diff options
| author | Christian Poessinger <christian@poessinger.com> | 2021-05-31 23:03:37 +0200 |
|---|---|---|
| committer | Christian Poessinger <christian@poessinger.com> | 2021-05-31 23:03:37 +0200 |
| commit | 81fecf2c8d14ef3a66d5d68b379fb22601cb10af (patch) | |
| tree | 079f2f765660b9706471223da5c33b4486e44e0f | |
| parent | ff8c4aacff4e26b6cea43beeec184412369c5085 (diff) | |
| download | vyatta-conntrack-81fecf2c8d14ef3a66d5d68b379fb22601cb10af.tar.gz vyatta-conntrack-81fecf2c8d14ef3a66d5d68b379fb22601cb10af.zip | |
T3579: migrate application layer gateway options to vyos-1x
20 files changed, 0 insertions, 220 deletions
diff --git a/Makefile.am b/Makefile.am index 4753434..d35ad8e 100644 --- a/Makefile.am +++ b/Makefile.am @@ -23,7 +23,6 @@ bin_sudo_usersdir = $(bindir)/sudo-users bin_sudo_users_SCRIPTS = scripts/vyatta-show-conntrack.pl bin_sudo_users_SCRIPTS += scripts/vyatta-delete-conntrack.pl bin_sudo_users_SCRIPTS += scripts/vyatta-conntrack-timeouts.pl -bin_sudo_users_SCRIPTS += scripts/vyatta-cthelper.pl bin_sudo_users_SCRIPTS += scripts/vyatta-conntrack-ignore.pl bin_sudo_users_SCRIPTS += scripts/vyatta-show-ignore.pl diff --git a/scripts/vyatta-cthelper.pl b/scripts/vyatta-cthelper.pl deleted file mode 100644 index 8063586..0000000 --- a/scripts/vyatta-cthelper.pl +++ /dev/null @@ -1,78 +0,0 @@ -#!/usr/bin/perl - -use lib "/opt/vyatta/share/perl5"; -use warnings; -use strict; - -use Vyatta::Config; -use Vyatta::Conntrack::ConntrackUtil; -use Vyatta::IpTables::Mgr; -use Getopt::Long; -use Sys::Syslog qw(:standard :macros); - -#for future -my %cmd_hash = ( - 'ipv4' => 'iptables', - 'ipv6' => 'ip6tables' -); - -my $nfct = "sudo /usr/sbin/nfct"; -my ($enable_sqlnet, $disable_sqlnet, $enable_nfs, $disable_nfs); -my $CTERROR = "Conntrack error:"; - -GetOptions( - 'enable_sqlnet=s' => \$enable_sqlnet, - 'disable_sqlnet=s' => \$disable_sqlnet, - 'disable_nfs=s' => \$disable_nfs, - 'enable_nfs=s' => \$enable_nfs, -); - -# subroutine to add helper rule to VYATTA_CT_HELPER chain. -sub add_helper_to_chain { - my ($module) = @_; - my $iptables_cmd = $cmd_hash{'ipv4'}; - if ($module eq 'sqlnet') { - run_cmd("$iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper tns"); - run_cmd("$iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper tns"); - run_cmd("$iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1536 -j CT --helper tns"); - } elsif ($module eq 'nfs') { - run_cmd(" $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 111 -j CT --helper rpc"); - run_cmd(" $iptables_cmd -I VYATTA_CT_HELPER -t raw -p udp --dport 111 -j CT --helper rpc"); - } -} - -# subroutine to delete helper rule from VYATTA_CT_HELPER chain. -sub delete_helper_from_chain { - my ($module) = @_; - my $iptables_cmd = $cmd_hash{'ipv4'}; - if ($module eq 'sqlnet') { - run_cmd("$iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper tns"); - run_cmd("$iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper tns"); - run_cmd("$iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1536 -j CT --helper tns"); - } elsif ($module eq 'nfs') { - run_cmd("$iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 111 -j CT --helper rpc"); - run_cmd("$iptables_cmd -D VYATTA_CT_HELPER -t raw -p udp --dport 111 -j CT --helper rpc"); - } -} - -# should disable the required helper module -sub disable_helper_module { - my ($module) = @_; - delete_helper_from_chain($module); -} - -# should enable the required helper module -sub enable_helper_module { - my ($module) = @_; - add_helper_to_chain($module); -} - -if (defined $enable_sqlnet){ - enable_helper_module("sqlnet"); -} elsif (defined $disable_sqlnet) { - disable_helper_module("sqlnet"); -} elsif (defined $enable_nfs) { - enable_helper_module("nfs"); -} elsif (defined $disable_nfs) { - disable_helper_module("nfs"); -} diff --git a/templates-cfg/system/conntrack/modules/ftp/disable/node.def b/templates-cfg/system/conntrack/modules/ftp/disable/node.def deleted file mode 100644 index 0b2b53e..0000000 --- a/templates-cfg/system/conntrack/modules/ftp/disable/node.def +++ /dev/null @@ -1,7 +0,0 @@ -help: Disable FTP connection tracking - -create: sudo rmmod nf_nat_ftp - sudo rmmod nf_conntrack_ftp - -delete: sudo modprobe nf_conntrack_ftp - sudo modprobe nf_nat_ftp diff --git a/templates-cfg/system/conntrack/modules/ftp/node.def b/templates-cfg/system/conntrack/modules/ftp/node.def deleted file mode 100644 index 52859ac..0000000 --- a/templates-cfg/system/conntrack/modules/ftp/node.def +++ /dev/null @@ -1 +0,0 @@ -help: FTP connection tracking settings diff --git a/templates-cfg/system/conntrack/modules/h323/disable/node.def b/templates-cfg/system/conntrack/modules/h323/disable/node.def deleted file mode 100644 index e20d36b..0000000 --- a/templates-cfg/system/conntrack/modules/h323/disable/node.def +++ /dev/null @@ -1,7 +0,0 @@ -help: Disable H.323 connection tracking - -create: sudo rmmod nf_nat_h323 - sudo rmmod nf_conntrack_h323 - -delete: sudo modprobe nf_conntrack_h323 - sudo modprobe nf_nat_h323 diff --git a/templates-cfg/system/conntrack/modules/h323/node.def b/templates-cfg/system/conntrack/modules/h323/node.def deleted file mode 100644 index 33f0eca..0000000 --- a/templates-cfg/system/conntrack/modules/h323/node.def +++ /dev/null @@ -1 +0,0 @@ -help: H.323 connection tracking settings diff --git a/templates-cfg/system/conntrack/modules/nfs/disable/node.def b/templates-cfg/system/conntrack/modules/nfs/disable/node.def deleted file mode 100644 index 90f9103..0000000 --- a/templates-cfg/system/conntrack/modules/nfs/disable/node.def +++ /dev/null @@ -1,7 +0,0 @@ -help: disable NFS protocol connection tracking helper - -end: if [ ${COMMIT_ACTION} = 'DELETE' ]; then - sudo /opt/vyatta/bin/sudo-users/vyatta-cthelper.pl --enable_nfs=nfs - else - sudo /opt/vyatta/bin/sudo-users/vyatta-cthelper.pl --disable_nfs=nfs - fi; diff --git a/templates-cfg/system/conntrack/modules/nfs/node.def b/templates-cfg/system/conntrack/modules/nfs/node.def deleted file mode 100644 index 3d1fb34..0000000 --- a/templates-cfg/system/conntrack/modules/nfs/node.def +++ /dev/null @@ -1 +0,0 @@ -help: NFS protocol connection tracking helper settting diff --git a/templates-cfg/system/conntrack/modules/node.def b/templates-cfg/system/conntrack/modules/node.def deleted file mode 100644 index 25cba5d..0000000 --- a/templates-cfg/system/conntrack/modules/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Connection tracking modules settings diff --git a/templates-cfg/system/conntrack/modules/pptp/disable/node.def b/templates-cfg/system/conntrack/modules/pptp/disable/node.def deleted file mode 100644 index 8051889..0000000 --- a/templates-cfg/system/conntrack/modules/pptp/disable/node.def +++ /dev/null @@ -1,7 +0,0 @@ -help: Disable PPTP connection tracking - -create: sudo rmmod nf_nat_pptp - sudo rmmod nf_conntrack_pptp - -delete: sudo modprobe nf_conntrack_pptp - sudo modprobe nf_nat_pptp diff --git a/templates-cfg/system/conntrack/modules/pptp/node.def b/templates-cfg/system/conntrack/modules/pptp/node.def deleted file mode 100644 index 3733f31..0000000 --- a/templates-cfg/system/conntrack/modules/pptp/node.def +++ /dev/null @@ -1 +0,0 @@ -help: PPTP connection tracking settings diff --git a/templates-cfg/system/conntrack/modules/sip/disable/node.def b/templates-cfg/system/conntrack/modules/sip/disable/node.def deleted file mode 100644 index cea57e1..0000000 --- a/templates-cfg/system/conntrack/modules/sip/disable/node.def +++ /dev/null @@ -1,7 +0,0 @@ -help: Disable SIP connection tracking - -create: sudo rmmod nf_nat_sip - sudo rmmod nf_conntrack_sip - -delete: sudo modprobe nf_conntrack_sip - sudo modprobe nf_nat_sip diff --git a/templates-cfg/system/conntrack/modules/sip/enable-indirect-media/node.def b/templates-cfg/system/conntrack/modules/sip/enable-indirect-media/node.def deleted file mode 100644 index c29389e..0000000 --- a/templates-cfg/system/conntrack/modules/sip/enable-indirect-media/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Option to support for indirect media streams diff --git a/templates-cfg/system/conntrack/modules/sip/enable-indirect-signalling/node.def b/templates-cfg/system/conntrack/modules/sip/enable-indirect-signalling/node.def deleted file mode 100644 index 82782ff..0000000 --- a/templates-cfg/system/conntrack/modules/sip/enable-indirect-signalling/node.def +++ /dev/null @@ -1 +0,0 @@ -help: Option to support for indirect signalling streams diff --git a/templates-cfg/system/conntrack/modules/sip/node.def b/templates-cfg/system/conntrack/modules/sip/node.def deleted file mode 100644 index 320fb71..0000000 --- a/templates-cfg/system/conntrack/modules/sip/node.def +++ /dev/null @@ -1,75 +0,0 @@ -help: SIP connection tracking settings - -end: /bin/cli-shell-api exists system conntrack modules sip disable && exit 0 - reload=0 - sdm=2 - defaultport=5060 - portopt="ports=" - portval="" - portpath="system conntrack modules sip port" - - if [ -f /sys/module/nf_conntrack_sip/parameters/sip_direct_media ]; then - sdm=$(sudo cat /sys/module/nf_conntrack_sip/parameters/sip_direct_media) - fi - if [ -n "$VAR(./enable-indirect-media)" ]; then - indirectmedia='sip_direct_media=0' - if [ $sdm -ge 1 ]; then reload=1; fi - else - if [ $sdm -eq 0 ]; then reload=1; fi - fi - - sds=2 - if [ -f /sys/module/nf_conntrack_sip/parameters/sip_direct_signalling ]; then - sds=$(sudo cat /sys/module/nf_conntrack_sip/parameters/sip_direct_signalling) - fi - if [ -n "$VAR(./enable-indirect-signalling)" ]; then - indirectsignalling='sip_direct_signalling=0' - if [ $sds -ge 1 ]; then reload=1; fi - else - if [ $sds -eq 0 ]; then reload=1; fi - fi - - if [ -n "$VAR(./port/@@)" ]; then - numports=0 - for port in $VAR(./port/@@); do - if [ -z "$portval" ]; then - portval=$port - else - portval="${portval},$port" - fi - (( numports++ )) - done - if [ $numports -gt 8 ]; then - echo "Error: Can not specify more than 8 ports." - exit 1 - fi - fi - - if [ "$portval" != "" ]; then - portopt="${portopt}$portval" - else - portopt="${portopt}$defaultport" - fi - - if [ "`cli-shell-api returnValues $portpath`" != "`cli-shell-api returnEffectiveValues $portpath`" ]; then - reload=1 - fi - - if [ -f /etc/modprobe.d/options ]; then - sudo sed -i '/nf_conntrack_sip/d' /etc/modprobe.d/options - fi - - if [ -n "$indirectmedia" ] || [ -n "$indirectsignalling" ] || \ - [ -n "$portopt" ]; then - sudo sh -c "echo \# Auto-generated by `whoami` at `date` > /etc/modprobe.d/vyatta_sip_options.conf" - sudo sh -c "echo options nf_conntrack_sip $indirectmedia $indirectsignalling $portopt >> /etc/modprobe.d/vyatta_sip_options.conf " - else - sudo rm -f /etc/modprobe.d/vyatta_sip_options.conf - fi - - if [ $reload -eq 1 ]; then - sudo modprobe -r nf_nat_sip nf_conntrack_sip - sudo modprobe nf_conntrack_sip - sudo modprobe nf_nat_sip - fi - diff --git a/templates-cfg/system/conntrack/modules/sip/port/node.def b/templates-cfg/system/conntrack/modules/sip/port/node.def deleted file mode 100644 index b72f1ca..0000000 --- a/templates-cfg/system/conntrack/modules/sip/port/node.def +++ /dev/null @@ -1,8 +0,0 @@ -multi: -type: u32 - -help: Port number that SIP traffic is carried on - -val_help: u32:1-65535; SIP port number - -syntax:expression: ($VAR(@) >= 1 && $VAR(@) <=65535) ; "Port number must be in range 1 to 65535" diff --git a/templates-cfg/system/conntrack/modules/sqlnet/disable/node.def b/templates-cfg/system/conntrack/modules/sqlnet/disable/node.def deleted file mode 100644 index aac316b..0000000 --- a/templates-cfg/system/conntrack/modules/sqlnet/disable/node.def +++ /dev/null @@ -1,7 +0,0 @@ -help: disable SQLnet protocol connection tracking helper - -end: if [ ${COMMIT_ACTION} = 'DELETE' ]; then - sudo /opt/vyatta/bin/sudo-users/vyatta-cthelper.pl --enable_sqlnet=sqlnet - else - sudo /opt/vyatta/bin/sudo-users/vyatta-cthelper.pl --disable_sqlnet=sqlnet - fi; diff --git a/templates-cfg/system/conntrack/modules/sqlnet/node.def b/templates-cfg/system/conntrack/modules/sqlnet/node.def deleted file mode 100644 index a62048e..0000000 --- a/templates-cfg/system/conntrack/modules/sqlnet/node.def +++ /dev/null @@ -1 +0,0 @@ -help: SQLnet protocol connection tracking helper setting diff --git a/templates-cfg/system/conntrack/modules/tftp/disable/node.def b/templates-cfg/system/conntrack/modules/tftp/disable/node.def deleted file mode 100644 index ebdecf4..0000000 --- a/templates-cfg/system/conntrack/modules/tftp/disable/node.def +++ /dev/null @@ -1,7 +0,0 @@ -help: Disable TFTP connection tracking - -create: sudo rmmod nf_nat_tftp - sudo rmmod nf_conntrack_tftp - -delete: sudo modprobe nf_conntrack_tftp - sudo modprobe nf_nat_tftp diff --git a/templates-cfg/system/conntrack/modules/tftp/node.def b/templates-cfg/system/conntrack/modules/tftp/node.def deleted file mode 100644 index cbb0496..0000000 --- a/templates-cfg/system/conntrack/modules/tftp/node.def +++ /dev/null @@ -1 +0,0 @@ -help: TFTP connection tracking settings |