diff options
Diffstat (limited to 'templates-cfg/system/conntrack/modules')
16 files changed, 146 insertions, 0 deletions
diff --git a/templates-cfg/system/conntrack/modules/ftp/disable/node.def b/templates-cfg/system/conntrack/modules/ftp/disable/node.def new file mode 100644 index 0000000..40a64d5 --- /dev/null +++ b/templates-cfg/system/conntrack/modules/ftp/disable/node.def @@ -0,0 +1,7 @@ +help: Disable FTP connection tracking + +create: sudo rmmod nf_nat_ftp + sudo rmmod nf_conntrack_ftp + +delete: sudo modprobe nf_conntrack_ftp + sudo modprobe nf_nat_ftp
\ No newline at end of file diff --git a/templates-cfg/system/conntrack/modules/ftp/node.def b/templates-cfg/system/conntrack/modules/ftp/node.def new file mode 100644 index 0000000..74a94b4 --- /dev/null +++ b/templates-cfg/system/conntrack/modules/ftp/node.def @@ -0,0 +1 @@ +help: FTP connection tracking settings
\ No newline at end of file diff --git a/templates-cfg/system/conntrack/modules/gre/disable/node.def b/templates-cfg/system/conntrack/modules/gre/disable/node.def new file mode 100644 index 0000000..f6f9546 --- /dev/null +++ b/templates-cfg/system/conntrack/modules/gre/disable/node.def @@ -0,0 +1,21 @@ +help: Disable GRE connection tracking + +# GRE shouldn't be disabled when PPTP is enabled because PPTP depends on it +create: cli-shell-api exists system conntrack modules pptp disable + if [ $? == 0 ]; then + # Unload PPTP modules if they are loaded + lsmod | grep -e "^nf_nat_pptp" 2>&1 >/dev/null + if [ $? == 0 ]; then + sudo rmmod nf_nat_pptp + sudo rmmod nf_conntrack_pptp + fi + # And GRE modules then + sudo rmmod nf_nat_proto_gre + sudo rmmod nf_conntrack_proto_gre + else + echo "Error: can not disable GRE connection tracking when PPTP connection tracking is enabled!" + exit 1 + fi + +delete: sudo modprobe nf_conntrack_proto_gre + sudo modprobe nf_nat_proto_gre diff --git a/templates-cfg/system/conntrack/modules/gre/node.def b/templates-cfg/system/conntrack/modules/gre/node.def new file mode 100644 index 0000000..d192f7d --- /dev/null +++ b/templates-cfg/system/conntrack/modules/gre/node.def @@ -0,0 +1 @@ +help: GRE connection tracking settings
\ No newline at end of file diff --git a/templates-cfg/system/conntrack/modules/h323/disable/node.def b/templates-cfg/system/conntrack/modules/h323/disable/node.def new file mode 100644 index 0000000..1fb0117 --- /dev/null +++ b/templates-cfg/system/conntrack/modules/h323/disable/node.def @@ -0,0 +1,7 @@ +help: Disable H.323 connection tracking + +create: sudo rmmod nf_nat_h323 + sudo rmmod nf_conntrack_h323 + +delete: sudo modprobe nf_conntrack_h323 + sudo modprobe nf_nat_h323
\ No newline at end of file diff --git a/templates-cfg/system/conntrack/modules/h323/node.def b/templates-cfg/system/conntrack/modules/h323/node.def new file mode 100644 index 0000000..ae4b787 --- /dev/null +++ b/templates-cfg/system/conntrack/modules/h323/node.def @@ -0,0 +1 @@ +help: H.323 connection tracking settings
\ No newline at end of file diff --git a/templates-cfg/system/conntrack/modules/node.def b/templates-cfg/system/conntrack/modules/node.def new file mode 100644 index 0000000..9666287 --- /dev/null +++ b/templates-cfg/system/conntrack/modules/node.def @@ -0,0 +1 @@ +help: Connection tracking modules settings
\ No newline at end of file diff --git a/templates-cfg/system/conntrack/modules/pptp/disable/node.def b/templates-cfg/system/conntrack/modules/pptp/disable/node.def new file mode 100644 index 0000000..4ffd980 --- /dev/null +++ b/templates-cfg/system/conntrack/modules/pptp/disable/node.def @@ -0,0 +1,20 @@ +help: Disable PPTP connection tracking + +create: cli-shell-api exists system conntrack modules gre disable + if [ $? == 0 ]; then + # Do nothing, this case is handled in GRE module templates + :; + else + sudo rmmod nf_nat_pptp + sudo rmmod nf_conntrack_pptp + fi + +# PPTP shouldn't be enabled when GRE is disabled because PPTP depends on it +delete: cli-shell-api exists system conntrack modules gre disable + if [ $? == 0 ]; then + echo "Error: can not enable PPTP connection tracking when GRE connection tracking is disabled!" + exit 1 + else + sudo modprobe nf_conntrack_pptp + sudo modprobe nf_nat_pptp + fi diff --git a/templates-cfg/system/conntrack/modules/pptp/node.def b/templates-cfg/system/conntrack/modules/pptp/node.def new file mode 100644 index 0000000..a6ae0c4 --- /dev/null +++ b/templates-cfg/system/conntrack/modules/pptp/node.def @@ -0,0 +1 @@ +help: PPTP connection tracking settings
\ No newline at end of file diff --git a/templates-cfg/system/conntrack/modules/sip/disable/node.def b/templates-cfg/system/conntrack/modules/sip/disable/node.def new file mode 100644 index 0000000..d0eaf81 --- /dev/null +++ b/templates-cfg/system/conntrack/modules/sip/disable/node.def @@ -0,0 +1,7 @@ +help: Disable SIP connection tracking + +create: sudo rmmod nf_nat_sip + sudo rmmod nf_conntrack_sip + +delete: sudo modprobe nf_conntrack_sip + sudo modprobe nf_nat_sip
\ No newline at end of file diff --git a/templates-cfg/system/conntrack/modules/sip/enable-indirect-media/node.def b/templates-cfg/system/conntrack/modules/sip/enable-indirect-media/node.def new file mode 100644 index 0000000..c29389e --- /dev/null +++ b/templates-cfg/system/conntrack/modules/sip/enable-indirect-media/node.def @@ -0,0 +1 @@ +help: Option to support for indirect media streams diff --git a/templates-cfg/system/conntrack/modules/sip/enable-indirect-signalling/node.def b/templates-cfg/system/conntrack/modules/sip/enable-indirect-signalling/node.def new file mode 100644 index 0000000..82782ff --- /dev/null +++ b/templates-cfg/system/conntrack/modules/sip/enable-indirect-signalling/node.def @@ -0,0 +1 @@ +help: Option to support for indirect signalling streams diff --git a/templates-cfg/system/conntrack/modules/sip/node.def b/templates-cfg/system/conntrack/modules/sip/node.def new file mode 100644 index 0000000..b5a3225 --- /dev/null +++ b/templates-cfg/system/conntrack/modules/sip/node.def @@ -0,0 +1,61 @@ +help: SIP connection tracking settings + +end: /bin/cli-shell-api existsEffective system conntrack modules sip disable && exit 0 + reload=0 + sdm=2 + if [ -f /sys/module/nf_conntrack_sip/parameters/sip_direct_media ]; then + sdm=$(sudo cat /sys/module/nf_conntrack_sip/parameters/sip_direct_media) + fi + if [ -n "$VAR(./enable-indirect-media)" ]; then + indirectmedia='sip_direct_media=0' + if [ $sdm -ge 1 ]; then reload=1; fi + else + if [ $sdm -eq 0 ]; then reload=1; fi + fi + + sds=2 + if [ -f /sys/module/nf_conntrack_sip/parameters/sip_direct_signalling ]; then + sds=$(sudo cat /sys/module/nf_conntrack_sip/parameters/sip_direct_signalling) + fi + if [ -n "$VAR(./enable-indirect-signalling)" ]; then + indirectsignalling='sip_direct_signalling=0' + if [ $sds -ge 1 ]; then reload=1; fi + else + if [ $sds -eq 0 ]; then reload=1; fi + fi + + if [ -n "$VAR(./port/@@)" ]; then + numports=0 + for port in $VAR(./port/@@); do + if [ -z "$portval" ]; then + portval=$port + else + portval="${portval},$port" + fi + (( numports++ )) + done + portopt="ports=$portval" + if [ $numports -gt 8 ]; then + echo "Error: Can not specify more than 8 ports." + exit 1 + fi + reload=1 + fi + + if [ -f /etc/modprobe.d/options ]; then + sudo sed -i '/nf_conntrack_sip/d' /etc/modprobe.d/options + fi + + if [ -n "$indirectmedia" ] || [ -n "$indirectsignalling" ] || \ + [ -n "$portopt" ]; then + sudo sh -c "echo \# Auto-generated by `whoami` at `date` > /etc/modprobe.d/vyatta_sip_options.conf" + sudo sh -c "echo options nf_conntrack_sip $indirectmedia $indirectsignalling $portopt >> /etc/modprobe.d/vyatta_sip_options.conf " + else + sudo rm -f /etc/modprobe.d/vyatta_sip_options.conf + fi + + if [ $reload -eq 1 ]; then + sudo modprobe -r nf_nat_sip nf_conntrack_sip + sudo modprobe nf_conntrack_sip + sudo modprobe nf_nat_sip + fi diff --git a/templates-cfg/system/conntrack/modules/sip/port/node.def b/templates-cfg/system/conntrack/modules/sip/port/node.def new file mode 100644 index 0000000..b72f1ca --- /dev/null +++ b/templates-cfg/system/conntrack/modules/sip/port/node.def @@ -0,0 +1,8 @@ +multi: +type: u32 + +help: Port number that SIP traffic is carried on + +val_help: u32:1-65535; SIP port number + +syntax:expression: ($VAR(@) >= 1 && $VAR(@) <=65535) ; "Port number must be in range 1 to 65535" diff --git a/templates-cfg/system/conntrack/modules/tftp/disable/node.def b/templates-cfg/system/conntrack/modules/tftp/disable/node.def new file mode 100644 index 0000000..ebdecf4 --- /dev/null +++ b/templates-cfg/system/conntrack/modules/tftp/disable/node.def @@ -0,0 +1,7 @@ +help: Disable TFTP connection tracking + +create: sudo rmmod nf_nat_tftp + sudo rmmod nf_conntrack_tftp + +delete: sudo modprobe nf_conntrack_tftp + sudo modprobe nf_nat_tftp diff --git a/templates-cfg/system/conntrack/modules/tftp/node.def b/templates-cfg/system/conntrack/modules/tftp/node.def new file mode 100644 index 0000000..901f52e --- /dev/null +++ b/templates-cfg/system/conntrack/modules/tftp/node.def @@ -0,0 +1 @@ +help: TFTP connection tracking settings
\ No newline at end of file |