Add IP[6]TABLES support for the conntrack file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2014-01-01 07:18:36 -08:00
parent 6c990a7253
commit 2c2aaf262c
2 changed files with 22 additions and 3 deletions

View File

@ -68,6 +68,7 @@ sub initialize_package_globals( $$$ ) {
Shorewall::Proxyarp::initialize($family);
Shorewall::IPAddrs::initialize($family);
Shorewall::Misc::initialize($family);
Shorewall::Raw::initialize($family);
}
#

View File

@ -47,6 +47,12 @@ our %valid_ctevent = ( new => 1,
natseqinfo => 1,
secmark => 1 );
our $family;
sub initialize($) {
$family = shift;
}
#
# Notrack
#
@ -105,10 +111,24 @@ sub process_conntrack_rule( $$$$$$$$$$ ) {
$action = $1;
$disposition = $1;
}
} elsif ( $action =~ /^IP(6)?TABLES\((.+)\)(:(.*))$/ ) {
if ( $family == F_IPV4 ) {
fatal_error 'Invalid conntrack ACTION (IP6TABLES)' if $1;
} else {
fatal_error "Invalid conntrack ACTION (IPTABLES)" unless $1;
}
my ( $tgt, $options ) = split( ' ', $2 );
my $target_type = $builtin_target{$tgt};
fatal_error "Unknown target ($tgt)" unless $target_type;
fatal_error "The $tgt TARGET is not allowed in the raw table" unless $target_type & RAW_TABLE;
$disposition = $tgt;
$action = 2;
validate_level( $level = $3 ) if supplied $3;
} else {
( $disposition, my ( $option, $args ), $level ) = split ':', $action, 4;
fatal_error "Invalid notrack ACTION ( $action )" if $disposition ne 'CT';
fatal_error "Invalid conntrack ACTION ( $action )" if $disposition ne 'CT';
validate_level( $level ) if supplied $level;
@ -243,8 +263,6 @@ sub process_format( $ ) {
sub setup_conntrack() {
$format = 1;
for my $name ( qw/notrack conntrack/ ) {
my $fn = open_file( $name, 3 , 1 );