diff options
| author | John Estabrook <jestabro@vyos.io> | 2023-09-28 09:54:31 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-09-28 09:54:31 -0500 |
| commit | 5bcd00a2ee5ef92470ddc67f7821bb8c8659765d (patch) | |
| tree | 979de9fd8fcfcad6779a13c7d24eb713aa0c271f /data/templates/conntrack/nftables-ct.j2 | |
| parent | 6aa3679187243a9d1eaa16e6e81237f00dde0c63 (diff) | |
| parent | 5acf5acedbf7e0c581653ddf2e7693f148017943 (diff) | |
| download | vyos-1x-5bcd00a2ee5ef92470ddc67f7821bb8c8659765d.tar.gz vyos-1x-5bcd00a2ee5ef92470ddc67f7821bb8c8659765d.zip | |
Merge pull request #2304 from sarthurdev/conntrack_helpers
conntrack: T5376: T5598: Restore kernel conntrack helpers
Diffstat (limited to 'data/templates/conntrack/nftables-ct.j2')
| -rw-r--r-- | data/templates/conntrack/nftables-ct.j2 | 51 |
1 files changed, 3 insertions, 48 deletions
diff --git a/data/templates/conntrack/nftables-ct.j2 b/data/templates/conntrack/nftables-ct.j2 index 895f61a55..1e0fc8065 100644 --- a/data/templates/conntrack/nftables-ct.j2 +++ b/data/templates/conntrack/nftables-ct.j2 @@ -1,5 +1,6 @@ #!/usr/sbin/nft -f +{% import 'conntrack/nftables-helpers.j2' as helper_tmpl %} {% import 'firewall/nftables-defines.j2' as group_tmpl %} {% if first_install is not vyos_defined %} @@ -52,30 +53,7 @@ table ip vyos_conntrack { notrack } - ct helper rpc_tcp { - type "rpc" protocol tcp; - } - - ct helper rpc_udp { - type "rpc" protocol udp; - } - - ct helper tns_tcp { - type "tns" protocol tcp; - } - - chain VYOS_CT_HELPER { -{% for module, module_conf in module_map.items() %} -{% if modules[module] is vyos_defined %} -{% if 'nftables' in module_conf %} -{% for rule in module_conf.nftables %} - {{ rule }} -{% endfor %} -{% endif %} -{% endif %} -{% endfor %} - return - } +{{ helper_tmpl.conntrack_helpers(module_map, modules, ipv4=True) }} chain FW_CONNTRACK { {{ ipv4_firewall_action }} @@ -140,30 +118,7 @@ table ip6 vyos_conntrack { notrack } - ct helper rpc_tcp { - type "rpc" protocol tcp; - } - - ct helper rpc_udp { - type "rpc" protocol udp; - } - - ct helper tns_tcp { - type "tns" protocol tcp; - } - - chain VYOS_CT_HELPER { -{% for module, module_conf in module_map.items() %} -{% if modules[module] is vyos_defined %} -{% if 'nftables' in module_conf %} -{% for rule in module_conf.nftables %} - {{ rule }} -{% endfor %} -{% endif %} -{% endif %} -{% endfor %} - return - } +{{ helper_tmpl.conntrack_helpers(module_map, modules, ipv4=False) }} chain FW_CONNTRACK { {{ ipv6_firewall_action }} |