system-config-firewall conntrack patch

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Howdy folks, saw that you hadn't patched system-config-firewall to support conntrack so I thought I'd send our patch your way. Not a large contribution by any means, but I hope it helps.
diff -rupN system-config-firewall-1.2.29.orig/src/fw_iptables.py system-config-firewall-1.2.29/src/fw_iptables.py --- system-config-firewall-1.2.29.orig/src/fw_iptables.py 2012-12-24 14:44:23.094496819 -0500 +++ system-config-firewall-1.2.29/src/fw_iptables.py 2012-12-24 14:46:06.040498696 -0500 
@@ -362,7 +362,7 @@ class iptablesClass:

         # accept established and related connections as early as possible
# RELATED is extremely important as it matches ICMP error messages - fd.write("-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\n") + fd.write("-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT\n") 

         # icmp
         self._icmp(conf, fd, "INPUT", reject_type)
@@ -377,7 +377,7 @@ class iptablesClass:
             for fwd in conf.forward_port:
                 if fwd.has_key("toaddr"):
                     continue
- line = "-A INPUT -i %s -m state --state NEW -m %s -p %s" % \ + line = "-A INPUT -i %s -m conntrack --ctstate NEW -m %s -p %s" % \ 
                     (fwd["if"], fwd["proto"], fwd["proto"])
                 if fwd.has_key("toport"):
                     line += " --dport %s" % self._portStr(fwd["toport"])
@@ -394,7 +394,7 @@ class iptablesClass:
                     _dest = ""
                     _port = ""
                     if proto in [ "tcp", "udp" ]:
-                        _state = "-m state --state NEW "
+                        _state = "-m conntrack --ctstate NEW "
                         _proto = "-m %s -p %s " % (proto, proto)
                     else:
                         if self.type == "ipv4":
@@ -411,7 +411,7 @@ class iptablesClass:
         # open ports
         if conf.ports and len(conf.ports) > 0:
             for (ports, proto) in conf.ports:
- fd.write("-A INPUT -m state --state NEW -m %s -p %s --dport %s " + fd.write("-A INPUT -m conntrack --ctstate NEW -m %s -p %s --dport %s " "-j ACCEPT\n" % (proto, proto, self._portStr(ports))) 

         # FORWARD
@@ -419,7 +419,7 @@ class iptablesClass:
(self.type == "ipv4" and conf.masq and len(conf.masq) > 0) or \ 
                 (self.type == "ipv4" and remote_forward):
             # accept established and related connections
-            fd.write("-A FORWARD -m state --state ESTABLISHED,RELATED "
+ fd.write("-A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED " 
                      "-j ACCEPT\n")
             # icmp
             self._icmp(conf, fd, "FORWARD", reject_type)
@@ -442,7 +442,7 @@ class iptablesClass:
                         port = self._portStr(fwd["toport"])
                     else:
                         port = self._portStr(fwd["port"])
-                    fd.write("-A FORWARD -i %s -m state --state NEW "
+                    fd.write("-A FORWARD -i %s -m conntrack --ctstate NEW "
                              "-m %s -p %s -d %s --dport %s "
                              "-j ACCEPT\n" % (fwd["if"], fwd["proto"],
                                               fwd["proto"], fwd["toaddr"],

--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux