diff options
| author | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-08-07 13:20:36 -0700 |
|---|---|---|
| committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-08-07 13:20:36 -0700 |
| commit | 2acba299599b9f39a17164018227f12978e030aa (patch) | |
| tree | b9d464a1a3b405f3d584d85efaa47adf94b81451 | |
| parent | 058c232c602003198ff8f01439c349985ddf0fe5 (diff) | |
| download | vyatta-conntrack-2acba299599b9f39a17164018227f12978e030aa.tar.gz vyatta-conntrack-2acba299599b9f39a17164018227f12978e030aa.zip | |
Fixed protocols allowed script, use same as NAT, fixed protocol parsing
| -rw-r--r-- | lib/Vyatta/Conntrack/RuleIgnore.pm | 1 | ||||
| -rw-r--r-- | templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def | 21 |
2 files changed, 21 insertions, 1 deletions
diff --git a/lib/Vyatta/Conntrack/RuleIgnore.pm b/lib/Vyatta/Conntrack/RuleIgnore.pm index fcb1c6b..9b9abe1 100644 --- a/lib/Vyatta/Conntrack/RuleIgnore.pm +++ b/lib/Vyatta/Conntrack/RuleIgnore.pm @@ -67,6 +67,7 @@ sub setup_base { $self->{_comment} = $level; $self->{_rule_number} = $config->returnParent(".."); $self->{_interface} = $config->$val_func("inbound-interface"); + $self->{_protocol} = $config->$val_func("protocol"); $src->$addr_setup("$level source"); $src->{_protocol} = $self->{_protocol};#needed to use address filter diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def index ccad73d..59f23a3 100644 --- a/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def +++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def @@ -1,2 +1,21 @@ +type: txt help: protocol to ignore connection tracking for -type:txt + +val_help: txt ; IP protocol name from /etc/protocols (e.g. "tcp" or "udp") +val_help: u32:0-255 ; IP protocol number +val_help: tcp_udp ; Both TCP and UDP +val_help: all ; All IP protocols +val_help: !<protocol> ; All IP protocols except for the specified name or number (negation) + +syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'`\" ] \ + && [ \"$VAR(@)\" != 'tcp_udp' ]; then \ + echo invalid protocol \"$VAR(@)\" ; \ + exit 1 ; \ + fi ; " + +# Provide some help for command completion. Doesn't return negated +# values or protocol numbers +allowed: + protos=`cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }' | grep -v 'v6'` + protos="all $protos tcp_udp" + echo -n $protos |