Re: [Shorewall-devel] Shorewall 4.4.27 Beta 3

[Tom Eastep]

On Sun, 2011-12-18 at 07:06 -0800, Tom Eastep wrote:
> On 12/18/11 4:19 AM, Steven Jan Springl wrote:
> 
> Does this work on your system?
> 
>       iptables -t nat -N foo
>       iptables -t nat -A foo -j CT --helper ftp
> 

Right after I hit 'send', I realized what the problem was. This patch
should resolve the issue.

-Tom

PS -- One correction to an earlier post; a SOURCE zone is required in
the notrack file but a DEST zone is neither required nor accepted.
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



diff --git a/Shorewall/Perl/Shorewall/Raw.pm b/Shorewall/Perl/Shorewall/Raw.pm
index ba843b8..ead71fd 100644
--- a/Shorewall/Perl/Shorewall/Raw.pm
+++ b/Shorewall/Perl/Shorewall/Raw.pm
@@ -60,6 +60,7 @@ sub process_notrack_rule( $$$$$$$ ) {
     my $rule = do_proto( $proto, $ports, $sports ) . do_user ( $user );
 
     my $target = $action;
+    my $exception_rule = '';
 
     unless ( $action eq 'NOTRACK' ) {
 	(  $target, my ( $option, $args, $junk ) ) = split ':', $action, 4;
@@ -76,8 +77,10 @@ sub process_notrack_rule( $$$$$$$ ) {
 
 	    if ( $option eq 'helper' ) {
 		fatal_error "Invalid helper' ($args)" if $args =~ /,/;
+		fatal_error "A protocol and destination port are required in CT:helper rules" if $ports eq '-'; 
 		do_helper( $args );
 		$action = "CT --helper $args";
+		$exception_rule = do_proto( $proto, '-', '-' );
 	    } elsif ( $option eq 'ctevents' ) {
 		for ( split ',', $args ) {
 		    fatal_error "Invalid 'ctevents' event ($_)" unless $valid_ctevent{$_};
@@ -104,7 +107,7 @@ sub process_notrack_rule( $$$$$$$ ) {
 	$action ,
 	'' ,
 	$target ,
-	'' ;
+	$exception_rule ;
 
     progress_message "  Notrack rule \"$currentline\" $done";
 

signature.asc
Description: This is a digitally signed message part

------------------------------------------------------------------------------
Learn Windows Azure Live!  Tuesday, Dec 13, 2011
Microsoft is holding a special Learn Windows Azure training event for 
developers. It will provide a great way to learn Windows Azure and what it 
provides. You can attend the event by watching it streamed LIVE online.  
Learn more at http://p.sf.net/sfu/ms-windowsazure
_______________________________________________
Shorewall-devel mailing list
Shorewall-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-devel