diff options
| author | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-08-07 13:20:36 -0700 |
|---|---|---|
| committer | Gaurav Sinha <gaurav.sinha@vyatta.com> | 2012-08-07 13:20:36 -0700 |
| commit | 2acba299599b9f39a17164018227f12978e030aa (patch) | |
| tree | b9d464a1a3b405f3d584d85efaa47adf94b81451 /templates-cfg/system | |
| parent | 058c232c602003198ff8f01439c349985ddf0fe5 (diff) | |
| download | vyatta-conntrack-2acba299599b9f39a17164018227f12978e030aa.tar.gz vyatta-conntrack-2acba299599b9f39a17164018227f12978e030aa.zip | |
Fixed protocols allowed script, use same as NAT, fixed protocol parsing
Diffstat (limited to 'templates-cfg/system')
| -rw-r--r-- | templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def b/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def index ccad73d..59f23a3 100644 --- a/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def +++ b/templates-cfg/system/conntrack/ignore/rule/node.tag/protocol/node.def @@ -1,2 +1,21 @@ +type: txt help: protocol to ignore connection tracking for -type:txt + +val_help: txt ; IP protocol name from /etc/protocols (e.g. "tcp" or "udp") +val_help: u32:0-255 ; IP protocol number +val_help: tcp_udp ; Both TCP and UDP +val_help: all ; All IP protocols +val_help: !<protocol> ; All IP protocols except for the specified name or number (negation) + +syntax:expression: exec "if [ -n \"`/opt/vyatta/sbin/vyatta-validate-type.pl protocol_negate '$VAR(@)'`\" ] \ + && [ \"$VAR(@)\" != 'tcp_udp' ]; then \ + echo invalid protocol \"$VAR(@)\" ; \ + exit 1 ; \ + fi ; " + +# Provide some help for command completion. Doesn't return negated +# values or protocol numbers +allowed: + protos=`cat /etc/protocols | sed -e '/^#.*/d' | awk '{ print $1 }' | grep -v 'v6'` + protos="all $protos tcp_udp" + echo -n $protos |