>From 28b7713cda1deba1b54bd9e52b0d62716e356b66 Mon Sep 17 00:00:00 2001 From: poma <[email protected]> Date: Wed, 1 Mar 2017 07:05:40 +0100 Subject: [PATCH] nm-pptp-service: Grant proto GRE by firewalld.
With recent kernels, the Poptop - The PPTP Server for Linux (pptpd) requires explicit load of nf_conntrack_pptp kernel module to achieve the operating state of the service itself. However this is not the case with the PPTP Client (pptp) on a Linux based platform. What is needed is to apply directly, rule within the firewalld, to grant proto gre, to achieve the operating state of the client itself. Ref. https://bugzilla.redhat.com/show_bug.cgi?id=1187328 https://bugzilla.redhat.com/show_bug.cgi?id=1214643 --- src/nm-pptp-service.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/nm-pptp-service.c b/src/nm-pptp-service.c index 1710fd9..6a66386 100644 --- a/src/nm-pptp-service.c +++ b/src/nm-pptp-service.c @@ -1113,7 +1113,7 @@ main (int argc, char *argv[]) GMainLoop *main_loop; gboolean persist = FALSE; GOptionContext *opt_ctx = NULL; - char *conntrack_module[] = { "/sbin/modprobe", "nf_conntrack_pptp", NULL }; + char *firewalld_grant_proto_gre[] = { "/bin/firewall-cmd", "--direct", "--add-rule", "ipv4", "filter", "INPUT", "0", "-p", "gre", "-j", "ACCEPT", NULL }; GError *error = NULL; gs_free char *bus_name_free = NULL; const char *bus_name; @@ -1178,13 +1178,17 @@ main (int argc, char *argv[]) if (!persist) g_signal_connect (plugin, "quit", G_CALLBACK (quit_mainloop), main_loop); - /* Newer kernels require nf_conntrack_pptp kernel module so that PPTP - * worked correctly. Load the module now. Ignore errors, the module - * might not exist (older kernels). + /* With recent kernels, the Poptop - The PPTP Server for Linux (pptpd) requires + * explicit load of nf_conntrack_pptp kernel module to achieve the operating state of the service itself. + * However this is not the case with the PPTP Client (pptp) on a Linux. + * What is needed is to apply directly, rule within the firewalld, to grant proto gre, + * to achieve the operating state of the client itself. + * Apply the rule now. Ignore errors, the rule may already be enabled. * https://bugzilla.redhat.com/show_bug.cgi?id=1187328 + * https://bugzilla.redhat.com/show_bug.cgi?id=1214643 */ - if (!g_spawn_sync (NULL, conntrack_module, NULL, 0, NULL, NULL, NULL, NULL, NULL, &error)) { - _LOGW ("modprobing nf_conntrack_pptp failed: %s", error->message); + if (!g_spawn_sync (NULL, firewalld_grant_proto_gre, NULL, 0, NULL, NULL, NULL, NULL, NULL, &error)) { + _LOGW ("granting proto gre by firewalld failed: %s", error->message); g_error_free (error); } -- 2.7.4 _______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
