From f22b7bb5529b816eef840a1180b677e4ea31b124 Mon Sep 17 00:00:00 2001 From: Matthew Gyurgyik Date: Sun, 19 Dec 2010 22:40:09 -0500 Subject: efw-iptables: Use the iptables conntrack module Make use of the iptables conntrack module instead of the older state module for stateful firewalling. Signed-off-by: David Sommerseth --- CREDITS.txt | 1 + plugin/firewall/iptables/efw-iptables.c | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/CREDITS.txt b/CREDITS.txt index 0366573..f500a7b 100644 --- a/CREDITS.txt +++ b/CREDITS.txt @@ -49,3 +49,4 @@ or indirectly, will be credited here. - Helped out testing the TUN support in eurephia on Linux with iptables support - Found a bug when deleting users. Their access levels was not removed, making eurephiadm adminaccess --list looking a bit odd. + - Provided patches for updating efw-iptables and the documentation to use conntrack diff --git a/plugin/firewall/iptables/efw-iptables.c b/plugin/firewall/iptables/efw-iptables.c index 6172d5d..4aebbac 100644 --- a/plugin/firewall/iptables/efw-iptables.c +++ b/plugin/firewall/iptables/efw-iptables.c @@ -207,8 +207,8 @@ int process_input(eurephiaCTX *ctx, const char *fwcmd, const eFWupdateRequest *r iptables_args[argc++] = req->macaddress; } iptables_args[argc++] = "-m\0"; - iptables_args[argc++] = "state\0"; - iptables_args[argc++] = "--state\0"; + iptables_args[argc++] = "conntrack\0"; + iptables_args[argc++] = "--ctstate\0"; iptables_args[argc++] = "NEW\0"; iptables_args[argc++] = "-j\0"; iptables_args[argc++] = req->goto_destination; @@ -261,8 +261,8 @@ int process_input(eurephiaCTX *ctx, const char *fwcmd, const eFWupdateRequest *r iptables_args[1] = "-I\0"; iptables_args[2] = req->rule_destination; iptables_args[3] = "-m\0"; - iptables_args[4] = "state\0"; - iptables_args[5] = "--state\0"; + iptables_args[4] = "conntrack\0"; + iptables_args[5] = "--ctstate\0"; iptables_args[6] = "ESTABLISHED,RELATED\0"; iptables_args[7] = "-j\0"; iptables_args[8] = "ACCEPT\0"; -- cgit