forked from extern/shorewall_code
Add UNTRACKED match to the secmarks file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
ab381ed95e
commit
5265cd5bb7
@ -2219,11 +2219,14 @@ sub process_secmark_rule() {
|
|||||||
I => 'tcin' ,
|
I => 'tcin' ,
|
||||||
O => 'tcout' , );
|
O => 'tcout' , );
|
||||||
|
|
||||||
my %state = ( N => 'NEW' ,
|
my %state = ( N => 'NEW' ,
|
||||||
I => 'INVALID',
|
I => 'INVALID',
|
||||||
NI => 'NEW,INVALID',
|
U => 'UNTRACKED',
|
||||||
E => 'ESTABLISHED' ,
|
NI => 'NEW,INVALID',
|
||||||
ER => 'ESTABLISHED,RELATED',
|
NU => 'NEW,UNTRACKED',
|
||||||
|
NIU => 'NEW,INVALID,UNTRACKED',
|
||||||
|
E => 'ESTABLISHED' ,
|
||||||
|
ER => 'ESTABLISHED,RELATED',
|
||||||
);
|
);
|
||||||
|
|
||||||
my ( $chain , $state, $rest) = split ':', $chainin , 3;
|
my ( $chain , $state, $rest) = split ':', $chainin , 3;
|
||||||
|
@ -92,7 +92,7 @@
|
|||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis role="bold">CHAIN:STATE (chain) -
|
<term><emphasis role="bold">CHAIN:STATE (chain) -
|
||||||
{P|I|F|O|T}[:{N|I|NI|E|ER}]</emphasis></term>
|
{P|I|F|O|T}[:{N|I|U|NI|NU|NIU|NUI:E|ER}]</emphasis></term>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>This column determines the CHAIN where the SElinux context is
|
<para>This column determines the CHAIN where the SElinux context is
|
||||||
@ -125,6 +125,17 @@
|
|||||||
|
|
||||||
<member>:ER - ESTABLISHED or RELATED connection</member>
|
<member>:ER - ESTABLISHED or RELATED connection</member>
|
||||||
</simplelist>
|
</simplelist>
|
||||||
|
|
||||||
|
<para>Beginning with Shorewall 4.5.10, the following additional
|
||||||
|
options are available</para>
|
||||||
|
|
||||||
|
<simplelist>
|
||||||
|
<member>:U - UNTRACKED connection</member>
|
||||||
|
|
||||||
|
<member>:NU - NEW or UNTRACKED connection</member>
|
||||||
|
|
||||||
|
<member>:NIU - NEW, INVALID or UNTRACKED connection.</member>
|
||||||
|
</simplelist>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
</variablelist>
|
</variablelist>
|
||||||
|
@ -122,6 +122,17 @@
|
|||||||
|
|
||||||
<member>:ER - ESTABLISHED or RELATED connection</member>
|
<member>:ER - ESTABLISHED or RELATED connection</member>
|
||||||
</simplelist>
|
</simplelist>
|
||||||
|
|
||||||
|
<para>Beginning with Shorewall 4.5.10, the following additional
|
||||||
|
options are available</para>
|
||||||
|
|
||||||
|
<simplelist>
|
||||||
|
<member>:U - UNTRACKED connection</member>
|
||||||
|
|
||||||
|
<member>:NU - NEW or UNTRACKED connection</member>
|
||||||
|
|
||||||
|
<member>:NIU - NEW, INVALID or UNTRACKED connection.</member>
|
||||||
|
</simplelist>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
</variablelist>
|
</variablelist>
|
||||||
|
Loading…
Reference in New Issue
Block a user