[Ipcop-svn] SF.net SVN: ipcop:[6828] ipcop/trunk

owes Sat, 03 Nov 2012 03:59:53 -0700

Revision: 6828
          http://ipcop.svn.sourceforge.net/ipcop/?rev=6828&view=rev
Author:   owes
Date:     2012-11-03 10:59:39 +0000 (Sat, 03 Nov 2012)
Log Message:
-----------
Replace obsoleted -m state --state with -m conntrack --ctstate


Modified Paths:
--------------
    ipcop/trunk/src/rc.d/rc.firewall
    ipcop/trunk/src/scripts/puzzleFwRules.pl
    ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0

Modified: ipcop/trunk/src/rc.d/rc.firewall
===================================================================
--- ipcop/trunk/src/rc.d/rc.firewall    2012-11-03 08:27:26 UTC (rev 6827)
+++ ipcop/trunk/src/rc.d/rc.firewall    2012-11-03 10:59:39 UTC (rev 6828)
@@ -15,7 +15,7 @@
 # You should have received a copy of the GNU General Public License
 # along with IPCop.  If not, see <http://www.gnu.org/licenses/>.
 #
-# (c) 2001-2011, the IPCop team
+# (c) 2001-2012, the IPCop team
 #
 # $Id$
 #
@@ -81,7 +81,7 @@
     # SYN/FIN (QueSO or nmap OS probe)
     /sbin/iptables -A BADTCP -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j PSCAN
     # NEW TCP without SYN
-    /sbin/iptables -A BADTCP -p tcp -m tcp ! --syn -m state --state NEW -j 
NEWNOTSYN
+    /sbin/iptables -A BADTCP -p tcp -m tcp ! --syn -m conntrack --ctstate NEW 
-j NEWNOTSYN
 
     /sbin/iptables -A INPUT   -j BADTCP
     /sbin/iptables -A FORWARD -j BADTCP
@@ -177,23 +177,23 @@
     /sbin/iptables -A FORWARD -j FW_IPCOP_FORWARD
 
     # Accept everything connected
-    /sbin/iptables -A INPUT   -m state --state ESTABLISHED,RELATED -j ACCEPT
-    /sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
+    /sbin/iptables -A INPUT   -m conntrack --ctstate ESTABLISHED,RELATED -j 
ACCEPT
+    /sbin/iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j 
ACCEPT
 
     # localhost and ethernet.
-    /sbin/iptables -A INPUT   -i lo          -m state --state NEW -j ACCEPT
-    /sbin/iptables -A INPUT   -s 127.0.0.0/8 -m state --state NEW -j DROP   # 
Loopback not on lo
-    /sbin/iptables -A INPUT   -d 127.0.0.0/8 -m state --state NEW -j DROP
-    /sbin/iptables -A FORWARD -i lo          -m state --state NEW -j ACCEPT
-    /sbin/iptables -A FORWARD -s 127.0.0.0/8 -m state --state NEW -j DROP
-    /sbin/iptables -A FORWARD -d 127.0.0.0/8 -m state --state NEW -j DROP
-    #~ /sbin/iptables -A INPUT   -i $GREEN_1_DEV -m state --state NEW -j ACCEPT
-    #~ /sbin/iptables -A FORWARD -i $GREEN_1_DEV -m state --state NEW -j ACCEPT
+    /sbin/iptables -A INPUT   -i lo          -m conntrack --ctstate NEW -j 
ACCEPT
+    /sbin/iptables -A INPUT   -s 127.0.0.0/8 -m conntrack --ctstate NEW -j 
DROP   # Loopback not on lo
+    /sbin/iptables -A INPUT   -d 127.0.0.0/8 -m conntrack --ctstate NEW -j DROP
+    /sbin/iptables -A FORWARD -i lo          -m conntrack --ctstate NEW -j 
ACCEPT
+    /sbin/iptables -A FORWARD -s 127.0.0.0/8 -m conntrack --ctstate NEW -j DROP
+    /sbin/iptables -A FORWARD -d 127.0.0.0/8 -m conntrack --ctstate NEW -j DROP
+    #~ /sbin/iptables -A INPUT   -i $GREEN_1_DEV -m conntrack --ctstate NEW -j 
ACCEPT
+    #~ /sbin/iptables -A FORWARD -i $GREEN_1_DEV -m conntrack --ctstate NEW -j 
ACCEPT
 
     # If a host on orange tries to initiate a connection to IPCop's red IP and
     # the connection gets DNATed back through a port forward to a server on 
orange
     # we end up with orange -> orange traffic passing through IPCop
-    [ 0$ORANGE_COUNT -gt 0 ] && /sbin/iptables -A FORWARD -i $ORANGE_1_DEV -o 
$ORANGE_1_DEV -m state --state NEW -j ACCEPT
+    [ 0$ORANGE_COUNT -gt 0 ] && /sbin/iptables -A FORWARD -i $ORANGE_1_DEV -o 
$ORANGE_1_DEV -m conntrack --ctstate NEW -j ACCEPT
 
     #~ # allow DHCP on BLUE to be turned on/off
     #~ /sbin/iptables -N DHCPBLUEINPUT
@@ -216,7 +216,7 @@
 
     # PORTFWACCESS chain, used for portforwarding
     /sbin/iptables -N PORTFWACCESS
-    /sbin/iptables -A FORWARD -m state --state NEW -j PORTFWACCESS
+    /sbin/iptables -A FORWARD -m conntrack --ctstate NEW -j PORTFWACCESS
 
     # Custom prerouting chains (for ntp redirect, transparent proxy and port 
forwarding)
     /sbin/iptables -t nat -N NTP
@@ -252,11 +252,11 @@
 stop)
     iptables_init
     # Accept everyting connected
-    /sbin/iptables -A INPUT   -m state --state ESTABLISHED,RELATED -j ACCEPT
+    /sbin/iptables -A INPUT   -m conntrack --ctstate ESTABLISHED,RELATED -j 
ACCEPT
 
     # localhost and ethernet.
     /sbin/iptables -A INPUT -i lo -j ACCEPT
-    /sbin/iptables -A INPUT -i $GREEN_1_DEV -m state --state NEW -j ACCEPT
+    /sbin/iptables -A INPUT -i $GREEN_1_DEV -m conntrack --ctstate NEW -j 
ACCEPT
 
     # run local firewall configuration, if present
     if [ -x /etc/rc.d/rc.firewall.local ]; then

Modified: ipcop/trunk/src/scripts/puzzleFwRules.pl
===================================================================
--- ipcop/trunk/src/scripts/puzzleFwRules.pl    2012-11-03 08:27:26 UTC (rev 
6827)
+++ ipcop/trunk/src/scripts/puzzleFwRules.pl    2012-11-03 10:59:39 UTC (rev 
6828)
@@ -1012,8 +1012,8 @@
 
             if ($ifacePolicies{$inIface}{'ADDRESSFILTER'} eq 'on') {
                 $doUpdateWirelessRules = 1;
-                &prepareRule("-A FW_IPCOP -i 
$FW::interfaces{$inIface}{'IFACE'} -m state --state NEW -j ADRFILTERINPUT");
-                &prepareRule("-A FW_IPCOP_FORWARD -i 
$FW::interfaces{$inIface}{'IFACE'} -m state --state NEW -j ADRFILTERFORWARD");
+                &prepareRule("-A FW_IPCOP -i 
$FW::interfaces{$inIface}{'IFACE'} -m conntrack --ctstate NEW -j 
ADRFILTERINPUT");
+                &prepareRule("-A FW_IPCOP_FORWARD -i 
$FW::interfaces{$inIface}{'IFACE'} -m conntrack --ctstate NEW -j 
ADRFILTERFORWARD");
             }
         }
 

Modified: ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0
===================================================================
--- ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0      2012-11-03 08:27:26 UTC 
(rev 6827)
+++ ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0      2012-11-03 10:59:39 UTC 
(rev 6828)
@@ -1,6 +1,7 @@
 ## please place IPCop files first, then packages sorted by alphabetical order
 /etc/httpd/conf/httpd.conf
 /etc/logrotate.conf.FLASH
+/etc/rc.d/rc.firewall
 /etc/rc.d/rc.red
 /etc/rc.d/rc.solosdsl
 /etc/rc.d/rc.sysinit

This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.


------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
Ipcop-svn mailing list
Ipcop-svn@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-svn

[Ipcop-svn] SF.net SVN: ipcop:[6828] ipcop/trunk

Reply via email to