Christian Wiese
14 years ago
committed by
Christian Wiese
1 changed files with 70 additions and 0 deletions
@ -0,0 +1,70 @@
|
||||
# --- SDE-COPYRIGHT-NOTE-BEGIN ---
|
||||
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
|
||||
#
|
||||
# Filename: package/.../etcnet/0001-iptables-syntax-add-TPROXY-target-extension.patch
|
||||
# Copyright (C) 2011 The OpenSDE Project
|
||||
#
|
||||
# More information can be found in the files COPYING and README.
|
||||
#
|
||||
# This patch file is dual-licensed. It is available under the license the
|
||||
# patched project is licensed under, as long as it is an OpenSource license
|
||||
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
|
||||
# of the GNU General Public License as published by the Free Software
|
||||
# Foundation; either version 2 of the License, or (at your option) any later
|
||||
# version.
|
||||
# --- SDE-COPYRIGHT-NOTE-END ---
|
||||
|
||||
From 8403a9c75f66023f86cb36a6d48d1a186c097f60 Mon Sep 17 00:00:00 2001
|
||||
From: Christian Wiese <christian.wiese@securepoint.de>
|
||||
Date: Mon, 17 Jan 2011 11:33:39 +0100
|
||||
Subject: [PATCH 1/2] iptables/syntax: add TPROXY target extension
|
||||
|
||||
iptables.8 man page:
|
||||
-----------------------------------------------------------------------
|
||||
TPROXY
|
||||
|
||||
This target is only valid in the mangle table, in the PREROUTING chain
|
||||
and user-defined chains which are only called from this chain. It redi-
|
||||
rects the packet to a local socket without changing the packet header
|
||||
in any way. It can also change the mark value which can then be used in
|
||||
advanced routing rules. It takes three options:
|
||||
|
||||
--on-port port
|
||||
This specifies a destination port to use. It is a required
|
||||
option, 0 means the new destination port is the same as the
|
||||
original. This is only valid if the rule also specifies -p tcp
|
||||
or -p udp.
|
||||
|
||||
--on-ip address
|
||||
This specifies a destination address to use. By default the
|
||||
address is the IP address of the incoming interface. This is
|
||||
only valid if the rule also specifies -p tcp or -p udp.
|
||||
|
||||
--tproxy-mark value[/mask]
|
||||
Marks packets with the given value/mask. The fwmark value set
|
||||
here can be used by advanced routing. (Required for transparent
|
||||
proxying to work: otherwise these packets will get forwarded,
|
||||
which is probably not what you want.)
|
||||
-----------------------------------------------------------------------
|
||||
---
|
||||
etc/net/ifaces/default/fw/iptables/syntax | 4 ++++
|
||||
1 files changed, 4 insertions(+), 0 deletions(-)
|
||||
|
||||
diff --git a/etc/net/ifaces/default/fw/iptables/syntax b/etc/net/ifaces/default/fw/iptables/syntax
|
||||
index 6085955..fecef79 100644
|
||||
--- a/etc/net/ifaces/default/fw/iptables/syntax
|
||||
+++ b/etc/net/ifaces/default/fw/iptables/syntax
|
||||
@@ -82,6 +82,10 @@ ulog-nlgroup: --ulog-nlgroup
|
||||
ulog-prefix: --ulog-prefix
|
||||
ulog-cprange: --ulog-cprange
|
||||
ulog-qthreshold: --ulog-qthreshold
|
||||
+# TPROXY target extension
|
||||
+on-port: --on-port
|
||||
+on-ip: --on-ip
|
||||
+tproxy-mark: -j TPROXY --tproxy-mark
|
||||
|
||||
# Match extensions
|
||||
srctype: -maddrtype --src-type
|
||||
--
|
||||
1.6.6.2
|
||||
|
||||
Loading…
Reference in new issue