extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-03 00:15:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

MARK and CONNMARK in the snat file

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2018-06-10 16:34:55 -07:00
parent 0632723a6c
commit e36547f8be
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
3 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -113,6 +113,7 @@ our @EXPORT = ( qw(
OPTIONS OPTIONS
IPTABLES IPTABLES
TARPIT TARPIT
MARKRULE
FILTER_TABLE FILTER_TABLE
NAT_TABLE NAT_TABLE
MANGLE_TABLE MANGLE_TABLE
@ -281,7 +282,7 @@ our %EXPORT_TAGS = (
get_interface_address get_interface_address
get_interface_addresses get_interface_addresses
get_interface_bcasts get_interface_bcasts
get_interface_acasts get_interface_acastst
interface_gateway interface_gateway
get_interface_gateway get_interface_gateway
get_interface_mac get_interface_mac
@ -461,6 +462,7 @@ use constant { STANDARD => 0x1, #defined by Netfilter
OPTIONS => 0x80000, #Target Accepts Options OPTIONS => 0x80000, #Target Accepts Options
IPTABLES => 0x100000, #IPTABLES or IP6TABLES IPTABLES => 0x100000, #IPTABLES or IP6TABLES
TARPIT => 0x200000, #TARPIT TARPIT => 0x200000, #TARPIT
MARKRULE => 0x400000, #MARK-oriented rules
FILTER_TABLE => 0x1000000, FILTER_TABLE => 0x1000000,
MANGLE_TABLE => 0x2000000, MANGLE_TABLE => 0x2000000,
@ -3186,14 +3188,14 @@ sub initialize_chain_table($) {
'ACCEPT+' => STANDARD + NONAT, 'ACCEPT+' => STANDARD + NONAT,
'ACCEPT!' => STANDARD, 'ACCEPT!' => STANDARD,
'ADD' => STANDARD + SET, 'ADD' => STANDARD + SET,
'AUDIT' => STANDARD + AUDIT + OPTIONS, 'AUDIT' => STANDARD + AUDIT + OPTIONS,
'A_ACCEPT' => STANDARD + AUDIT, 'A_ACCEPT' => STANDARD + AUDIT,
'A_ACCEPT+' => STANDARD + NONAT + AUDIT, 'A_ACCEPT+' => STANDARD + NONAT + AUDIT,
'A_ACCEPT!' => STANDARD + AUDIT, 'A_ACCEPT!' => STANDARD + AUDIT,
'A_DROP' => STANDARD + AUDIT, 'A_DROP' => STANDARD + AUDIT,
'A_DROP!' => STANDARD + AUDIT, 'A_DROP!' => STANDARD + AUDIT,
'NONAT' => STANDARD + NONAT + NATONLY, 'NONAT' => STANDARD + NONAT + NATONLY,
'CONNMARK' => STANDARD + OPTIONS, 'CONNMARK' => STANDARD + MARKRULE + OPTIONS,
'CONTINUE' => STANDARD, 'CONTINUE' => STANDARD,
'CONTINUE!' => STANDARD, 'CONTINUE!' => STANDARD,
'COUNT' => STANDARD, 'COUNT' => STANDARD,
@ -3206,8 +3208,8 @@ sub initialize_chain_table($) {
'INLINE' => INLINERULE, 'INLINE' => INLINERULE,
'IPTABLES' => IPTABLES, 'IPTABLES' => IPTABLES,
'LOG' => STANDARD + LOGRULE + OPTIONS, 'LOG' => STANDARD + LOGRULE + OPTIONS,
'MARK' => STANDARD + OPTIONS, 'MARK' => STANDARD + MARKRULE + OPTIONS,
'NFLOG' => STANDARD + LOGRULE + NFLOG + OPTIONS, 'NFLOG' => STANDARD + LOGRULE + NFLOG + OPTIONS,
'NFQUEUE' => STANDARD + NFQ + OPTIONS, 'NFQUEUE' => STANDARD + NFQ + OPTIONS,
'NFQUEUE!' => STANDARD + NFQ, 'NFQUEUE!' => STANDARD + NFQ,
'QUEUE' => STANDARD + OPTIONS, 'QUEUE' => STANDARD + OPTIONS,

2
Shorewall/Perl/Shorewall/Config.pm
View File

@ -465,7 +465,7 @@ our %capdesc = ( NAT_ENABLED => 'NAT',
TPROXY_TARGET => 'TPROXY Target', TPROXY_TARGET => 'TPROXY Target',
FLOW_FILTER => 'Flow Classifier', FLOW_FILTER => 'Flow Classifier',
FWMARK_RT_MASK => 'fwmark route mask', FWMARK_RT_MASK => 'fwmark route mask',
MARK_ANYWHERE => 'Mark in the filter table', MARK_ANYWHERE => 'Mark in the filter and nat tables',
HEADER_MATCH => 'Header Match', HEADER_MATCH => 'Header Match',
ACCOUNT_TARGET => 'ACCOUNT Target', ACCOUNT_TARGET => 'ACCOUNT Target',
AUDIT_TARGET => 'AUDIT Target', AUDIT_TARGET => 'AUDIT Target',

8
Shorewall/Perl/Shorewall/Rules.pm
View File

@ -5422,6 +5422,10 @@ sub process_snat1( $$$$$$$$$$$$ ) {
$actiontype = $builtin_target{$target = 'MASQUERADE'}; $actiontype = $builtin_target{$target = 'MASQUERADE'};
$add_snat_aliases = ''; $add_snat_aliases = '';
$logaction = 'MASQ'; $logaction = 'MASQ';
} elsif ( $action =~ /^((?:CONN)?MARK)(\+)?\((.+)\)$/ ) {
$actiontype = $targets{$logaction = $1};
$pre_nat = $2;
validate_mark( $param = $3 );
} else { } else {
( $target , $params ) = get_target_param1( $action ); ( $target , $params ) = get_target_param1( $action );
@ -5440,7 +5444,7 @@ sub process_snat1( $$$$$$$$$$$$ ) {
$target = 'LOG'; $target = 'LOG';
} }
} else { } else {
fatal_error "Invalid ACTION ($action)" unless $actiontype & ( ACTION | INLINE ); fatal_error "Invalid ACTION ($action)" unless $actiontype & ( ACTION | INLINE | MARKRULE );
$logaction = ''; $logaction = '';
} }
} }
@ -5766,6 +5770,8 @@ sub process_snat1( $$$$$$$$$$$$ ) {
} else { } else {
$loglevel = ''; $loglevel = '';
} }
} elsif ( $actiontype & MARKRULE ) {
$target = "$logaction --set-mark $param"
} else { } else {
for my $option ( split_list2( $options , 'option' ) ) { for my $option ( split_list2( $options , 'option' ) ) {
if ( $option eq 'random' ) { if ( $option eq 'random' ) {