On 3/31/19 10:54 AM, Brian J. Murrell wrote:
> On Sun, 2019-03-31 at 10:04 -0700, Tom Eastep wrote:
>>
>> Brian,
>
> Hi Tom,
>
>> The lack of macro support for a particular application scenario
>> generally means that no one with the ability to test that scenario
>> has
>> stepped up to produce such a macro.
>
> Fair enough.
>
>> If you want to test, then:
>>
>> a) Modify /etc/shorewall[6]/conntrack to specify both udp and tcp in
>> the
>> PROTO column of the SIP entry.
>
> Roger.
>
> b) Modify macro.SIP to similarly specify both udp and tcp in the
>> PROTO
>> column.
>
> It should be sufficient to copy and modify the macro in the shorewall
> configuration dir, yes? That's what I did at least and it had the
> desired results.
>
> #
> # Shorewall -- /usr/share/shorewall/macro.SIP
> #
> # This macro handles SIP traffic.
> #
> ###############################################################################
> #ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE
> USER
>
> ?if ( __CT_TARGET && ! $AUTOHELPERS && __SIP_HELPER )
> PARAM - - udp 5060 { helper=sip }
> PARAM - - tcp 5060 { helper=sip }
> ?else
> PARAM - - udp 5060
> PARAM - - tcp 5060
> ?endif
>
>>
>> If it works satisfactorily, let us know and we will modify the
>> release
>> versions accordingly.
>>
>
> ERROR: The sip helper requires PROTO=udp /etc/shorewall6/gw-CC/conntrack
> (line 5)Hmmm -- compiler too smart for that simple change... > > Seems that helpers can only use tcp or udp but not both. I already > tried adding a "sip => TCP" to %helpers in > /usr/share/perl5/vendor_perl/Shorewall/Config.pm. > Please reverse your change and apply the attached patch. Thanks, -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index d2b76f3bf..84573b5e8 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -5749,8 +5749,18 @@ sub validate_helper( $;$ ) {
fatal_error "Unknown PROTO ($proto)" unless defined ( $protonum = resolve_proto( $proto ) );
- unless ( $protonum == $helper_proto ) {
- fatal_error "The $helper_base helper requires PROTO=" . (proto_name $helper_proto );
+ if ( reftype( $helper_proto ) ) {
+ my $found;
+
+ for ( @$helper_proto ) {
+ $found = 1 if $protonum == $_;
+ }
+
+ fatal_error "The $helper_base helper requires PROTO be one of '@$helper_proto'" unless $found;
+ } else {
+ unless ( $protonum == $helper_proto ) {
+ fatal_error "The $helper_base helper requires PROTO=" . (proto_name $helper_proto );
+ }
}
}
} else {
diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index 03f0bc9ee..b59c89c2b 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -565,7 +565,7 @@ our %helpers = ( amanda => UDP,
'Q.931' => TCP,
RAS => UDP,
sane => TCP,
- sip => UDP,
+ sip => [UDP,TCP],
snmp => UDP,
tftp => UDP,
);
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
