conntrack-tools i.e. conntrack and conntrackd (mirror of https://github.com/vyos/conntrack-tools.git) https://git.amelek.net/vyos/conntrack-tools.git/atom?h=daisy 2012-06-07T15:39:38+00:00 2012-06-07T15:39:38+00:00 Jozsef Kadlecsik kadlec@blackhole.kfki.hu 2012-05-15T12:43:20+00:00 urn:sha1:bd417501343532713120c114eda951bd4581a46d Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-06-07T15:36:56+00:00 Jozsef Kadlecsik kadlec@blackhole.kfki.hu 2012-05-15T12:31:35+00:00 urn:sha1:265c4f8e4e47daa146446f48d2eb15ece627b658 How to use this helper in a few steps: 1) You can enable this helper via: nfct helper add rpc inet tcp nfct helper add rpc inet udp 2) Configure /etc/conntrackd/conntrackd.conf and launch it. 3) You can test this helper locally with the following rule-set: iptables -A OUTPUT -t raw -p udp -m udp --dport 111 -j CT --helper rpc iptables -A OUTPUT -t raw -p tcp -m tcp --dport 111 -j CT --helper rpc iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 111 -j ACCEPT iptables -A OUTPUT -p udp -m state --state NEW,ESTABLISHED -m udp --dport 111 -j ACCEPT iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -P OUTPUT DROP 4) Configure NFS and export some local directory. Then, mount it with version 3. mount.nfs -onfsvers=3 127.0.0.1:/srv/cvs /mnt/ You should see permanent expectations created for this. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> 2012-06-07T15:33:22+00:00 Pablo Neira Ayuso pablo@netfilter.org 2012-05-14T23:51:29+00:00 urn:sha1:a6cf1454b9a435d489ebdc0692058a3c27a59e30 This patch adds the user-space helper infrastructure. It also contains the implementation of the FTP helper in user-space. There's one example file that you can use to configure conntrackd as user-space connection tracking helper under: doc/helper/conntrackd.conf Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>