From 0ae1bdfbc14bcaeac2b8599f11be2315fe687b98 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Fri, 26 Aug 2005 20:11:27 +0000
Subject: [PATCH] Restore 'ipp2p' support to the rules file

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2564 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/firewall         |  6 ++++++
 Shorewall/releasenotes.txt |  4 ++++
 Shorewall/rules            | 14 ++++++++++----
 3 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/Shorewall/firewall b/Shorewall/firewall
index c68bc2af4..272911800 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -5165,6 +5165,12 @@ process_rule() # $1 = target
 		    fatal_error "Port number not allowed with protocol \"all\"; rule: \"$rule\""
 		proto=
 		;;
+	    ipp2p)
+		dports="-m ipp2p --${port:-ipp2p}"
+		port=
+		proto=tcp
+		do_ports
+		;;
 	    *)
 		[ -n "$port" ] && \
 		    fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 288d1ef53..6015c135e 100755
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -72,6 +72,10 @@ New Features in Shorewall 2.5.3
     Macros may be used in these sections provided that they expand to
     only these ACTIONs.
 
+6)  The value 'ipp2p' is once again allowed in the PROTO column of
+    the rules file. It is recommended that rules specifying 'ipp2p'
+    only be included in the ESTABLISHED section of the file.
+
 Problems Corrected in 2.5.2:
 
 1) You may now include port lists in in the /etc/shorewall/accounting
diff --git a/Shorewall/rules b/Shorewall/rules
index 60031fe12..6b3cf61b4 100755
--- a/Shorewall/rules
+++ b/Shorewall/rules
@@ -253,14 +253,20 @@
 #			contain the port number on the firewall that the
 #			request should be redirected to.
 #
-#	PROTO		Protocol - Must be "tcp", "udp", "icmp", a number, or
-#			"all".
+#	PROTO		Protocol - Must be "tcp", "udp", "icmp", "ipp2p", 
+#			a number, or "all". "ipp2p" requires ipp2p match
+#			support in your kernel and iptables.
 #
 #	DEST PORT(S)	Destination Ports. A comma-separated list of Port
 #			names (from /etc/services), port numbers or port
 #			ranges; if the protocol is "icmp", this column is
 #			interpreted as the destination icmp-type(s).
 #
+#			If the protocol is ipp2p, this column is interpreted
+#			as an ipp2p option without the leading "--" (example
+#			"bit" for bit-torrent). If no port is given, "ipp2p" is
+#			assumed.
+#
 #			A port range is expressed as <low port>:<high port>.
 #
 #			This column is ignored if PROTOCOL = all but must be
@@ -404,7 +410,7 @@
 #############################################################################################################
 #ACTION	SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/
 #						PORT	PORT(S)		DEST		LIMIT		GROUP
-SECTION ESTABLISHED
-SECTION RELATED
+#SECTION ESTABLISHED
+#SECTION RELATED
 SECTION NEW
 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE