forked from extern/shorewall_code
Add rawpost table detection
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
37b08dd991
commit
97121116a3
@ -279,6 +279,7 @@ my %capdesc = ( NAT_ENABLED => 'NAT',
|
|||||||
HEADER_MATCH => 'Header Match',
|
HEADER_MATCH => 'Header Match',
|
||||||
ACCOUNT_TARGET => 'ACCOUNT Target',
|
ACCOUNT_TARGET => 'ACCOUNT Target',
|
||||||
AUDIT_TARGET => 'AUDIT Target',
|
AUDIT_TARGET => 'AUDIT Target',
|
||||||
|
RAWPOST_TABLE => 'Rawpost Table',
|
||||||
CAPVERSION => 'Capability Version',
|
CAPVERSION => 'Capability Version',
|
||||||
KERNELVERSION => 'Kernel Version',
|
KERNELVERSION => 'Kernel Version',
|
||||||
);
|
);
|
||||||
@ -436,7 +437,7 @@ sub initialize( $ ) {
|
|||||||
STATEMATCH => '-m state --state',
|
STATEMATCH => '-m state --state',
|
||||||
UNTRACKED => 0,
|
UNTRACKED => 0,
|
||||||
VERSION => "4.4.22.1",
|
VERSION => "4.4.22.1",
|
||||||
CAPVERSION => 40421 ,
|
CAPVERSION => 40423 ,
|
||||||
);
|
);
|
||||||
#
|
#
|
||||||
# From shorewall.conf file
|
# From shorewall.conf file
|
||||||
@ -624,6 +625,7 @@ sub initialize( $ ) {
|
|||||||
CONNMARK_MATCH => undef,
|
CONNMARK_MATCH => undef,
|
||||||
XCONNMARK_MATCH => undef,
|
XCONNMARK_MATCH => undef,
|
||||||
RAW_TABLE => undef,
|
RAW_TABLE => undef,
|
||||||
|
RAWPOST_TABLE => undef,
|
||||||
IPP2P_MATCH => undef,
|
IPP2P_MATCH => undef,
|
||||||
OLD_IPP2P_MATCH => undef,
|
OLD_IPP2P_MATCH => undef,
|
||||||
CLASSIFY_TARGET => undef,
|
CLASSIFY_TARGET => undef,
|
||||||
@ -2525,6 +2527,10 @@ sub Raw_Table() {
|
|||||||
qt1( "$iptables -t raw -L -n" );
|
qt1( "$iptables -t raw -L -n" );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sub Rawpost_Table() {
|
||||||
|
qt1( "$iptables -t rawpost -L -n" );
|
||||||
|
}
|
||||||
|
|
||||||
sub Old_IPSet_Match() {
|
sub Old_IPSet_Match() {
|
||||||
my $ipset = $config{IPSET} || 'ipset';
|
my $ipset = $config{IPSET} || 'ipset';
|
||||||
my $result = 0;
|
my $result = 0;
|
||||||
@ -2707,6 +2713,7 @@ our %detect_capability =
|
|||||||
PHYSDEV_MATCH => \&Physdev_Match,
|
PHYSDEV_MATCH => \&Physdev_Match,
|
||||||
POLICY_MATCH => \&Policy_Match,
|
POLICY_MATCH => \&Policy_Match,
|
||||||
RAW_TABLE => \&Raw_Table,
|
RAW_TABLE => \&Raw_Table,
|
||||||
|
RAWPOST_TABLE => \&Rawpost_Table,
|
||||||
REALM_MATCH => \&Realm_Match,
|
REALM_MATCH => \&Realm_Match,
|
||||||
RECENT_MATCH => \&Recent_Match,
|
RECENT_MATCH => \&Recent_Match,
|
||||||
TCPMSS_MATCH => \&Tcpmss_Match,
|
TCPMSS_MATCH => \&Tcpmss_Match,
|
||||||
@ -2820,6 +2827,7 @@ sub determine_capabilities() {
|
|||||||
|
|
||||||
$capabilities{MANGLE_FORWARD} = detect_capability( 'MANGLE_FORWARD' );
|
$capabilities{MANGLE_FORWARD} = detect_capability( 'MANGLE_FORWARD' );
|
||||||
$capabilities{RAW_TABLE} = detect_capability( 'RAW_TABLE' );
|
$capabilities{RAW_TABLE} = detect_capability( 'RAW_TABLE' );
|
||||||
|
$capabilities{RAWPOST_TABLE} = detect_capability( 'RAWPOST_TABLE' );
|
||||||
$capabilities{IPSET_MATCH} = detect_capability( 'IPSET_MATCH' );
|
$capabilities{IPSET_MATCH} = detect_capability( 'IPSET_MATCH' );
|
||||||
$capabilities{USEPKTTYPE} = detect_capability( 'USEPKTTYPE' );
|
$capabilities{USEPKTTYPE} = detect_capability( 'USEPKTTYPE' );
|
||||||
$capabilities{ADDRTYPE} = detect_capability( 'ADDRTYPE' );
|
$capabilities{ADDRTYPE} = detect_capability( 'ADDRTYPE' );
|
||||||
|
|||||||
@ -1690,6 +1690,7 @@ determine_capabilities() {
|
|||||||
CONNMARK_MATCH=
|
CONNMARK_MATCH=
|
||||||
XCONNMARK_MATCH=
|
XCONNMARK_MATCH=
|
||||||
RAW_TABLE=
|
RAW_TABLE=
|
||||||
|
RAWPOST_TABLE=
|
||||||
IPP2P_MATCH=
|
IPP2P_MATCH=
|
||||||
OLD_IPP2P_MATCH=
|
OLD_IPP2P_MATCH=
|
||||||
LENGTH_MATCH=
|
LENGTH_MATCH=
|
||||||
@ -1826,7 +1827,8 @@ determine_capabilities() {
|
|||||||
qt $IPTABLES -t mangle -L FORWARD -n && MANGLE_FORWARD=Yes
|
qt $IPTABLES -t mangle -L FORWARD -n && MANGLE_FORWARD=Yes
|
||||||
fi
|
fi
|
||||||
|
|
||||||
qt $IPTABLES -t raw -L -n && RAW_TABLE=Yes
|
qt $IPTABLES -t raw -L -n && RAW_TABLE=Yes
|
||||||
|
qt $IPTABLES -t rawpost -L -n && RAWPOST_TABLE=Yes
|
||||||
|
|
||||||
if qt mywhich ipset; then
|
if qt mywhich ipset; then
|
||||||
qt ipset -X $chain # Just in case something went wrong the last time
|
qt ipset -X $chain # Just in case something went wrong the last time
|
||||||
@ -1934,6 +1936,7 @@ report_capabilities() {
|
|||||||
report_capability "Connmark Match" $CONNMARK_MATCH
|
report_capability "Connmark Match" $CONNMARK_MATCH
|
||||||
[ -n "$CONNMARK_MATCH" ] && report_capability "Extended Connmark Match" $XCONNMARK_MATCH
|
[ -n "$CONNMARK_MATCH" ] && report_capability "Extended Connmark Match" $XCONNMARK_MATCH
|
||||||
report_capability "Raw Table" $RAW_TABLE
|
report_capability "Raw Table" $RAW_TABLE
|
||||||
|
report_capability "Rawpost Table" $RAWPOST_TABLE
|
||||||
report_capability "IPP2P Match" $IPP2P_MATCH
|
report_capability "IPP2P Match" $IPP2P_MATCH
|
||||||
[ -n "$OLD_IPP2P_MATCH" ] && report_capability "Old IPP2P Match Syntax" $OLD_IPP2P_MATCH
|
[ -n "$OLD_IPP2P_MATCH" ] && report_capability "Old IPP2P Match Syntax" $OLD_IPP2P_MATCH
|
||||||
report_capability "CLASSIFY Target" $CLASSIFY_TARGET
|
report_capability "CLASSIFY Target" $CLASSIFY_TARGET
|
||||||
@ -2004,6 +2007,7 @@ report_capabilities1() {
|
|||||||
report_capability1 CONNMARK_MATCH
|
report_capability1 CONNMARK_MATCH
|
||||||
report_capability1 XCONNMARK_MATCH
|
report_capability1 XCONNMARK_MATCH
|
||||||
report_capability1 RAW_TABLE
|
report_capability1 RAW_TABLE
|
||||||
|
report_capability1 RAWPOST_TABLE
|
||||||
report_capability1 IPP2P_MATCH
|
report_capability1 IPP2P_MATCH
|
||||||
report_capability1 OLD_IPP2P_MATCH
|
report_capability1 OLD_IPP2P_MATCH
|
||||||
report_capability1 CLASSIFY_TARGET
|
report_capability1 CLASSIFY_TARGET
|
||||||
|
|||||||
@ -1519,6 +1519,7 @@ determine_capabilities() {
|
|||||||
CONNMARK_MATCH=
|
CONNMARK_MATCH=
|
||||||
XCONNMARK_MATCH=
|
XCONNMARK_MATCH=
|
||||||
RAW_TABLE=
|
RAW_TABLE=
|
||||||
|
RAWPOST_TABLE=
|
||||||
IPP2P_MATCH=
|
IPP2P_MATCH=
|
||||||
OLD_IPP2P_MATCH=
|
OLD_IPP2P_MATCH=
|
||||||
LENGTH_MATCH=
|
LENGTH_MATCH=
|
||||||
@ -1664,6 +1665,7 @@ determine_capabilities() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
qt $IP6TABLES -t raw -L -n && RAW_TABLE=Yes
|
qt $IP6TABLES -t raw -L -n && RAW_TABLE=Yes
|
||||||
|
qt $IP6TABLES -t rawpost -L -n && RAWPOST_TABLE=Yes
|
||||||
|
|
||||||
if qt mywhich ipset; then
|
if qt mywhich ipset; then
|
||||||
qt ipset -X $chain # Just in case something went wrong the last time
|
qt ipset -X $chain # Just in case something went wrong the last time
|
||||||
@ -1764,6 +1766,7 @@ report_capabilities() {
|
|||||||
report_capability "Connmark Match" $CONNMARK_MATCH
|
report_capability "Connmark Match" $CONNMARK_MATCH
|
||||||
[ -n "$CONNMARK_MATCH" ] && report_capability "Extended Connmark Match" $XCONNMARK_MATCH
|
[ -n "$CONNMARK_MATCH" ] && report_capability "Extended Connmark Match" $XCONNMARK_MATCH
|
||||||
report_capability "Raw Table" $RAW_TABLE
|
report_capability "Raw Table" $RAW_TABLE
|
||||||
|
report_capability "Rawpost Table" $RAWPOST_TABLE
|
||||||
report_capability "IPP2P Match" $IPP2P_MATCH
|
report_capability "IPP2P Match" $IPP2P_MATCH
|
||||||
[ -n "$OLD_IPP2P_MATCH" ] && report_capability "Old IPP2P Match Syntax" $OLD_IPP2P_MATCH
|
[ -n "$OLD_IPP2P_MATCH" ] && report_capability "Old IPP2P Match Syntax" $OLD_IPP2P_MATCH
|
||||||
report_capability "CLASSIFY Target" $CLASSIFY_TARGET
|
report_capability "CLASSIFY Target" $CLASSIFY_TARGET
|
||||||
@ -1831,6 +1834,7 @@ report_capabilities1() {
|
|||||||
report_capability1 CONNMARK_MATCH
|
report_capability1 CONNMARK_MATCH
|
||||||
report_capability1 XCONNMARK_MATCH
|
report_capability1 XCONNMARK_MATCH
|
||||||
report_capability1 RAW_TABLE
|
report_capability1 RAW_TABLE
|
||||||
|
report_capability1 RAWPOST_TABLE
|
||||||
report_capability1 IPP2P_MATCH
|
report_capability1 IPP2P_MATCH
|
||||||
report_capability1 OLD_IPP2P_MATCH
|
report_capability1 OLD_IPP2P_MATCH
|
||||||
report_capability1 CLASSIFY_TARGET
|
report_capability1 CLASSIFY_TARGET
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user