On Sun, 2019-03-31 at 10:04 -0700, Tom Eastep wrote: > > Brian, Hi Tom,
> The lack of macro support for a particular application scenario
> generally means that no one with the ability to test that scenario
> has
> stepped up to produce such a macro.
Fair enough.
> If you want to test, then:
>
> a) Modify /etc/shorewall[6]/conntrack to specify both udp and tcp in
> the
> PROTO column of the SIP entry.
Roger.
b) Modify macro.SIP to similarly specify both udp and tcp in the
> PROTO
> column.
It should be sufficient to copy and modify the macro in the shorewall
configuration dir, yes? That's what I did at least and it had the
desired results.
#
# Shorewall -- /usr/share/shorewall/macro.SIP
#
# This macro handles SIP traffic.
#
###############################################################################
#ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER
?if ( __CT_TARGET && ! $AUTOHELPERS && __SIP_HELPER )
PARAM - - udp 5060 { helper=sip }
PARAM - - tcp 5060 { helper=sip }
?else
PARAM - - udp 5060
PARAM - - tcp 5060
?endif
>
> If it works satisfactorily, let us know and we will modify the
> release
> versions accordingly.
>
ERROR: The sip helper requires PROTO=udp /etc/shorewall6/gw-CC/conntrack
(line 5)
Seems that helpers can only use tcp or udp but not both. I already
tried adding a "sip => TCP" to %helpers in
/usr/share/perl5/vendor_perl/Shorewall/Config.pm.
Cheers,
b.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
