From ee0e999936d743b62afa9b3ddb90aece9fbf0ac9 Mon Sep 17 00:00:00 2001 From: Alex Harpin Date: Tue, 23 Jun 2015 21:25:33 +0100 Subject: vyatta-conntrack: add port 1536 to the ports affected by sqlnet module When the sqlnet conntrack module is enabled / disabled, ports 1521 and 1525 are inserted / removed from the conntrack helper chains but 1536 isn't; add this to the list of ports affected. Bug #412 http://bugzilla.vyos.net/show_bug.cgi?id=412 --- scripts/vyatta-cthelper.pl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/vyatta-cthelper.pl b/scripts/vyatta-cthelper.pl index 2b9cc6a..c7d2288 100644 --- a/scripts/vyatta-cthelper.pl +++ b/scripts/vyatta-cthelper.pl @@ -34,6 +34,7 @@ sub add_helper_to_chain { if ($module eq 'sqlnet') { run_cmd("$iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper tns"); run_cmd("$iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper tns"); + run_cmd("$iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 1536 -j CT --helper tns"); } elsif ($module eq 'nfs') { run_cmd(" $iptables_cmd -I VYATTA_CT_HELPER -t raw -p tcp --dport 111 -j CT --helper rpc"); run_cmd(" $iptables_cmd -I VYATTA_CT_HELPER -t raw -p udp --dport 111 -j CT --helper rpc"); @@ -47,6 +48,7 @@ sub delete_helper_from_chain { if ($module eq 'sqlnet') { run_cmd("$iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1521 -j CT --helper tns"); run_cmd("$iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1525 -j CT --helper tns"); + run_cmd("$iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 1536 -j CT --helper tns"); } elsif ($module eq 'nfs') { run_cmd("$iptables_cmd -D VYATTA_CT_HELPER -t raw -p tcp --dport 111 -j CT --helper rpc"); run_cmd("$iptables_cmd -D VYATTA_CT_HELPER -t raw -p udp --dport 111 -j CT --helper rpc"); @@ -56,7 +58,6 @@ sub delete_helper_from_chain { # should disable the required helper module sub disable_helper_module { my ($module) = @_; - delete_helper_from_chain($module); } -- cgit v1.2.3