forked from extern/shorewall_code
Finish HAProxy support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
4c33c2b957
commit
ad2f20b824
@ -454,27 +454,6 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
HADIVERT => {
|
|
||||||
defaultchain => REALPREROUTING,
|
|
||||||
allowedchains => PREROUTING | REALPREROUTING,
|
|
||||||
minparams => 0,
|
|
||||||
maxparams => 0,
|
|
||||||
function => sub () {
|
|
||||||
fatal_error 'DIVERT is only allowed in the PREROUTING chain' if $designator && $designator != PREROUTING;
|
|
||||||
my $mark = in_hex( $globals{TPROXY_MARK} ) . '/' . in_hex( $globals{TPROXY_MARK} );
|
|
||||||
|
|
||||||
unless ( $divertref ) {
|
|
||||||
$divertref = new_chain( 'mangle', 'divert' );
|
|
||||||
add_ijump( $divertref , j => 'MARK', targetopts => "--set-mark $mark" );
|
|
||||||
add_ijump( $divertref , j => 'ACCEPT' );
|
|
||||||
}
|
|
||||||
|
|
||||||
$target = 'divert';
|
|
||||||
|
|
||||||
$matches = '-m socket ';
|
|
||||||
},
|
|
||||||
},
|
|
||||||
|
|
||||||
DROP => {
|
DROP => {
|
||||||
defaultchain => 0,
|
defaultchain => 0,
|
||||||
allowedchains => PREROUTING | FORWARD | OUTPUT | POSTROUTING,
|
allowedchains => PREROUTING | FORWARD | OUTPUT | POSTROUTING,
|
||||||
@ -499,6 +478,27 @@ sub process_mangle_rule1( $$$$$$$$$$$$$$$$$ ) {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
HADIVERT => {
|
||||||
|
defaultchain => REALPREROUTING,
|
||||||
|
allowedchains => PREROUTING | REALPREROUTING,
|
||||||
|
minparams => 0,
|
||||||
|
maxparams => 0,
|
||||||
|
function => sub () {
|
||||||
|
fatal_error 'HADIVERT is only allowed in the PREROUTING chain' if $designator && $designator != PREROUTING;
|
||||||
|
my $mark = in_hex( $globals{TPROXY_MARK} ) . '/' . in_hex( $globals{TPROXY_MARK} );
|
||||||
|
|
||||||
|
unless ( $divertref ) {
|
||||||
|
$divertref = new_chain( 'mangle', 'divert' );
|
||||||
|
add_ijump( $divertref , j => 'MARK', targetopts => "--set-mark $mark" );
|
||||||
|
add_ijump( $divertref , j => 'ACCEPT' );
|
||||||
|
}
|
||||||
|
|
||||||
|
$target = 'divert';
|
||||||
|
|
||||||
|
$matches = '-m socket ';
|
||||||
|
},
|
||||||
|
},
|
||||||
|
|
||||||
HL => {
|
HL => {
|
||||||
defaultchain => FORWARD,
|
defaultchain => FORWARD,
|
||||||
allowedchains => PREROUTING | FORWARD,
|
allowedchains => PREROUTING | FORWARD,
|
||||||
|
@ -319,6 +319,26 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><emphasis role="bold">HADIVERT</emphasis></term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Added in Shorewall 5.0.4. To setup the HAProxy
|
||||||
|
configuration described at <ulink
|
||||||
|
url="http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x">http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x</ulink>,
|
||||||
|
place this entry in <ulink
|
||||||
|
url="manpages/shorewall-providers.html">shorewall-providers(5)</ulink>:</para>
|
||||||
|
|
||||||
|
<programlisting>#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
|
||||||
|
TProxy 3 - lo - tproxy </programlisting>
|
||||||
|
|
||||||
|
<para>and use this HADIVERT entry:</para>
|
||||||
|
|
||||||
|
<programlisting>#ACTION SOURCE DEST PROTO DPORT SPORT USER TEST LENGTH TOS CONNBYTES HELPER PROBABILITY DSCP
|
||||||
|
HADIVERT - - tcp</programlisting>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis
|
<term><emphasis
|
||||||
role="bold">IMQ</emphasis>(<replaceable>number</replaceable>)</term>
|
role="bold">IMQ</emphasis>(<replaceable>number</replaceable>)</term>
|
||||||
|
@ -320,6 +320,26 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term><emphasis role="bold">HADIVERT</emphasis></term>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>Added in Shorewall 5.0.4. To setup the HAProxy
|
||||||
|
configuration described at <ulink
|
||||||
|
url="http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x">http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x</ulink>,
|
||||||
|
place this entry in <ulink
|
||||||
|
url="manpages6/shorewall6-providers.html">shorewall6-providers(5)</ulink>:</para>
|
||||||
|
|
||||||
|
<programlisting>#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY
|
||||||
|
TProxy 1 - - lo - tproxy </programlisting>
|
||||||
|
|
||||||
|
<para>and use this HADIVERT entry:</para>
|
||||||
|
|
||||||
|
<programlisting>#ACTION SOURCE DEST PROTO DPORT SPORT USER TEST LENGTH TOS CONNBYTES HELPER PROBABILITY DSCP
|
||||||
|
HADIVERT - - tcp</programlisting>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><emphasis role="bold">HL</emphasis>([<emphasis
|
<term><emphasis role="bold">HL</emphasis>([<emphasis
|
||||||
role="bold">-</emphasis>|<emphasis
|
role="bold">-</emphasis>|<emphasis
|
||||||
|
Loading…
Reference in New Issue
Block a user