package-update/network/etcnet/0001-iptables-syntax-add-TP...

# --- SDE-COPYRIGHT-NOTE-BEGIN ---
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
#
# Filename: package/.../etcnet/0001-iptables-syntax-add-TPROXY-target-extension.patch
# Copyright (C) 2011 The OpenSDE Project
#
# More information can be found in the files COPYING and README.
#
# This patch file is dual-licensed. It is available under the license the
# patched project is licensed under, as long as it is an OpenSource license
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
# of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
# --- SDE-COPYRIGHT-NOTE-END ---

From 8403a9c75f66023f86cb36a6d48d1a186c097f60 Mon Sep 17 00:00:00 2001
From: Christian Wiese <christian.wiese@securepoint.de>
Date: Mon, 17 Jan 2011 11:33:39 +0100
Subject: [PATCH 1/2] iptables/syntax: add TPROXY target extension

iptables.8 man page:
-----------------------------------------------------------------------
TPROXY

This target is only valid in the mangle table, in the PREROUTING  chain
and user-defined chains which are only called from this chain. It redi-
rects the packet to a local socket without changing the  packet  header
in any way. It can also change the mark value which can then be used in
advanced routing rules.  It takes three options:

--on-port port
       This specifies a destination port  to  use.  It  is  a  required
       option,  0  means  the  new  destination port is the same as the
       original. This is only valid if the rule also specifies  -p  tcp
       or -p udp.

--on-ip address
       This  specifies  a  destination  address  to use. By default the
       address is the IP address of the  incoming  interface.  This  is
       only valid if the rule also specifies -p tcp or -p udp.

--tproxy-mark value[/mask]
       Marks  packets  with  the given value/mask. The fwmark value set
       here can be used by advanced routing. (Required for  transparent
       proxying  to  work:  otherwise these packets will get forwarded,
       which is probably not what you want.)
-----------------------------------------------------------------------
---
 etc/net/ifaces/default/fw/iptables/syntax |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/etc/net/ifaces/default/fw/iptables/syntax b/etc/net/ifaces/default/fw/iptables/syntax
index 6085955..fecef79 100644
--- a/etc/net/ifaces/default/fw/iptables/syntax
+++ b/etc/net/ifaces/default/fw/iptables/syntax
@@ -82,6 +82,10 @@ ulog-nlgroup: --ulog-nlgroup
 ulog-prefix: --ulog-prefix
 ulog-cprange: --ulog-cprange
 ulog-qthreshold: --ulog-qthreshold
+# TPROXY target extension
+on-port: --on-port
+on-ip: --on-ip
+tproxy-mark: -j TPROXY --tproxy-mark
 
 # Match extensions
 srctype: -maddrtype --src-type
-- 
1.6.6.2
etcnet: add TPROXY target extension support in iptables human syntax 14 years ago			`# --- SDE-COPYRIGHT-NOTE-BEGIN ---`
			`# This copyright note is auto-generated by ./scripts/Create-CopyPatch.`
			`#`
			`# Filename: package/.../etcnet/0001-iptables-syntax-add-TPROXY-target-extension.patch`
			`# Copyright (C) 2011 The OpenSDE Project`
			`#`
			`# More information can be found in the files COPYING and README.`
			`#`
			`# This patch file is dual-licensed. It is available under the license the`
			`# patched project is licensed under, as long as it is an OpenSource license`
			`# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms`
			`# of the GNU General Public License as published by the Free Software`
			`# Foundation; either version 2 of the License, or (at your option) any later`
			`# version.`
			`# --- SDE-COPYRIGHT-NOTE-END ---`

			`From 8403a9c75f66023f86cb36a6d48d1a186c097f60 Mon Sep 17 00:00:00 2001`
			`From: Christian Wiese <christian.wiese@securepoint.de>`
			`Date: Mon, 17 Jan 2011 11:33:39 +0100`
			`Subject: [PATCH 1/2] iptables/syntax: add TPROXY target extension`

			`iptables.8 man page:`
			`-----------------------------------------------------------------------`
			`TPROXY`

			`This target is only valid in the mangle table, in the PREROUTING chain`
			`and user-defined chains which are only called from this chain. It redi-`
			`rects the packet to a local socket without changing the packet header`
			`in any way. It can also change the mark value which can then be used in`
			`advanced routing rules. It takes three options:`

			`--on-port port`
			`This specifies a destination port to use. It is a required`
			`option, 0 means the new destination port is the same as the`
			`original. This is only valid if the rule also specifies -p tcp`
			`or -p udp.`

			`--on-ip address`
			`This specifies a destination address to use. By default the`
			`address is the IP address of the incoming interface. This is`
			`only valid if the rule also specifies -p tcp or -p udp.`

			`--tproxy-mark value[/mask]`
			`Marks packets with the given value/mask. The fwmark value set`
			`here can be used by advanced routing. (Required for transparent`
			`proxying to work: otherwise these packets will get forwarded,`
			`which is probably not what you want.)`
			`-----------------------------------------------------------------------`
			`---`
			`etc/net/ifaces/default/fw/iptables/syntax \| 4 ++++`
			`1 files changed, 4 insertions(+), 0 deletions(-)`

			`diff --git a/etc/net/ifaces/default/fw/iptables/syntax b/etc/net/ifaces/default/fw/iptables/syntax`
			`index 6085955..fecef79 100644`
			`--- a/etc/net/ifaces/default/fw/iptables/syntax`
			`+++ b/etc/net/ifaces/default/fw/iptables/syntax`
			`@@ -82,6 +82,10 @@ ulog-nlgroup: --ulog-nlgroup`
			`ulog-prefix: --ulog-prefix`
			`ulog-cprange: --ulog-cprange`
			`ulog-qthreshold: --ulog-qthreshold`
			`+# TPROXY target extension`
			`+on-port: --on-port`
			`+on-ip: --on-ip`
			`+tproxy-mark: -j TPROXY --tproxy-mark`

			`# Match extensions`
			`srctype: -maddrtype --src-type`
			`--`
			`1.6.6.2`