diff options
| author | An-Cheng Huang <ancheng@vyatta.com> | 2008-05-13 17:29:41 -0700 |
|---|---|---|
| committer | An-Cheng Huang <ancheng@vyatta.com> | 2008-05-13 17:29:41 -0700 |
| commit | 184b1af2794b5187f33bc6ce14d2d28f84a827a6 (patch) | |
| tree | 1c74dda7d8e79b16f1c980a5e85b91b7cf91784d | |
| parent | 648b2b2ac928461c8a83a43e0f455edb96552ddd (diff) | |
| download | vyatta-cfg-firewall-184b1af2794b5187f33bc6ce14d2d28f84a827a6.tar.gz vyatta-cfg-firewall-184b1af2794b5187f33bc6ce14d2d28f84a827a6.zip | |
add "inspect" action (maps to QUEUE) so "custom" traffic-filter for IPS
can be defined in "firewall".
| -rw-r--r-- | scripts/firewall/VyattaIpTablesRule.pm | 2 | ||||
| -rw-r--r-- | templates/firewall/name/node.tag/rule/node.tag/action/node.def | 3 |
2 files changed, 4 insertions, 1 deletions
diff --git a/scripts/firewall/VyattaIpTablesRule.pm b/scripts/firewall/VyattaIpTablesRule.pm index 04c82f0..63c4ddd 100644 --- a/scripts/firewall/VyattaIpTablesRule.pm +++ b/scripts/firewall/VyattaIpTablesRule.pm @@ -243,6 +243,8 @@ sub rule { $rule .= "-j RETURN "; } elsif ("$self->{_action}" eq "reject") { $rule .= "-j REJECT "; + } elsif ("$self->{_action}" eq 'inspect') { + $rule .= "-j QUEUE "; } elsif ("$self->{_action}" eq 'modify') { # mangle actions my $count = 0; diff --git a/templates/firewall/name/node.tag/rule/node.tag/action/node.def b/templates/firewall/name/node.tag/rule/node.tag/action/node.def index 6de6660..7bb7278 100644 --- a/templates/firewall/name/node.tag/rule/node.tag/action/node.def +++ b/templates/firewall/name/node.tag/rule/node.tag/action/node.def @@ -1,3 +1,4 @@ type: txt help: Set firewall rule action -syntax:expression: $VAR(@) in "drop", "reject", "accept"; "action must be one of drop, reject, or accept" +syntax:expression: $VAR(@) in "drop", "reject", "accept", "inspect"; + "action must be one of drop, reject, accept, or inspect" |