holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add MINIUPNPD option

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2016-04-01 08:57:08 -07:00
parent 8a8f3b6f59
commit df1b1f6768
9 changed files with 53 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -8172,6 +8172,15 @@ else
rm -f \${VARDIR}/.dynamic rm -f \${VARDIR}/.dynamic
fi fi
EOF EOF
if ( $config{MINIUPNPD} ) {
emit << "EOF";
if chain_exists 'MINIUPNPD-POSTROUTING -t nat'; then
$tool -t nat -S MINIUPNPD-POSTROUTING | tail -n +2 > \${VARDIR}/.MINIUPNPD-POSTROUTING
else
rm -f \${VARDIR}/.MINIUPNPD-POSTROUTING
fi
EOF
}
} else { } else {
emit <<"EOF"; emit <<"EOF";
if chain_exists 'UPnP -t nat'; then if chain_exists 'UPnP -t nat'; then
@ -8192,6 +8201,15 @@ else
rm -f \${VARDIR}/.dynamic rm -f \${VARDIR}/.dynamic
fi fi
EOF EOF
if ( $config{MINIUPNPD} ) {
emit << "EOF";
if chain_exists 'MINIUPNPD-POSTROUTING -t nat'; then
$utility -t nat | grep '^-A MINIUPNPD-POSTROUTING' > \${VARDIR}/.MINIUPNPD-POSTROUTING
else
rm -f \${VARDIR}/.MINIUPNPD-POSTROUTING
fi
EOF
}
} }
pop_indent; pop_indent;

6
Shorewall/Perl/Shorewall/Config.pm
View File

@ -885,6 +885,7 @@ sub initialize( $;$$) {
RESTART => undef , RESTART => undef ,
DOCKER => undef , DOCKER => undef ,
PAGER => undef , PAGER => undef ,
MINIUPNPD => undef ,
# #
# Packet Disposition # Packet Disposition
# #
@ -5942,7 +5943,7 @@ sub get_configuration( $$$$ ) {
default_yes_no 'INLINE_MATCHES' , ''; default_yes_no 'INLINE_MATCHES' , '';
default_yes_no 'BASIC_FILTERS' , ''; default_yes_no 'BASIC_FILTERS' , '';
default_yes_no 'WORKAROUNDS' , 'Yes'; default_yes_no 'WORKAROUNDS' , 'Yes';
default_yes_no 'DOCKER' , ''; default_yes_no 'DOCKER' , '';
if ( $config{DOCKER} ) { if ( $config{DOCKER} ) {
fatal_error "DOCKER=Yes is not allowed in Shorewall6" if $family == F_IPV6; fatal_error "DOCKER=Yes is not allowed in Shorewall6" if $family == F_IPV6;
@ -6002,8 +6003,9 @@ sub get_configuration( $$$$ ) {
default_yes_no 'IGNOREUNKNOWNVARIABLES' , 'Yes'; default_yes_no 'IGNOREUNKNOWNVARIABLES' , 'Yes';
default_yes_no 'WARNOLDCAPVERSION' , 'Yes'; default_yes_no 'WARNOLDCAPVERSION' , 'Yes';
default_yes_no 'DEFER_DNS_RESOLUTION' , 'Yes'; default_yes_no 'DEFER_DNS_RESOLUTION' , 'Yes';
default_yes_no 'MINIUPNPD' , 'No';
$config{IPSET} = '' if supplied $config{IPSET} && $config{IPSET} eq 'ipset'; $config{IPSET} = '' if supplied $config{IPSET} && $config{IPSET} eq 'ipset';
require_capability 'MARK' , 'FORWARD_CLEAR_MARK=Yes', 's', if $config{FORWARD_CLEAR_MARK}; require_capability 'MARK' , 'FORWARD_CLEAR_MARK=Yes', 's', if $config{FORWARD_CLEAR_MARK};

10
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -1095,10 +1095,18 @@ sub add_common_rules ( $ ) {
add_commands( $chainref, '[ -s /${VARDIR}/.UPnP ] && cat ${VARDIR}/.UPnP >&3' ); add_commands( $chainref, '[ -s /${VARDIR}/.UPnP ] && cat ${VARDIR}/.UPnP >&3' );
my $chainref1;
if ( $config{MINIUPNPD} ) {
$chainref1 = set_optflags( new_nat_chain( 'MINIUPNPD-POSTROUTING' ), DONT_OPTIMIZE );
add_commands( $chainref, '[ -s /${VARDIR}/.MINIUPNPD-POSTROUTING ] && cat ${VARDIR}/.MINIUPNPD-POSTROUTING >&3' );
}
$announced = 1; $announced = 1;
for $interface ( @$list ) { for $interface ( @$list ) {
add_ijump_extended $nat_table->{PREROUTING} , j => 'UPnP', get_interface_origin($interface), imatch_source_dev ( $interface ); add_ijump_extended $nat_table->{PREROUTING} , j => 'UPnP', get_interface_origin($interface), imatch_source_dev ( $interface );
add_ijump_extended $nat_table->{POSTROUTING} , j => 'MINIUPNPD-POSTROUTING' , $origin{MINIUPNPD} , imatch_dest_dev ( $interface ) if $chainref1;
} }
} }

2
Shorewall/Samples/Universal/shorewall.conf
View File

@ -192,6 +192,8 @@ MANGLE_ENABLED=Yes
MAPOLDACTIONS=No MAPOLDACTIONS=No
MINIUPNPD=No
MARK_IN_FORWARD_CHAIN=No MARK_IN_FORWARD_CHAIN=No
MODULE_SUFFIX="ko ko.xz" MODULE_SUFFIX="ko ko.xz"

2
Shorewall/Samples/one-interface/shorewall.conf
View File

@ -203,6 +203,8 @@ MANGLE_ENABLED=Yes
MAPOLDACTIONS=No MAPOLDACTIONS=No
MINIUPNPD=No
MARK_IN_FORWARD_CHAIN=No MARK_IN_FORWARD_CHAIN=No
MODULE_SUFFIX="ko ko.xz" MODULE_SUFFIX="ko ko.xz"

2
Shorewall/Samples/three-interfaces/shorewall.conf
View File

@ -200,6 +200,8 @@ MANGLE_ENABLED=Yes
MAPOLDACTIONS=No MAPOLDACTIONS=No
MINIUPNPD=No
MARK_IN_FORWARD_CHAIN=No MARK_IN_FORWARD_CHAIN=No
MODULE_SUFFIX="ko ko.xz" MODULE_SUFFIX="ko ko.xz"

2
Shorewall/Samples/two-interfaces/shorewall.conf
View File

@ -203,6 +203,8 @@ MANGLE_ENABLED=Yes
MAPOLDACTIONS=No MAPOLDACTIONS=No
MINIUPNPD=No
MARK_IN_FORWARD_CHAIN=No MARK_IN_FORWARD_CHAIN=No
MODULE_SUFFIX="ko ko.xz" MODULE_SUFFIX="ko ko.xz"

2
Shorewall/configfiles/shorewall.conf
View File

@ -194,6 +194,8 @@ MAPOLDACTIONS=No
MARK_IN_FORWARD_CHAIN=No MARK_IN_FORWARD_CHAIN=No
MINIUPNPD=No
MODULE_SUFFIX=ko MODULE_SUFFIX=ko
MULTICAST=No MULTICAST=No

12
Shorewall/manpages/shorewall.conf.xml
View File

@ -1548,6 +1548,18 @@ LOG:info:,bar net fw</programlisting>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><emphasis role="bold">MINIUPNPD=</emphasis>[<emphasis
role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
<listitem>
<para>Added in Shorewall 5.0.8. If set to Yes, Shorewall will create
a chain in the nat table named MINIUPNPD-POSTROUTING and will add
jumps from POSTROUTING to that chain for each interface with the
<option>upnpd</option> option specified. Default is No.</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><emphasis <term><emphasis
role="bold">MARK_IN_FORWARD_CHAIN=</emphasis>[<emphasis role="bold">MARK_IN_FORWARD_CHAIN=</emphasis>[<emphasis