mirror of
https://gitlab.com/shorewall/code.git
synced 2025-01-20 12:39:06 +01:00
Correct CLI helper capability detection
- Previously, the HELPERS setting was ignored Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
e248c0a3d7
commit
fe37844455
@ -2475,6 +2475,7 @@ determine_capabilities() {
|
|||||||
local chain
|
local chain
|
||||||
local chain1
|
local chain1
|
||||||
local arptables
|
local arptables
|
||||||
|
local helper
|
||||||
|
|
||||||
if [ -z "$g_tool" ]; then
|
if [ -z "$g_tool" ]; then
|
||||||
[ $g_family -eq 4 ] && tool=iptables || tool=ip6tables
|
[ $g_family -eq 4 ] && tool=iptables || tool=ip6tables
|
||||||
@ -2776,21 +2777,44 @@ determine_capabilities() {
|
|||||||
if qt $g_tool -t raw -A $chain -j CT --notrack; then
|
if qt $g_tool -t raw -A $chain -j CT --notrack; then
|
||||||
CT_TARGET=Yes;
|
CT_TARGET=Yes;
|
||||||
|
|
||||||
qt $g_tool -t raw -A $chain -p udp --dport 10080 -j CT --helper amanda && AMANDA_HELPER=Yes
|
for helper in amanda ftp ftp0 h323 irc irc0 netbios_ns pptp sane sane0 sip sip0 snmp tftp tftp0; do
|
||||||
qt $g_tool -t raw -A $chain -p tcp --dport 21 -j CT --helper ftp && FTP_HELPER=Yes
|
eval ${helper}_ENABLED=''
|
||||||
qt $g_tool -t raw -A $chain -p tcp --dport 21 -j CT --helper ftp-0 && FTP0_HELPER=Yes
|
done
|
||||||
qt $g_tool -t raw -A $chain -p udp --dport 1719 -j CT --helper RAS && H323_HELPER=Yes
|
|
||||||
qt $g_tool -t raw -A $chain -p tcp --dport 6667 -j CT --helper irc && IRC_HELPER=Yes
|
if [ -n "$HELPERS" ]; then
|
||||||
qt $g_tool -t raw -A $chain -p tcp --dport 6667 -j CT --helper irc-0 && IRC0_HELPER=Yes
|
for helper in $(split_list "$HELPERS"); do
|
||||||
qt $g_tool -t raw -A $chain -p udp --dport 137 -j CT --helper netbios-ns && NETBIOS_NS_HELPER=Yes
|
case $helper in
|
||||||
qt $g_tool -t raw -A $chain -p tcp --dport 1729 -j CT --helper pptp && PPTP_HELPER=Yes
|
none)
|
||||||
qt $g_tool -t raw -A $chain -p tcp --dport 6566 -j CT --helper sane && SANE_HELPER=Yes
|
;;
|
||||||
qt $g_tool -t raw -A $chain -p tcp --dport 6566 -j CT --helper sane-0 && SANE0_HELPER=Yes
|
amanda|ftp|ftp0|h323|irc|irc0|netbios_ns|pptp|sane|sane0|sip|sip0|snmp|tftp|tftp0)
|
||||||
qt $g_tool -t raw -A $chain -p udp --dport 5060 -j CT --helper sip && SIP_HELPER=Yes
|
eval ${helper}_ENABLED=Yes
|
||||||
qt $g_tool -t raw -A $chain -p udp --dport 5060 -j CT --helper sip-0 && SIP0_HELPER=Yes
|
;;
|
||||||
qt $g_tool -t raw -A $chain -p udp --dport 161 -j CT --helper snmp && SNMP_HELPER=Yes
|
*)
|
||||||
qt $g_tool -t raw -A $chain -p udp --dport 69 -j CT --helper tftp && TFTP_HELPER=Yes
|
error_message "WARNING: Invalid helper ($helper) ignored"
|
||||||
qt $g_tool -t raw -A $chain -p udp --dport 69 -j CT --helper tftp-0 && TFTP0_HELPER=Yes
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
else
|
||||||
|
for helper in amanda ftp ftp0 h323 irc irc0 netbios_ns pptp sane sane0 sip sip0 snmp tftp tftp0; do
|
||||||
|
eval ${helper}_ENABLED=Yes
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
|
[ -n "$amanda_ENABLED" ] && qt $g_tool -t raw -A $chain -p udp --dport 10080 -j CT --helper amanda && AMANDA_HELPER=Yes
|
||||||
|
[ -n "$ftp_ENABLED" ] && qt $g_tool -t raw -A $chain -p tcp --dport 21 -j CT --helper ftp && FTP_HELPER=Yes
|
||||||
|
[ -n "$ftp0_ENABLED" ] && qt $g_tool -t raw -A $chain -p tcp --dport 21 -j CT --helper ftp-0 && FTP0_HELPER=Yes
|
||||||
|
[ -n "$h323_ENABLED" ] && qt $g_tool -t raw -A $chain -p udp --dport 1719 -j CT --helper RAS && H323_HELPER=Yes
|
||||||
|
[ -n "$irc_ENABLED" ] && qt $g_tool -t raw -A $chain -p tcp --dport 6667 -j CT --helper irc && IRC_HELPER=Yes
|
||||||
|
[ -n "$irc0_ENABLED" ] && qt $g_tool -t raw -A $chain -p tcp --dport 6667 -j CT --helper irc-0 && IRC0_HELPER=Yes
|
||||||
|
[ -n "$netbios_ns_ENABLED" ] && qt $g_tool -t raw -A $chain -p udp --dport 137 -j CT --helper netbios-ns && NETBIOS_NS_HELPER=Yes
|
||||||
|
[ -n "$pptp_ENABLED" ] && qt $g_tool -t raw -A $chain -p tcp --dport 1729 -j CT --helper pptp && PPTP_HELPER=Yes
|
||||||
|
[ -n "$sane_ENABLED" ] && qt $g_tool -t raw -A $chain -p tcp --dport 6566 -j CT --helper sane && SANE_HELPER=Yes
|
||||||
|
[ -n "$sane0_ENABLED" ] && qt $g_tool -t raw -A $chain -p tcp --dport 6566 -j CT --helper sane-0 && SANE0_HELPER=Yes
|
||||||
|
[ -n "$sip_ENABLED" ] && qt $g_tool -t raw -A $chain -p udp --dport 5060 -j CT --helper sip && SIP_HELPER=Yes
|
||||||
|
[ -n "$sip0_ENABLED" ] && qt $g_tool -t raw -A $chain -p udp --dport 5060 -j CT --helper sip-0 && SIP0_HELPER=Yes
|
||||||
|
[ -n "$snmp_ENABLED" ] && qt $g_tool -t raw -A $chain -p udp --dport 161 -j CT --helper snmp && SNMP_HELPER=Yes
|
||||||
|
[ -n "$tftp_ENABLED" ] && qt $g_tool -t raw -A $chain -p udp --dport 69 -j CT --helper tftp && TFTP_HELPER=Yes
|
||||||
|
[ -n "$tftp0_ENABLED" ] && qt $g_tool -t raw -A $chain -p udp --dport 69 -j CT --helper tftp-0 && TFTP0_HELPER=Yes
|
||||||
fi
|
fi
|
||||||
|
|
||||||
qt $g_tool -t raw -F $chain
|
qt $g_tool -t raw -F $chain
|
||||||
|
@ -211,6 +211,17 @@ split() {
|
|||||||
IFS=$ifs
|
IFS=$ifs
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Split a comma-separated list into a space-separated list
|
||||||
|
#
|
||||||
|
split_list() {
|
||||||
|
local ifs
|
||||||
|
ifs=$IFS
|
||||||
|
IFS=,
|
||||||
|
echo $*
|
||||||
|
IFS=$ifs
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Search a list looking for a match -- returns zero if a match found
|
# Search a list looking for a match -- returns zero if a match found
|
||||||
# 1 otherwise
|
# 1 otherwise
|
||||||
|
Loading…
Reference in New Issue
Block a user