forked from extern/shorewall_code
Add IPP2P UDP support -- Take 2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2794 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
7277150a46
commit
8fe0a32fd3
@ -3143,6 +3143,30 @@ process_tc_rule()
|
|||||||
mark="${mark%:*}"
|
mark="${mark%:*}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
do_ipp2p()
|
||||||
|
{
|
||||||
|
case $proto in
|
||||||
|
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
|
||||||
|
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
||||||
|
[ "x$port" = "x-" ] && port="ipp2p"
|
||||||
|
r="${r}-p tcp -m ipp2p --${port} "
|
||||||
|
;;
|
||||||
|
ipp2p-udp|IPP2P-UDP)
|
||||||
|
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
||||||
|
[ "x$port" = "x-" ] && port="ipp2p"
|
||||||
|
r="${r}-p udp -m ipp2p --${port} "
|
||||||
|
;;
|
||||||
|
ipp2p-both|IPP2P-both)
|
||||||
|
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
||||||
|
[ "x$port" = "x-" ] && port="ipp2p"
|
||||||
|
r="${r}-m ipp2p --${port} "
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
fatal_error "Unknown Protocol $proto. Rule: \"$rule\""
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
add_a_tc_rule() {
|
add_a_tc_rule() {
|
||||||
r=
|
r=
|
||||||
|
|
||||||
@ -3213,20 +3237,8 @@ process_tc_rule()
|
|||||||
multiport=
|
multiport=
|
||||||
|
|
||||||
case $proto in
|
case $proto in
|
||||||
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
|
ipp2p*|IPP2P*)
|
||||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
do_ipp2p
|
||||||
[ "x$port" = "x-" ] && port="ipp2p"
|
|
||||||
r="${r}-p tcp -m ipp2p --${port} "
|
|
||||||
;;
|
|
||||||
ipp2p-udp|IPP2P-UDP)
|
|
||||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
|
||||||
[ "x$port" = "x-" ] && port="ipp2p"
|
|
||||||
r="${r}-p udp -m ipp2p --${port} "
|
|
||||||
;;
|
|
||||||
ipp2p-both|IPP2P-both)
|
|
||||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
|
||||||
[ "x$port" = "x-" ] && port="ipp2p"
|
|
||||||
r="${r}-m ipp2p --${port} "
|
|
||||||
;;
|
;;
|
||||||
icmp|ICMP|1)
|
icmp|ICMP|1)
|
||||||
r="${r}-p icmp "
|
r="${r}-p icmp "
|
||||||
@ -3538,6 +3550,28 @@ process_accounting_rule() {
|
|||||||
rule="$rule -j $jumpchain"
|
rule="$rule -j $jumpchain"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
do_ipp2p() {
|
||||||
|
case $proto in
|
||||||
|
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
|
||||||
|
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
|
||||||
|
rule="$rule -p tcp -m ipp2p --${port:-ipp2p}"
|
||||||
|
port=
|
||||||
|
;;
|
||||||
|
ipp2p-udp|IPP2P-udp)
|
||||||
|
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
|
||||||
|
rule="$rule -p udp -m ipp2p --${port:-ipp2p}"
|
||||||
|
port=
|
||||||
|
;;
|
||||||
|
ipp2p-all|IPP2P-all)
|
||||||
|
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
|
||||||
|
rule="$rule -m ipp2p --${port:-ipp2p}"
|
||||||
|
port=
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
fatal_error "Unknown Protocol $proto"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
case $source in
|
case $source in
|
||||||
*:*)
|
*:*)
|
||||||
@ -3576,20 +3610,8 @@ process_accounting_rule() {
|
|||||||
[ -n "$proto" ] && case $proto in
|
[ -n "$proto" ] && case $proto in
|
||||||
-|any|all)
|
-|any|all)
|
||||||
;;
|
;;
|
||||||
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
|
ipp2p*|IPP2P*)
|
||||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
|
do_ipp2p
|
||||||
rule="$rule -p tcp -m ipp2p --${port:-ipp2p}"
|
|
||||||
port=
|
|
||||||
;;
|
|
||||||
ipp2p-udp|IPP2P-udp)
|
|
||||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
|
|
||||||
rule="$rule -p udp -m ipp2p --${port:-ipp2p}"
|
|
||||||
port=
|
|
||||||
;;
|
|
||||||
ipp2p-all|IPP2P-all)
|
|
||||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support"
|
|
||||||
rule="$rule -m ipp2p --${port:-ipp2p}"
|
|
||||||
port=
|
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
rule="$rule -p $proto"
|
rule="$rule -p $proto"
|
||||||
@ -3937,6 +3959,36 @@ add_an_action()
|
|||||||
user=
|
user=
|
||||||
}
|
}
|
||||||
|
|
||||||
|
do_ipp2p() {
|
||||||
|
case $proto in
|
||||||
|
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
|
||||||
|
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
||||||
|
dports="-m ipp2p --${port:-ipp2p}"
|
||||||
|
port=
|
||||||
|
proto=tcp
|
||||||
|
do_ports
|
||||||
|
;;
|
||||||
|
ipp2p-udpIPP2P-udp)
|
||||||
|
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
||||||
|
dports="-m ipp2p --${port:-ipp2p}"
|
||||||
|
port=
|
||||||
|
proto=udp
|
||||||
|
do_ports
|
||||||
|
;;
|
||||||
|
ipp2p-all|IPP2P-all)
|
||||||
|
[ -n "$port" ] && \
|
||||||
|
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
|
||||||
|
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
||||||
|
dports="-m ipp2p --${port:-ipp2p}"
|
||||||
|
port=
|
||||||
|
proto=all
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
fatal_error "Unknown protocol $proto. Rule: \"$rule\""
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
# Set source variables. The 'cli' variable will hold the client match predicate(s).
|
# Set source variables. The 'cli' variable will hold the client match predicate(s).
|
||||||
|
|
||||||
cli=
|
cli=
|
||||||
@ -4008,25 +4060,8 @@ add_an_action()
|
|||||||
icmp|ICMP|1)
|
icmp|ICMP|1)
|
||||||
[ -n "$port" ] && dports="--icmp-type $port"
|
[ -n "$port" ] && dports="--icmp-type $port"
|
||||||
;;
|
;;
|
||||||
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
|
ipp2p*|IPP2P*)
|
||||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
do_ipp2p
|
||||||
dports="-m ipp2p --${port:-ipp2p}"
|
|
||||||
port=
|
|
||||||
proto=tcp
|
|
||||||
do_ports
|
|
||||||
ipp2p-udpIPP2P-udp)
|
|
||||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
|
||||||
dports="-m ipp2p --${port:-ipp2p}"
|
|
||||||
port=
|
|
||||||
proto=udp
|
|
||||||
do_ports
|
|
||||||
ipp2p-all|IPP2P-all)
|
|
||||||
[ -n "$port" ] && \
|
|
||||||
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
|
|
||||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
|
||||||
dports="-m ipp2p --${port:-ipp2p}"
|
|
||||||
port=
|
|
||||||
proto=all
|
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
[ -n "$port" ] && \
|
[ -n "$port" ] && \
|
||||||
@ -5266,6 +5301,36 @@ process_rule() # $1 = target
|
|||||||
state=
|
state=
|
||||||
}
|
}
|
||||||
|
|
||||||
|
do_ipp2p() {
|
||||||
|
case $proto in
|
||||||
|
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
|
||||||
|
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
||||||
|
dports="-m ipp2p --${port:-ipp2p}"
|
||||||
|
port=
|
||||||
|
proto=tcp
|
||||||
|
do_ports
|
||||||
|
;;
|
||||||
|
ipp2p-udp|IPP2P-UDP)
|
||||||
|
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
||||||
|
dports="-m ipp2p --${port:-ipp2p}"
|
||||||
|
port=
|
||||||
|
proto=udp
|
||||||
|
do_ports
|
||||||
|
;;
|
||||||
|
ipp2p-all|IPP2P-ALL)
|
||||||
|
[ -n "$port" ] && \
|
||||||
|
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
|
||||||
|
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
||||||
|
dports="-m ipp2p --${port:-ipp2p}"
|
||||||
|
port=
|
||||||
|
proto=all
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
fatal_error "Unknown protocol $proto. Rule: \"$rule\""
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
# Set source variables. The 'cli' variable will hold the client match predicate(s).
|
# Set source variables. The 'cli' variable will hold the client match predicate(s).
|
||||||
|
|
||||||
cli=
|
cli=
|
||||||
@ -5347,27 +5412,8 @@ process_rule() # $1 = target
|
|||||||
fatal_error "Port number not allowed with protocol \"all\"; rule: \"$rule\""
|
fatal_error "Port number not allowed with protocol \"all\"; rule: \"$rule\""
|
||||||
proto=
|
proto=
|
||||||
;;
|
;;
|
||||||
ipp2p|IPP2P|ipp2p-tcp|IPP2P-TCP)
|
ipp2p*|IPP2P*)
|
||||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
do_ipp2p
|
||||||
dports="-m ipp2p --${port:-ipp2p}"
|
|
||||||
port=
|
|
||||||
proto=tcp
|
|
||||||
do_ports
|
|
||||||
;;
|
|
||||||
ipp2p-udp|IPP2P-UDP)
|
|
||||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
|
||||||
dports="-m ipp2p --${port:-ipp2p}"
|
|
||||||
port=
|
|
||||||
proto=udp
|
|
||||||
do_ports
|
|
||||||
;;
|
|
||||||
ipp2p-all|IPP2P-ALL)
|
|
||||||
[ -n "$port" ] && \
|
|
||||||
fatal_error "Port number not allowed with protocol \"$proto\"; rule: \"$rule\""
|
|
||||||
[ -n "$IPP2P_MATCH" ] || fatal_error "Your kernel and/or iptables does not have IPP2P match support. Rule: \"$rule\""
|
|
||||||
dports="-m ipp2p --${port:-ipp2p}"
|
|
||||||
port=
|
|
||||||
proto=all
|
|
||||||
;;
|
;;
|
||||||
*)
|
*)
|
||||||
[ -n "$port" ] && \
|
[ -n "$port" ] && \
|
||||||
|
Loading…
Reference in New Issue
Block a user