diff options
| author | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-06-06 21:46:05 -0700 |
|---|---|---|
| committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-06-06 21:46:05 -0700 |
| commit | 4da13393a7c42547d256a19f7663dd9f1f3e2771 (patch) | |
| tree | a26dcfce3f1ec08442da8c8c4eb4286302eaef53 /scripts | |
| parent | 875b72509d5396a67d803d24f25aad7ab811d256 (diff) | |
| download | vyatta-cfg-firewall-4da13393a7c42547d256a19f7663dd9f1f3e2771.tar.gz vyatta-cfg-firewall-4da13393a7c42547d256a19f7663dd9f1f3e2771.zip | |
create nfct helper policies and prepare VYATTA_CT_HELPER chain
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/firewall/firewall.init.in | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in index d7364fe..eef108a 100644 --- a/scripts/firewall/firewall.init.in +++ b/scripts/firewall/firewall.init.in @@ -48,7 +48,6 @@ start () { for mod in ${modules[@]} ; do modprobe --syslog $mod done - # conection tracking timeout chain iptables -t raw -N VYATTA_CT_TIMEOUT iptables -t raw -A VYATTA_CT_TIMEOUT -j RETURN @@ -56,6 +55,13 @@ start () { # user space helpers chain, enables helpers using iptables --helper. # FTP, sip and h323 to use this chain later on. iptables -t raw -N VYATTA_CT_HELPER + /usr/sbin/nfct helper add rpc inet tcp + /usr/sbin/nfct helper add rpc inet udp + /usr/sbin/nfct helper add tns inet tcp + iptables -t raw -I VYATTA_CT_HELPER -p tcp --dport 111 -j CT --helper rpc + iptables -t raw -I VYATTA_CT_HELPER -p udp --dport 111 -j CT --helper rpc + iptables -t raw -I VYATTA_CT_HELPER -p tcp --dport 1521 -j CT --helper tns + iptables -t raw -I VYATTA_CT_HELPER -p tcp --dport 1525 -j CT --helper tns iptables -t raw -A VYATTA_CT_HELPER -j RETURN # setup vrrp backup transition chain |