forked from extern/shorewall_code
Fix ENHANCED_REJECT and MODULE_SUFFIX
This commit is contained in:
parent
1155af38ab
commit
3c6054d842
@ -188,7 +188,7 @@ our %config;
|
||||
#
|
||||
# Config options and global settings that are to be copied to output script
|
||||
#
|
||||
our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX SUBSYSLOCK DONT_LOAD/;
|
||||
our @propagateconfig = qw/ DISABLE_IPV6 MODULESDIR MODULE_SUFFIX SUBSYSLOCK /;
|
||||
#
|
||||
# From parsing the capabilities file or detecting capabilities
|
||||
#
|
||||
@ -1908,7 +1908,7 @@ sub load_kernel_modules( ) {
|
||||
|
||||
close LSMOD;
|
||||
|
||||
$config{MODULE_SUFFIX} = 'o gz ko o.gz ko.gz' unless $config{MODULES_SUFFIX};
|
||||
$config{MODULE_SUFFIX} = 'o gz ko o.gz ko.gz' unless $config{MODULE_SUFFIX};
|
||||
|
||||
my @suffixes = split /\s+/ , $config{MODULE_SUFFIX};
|
||||
|
||||
@ -2029,7 +2029,13 @@ sub determine_capabilities( $ ) {
|
||||
$capabilities{IPP2P_MATCH} = qt1( "$iptables -A $sillyname -p tcp -m ipp2p --edk -j ACCEPT" );
|
||||
$capabilities{OLD_IPP2P_MATCH} = qt1( "$iptables -A $sillyname -p tcp -m ipp2p --ipp2p -j ACCEPT" ) if $capabilities{IPP2P_MATCH};
|
||||
$capabilities{LENGTH_MATCH} = qt1( "$iptables -A $sillyname -m length --length 10:20 -j ACCEPT" );
|
||||
$capabilities{ENHANCED_REJECT} = qt1( "$iptables -A $sillyname -j REJECT --reject-with icmp6-admt-prohibited" );
|
||||
|
||||
if ( $family == F_IPV6 ) {
|
||||
$capabilities{ENHANCED_REJECT} = qt1( "$iptables -A $sillyname -j REJECT --reject-with icmp6-adm-prohibited" );
|
||||
} else {
|
||||
$capabilities{ENHANCED_REJECT} = qt1( "$iptables -A $sillyname -j REJECT --reject-with icmp-host-prohibited" );
|
||||
}
|
||||
|
||||
$capabilities{COMMENTS} = qt1( qq($iptables -A $sillyname -j ACCEPT -m comment --comment "This is a comment" ) );
|
||||
|
||||
$capabilities{HASHLIMIT_MATCH} = qt1( "$iptables -A $sillyname -m hashlimit --hashlimit-upto 3/min --hashlimit-burst 3 --hashlimit-name $sillyname --hashlimit-mode srcip -j ACCEPT" );
|
||||
|
Loading…
Reference in New Issue
Block a user