diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-01-18 22:05:16 +0100 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2024-01-18 22:09:30 +0100 |
| commit | 80068c8ce453a385981999c25e4ff5aeaa6bf030 (patch) | |
| tree | 2c3566becc1e93b70df5fb2f61b4f1028a04dd8f /data/templates/conntrack/nftables-helpers.j2 | |
| parent | 4b3ef473c3acfedeb70a023a9ca46df5437fc5a2 (diff) | |
| download | vyos-1x-80068c8ce453a385981999c25e4ff5aeaa6bf030.tar.gz vyos-1x-80068c8ce453a385981999c25e4ff5aeaa6bf030.zip | |
conntrack: T5376: T5779: backport from current
Backport of the conntrack system from current branch.
(cherry picked from commit fd0bcaf12)
(cherry picked from commit 5acf5aced)
(cherry picked from commit 42ff4d8a7)
(cherry picked from commit 24a1a7059)
Diffstat (limited to 'data/templates/conntrack/nftables-helpers.j2')
| -rw-r--r-- | data/templates/conntrack/nftables-helpers.j2 | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/data/templates/conntrack/nftables-helpers.j2 b/data/templates/conntrack/nftables-helpers.j2 new file mode 100644 index 000000000..433931162 --- /dev/null +++ b/data/templates/conntrack/nftables-helpers.j2 @@ -0,0 +1,70 @@ +{% macro conntrack_helpers(module_map, modules, ipv4=True) %} +{% if modules.ftp is vyos_defined %} + ct helper ftp_tcp { + type "ftp" protocol tcp; + } +{% endif %} + +{% if modules.h323 is vyos_defined %} + ct helper ras_udp { + type "RAS" protocol udp; + } + + ct helper q931_tcp { + type "Q.931" protocol tcp; + } +{% endif %} + +{% if modules.pptp is vyos_defined and ipv4 %} + ct helper pptp_tcp { + type "pptp" protocol tcp; + } +{% endif %} + +{% if modules.nfs is vyos_defined %} + ct helper rpc_tcp { + type "rpc" protocol tcp; + } + + ct helper rpc_udp { + type "rpc" protocol udp; + } +{% endif %} + +{% if modules.sip is vyos_defined %} + ct helper sip_tcp { + type "sip" protocol tcp; + } + + ct helper sip_udp { + type "sip" protocol udp; + } +{% endif %} + +{% if modules.tftp is vyos_defined %} + ct helper tftp_udp { + type "tftp" protocol udp; + } +{% endif %} + +{% if modules.sqlnet is vyos_defined %} + ct helper tns_tcp { + type "tns" protocol tcp; + } +{% endif %} + + chain VYOS_CT_HELPER { +{% for module, module_conf in module_map.items() %} +{% if modules[module] is vyos_defined %} +{% if 'nftables' in module_conf %} +{% if module_conf.ipv4 is not vyos_defined or module_conf.ipv4 == ipv4 %} +{% for rule in module_conf.nftables %} + {{ rule }} +{% endfor %} +{% endif %} +{% endif %} +{% endif %} +{% endfor %} + return + } +{% endmacro %} |