forked from extern/shorewall_code
NFLOG_SIZE capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep
parent
4122021344
commit
b4a06e9656
@ -25,7 +25,7 @@
|
||||
# loaded after this one and replaces some of the functions declared here.
|
||||
#
|
||||
|
||||
SHOREWALL_CAPVERSION=50100
|
||||
SHOREWALL_CAPVERSION=50105
|
||||
|
||||
if [ -z "$g_basedir" ]; then
|
||||
#
|
||||
@ -2803,6 +2803,7 @@ determine_capabilities() {
|
||||
WAIT_OPTION=
|
||||
CPU_FANOUT=
|
||||
NETMAP_TARGET=
|
||||
NFLOG_SIZE=
|
||||
|
||||
AMANDA_HELPER=
|
||||
FTP_HELPER=
|
||||
@ -3136,10 +3137,13 @@ determine_capabilities() {
|
||||
qt $g_tool -A $chain -j LOGMARK && LOGMARK_TARGET=Yes
|
||||
qt $g_tool -A $chain -j LOG || LOG_TARGET=
|
||||
qt $g_tool -A $chain -j ULOG && ULOG_TARGET=Yes
|
||||
qt $g_tool -A $chain -j NFLOG && NFLOG_TARGET=Yes
|
||||
qt $g_tool -A $chain -j MARK --set-mark 5 && MARK_ANYWHERE=Yes
|
||||
qt $g_tool -A $chain -m statistic --mode nth --every 2 --packet 1 && STATISTIC_MATCH=Yes
|
||||
qt $g_tool -A $chain -m geoip --src-cc US && GEOIP_MATCH=Yes
|
||||
if qt $g_tool -A $chain -j NFLOG; then
|
||||
NFLOG_TARGET=Yes
|
||||
qt $g_tool -A $chain -j NFLOG --nflog-size 64 && NFLOG_SIZE=Yes
|
||||
fi
|
||||
|
||||
if [ $g_family -eq 4 ]; then
|
||||
qt $g_tool -A $chain -j ACCOUNT --addr 192.168.1.0/29 --tname $chain && ACCOUNT_TARGET=Yes
|
||||
@ -3305,6 +3309,7 @@ report_capabilities_unsorted() {
|
||||
report_capability "CT Target (CT_TARGET)" $CT_TARGET
|
||||
report_capability "NFQUEUE CPU Fanout (CPU_FANOUT)" $CPU_FANOUT
|
||||
report_capability "NETMAP Target (NETMAP_TARGET)" $NETMAP_TARGET
|
||||
report_capability "--nflog-size support (NFLOG_SIZE)" $NFLOG_SIZE
|
||||
|
||||
echo " Kernel Version (KERNELVERSION): $KERNELVERSION"
|
||||
echo " Capabilities Version (CAPVERSION): $CAPVERSION"
|
||||
@ -3411,6 +3416,7 @@ report_capabilities_unsorted1() {
|
||||
report_capability1 WAIT_OPTION
|
||||
report_capability1 CPU_FANOUT
|
||||
report_capability1 NETMAP_TARGET
|
||||
report_capability1 NFLOG_SIZE
|
||||
|
||||
report_capability1 AMANDA_HELPER
|
||||
report_capability1 FTP_HELPER
|
||||
|
||||
@ -413,6 +413,7 @@ our %capdesc = ( NAT_ENABLED => 'NAT',
|
||||
WAIT_OPTION => 'iptables --wait option',
|
||||
CPU_FANOUT => 'NFQUEUE CPU Fanout',
|
||||
NETMAP_TARGET => 'NETMAP Target',
|
||||
NFLOG_SIZE => '--nflog-size support',
|
||||
|
||||
AMANDA_HELPER => 'Amanda Helper',
|
||||
FTP_HELPER => 'FTP Helper',
|
||||
@ -751,7 +752,7 @@ sub initialize( $;$$) {
|
||||
EXPORT => 0,
|
||||
KLUDGEFREE => '',
|
||||
VERSION => "5.1.5-RC1",
|
||||
CAPVERSION => 50100 ,
|
||||
CAPVERSION => 50105 ,
|
||||
BLACKLIST_LOG_TAG => '',
|
||||
RELATED_LOG_TAG => '',
|
||||
MACLIST_LOG_TAG => '',
|
||||
@ -1043,6 +1044,7 @@ sub initialize( $;$$) {
|
||||
WAIT_OPTION => undef,
|
||||
CPU_FANOUT => undef,
|
||||
NETMAP_TARGET => undef,
|
||||
NFLOG_SIZE => undef,
|
||||
|
||||
AMANDA_HELPER => undef,
|
||||
FTP_HELPER => undef,
|
||||
@ -4818,6 +4820,10 @@ sub NFLog_Target() {
|
||||
qt1( "$iptables $iptablesw -A $sillyname -j NFLOG" );
|
||||
}
|
||||
|
||||
sub NFLog_Size() {
|
||||
have_capability( 'NFLOG_TARGET' ) && qt1( "$iptables $iptablesw -A $sillyname -j NFLOG --nflog-size 64" );
|
||||
}
|
||||
|
||||
sub Logmark_Target() {
|
||||
qt1( "$iptables $iptablesw -A $sillyname -j LOGMARK" );
|
||||
}
|
||||
@ -4993,6 +4999,7 @@ our %detect_capability =
|
||||
LOG_TARGET => \&Log_Target,
|
||||
ULOG_TARGET => \&Ulog_Target,
|
||||
NFLOG_TARGET => \&NFLog_Target,
|
||||
NFLOG_SIZE => \&NFLog_Size,
|
||||
MANGLE_ENABLED => \&Mangle_Enabled,
|
||||
MANGLE_FORWARD => \&Mangle_Forward,
|
||||
MARK => \&Mark,
|
||||
@ -5186,6 +5193,7 @@ sub determine_capabilities() {
|
||||
$capabilities{TCPMSS_TARGET} = detect_capability( 'TCPMSS_TARGET' );
|
||||
$capabilities{CPU_FANOUT} = detect_capability( 'CPU_FANOUT' );
|
||||
$capabilities{NETMAP_TARGET} = detect_capability( 'NETMAP_TARGET' );
|
||||
$capabilities{NFLOG_SIZE} = detect_capability( 'NFLOG_SIZE' );
|
||||
|
||||
unless ( have_capability 'CT_TARGET' ) {
|
||||
$capabilities{HELPER_MATCH} = detect_capability 'HELPER_MATCH';
|
||||
@ -6039,6 +6047,12 @@ sub get_configuration( $$$$ ) {
|
||||
$have_capabilities = 1;
|
||||
}
|
||||
|
||||
if ( have_capability( 'NFLOG_SIZE' ) ) {
|
||||
@suffixes = qw(group size threshold nlgroup cprange qthreshold);
|
||||
} else {
|
||||
@suffixes = qw(group range threshold nlgroup cprange qthreshold);
|
||||
}
|
||||
|
||||
get_params( $export );
|
||||
|
||||
process_shorewall_conf( $update, $annotate );
|
||||
|
||||
Loading…
Reference in New Issue
Block a user