forked from extern/shorewall_code
Add DROP target to the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
parent
5265cd5bb7
commit
c6ffdd67e2
Shorewall
Shorewall6/manpages
@ -80,7 +80,7 @@ sub process_conntrack_rule( $$$$$$$$$ ) {
|
|||||||
# Netfilter development list
|
# Netfilter development list
|
||||||
#
|
#
|
||||||
$action = 'CT --notrack' if have_capability 'CT_TARGET';
|
$action = 'CT --notrack' if have_capability 'CT_TARGET';
|
||||||
} else {
|
} elsif ( $action ne 'DROP' ) {
|
||||||
( $target, my ( $option, $args, $junk ) ) = split ':', $action, 4;
|
( $target, my ( $option, $args, $junk ) ) = split ':', $action, 4;
|
||||||
|
|
||||||
fatal_error "Invalid notrack ACTION ( $action )" if $junk || $target ne 'CT';
|
fatal_error "Invalid notrack ACTION ( $action )" if $junk || $target ne 'CT';
|
||||||
|
@ -67,8 +67,8 @@
|
|||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>This column is only present when FORMAT = 2. Values other than
|
<para>This column is only present when FORMAT = 2. Values other than
|
||||||
NOTRACK require <firstterm>CT Target </firstterm>support in your
|
NOTRACK or DROP require <firstterm>CT Target </firstterm>support in
|
||||||
iptables and kernel.</para>
|
your iptables and kernel.</para>
|
||||||
|
|
||||||
<itemizedlist>
|
<itemizedlist>
|
||||||
<listitem>
|
<listitem>
|
||||||
@ -78,6 +78,13 @@
|
|||||||
<para>Disables connection tracking for this packet.</para>
|
<para>Disables connection tracking for this packet.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para><option>DROP</option></para>
|
||||||
|
|
||||||
|
<para>Added in Shorewall 4.5.10. Silently discard the
|
||||||
|
packet.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><option>helper</option>:<replaceable>name</replaceable></para>
|
<para><option>helper</option>:<replaceable>name</replaceable></para>
|
||||||
|
|
||||||
@ -143,6 +150,14 @@
|
|||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
|
||||||
|
<varlistentry>
|
||||||
|
<term/>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para/>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term>sane</term>
|
<term>sane</term>
|
||||||
|
|
||||||
|
@ -77,6 +77,13 @@
|
|||||||
<para>Disables connection tracking for this packet.</para>
|
<para>Disables connection tracking for this packet.</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
|
<listitem>
|
||||||
|
<para>DROP</para>
|
||||||
|
|
||||||
|
<para>Added in Shorewall 4.5.10. Silently discard the
|
||||||
|
packet.</para>
|
||||||
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><option>helper</option>:<replaceable>name</replaceable></para>
|
<para><option>helper</option>:<replaceable>name</replaceable></para>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user