diff options
| author | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2023-09-21 12:05:20 +0200 |
|---|---|---|
| committer | sarthurdev <965089+sarthurdev@users.noreply.github.com> | 2023-09-24 16:50:05 +0200 |
| commit | fd0bcaf120bc4ad5f3e9add93f0fa2c2c60e984f (patch) | |
| tree | 6ec51ed61a1953ebe2bf14680f3ce245f1f0df5f /data/templates/conntrack/nftables-ct.j2 | |
| parent | 7253377e754ed8bc95cbe59840ed3a70c6945b93 (diff) | |
| download | vyos-1x-fd0bcaf120bc4ad5f3e9add93f0fa2c2c60e984f.tar.gz vyos-1x-fd0bcaf120bc4ad5f3e9add93f0fa2c2c60e984f.zip | |
conntrack: T5376: T5598: Fix for kernel conntrack helpers
`nf_conntrack_helper` that auto-assigned helpers is removed from the kernel
Diffstat (limited to 'data/templates/conntrack/nftables-ct.j2')
| -rw-r--r-- | data/templates/conntrack/nftables-ct.j2 | 51 |
1 files changed, 3 insertions, 48 deletions
diff --git a/data/templates/conntrack/nftables-ct.j2 b/data/templates/conntrack/nftables-ct.j2 index 895f61a55..1e0fc8065 100644 --- a/data/templates/conntrack/nftables-ct.j2 +++ b/data/templates/conntrack/nftables-ct.j2 @@ -1,5 +1,6 @@ #!/usr/sbin/nft -f +{% import 'conntrack/nftables-helpers.j2' as helper_tmpl %} {% import 'firewall/nftables-defines.j2' as group_tmpl %} {% if first_install is not vyos_defined %} @@ -52,30 +53,7 @@ table ip vyos_conntrack { notrack } - ct helper rpc_tcp { - type "rpc" protocol tcp; - } - - ct helper rpc_udp { - type "rpc" protocol udp; - } - - ct helper tns_tcp { - type "tns" protocol tcp; - } - - chain VYOS_CT_HELPER { -{% for module, module_conf in module_map.items() %} -{% if modules[module] is vyos_defined %} -{% if 'nftables' in module_conf %} -{% for rule in module_conf.nftables %} - {{ rule }} -{% endfor %} -{% endif %} -{% endif %} -{% endfor %} - return - } +{{ helper_tmpl.conntrack_helpers(module_map, modules, ipv4=True) }} chain FW_CONNTRACK { {{ ipv4_firewall_action }} @@ -140,30 +118,7 @@ table ip6 vyos_conntrack { notrack } - ct helper rpc_tcp { - type "rpc" protocol tcp; - } - - ct helper rpc_udp { - type "rpc" protocol udp; - } - - ct helper tns_tcp { - type "tns" protocol tcp; - } - - chain VYOS_CT_HELPER { -{% for module, module_conf in module_map.items() %} -{% if modules[module] is vyos_defined %} -{% if 'nftables' in module_conf %} -{% for rule in module_conf.nftables %} - {{ rule }} -{% endfor %} -{% endif %} -{% endif %} -{% endfor %} - return - } +{{ helper_tmpl.conntrack_helpers(module_map, modules, ipv4=False) }} chain FW_CONNTRACK { {{ ipv6_firewall_action }} |