Add 'IU' state in secmarks

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 08:10:53 -08:00 · 2012-11-25 08:10:53 -08:00 · dbfc805707
commit dbfc805707
parent 748d532175
3 changed files with 12 additions and 4 deletions
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@ -2222,6 +2222,7 @@ sub process_secmark_rule() {
    my %state = ( N   => 'NEW' ,
 		  I   => 'INVALID',
 		  U   => 'UNTRACKED',
+		  IU  => 'INVALID,UNTRACKED',
 		  NI  => 'NEW,INVALID',
 		  NU  => 'NEW,UNTRACKED',
 		  NIU => 'NEW,INVALID,UNTRACKED',
--- a/Shorewall/manpages/shorewall-secmarks.xml
+++ b/Shorewall/manpages/shorewall-secmarks.xml
@ -92,7 +92,7 @@

      <varlistentry>
        <term><emphasis role="bold">CHAIN:STATE (chain) -
-        {P|I|F|O|T}[:{N|I|U|NI|NU|NIU|NUI:E|ER}]</emphasis></term>
+        {P|I|F|O|T}[:{N|I|U|IU|NI|NU|NIU|NUI:E|ER}]</emphasis></term>

        <listitem>
          <para>This column determines the CHAIN where the SElinux context is
@ -132,6 +132,8 @@
          <simplelist>
            <member>:U - UNTRACKED connection</member>

+            <member>:IU - INVALID or UNTRACKED connection</member>
+
            <member>:NU - NEW or UNTRACKED connection</member>

            <member>:NIU - NEW, INVALID or UNTRACKED connection.</member>
--- a/Shorewall6/manpages/shorewall6-secmarks.xml
+++ b/Shorewall6/manpages/shorewall6-secmarks.xml
@ -91,10 +91,13 @@
      </varlistentry>

      <varlistentry>
-        <term><emphasis role="bold">CHAIN -
-        {P|I|F|O|T}[:{N|I|NI|E|ER}]</emphasis></term>
+        <term><emphasis role="bold">CHAIN:STATE (chain) -
+        {P|I|F|O|T}[:{N|I|U|IU|NI|NU|NIU|NUI:E|ER}]</emphasis></term>

        <listitem>
+          <para>This column determines the CHAIN where the SElinux context is
+          to be applied:</para>
+
          <simplelist>
            <member>P - PREROUTING</member>

@ -116,7 +119,7 @@

            <member>:I - INVALID connection</member>

-            <member>:NI - New or INVALID connection</member>
+            <member>:NI - NEW or INVALID connection</member>

            <member>:E - ESTABLISHED connection</member>

@ -129,6 +132,8 @@
          <simplelist>
            <member>:U - UNTRACKED connection</member>

+            <member>:IU - INVALID or UNTRACKED connection</member>
+
            <member>:NU - NEW or UNTRACKED connection</member>

            <member>:NIU - NEW, INVALID or UNTRACKED connection.</member>