karasz
/
package-update
1
0
Fork 0
Code Issues Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11450 Commits
46 Branches
0 Tags
0 B
 
 
 
 
 
 
Tree: 260a85b791
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '260a85b791'
${ noResults }
package-update/network/etcnet/0001-iptables-syntax-add-TP...

70 lines
2.8 KiB
Raw Blame History

# --- SDE-COPYRIGHT-NOTE-BEGIN ---
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
#
# Filename: package/.../etcnet/0001-iptables-syntax-add-TPROXY-target-extension.patch
# Copyright (C) 2011 The OpenSDE Project
#
# More information can be found in the files COPYING and README.
#
# This patch file is dual-licensed. It is available under the license the
# patched project is licensed under, as long as it is an OpenSource license
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
# of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
# --- SDE-COPYRIGHT-NOTE-END ---
From 8403a9c75f66023f86cb36a6d48d1a186c097f60 Mon Sep 17 00:00:00 2001
From: Christian Wiese <christian.wiese@securepoint.de>
Date: Mon, 17 Jan 2011 11:33:39 +0100
Subject: [PATCH 1/2] iptables/syntax: add TPROXY target extension
iptables.8 man page:
-----------------------------------------------------------------------
TPROXY
This target is only valid in the mangle table, in the PREROUTING chain
and user-defined chains which are only called from this chain. It redi-
rects the packet to a local socket without changing the packet header
in any way. It can also change the mark value which can then be used in
advanced routing rules. It takes three options:
--on-port port
This specifies a destination port to use. It is a required
option, 0 means the new destination port is the same as the
original. This is only valid if the rule also specifies -p tcp
or -p udp.
--on-ip address
This specifies a destination address to use. By default the
address is the IP address of the incoming interface. This is
only valid if the rule also specifies -p tcp or -p udp.
--tproxy-mark value[/mask]
Marks packets with the given value/mask. The fwmark value set
here can be used by advanced routing. (Required for transparent
proxying to work: otherwise these packets will get forwarded,
which is probably not what you want.)
-----------------------------------------------------------------------
---
etc/net/ifaces/default/fw/iptables/syntax | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/etc/net/ifaces/default/fw/iptables/syntax b/etc/net/ifaces/default/fw/iptables/syntax
index 6085955..fecef79 100644
--- a/etc/net/ifaces/default/fw/iptables/syntax
+++ b/etc/net/ifaces/default/fw/iptables/syntax
@@ -82,6 +82,10 @@ ulog-nlgroup: --ulog-nlgroup
ulog-prefix: --ulog-prefix
ulog-cprange: --ulog-cprange
ulog-qthreshold: --ulog-qthreshold
+# TPROXY target extension
+on-port: --on-port
+on-ip: --on-ip
+tproxy-mark: -j TPROXY --tproxy-mark
# Match extensions
srctype: -maddrtype --src-type
--
1.6.6.2