shorewall6/manpages/shorewall6-conntrack.xml
View File

@ -77,6 +77,13 @@
<para>Disables connection tracking for this packet.</para> <para>Disables connection tracking for this packet.</para>
</listitem> </listitem>
<listitem>
<para>DROP</para>
<para>Added in Shorewall 4.5.10. Silently discard the
packet.</para>
</listitem>
<listitem> <listitem>
<para><option>helper</option>:<replaceable>name</replaceable></para> <para><option>helper</option>:<replaceable>name</replaceable></para>