From 17bdc1e69d927f3722abdf397107eb1e3d243fd8 Mon Sep 17 00:00:00 2001 From: Christian Wiese Date: Mon, 17 Jan 2011 11:58:32 +0100 Subject: [PATCH] etcnet: add TPROXY target extension support in iptables human syntax --- ...s-syntax-add-TPROXY-target-extension.patch | 70 +++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 network/etcnet/0001-iptables-syntax-add-TPROXY-target-extension.patch diff --git a/network/etcnet/0001-iptables-syntax-add-TPROXY-target-extension.patch b/network/etcnet/0001-iptables-syntax-add-TPROXY-target-extension.patch new file mode 100644 index 000000000..5397a02c4 --- /dev/null +++ b/network/etcnet/0001-iptables-syntax-add-TPROXY-target-extension.patch @@ -0,0 +1,70 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../etcnet/0001-iptables-syntax-add-TPROXY-target-extension.patch +# Copyright (C) 2011 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This patch file is dual-licensed. It is available under the license the +# patched project is licensed under, as long as it is an OpenSource license +# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms +# of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# --- SDE-COPYRIGHT-NOTE-END --- + +From 8403a9c75f66023f86cb36a6d48d1a186c097f60 Mon Sep 17 00:00:00 2001 +From: Christian Wiese +Date: Mon, 17 Jan 2011 11:33:39 +0100 +Subject: [PATCH 1/2] iptables/syntax: add TPROXY target extension + +iptables.8 man page: +----------------------------------------------------------------------- +TPROXY + +This target is only valid in the mangle table, in the PREROUTING chain +and user-defined chains which are only called from this chain. It redi- +rects the packet to a local socket without changing the packet header +in any way. It can also change the mark value which can then be used in +advanced routing rules. It takes three options: + +--on-port port + This specifies a destination port to use. It is a required + option, 0 means the new destination port is the same as the + original. This is only valid if the rule also specifies -p tcp + or -p udp. + +--on-ip address + This specifies a destination address to use. By default the + address is the IP address of the incoming interface. This is + only valid if the rule also specifies -p tcp or -p udp. + +--tproxy-mark value[/mask] + Marks packets with the given value/mask. The fwmark value set + here can be used by advanced routing. (Required for transparent + proxying to work: otherwise these packets will get forwarded, + which is probably not what you want.) +----------------------------------------------------------------------- +--- + etc/net/ifaces/default/fw/iptables/syntax | 4 ++++ + 1 files changed, 4 insertions(+), 0 deletions(-) + +diff --git a/etc/net/ifaces/default/fw/iptables/syntax b/etc/net/ifaces/default/fw/iptables/syntax +index 6085955..fecef79 100644 +--- a/etc/net/ifaces/default/fw/iptables/syntax ++++ b/etc/net/ifaces/default/fw/iptables/syntax +@@ -82,6 +82,10 @@ ulog-nlgroup: --ulog-nlgroup + ulog-prefix: --ulog-prefix + ulog-cprange: --ulog-cprange + ulog-qthreshold: --ulog-qthreshold ++# TPROXY target extension ++on-port: --on-port ++on-ip: --on-ip ++tproxy-mark: -j TPROXY --tproxy-mark + + # Match extensions + srctype: -maddrtype --src-type +-- +1.6.6.2 +