forked from extern/shorewall_code
Add AUTOHELPERS option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
62d6d2558e
commit
07e56d129a
@ -656,6 +656,7 @@ sub initialize( $;$ ) {
|
||||
EXPORTMODULES => undef,
|
||||
LEGACY_FASTSTART => undef,
|
||||
USE_PHYSICAL_NAMES => undef,
|
||||
AUTOHELPERS => undef,
|
||||
#
|
||||
# Packet Disposition
|
||||
#
|
||||
@ -4260,6 +4261,7 @@ sub get_configuration( $$$ ) {
|
||||
default_yes_no 'LEGACY_FASTSTART' , 'Yes';
|
||||
default_yes_no 'USE_PHYSICAL_NAMES' , '';
|
||||
default_yes_no 'IPSET_WARNINGS' , 'Yes';
|
||||
default_yes_no 'AUTOHELPERS' , 'Yes';
|
||||
|
||||
require_capability 'MARK' , 'FORWARD_CLEAR_MARK=Yes', 's', if $config{FORWARD_CLEAR_MARK};
|
||||
|
||||
|
@ -127,6 +127,7 @@ ADMINISABSENTMINDED=Yes
|
||||
|
||||
AUTOCOMMENT=Yes
|
||||
|
||||
AUTOHELPERS=Yes
|
||||
|
||||
AUTOMAKE=No
|
||||
|
||||
|
@ -125,6 +125,7 @@ ADMINISABSENTMINDED=Yes
|
||||
|
||||
AUTOCOMMENT=Yes
|
||||
|
||||
AUTOHELPERS=Yes
|
||||
|
||||
AUTOMAKE=No
|
||||
|
||||
|
@ -128,6 +128,7 @@ ADMINISABSENTMINDED=Yes
|
||||
|
||||
AUTOCOMMENT=Yes
|
||||
|
||||
AUTOHELPERS=Yes
|
||||
|
||||
AUTOMAKE=No
|
||||
|
||||
|
@ -116,6 +116,7 @@ ADMINISABSENTMINDED=Yes
|
||||
|
||||
AUTOCOMMENT=Yes
|
||||
|
||||
AUTOHELPERS=Yes
|
||||
|
||||
AUTOMAKE=No
|
||||
|
||||
|
@ -299,6 +299,30 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">AUTOHELPERS=</emphasis>[<emphasis
|
||||
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.5.7.</para>
|
||||
|
||||
<para>In Linux 3.5, the Netfilter team announced that the automatic
|
||||
association of helpers with connections based on protocol and port
|
||||
would no longer be supported after a certain point. This means that
|
||||
explicit rules must be added in shorewall-conntrack (5) in order for
|
||||
applications like FTP that require a helper to continue to work
|
||||
correctly. To work around this problem, the AUTOHELPERS option was
|
||||
added with a default value of Yes.</para>
|
||||
|
||||
<para>If set to Yes and the CT Target capability is present in the
|
||||
kernel and iptables, then Shorewall will automatically create the
|
||||
same associations that were made by the modules themselves prior to
|
||||
removal of the automatic association feature. The associations are
|
||||
actually in shorewall-conntrack (5) so you can modify them to suit
|
||||
your particular needs. </para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">AUTOMAKE=</emphasis>[<emphasis
|
||||
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
|
||||
|
@ -111,6 +111,7 @@ ADMINISABSENTMINDED=Yes
|
||||
|
||||
AUTOCOMMENT=Yes
|
||||
|
||||
AUTOHELPERS=Yes
|
||||
|
||||
AUTOMAKE=No
|
||||
|
||||
|
@ -111,6 +111,7 @@ ADMINISABSENTMINDED=Yes
|
||||
|
||||
AUTOCOMMENT=Yes
|
||||
|
||||
AUTOHELPERS=Yes
|
||||
|
||||
AUTOMAKE=No
|
||||
|
||||
|
@ -111,6 +111,7 @@ ADMINISABSENTMINDED=Yes
|
||||
|
||||
AUTOCOMMENT=Yes
|
||||
|
||||
AUTOHELPERS=Yes
|
||||
|
||||
AUTOMAKE=No
|
||||
|
||||
|
@ -111,6 +111,7 @@ ADMINISABSENTMINDED=Yes
|
||||
|
||||
AUTOCOMMENT=Yes
|
||||
|
||||
AUTOHELPERS=Yes
|
||||
|
||||
AUTOMAKE=No
|
||||
|
||||
|
@ -228,6 +228,27 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><emphasis role="bold">AUTOHELPERS=</emphasis>[<emphasis
|
||||
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
|
||||
|
||||
<listitem>
|
||||
<para>Added in Shorewall 4.5.7.</para>
|
||||
|
||||
<para>In Linux 3.5, the Netfilter team announced that the automatic
|
||||
association of helpers with connections based on protocol and port
|
||||
would no longer be supported after a certain point. This means that
|
||||
explicit rules must be added in shorewall-conntrack (5) in order for
|
||||
applications like FTP that require a helper to continue to work
|
||||
correctly. To work around this problem, the AUTOHELPERS option was
|
||||
added with a default value of Yes.</para>
|
||||
|
||||
<para>If set to Yes and the CT Target capability is present in the
|
||||
kernel and iptables, then Shorewall will automatically create the
|
||||
same associations that were made by the modules themselves prior to
|
||||
removal of the automatic association feature. The associations are
|
||||
actually in shorewall-conntrack (5) so you can modify them to suit
|
||||
your particular needs.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user