diff options
| author | Matthew Gyurgyik <pyther@pyther.net> | 2010-12-19 22:40:09 -0500 |
|---|---|---|
| committer | David Sommerseth <dazo@users.sourceforge.net> | 2010-12-24 11:47:19 +0100 |
| commit | f22b7bb5529b816eef840a1180b677e4ea31b124 (patch) | |
| tree | 9cd3ba9f8366f83da41c99c7b73659c080323268 | |
| parent | b28cc5d5451109a370816bc84510b37209833fbd (diff) | |
| download | eurephia-f22b7bb5529b816eef840a1180b677e4ea31b124.tar.gz eurephia-f22b7bb5529b816eef840a1180b677e4ea31b124.tar.xz eurephia-f22b7bb5529b816eef840a1180b677e4ea31b124.zip | |
efw-iptables: Use the iptables conntrack module
Make use of the iptables conntrack module instead of the older state module
for stateful firewalling.
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
| -rw-r--r-- | CREDITS.txt | 1 | ||||
| -rw-r--r-- | plugin/firewall/iptables/efw-iptables.c | 8 |
2 files changed, 5 insertions, 4 deletions
diff --git a/CREDITS.txt b/CREDITS.txt index 0366573..f500a7b 100644 --- a/CREDITS.txt +++ b/CREDITS.txt @@ -49,3 +49,4 @@ or indirectly, will be credited here. - Helped out testing the TUN support in eurephia on Linux with iptables support - Found a bug when deleting users. Their access levels was not removed, making eurephiadm adminaccess --list looking a bit odd. + - Provided patches for updating efw-iptables and the documentation to use conntrack diff --git a/plugin/firewall/iptables/efw-iptables.c b/plugin/firewall/iptables/efw-iptables.c index 6172d5d..4aebbac 100644 --- a/plugin/firewall/iptables/efw-iptables.c +++ b/plugin/firewall/iptables/efw-iptables.c @@ -207,8 +207,8 @@ int process_input(eurephiaCTX *ctx, const char *fwcmd, const eFWupdateRequest *r iptables_args[argc++] = req->macaddress; } iptables_args[argc++] = "-m\0"; - iptables_args[argc++] = "state\0"; - iptables_args[argc++] = "--state\0"; + iptables_args[argc++] = "conntrack\0"; + iptables_args[argc++] = "--ctstate\0"; iptables_args[argc++] = "NEW\0"; iptables_args[argc++] = "-j\0"; iptables_args[argc++] = req->goto_destination; @@ -261,8 +261,8 @@ int process_input(eurephiaCTX *ctx, const char *fwcmd, const eFWupdateRequest *r iptables_args[1] = "-I\0"; iptables_args[2] = req->rule_destination; iptables_args[3] = "-m\0"; - iptables_args[4] = "state\0"; - iptables_args[5] = "--state\0"; + iptables_args[4] = "conntrack\0"; + iptables_args[5] = "--ctstate\0"; iptables_args[6] = "ESTABLISHED,RELATED\0"; iptables_args[7] = "-j\0"; iptables_args[8] = "ACCEPT\0"; |