forked from extern/shorewall_code
Add HELPER action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
bd3295b0e3
commit
44a550870c
@ -2482,7 +2482,8 @@ sub initialize_chain_table($) {
|
|||||||
'NFQUEUE!' => STANDARD + NFQ,
|
'NFQUEUE!' => STANDARD + NFQ,
|
||||||
'ADD' => STANDARD + SET,
|
'ADD' => STANDARD + SET,
|
||||||
'DEL' => STANDARD + SET,
|
'DEL' => STANDARD + SET,
|
||||||
'WHITELIST' => STANDARD
|
'WHITELIST' => STANDARD,
|
||||||
|
'HELPER' => STANDARD + HELPER + NATONLY, #Actually RAWONLY
|
||||||
);
|
);
|
||||||
|
|
||||||
for my $chain ( qw(OUTPUT PREROUTING) ) {
|
for my $chain ( qw(OUTPUT PREROUTING) ) {
|
||||||
@ -2528,6 +2529,7 @@ sub initialize_chain_table($) {
|
|||||||
'NFQUEUE!' => STANDARD + NFQ,
|
'NFQUEUE!' => STANDARD + NFQ,
|
||||||
'ADD' => STANDARD + SET,
|
'ADD' => STANDARD + SET,
|
||||||
'DEL' => STANDARD + SET,
|
'DEL' => STANDARD + SET,
|
||||||
|
'HELPER' => STANDARD + HELPER + NATONLY, #Actually RAWONLY
|
||||||
);
|
);
|
||||||
|
|
||||||
for my $chain ( qw(OUTPUT PREROUTING) ) {
|
for my $chain ( qw(OUTPUT PREROUTING) ) {
|
||||||
|
@ -1465,7 +1465,7 @@ sub process_action( $) {
|
|||||||
if ( $format == 1 ) {
|
if ( $format == 1 ) {
|
||||||
($target, $source, $dest, $proto, $ports, $sports, $rate, $user, $mark ) =
|
($target, $source, $dest, $proto, $ports, $sports, $rate, $user, $mark ) =
|
||||||
split_line1 'action file', { target => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, rate => 6, user => 7, mark => 8 }, $rule_commands;
|
split_line1 'action file', { target => 0, source => 1, dest => 2, proto => 3, dport => 4, sport => 5, rate => 6, user => 7, mark => 8 }, $rule_commands;
|
||||||
$origdest = $connlimit = $time = $headers = $condition = '-';
|
$origdest = $connlimit = $time = $headers = $condition = $helper = '-';
|
||||||
} else {
|
} else {
|
||||||
($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper )
|
($target, $source, $dest, $proto, $ports, $sports, $origdest, $rate, $user, $mark, $connlimit, $time, $headers, $condition, $helper )
|
||||||
= split_line1 'action file', \%rulecolumns, $action_commands;
|
= split_line1 'action file', \%rulecolumns, $action_commands;
|
||||||
@ -1594,7 +1594,7 @@ sub process_macro ( $$$$$$$$$$$$$$$$$$$) {
|
|||||||
|
|
||||||
my $actiontype = $targets{$action} || find_macro( $action );
|
my $actiontype = $targets{$action} || find_macro( $action );
|
||||||
|
|
||||||
fatal_error "Invalid Action ($mtarget) in macro" unless $actiontype & ( ACTION + STANDARD + NATRULE + MACRO + CHAIN );
|
fatal_error( "Invalid Action ($mtarget) in macro", $actiontype ) unless $actiontype & ( ACTION + STANDARD + NATRULE + MACRO + CHAIN );
|
||||||
|
|
||||||
if ( $msource ) {
|
if ( $msource ) {
|
||||||
if ( $msource eq '-' ) {
|
if ( $msource eq '-' ) {
|
||||||
@ -1850,6 +1850,11 @@ sub process_rule1 ( $$$$$$$$$$$$$$$$$$ ) {
|
|||||||
COUNT => sub { $action = ''; } ,
|
COUNT => sub { $action = ''; } ,
|
||||||
|
|
||||||
LOG => sub { fatal_error 'LOG requires a log level' unless supplied $loglevel; } ,
|
LOG => sub { fatal_error 'LOG requires a log level' unless supplied $loglevel; } ,
|
||||||
|
|
||||||
|
HELPER => sub {
|
||||||
|
fatal_error "HELPER requires require that the helper be specified in the HELPER column" if $helper eq '-';
|
||||||
|
fatal_error "HELPER rules may only appear in the NEW section" unless $section eq 'NEW';
|
||||||
|
$action = ''; } ,
|
||||||
);
|
);
|
||||||
|
|
||||||
my $function = $functions{ $bt };
|
my $function = $functions{ $bt };
|
||||||
|
@ -503,6 +503,19 @@
|
|||||||
rule, it is passed on to the next rule.</para>
|
rule, it is passed on to the next rule.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>HELPER</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Added in Shorewall 4.5.7. This action requires that the
|
||||||
|
HELPER column contains the name of the Netfilter helper to be
|
||||||
|
associated with connections matching this connection. May only
|
||||||
|
be specified in the NEW section and is useful for being able
|
||||||
|
to specify a helper when the applicable policy is ACCEPT. No
|
||||||
|
destination zone should be specified in HELPER rules.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
</variablelist>
|
</variablelist>
|
||||||
|
|
||||||
<para>The <replaceable>target</replaceable> may optionally be
|
<para>The <replaceable>target</replaceable> may optionally be
|
||||||
|
@ -368,6 +368,19 @@
|
|||||||
deprecated.</para>
|
deprecated.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term>HELPER</term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Added in Shorewall 4.5.7. This action requires that the
|
||||||
|
HELPER column contains the name of the Netfilter helper to be
|
||||||
|
associated with connections matching this connection. May only
|
||||||
|
be specified in the NEW section and is useful for being able
|
||||||
|
to specify a helper when the applicable policy is ACCEPT. No
|
||||||
|
destination zone should be specified in HELPER rules.</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
</variablelist>
|
</variablelist>
|
||||||
|
|
||||||
<para>The <emphasis role="bold">ACTION</emphasis> may optionally be
|
<para>The <emphasis role="bold">ACTION</emphasis> may optionally be
|
||||||
|
Loading…
Reference in New Issue
Block a user