Christian Wiese
14 years ago
committed by
Christian Wiese
1 changed files with 70 additions and 0 deletions
@ -0,0 +1,70 @@ |
|||||||
|
# --- SDE-COPYRIGHT-NOTE-BEGIN ---
|
||||||
|
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
|
||||||
|
#
|
||||||
|
# Filename: package/.../etcnet/0001-iptables-syntax-add-TPROXY-target-extension.patch
|
||||||
|
# Copyright (C) 2011 The OpenSDE Project
|
||||||
|
#
|
||||||
|
# More information can be found in the files COPYING and README.
|
||||||
|
#
|
||||||
|
# This patch file is dual-licensed. It is available under the license the
|
||||||
|
# patched project is licensed under, as long as it is an OpenSource license
|
||||||
|
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
|
||||||
|
# of the GNU General Public License as published by the Free Software
|
||||||
|
# Foundation; either version 2 of the License, or (at your option) any later
|
||||||
|
# version.
|
||||||
|
# --- SDE-COPYRIGHT-NOTE-END ---
|
||||||
|
|
||||||
|
From 8403a9c75f66023f86cb36a6d48d1a186c097f60 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Christian Wiese <christian.wiese@securepoint.de>
|
||||||
|
Date: Mon, 17 Jan 2011 11:33:39 +0100
|
||||||
|
Subject: [PATCH 1/2] iptables/syntax: add TPROXY target extension
|
||||||
|
|
||||||
|
iptables.8 man page:
|
||||||
|
-----------------------------------------------------------------------
|
||||||
|
TPROXY
|
||||||
|
|
||||||
|
This target is only valid in the mangle table, in the PREROUTING chain
|
||||||
|
and user-defined chains which are only called from this chain. It redi-
|
||||||
|
rects the packet to a local socket without changing the packet header
|
||||||
|
in any way. It can also change the mark value which can then be used in
|
||||||
|
advanced routing rules. It takes three options:
|
||||||
|
|
||||||
|
--on-port port
|
||||||
|
This specifies a destination port to use. It is a required
|
||||||
|
option, 0 means the new destination port is the same as the
|
||||||
|
original. This is only valid if the rule also specifies -p tcp
|
||||||
|
or -p udp.
|
||||||
|
|
||||||
|
--on-ip address
|
||||||
|
This specifies a destination address to use. By default the
|
||||||
|
address is the IP address of the incoming interface. This is
|
||||||
|
only valid if the rule also specifies -p tcp or -p udp.
|
||||||
|
|
||||||
|
--tproxy-mark value[/mask]
|
||||||
|
Marks packets with the given value/mask. The fwmark value set
|
||||||
|
here can be used by advanced routing. (Required for transparent
|
||||||
|
proxying to work: otherwise these packets will get forwarded,
|
||||||
|
which is probably not what you want.)
|
||||||
|
-----------------------------------------------------------------------
|
||||||
|
---
|
||||||
|
etc/net/ifaces/default/fw/iptables/syntax | 4 ++++
|
||||||
|
1 files changed, 4 insertions(+), 0 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/etc/net/ifaces/default/fw/iptables/syntax b/etc/net/ifaces/default/fw/iptables/syntax
|
||||||
|
index 6085955..fecef79 100644
|
||||||
|
--- a/etc/net/ifaces/default/fw/iptables/syntax
|
||||||
|
+++ b/etc/net/ifaces/default/fw/iptables/syntax
|
||||||
|
@@ -82,6 +82,10 @@ ulog-nlgroup: --ulog-nlgroup
|
||||||
|
ulog-prefix: --ulog-prefix
|
||||||
|
ulog-cprange: --ulog-cprange
|
||||||
|
ulog-qthreshold: --ulog-qthreshold
|
||||||
|
+# TPROXY target extension
|
||||||
|
+on-port: --on-port
|
||||||
|
+on-ip: --on-ip
|
||||||
|
+tproxy-mark: -j TPROXY --tproxy-mark
|
||||||
|
|
||||||
|
# Match extensions
|
||||||
|
srctype: -maddrtype --src-type
|
||||||
|
--
|
||||||
|
1.6.6.2
|
||||||
|
|
||||||
Loading…
Reference in new issue