Add AUTOHELPERS option.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:09:18 -07:00 · 2012-08-02 11:09:18 -07:00 · 07e56d129a
commit 07e56d129a
parent 62d6d2558e
11 changed files with 55 additions and 0 deletions
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@ -656,6 +656,7 @@ sub initialize( $;$ ) {
 	  EXPORTMODULES => undef,
 	  LEGACY_FASTSTART => undef,
 	  USE_PHYSICAL_NAMES => undef,
 	  AUTOHELPERS => undef,
 	  #
 	  # Packet Disposition
 	  #
@ -4260,6 +4261,7 @@ sub get_configuration( $$$ ) {
    default_yes_no 'LEGACY_FASTSTART'           , 'Yes';
    default_yes_no 'USE_PHYSICAL_NAMES'         , '';
    default_yes_no 'IPSET_WARNINGS'             , 'Yes';
    default_yes_no 'AUTOHELPERS'                , 'Yes';
    require_capability 'MARK' , 'FORWARD_CLEAR_MARK=Yes', 's', if $config{FORWARD_CLEAR_MARK};
--- a/Shorewall/Samples/one-interface/shorewall.conf
+++ b/Shorewall/Samples/one-interface/shorewall.conf
@ -127,6 +127,7 @@ ADMINISABSENTMINDED=Yes
 AUTOCOMMENT=Yes
 AUTOHELPERS=Yes
 AUTOMAKE=No
--- a/Shorewall/Samples/three-interfaces/shorewall.conf
+++ b/Shorewall/Samples/three-interfaces/shorewall.conf
@ -125,6 +125,7 @@ ADMINISABSENTMINDED=Yes
 AUTOCOMMENT=Yes
 AUTOHELPERS=Yes
 AUTOMAKE=No
--- a/Shorewall/Samples/two-interfaces/shorewall.conf
+++ b/Shorewall/Samples/two-interfaces/shorewall.conf
@ -128,6 +128,7 @@ ADMINISABSENTMINDED=Yes
 AUTOCOMMENT=Yes
 AUTOHELPERS=Yes
 AUTOMAKE=No
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@ -116,6 +116,7 @@ ADMINISABSENTMINDED=Yes
 AUTOCOMMENT=Yes
 AUTOHELPERS=Yes
 AUTOMAKE=No
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@ -299,6 +299,30 @@
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">AUTOHELPERS=</emphasis>[<emphasis
        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
        <listitem>
          <para>Added in Shorewall 4.5.7.</para>
          <para>In Linux 3.5, the Netfilter team announced that the automatic
          association of helpers with connections based on protocol and port
          would no longer be supported after a certain point. This means that
          explicit rules must be added in shorewall-conntrack (5) in order for
          applications like FTP that require a helper to continue to work
          correctly. To work around this problem, the AUTOHELPERS option was
          added with a default value of Yes.</para>
          <para>If set to Yes and the CT Target capability is present in the
          kernel and iptables, then Shorewall will automatically create the
          same associations that were made by the modules themselves prior to
          removal of the automatic association feature. The associations are
          actually in shorewall-conntrack (5) so you can modify them to suit
          your particular needs. </para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">AUTOMAKE=</emphasis>[<emphasis
        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
--- a/Shorewall6/Samples6/Universal/shorewall6.conf
+++ b/Shorewall6/Samples6/Universal/shorewall6.conf
@ -111,6 +111,7 @@ ADMINISABSENTMINDED=Yes
 AUTOCOMMENT=Yes
 AUTOHELPERS=Yes
 AUTOMAKE=No
--- a/Shorewall6/Samples6/one-interface/shorewall6.conf
+++ b/Shorewall6/Samples6/one-interface/shorewall6.conf
@ -111,6 +111,7 @@ ADMINISABSENTMINDED=Yes
 AUTOCOMMENT=Yes
 AUTOHELPERS=Yes
 AUTOMAKE=No
--- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf
@ -111,6 +111,7 @@ ADMINISABSENTMINDED=Yes
 AUTOCOMMENT=Yes
 AUTOHELPERS=Yes
 AUTOMAKE=No
--- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf
@ -111,6 +111,7 @@ ADMINISABSENTMINDED=Yes
 AUTOCOMMENT=Yes
 AUTOHELPERS=Yes
 AUTOMAKE=No
--- a/Shorewall6/manpages/shorewall6.conf.xml
+++ b/Shorewall6/manpages/shorewall6.conf.xml
@ -228,6 +228,27 @@
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">AUTOHELPERS=</emphasis>[<emphasis
        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
        <listitem>
          <para>Added in Shorewall 4.5.7.</para>
          <para>In Linux 3.5, the Netfilter team announced that the automatic
          association of helpers with connections based on protocol and port
          would no longer be supported after a certain point. This means that
          explicit rules must be added in shorewall-conntrack (5) in order for
          applications like FTP that require a helper to continue to work
          correctly. To work around this problem, the AUTOHELPERS option was
          added with a default value of Yes.</para>
          <para>If set to Yes and the CT Target capability is present in the
          kernel and iptables, then Shorewall will automatically create the
          same associations that were made by the modules themselves prior to
          removal of the automatic association feature. The associations are
          actually in shorewall-conntrack (5) so you can modify them to suit
          your particular needs.</para>
        </listitem>
      </varlistentry>