create CT_HELPER chain in PREROUTING and OUTPUT

author: Gaurav Sinha <gaurav.sinha@vyatta.com> 2012-04-16 15:49:58 -0700
committer: Gaurav Sinha <gaurav.sinha@vyatta.com> 2012-04-16 15:49:58 -0700
commit: babf4c5164565f4477c293d3d7a419e043ba75e3 (patch)
tree: d7fa0cbfc7b64c51967798befb1f999ce3ddabe4 /scripts
parent: ca1b8b565f86245cf413fb14a3e4a4e5a1a3a1de (diff)
download: vyatta-cfg-firewall-babf4c5164565f4477c293d3d7a419e043ba75e3.tar.gz
vyatta-cfg-firewall-babf4c5164565f4477c293d3d7a419e043ba75e3.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/scripts/firewall/firewall.init.in b/scripts/firewall/firewall.init.in
index 49991d8..3052238 100644
--- a/scripts/firewall/firewall.init.in
+++ b/scripts/firewall/firewall.init.in
@@ -52,7 +52,14 @@ start () {
     # conection tracking timeout chain
     iptables -t raw -N VYATTA_CT_TIMEOUT 
     iptables -t raw -A VYATTA_CT_TIMEOUT -j RETURN
-
+   
+    # user space helpers chain, enables helpers using iptables --helper. 
+    # FTP, sip and h323 to use this chain later on.
+    iptables -t raw -N VYATTA_CT_HELPER
+    iptables -t raw -A VYATTA_CT_HELPER -j RETURN
+
+    iptables -t raw -A PREROUTING -j VYATTA_CT_HELPER
+    iptables -t raw -A OUTPUT -j VYATTA_CT_HELPER
     # setup vrrp backup transition chain
     # we need to filter traffic to the vrrp mac addresses
     # on the vrrp backup router before we do anything else.
author	Gaurav Sinha <gaurav.sinha@vyatta.com>	2012-04-16 15:49:58 -0700
committer	Gaurav Sinha <gaurav.sinha@vyatta.com>	2012-04-16 15:49:58 -0700
commit	babf4c5164565f4477c293d3d7a419e043ba75e3 (patch)
tree	d7fa0cbfc7b64c51967798befb1f999ce3ddabe4 /scripts
parent	ca1b8b565f86245cf413fb14a3e4a4e5a1a3a1de (diff)
download	vyatta-cfg-firewall-babf4c5164565f4477c293d3d7a419e043ba75e3.tar.gz vyatta-cfg-firewall-babf4c5164565f4477c293d3d7a419e043ba75e3.zip