Browse Source
etcnet: add TPROXY target extension support in iptables human syntax
user/chris/test/early-mdev
Christian Wiese
14 years ago
committed by
Christian Wiese
Christian Wiese
1 changed files with 70 additions and 0 deletions
Split View
Diff Options
@ -0,0 +1,70 @@ |
|||
# --- SDE-COPYRIGHT-NOTE-BEGIN --- |
|||
# This copyright note is auto-generated by ./scripts/Create-CopyPatch. |
|||
# |
|||
# Filename: package/.../etcnet/0001-iptables-syntax-add-TPROXY-target-extension.patch |
|||
# Copyright (C) 2011 The OpenSDE Project |
|||
# |
|||
# More information can be found in the files COPYING and README. |
|||
# |
|||
# This patch file is dual-licensed. It is available under the license the |
|||
# patched project is licensed under, as long as it is an OpenSource license |
|||
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms |
|||
# of the GNU General Public License as published by the Free Software |
|||
# Foundation; either version 2 of the License, or (at your option) any later |
|||
# version. |
|||
# --- SDE-COPYRIGHT-NOTE-END --- |
|||
|
|||
From 8403a9c75f66023f86cb36a6d48d1a186c097f60 Mon Sep 17 00:00:00 2001 |
|||
From: Christian Wiese <christian.wiese@securepoint.de> |
|||
Date: Mon, 17 Jan 2011 11:33:39 +0100 |
|||
Subject: [PATCH 1/2] iptables/syntax: add TPROXY target extension |
|||
|
|||
iptables.8 man page: |
|||
-----------------------------------------------------------------------
|
|||
TPROXY |
|||
|
|||
This target is only valid in the mangle table, in the PREROUTING chain |
|||
and user-defined chains which are only called from this chain. It redi- |
|||
rects the packet to a local socket without changing the packet header |
|||
in any way. It can also change the mark value which can then be used in |
|||
advanced routing rules. It takes three options: |
|||
|
|||
--on-port port
|
|||
This specifies a destination port to use. It is a required |
|||
option, 0 means the new destination port is the same as the |
|||
original. This is only valid if the rule also specifies -p tcp |
|||
or -p udp. |
|||
|
|||
--on-ip address
|
|||
This specifies a destination address to use. By default the |
|||
address is the IP address of the incoming interface. This is |
|||
only valid if the rule also specifies -p tcp or -p udp. |
|||
|
|||
--tproxy-mark value[/mask]
|
|||
Marks packets with the given value/mask. The fwmark value set |
|||
here can be used by advanced routing. (Required for transparent |
|||
proxying to work: otherwise these packets will get forwarded, |
|||
which is probably not what you want.) |
|||
-----------------------------------------------------------------------
|
|||
---
|
|||
etc/net/ifaces/default/fw/iptables/syntax | 4 ++++ |
|||
1 files changed, 4 insertions(+), 0 deletions(-) |
|||
|
|||
diff --git a/etc/net/ifaces/default/fw/iptables/syntax b/etc/net/ifaces/default/fw/iptables/syntax
|
|||
index 6085955..fecef79 100644
|
|||
--- a/etc/net/ifaces/default/fw/iptables/syntax
|
|||
+++ b/etc/net/ifaces/default/fw/iptables/syntax
|
|||
@@ -82,6 +82,10 @@ ulog-nlgroup: --ulog-nlgroup
|
|||
ulog-prefix: --ulog-prefix |
|||
ulog-cprange: --ulog-cprange |
|||
ulog-qthreshold: --ulog-qthreshold |
|||
+# TPROXY target extension
|
|||
+on-port: --on-port
|
|||
+on-ip: --on-ip
|
|||
+tproxy-mark: -j TPROXY --tproxy-mark
|
|||
|
|||
# Match extensions |
|||
srctype: -maddrtype --src-type |
|||
--
|
|||
1.6.6.2 |
|||
|
|||