forked from extern/shorewall_code
Add IPP2P UDP support
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2793 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
340053a6bc
commit
7277150a46
@ -47,9 +47,9 @@
|
||||
# Format the same as the SOURCE column.
|
||||
#
|
||||
# PROTOCOL A protocol name (from /etc/protocols), a protocol
|
||||
# number, or "ipp2p"
|
||||
# number, "ipp2p", "ipp2p-udp" or "ipp2p-all"
|
||||
#
|
||||
# DEST PORT(S) Destination Port number. If the PROTOCOL is "ipp2p"
|
||||
# DEST PORT(S) Destination Port number. If the PROTOCOL is "ipp2p*"
|
||||
# then this column must contain an ipp2p option
|
||||
# ("iptables -m ipp2p --help") without the leading
|
||||
# "--". If no option is given in this column, "ipp2p"
|
||||
|
||||
@ -3213,11 +3213,21 @@ process_tc_rule()
|
||||
multiport=
|
||||
|
||||
case $proto in
|
||||
ipp2p|IPP2P)
|
||||
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
|
||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
||||
[ "x$port" = "x-" ] && port="ipp2p"
|
||||
r="${r}-p tcp -m ipp2p --${port} "
|
||||
;;
|
||||
ipp2p-udp|IPP2P-UDP)
|
||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
||||
[ "x$port" = "x-" ] && port="ipp2p"
|
||||
r="${r}-p udp -m ipp2p --${port} "
|
||||
;;
|
||||
ipp2p-both|IPP2P-both)
|
||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
||||
[ "x$port" = "x-" ] && port="ipp2p"
|
||||
r="${r}-m ipp2p --${port} "
|
||||
;;
|
||||
icmp|ICMP|1)
|
||||
r="${r}-p icmp "
|
||||
[ "x$port" = "x-" ] || r="${r}--icmp-type $port"
|
||||
@ -3566,11 +3576,21 @@ process_accounting_rule() {
|
||||
[ -n "$proto" ] && case $proto in
|
||||
-|any|all)
|
||||
;;
|
||||
ipp2p)
|
||||
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
|
||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
|
||||
rule="$rule -p tcp -m ipp2p --${port:-ipp2p}"
|
||||
port=
|
||||
;;
|
||||
ipp2p-udp|IPP2P-udp)
|
||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
|
||||
rule="$rule -p udp -m ipp2p --${port:-ipp2p}"
|
||||
port=
|
||||
;;
|
||||
ipp2p-all|IPP2P-all)
|
||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
|
||||
rule="$rule -m ipp2p --${port:-ipp2p}"
|
||||
port=
|
||||
;;
|
||||
*)
|
||||
rule="$rule -p $proto"
|
||||
;;
|
||||
@ -3988,12 +4008,25 @@ add_an_action()
|
||||
icmp|ICMP|1)
|
||||
[ -n "$port" ] && dports="--icmp-type $port"
|
||||
;;
|
||||
ipp2p)
|
||||
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
|
||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
||||
dports="-m ipp2p --${port:-ipp2p}"
|
||||
port=
|
||||
proto=tcp
|
||||
do_ports
|
||||
ipp2p-udpIPP2P-udp)
|
||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
||||
dports="-m ipp2p --${port:-ipp2p}"
|
||||
port=
|
||||
proto=udp
|
||||
do_ports
|
||||
ipp2p-all|IPP2P-all)
|
||||
[ -n "$port" ] && \
|
||||
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
|
||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
||||
dports="-m ipp2p --${port:-ipp2p}"
|
||||
port=
|
||||
proto=all
|
||||
;;
|
||||
*)
|
||||
[ -n "$port" ] && \
|
||||
@ -5314,13 +5347,28 @@ process_rule() # $1 = target
|
||||
fatal_error "Port number not allowed with protocol \"all\"; rule: \"$rule\""
|
||||
proto=
|
||||
;;
|
||||
ipp2p)
|
||||
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
|
||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
||||
dports="-m ipp2p --${port:-ipp2p}"
|
||||
port=
|
||||
proto=tcp
|
||||
do_ports
|
||||
;;
|
||||
ipp2p-udp|IPP2P-UDP)
|
||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
||||
dports="-m ipp2p --${port:-ipp2p}"
|
||||
port=
|
||||
proto=udp
|
||||
do_ports
|
||||
;;
|
||||
ipp2p-all|IPP2P-ALL)
|
||||
[ -n "$port" ] && \
|
||||
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
|
||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
||||
dports="-m ipp2p --${port:-ipp2p}"
|
||||
port=
|
||||
proto=all
|
||||
;;
|
||||
*)
|
||||
[ -n "$port" ] && \
|
||||
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
|
||||
|
||||
@ -215,15 +215,16 @@
|
||||
# request should be redirected to.
|
||||
#
|
||||
# PROTO Protocol - Must be "tcp", "udp", "icmp", "ipp2p",
|
||||
# a number, or "all". "ipp2p" requires ipp2p match
|
||||
# support in your kernel and iptables.
|
||||
# "ipp2p-udp", "ipp2p-all" a number, or "all".
|
||||
# "ipp2p*" requires ipp2p match support in your kernel
|
||||
# and iptables.
|
||||
#
|
||||
# DEST PORT(S) Destination Ports. A comma-separated list of Port
|
||||
# names (from /etc/services), port numbers or port
|
||||
# ranges; if the protocol is "icmp", this column is
|
||||
# interpreted as the destination icmp-type(s).
|
||||
#
|
||||
# If the protocol is ipp2p, this column is interpreted
|
||||
# If the protocol is ipp2p*, this column is interpreted
|
||||
# as an ipp2p option without the leading "--" (example
|
||||
# "bit" for bit-torrent). If no port is given, "ipp2p" is
|
||||
# assumed.
|
||||
|
||||
@ -269,15 +269,16 @@
|
||||
# request should be redirected to.
|
||||
#
|
||||
# PROTO Protocol - Must be "tcp", "udp", "icmp", "ipp2p",
|
||||
# a number, or "all". "ipp2p" requires ipp2p match
|
||||
# support in your kernel and iptables.
|
||||
# "ipp2p-udp", "ipp2p-all" a number, or "all".
|
||||
# "ipp2p*" requires ipp2p match support in your kernel
|
||||
# and iptables.
|
||||
#
|
||||
# DEST PORT(S) Destination Ports. A comma-separated list of Port
|
||||
# names (from /etc/services), port numbers or port
|
||||
# ranges; if the protocol is "icmp", this column is
|
||||
# interpreted as the destination icmp-type(s).
|
||||
#
|
||||
# If the protocol is ipp2p, this column is interpreted
|
||||
# If the protocol is ipp2p*, this column is interpreted
|
||||
# as an ipp2p option without the leading "--" (example
|
||||
# "bit" for bit-torrent). If no port is given, "ipp2p" is
|
||||
# assumed.
|
||||
|
||||
@ -109,15 +109,16 @@
|
||||
# contain an interface name.
|
||||
#
|
||||
# PROTO Protocol - Must be "tcp", "udp", "icmp", "ipp2p",
|
||||
# a number, or "all". "ipp2p" requires ipp2p match
|
||||
# support in your kernel and iptables.
|
||||
# "ipp2p-udp", "ipp2p-all" a number, or "all".
|
||||
# "ipp2p" requires ipp2p match support in your kernel
|
||||
# and iptables.
|
||||
#
|
||||
# PORT(S) Destination Ports. A comma-separated list of Port
|
||||
# names (from /etc/services), port numbers or port
|
||||
# ranges; if the protocol is "icmp", this column is
|
||||
# interpreted as the destination icmp-type(s).
|
||||
#
|
||||
# If the protocol is ipp2p, this column is interpreted
|
||||
# If the protocol is ipp2p*, this column is interpreted
|
||||
# as an ipp2p option without the leading "--" (example
|
||||
# "bit" for bit-torrent). If no PORT is given, "ipp2p" is
|
||||
# assumed.
|
||||
|
||||
Loading…
Reference in New Issue
Block a user