Hi, I’ve been using Shorewall for ages, but only at a very basic level.
Now, I need to use RTSP across my Shorewall-based NATting firewall. Note that RTSP is only a control protocol. When requested by the client, the server sends the real-time (audio-video) data back to the client as a UDP stream. Hence, a helper is needed to accepts this UDP stream as related to the RTSP connection. As far as I know, such a helper is not (yet) available in the pristine Linux kernel. But someone developped one, available at https://github.com/maru-sama/rtsp-linux I could compile the module for my current kernel, and “patch” my firewall, with iptables commands, after running shorewall. For the reference, here are the iptables commands I used, mimicking what Shorewall did: iptables -t raw -A OUTPUT -d 212.27.38.253 -p tcp -m tcp --dport 554 -j CT --helper rtsp iptables -t raw -A PREROUTING -d 212.27.38.253 -p tcp -m tcp --dport 554 -j CT --helper rtsp It works fine, but, now, I’d like to integrate this in my Shorewall configuration, rather than “patch” it. I tried adding the following line in my /etc/shorewall/rules file: HELPER all :212.27.38.253 tcp 554 - - - - - - - - - rtsp Unfortunately, Shorewall the complains: ERROR: Unrecognized helper (rtsp) /etc/shorewall/rules (line 21) As I understand it, Shorewall has a list of known helpers, defined in Config.pm, and won’t use any helper that’s not in this list… Is there a way to declare extra helpers for use in Shorewall, besides patching Config.pm? Or is patching Config.pm the right way to do? Any help is welcome. Note that I’m currently using an old Debian Jessie system with Linux 4.9.168 and Shorewall 4.6.4.3. I might upgrade Shorewall, at least to 5.0.15, if needed. Cheers, -- Nicolas _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
