holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Handle PROTO '-' in conntrack file processing.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2017-12-29 15:54:15 -08:00
parent 4e5b98d3d9
commit 6f82bfe7d1
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Shorewall/Perl/Shorewall/Raw.pm
View File

@ -138,10 +138,12 @@ sub process_conntrack_rule( $$$$$$$$$$ ) {
require_capability 'CT_TARGET', 'CT entries in the conntrack file', ''; require_capability 'CT_TARGET', 'CT entries in the conntrack file', '';
if ( $proto =~ s/:all$// ) { if ( $proto ne '-' ) {
fatal_error '":all" may only be used with TCP' unless resolve_proto( $proto ) == TCP; if ( $proto =~ s/:all$// ) {
} else { fatal_error '":all" may only be used with TCP' unless resolve_proto( $proto ) == TCP;
$proto = TCP . ':syn' if $proto !~ /:syn/ && resolve_proto( $proto ) == TCP; } else {
$proto = TCP . ':syn' if $proto !~ /:syn/ && resolve_proto( $proto ) == TCP;
}
} }
if ( $option eq 'notrack' ) { if ( $option eq 'notrack' ) {