From 5265cd5bb729d921ff62d32f4ab924d93689b216 Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Sun, 18 Nov 2012 11:01:49 -0800 Subject: [PATCH] Add UNTRACKED match to the secmarks file. Signed-off-by: Tom Eastep --- Shorewall/Perl/Shorewall/Tc.pm | 13 ++++++++----- Shorewall/manpages/shorewall-secmarks.xml | 13 ++++++++++++- Shorewall6/manpages/shorewall6-secmarks.xml | 11 +++++++++++ 3 files changed, 31 insertions(+), 6 deletions(-) diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm index fffe16346..5f3cfd638 100644 --- a/Shorewall/Perl/Shorewall/Tc.pm +++ b/Shorewall/Perl/Shorewall/Tc.pm @@ -2219,11 +2219,14 @@ sub process_secmark_rule() { I => 'tcin' , O => 'tcout' , ); - my %state = ( N => 'NEW' , - I => 'INVALID', - NI => 'NEW,INVALID', - E => 'ESTABLISHED' , - ER => 'ESTABLISHED,RELATED', + my %state = ( N => 'NEW' , + I => 'INVALID', + U => 'UNTRACKED', + NI => 'NEW,INVALID', + NU => 'NEW,UNTRACKED', + NIU => 'NEW,INVALID,UNTRACKED', + E => 'ESTABLISHED' , + ER => 'ESTABLISHED,RELATED', ); my ( $chain , $state, $rest) = split ':', $chainin , 3; diff --git a/Shorewall/manpages/shorewall-secmarks.xml b/Shorewall/manpages/shorewall-secmarks.xml index d8bed9ed7..af0d49a4e 100644 --- a/Shorewall/manpages/shorewall-secmarks.xml +++ b/Shorewall/manpages/shorewall-secmarks.xml @@ -92,7 +92,7 @@ CHAIN:STATE (chain) - - {P|I|F|O|T}[:{N|I|NI|E|ER}] + {P|I|F|O|T}[:{N|I|U|NI|NU|NIU|NUI:E|ER}] This column determines the CHAIN where the SElinux context is @@ -125,6 +125,17 @@ :ER - ESTABLISHED or RELATED connection + + Beginning with Shorewall 4.5.10, the following additional + options are available + + + :U - UNTRACKED connection + + :NU - NEW or UNTRACKED connection + + :NIU - NEW, INVALID or UNTRACKED connection. + diff --git a/Shorewall6/manpages/shorewall6-secmarks.xml b/Shorewall6/manpages/shorewall6-secmarks.xml index 53c6339cd..a39a1b3de 100644 --- a/Shorewall6/manpages/shorewall6-secmarks.xml +++ b/Shorewall6/manpages/shorewall6-secmarks.xml @@ -122,6 +122,17 @@ :ER - ESTABLISHED or RELATED connection + + Beginning with Shorewall 4.5.10, the following additional + options are available + + + :U - UNTRACKED connection + + :NU - NEW or UNTRACKED connection + + :NIU - NEW, INVALID or UNTRACKED connection. +