summaryrefslogtreecommitdiff
path: root/python
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-09-28 17:02:33 +0200
committerGitHub <noreply@github.com>2023-09-28 17:02:33 +0200
commit852e9c3328e61f5d0b92a9efca376aec94533f2b (patch)
tree0aff1a25a0e9ce69b39cc14f609d11c4f547d54f /python
parent5bcd00a2ee5ef92470ddc67f7821bb8c8659765d (diff)
parentbdad4e046872e054ec7783b2f04b73a8a690a045 (diff)
downloadvyos-1x-852e9c3328e61f5d0b92a9efca376aec94533f2b.tar.gz
vyos-1x-852e9c3328e61f5d0b92a9efca376aec94533f2b.zip
Merge pull request #2295 from sever-sever/T5217-synproxy
T5217: Add firewall synproxy
Diffstat (limited to 'python')
-rw-r--r--python/vyos/firewall.py14
1 files changed, 14 insertions, 0 deletions
diff --git a/python/vyos/firewall.py b/python/vyos/firewall.py
index 7e43b815a..ab40688cc 100644
--- a/python/vyos/firewall.py
+++ b/python/vyos/firewall.py
@@ -263,6 +263,10 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name):
output.append(f'{proto} {prefix}port {operator} @P_{group_name}')
+ if rule_conf['action'] == 'synproxy':
+ if 'synproxy' in rule_conf:
+ output.append('ct state invalid,untracked')
+
if 'hop_limit' in rule_conf:
operators = {'eq': '==', 'gt': '>', 'lt': '<'}
for op, operator in operators.items():
@@ -433,6 +437,16 @@ def parse_rule(rule_conf, hook, fw_name, rule_id, ip_name):
if 'queue_options' in rule_conf:
queue_opts = ','.join(rule_conf['queue_options'])
output.append(f'{queue_opts}')
+
+ # Synproxy
+ if 'synproxy' in rule_conf:
+ synproxy_mss = dict_search_args(rule_conf, 'synproxy', 'tcp', 'mss')
+ if synproxy_mss:
+ output.append(f'mss {synproxy_mss}')
+ synproxy_ws = dict_search_args(rule_conf, 'synproxy', 'tcp', 'window_scale')
+ if synproxy_ws:
+ output.append(f'wscale {synproxy_ws} timestamp sack-perm')
+
else:
output.append('return')