onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-05-10 11:05:06 +02:00
Code Issues Releases Wiki Activity

fwbuilder now supports conntrack instead of state module for recent iptables

Browse Source
This commit is contained in:
Rolf Fokkens
2015-03-28 18:20:13 +01:00
parent 786fbe7934
commit c3fc79968a
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/iptlib/PolicyCompiler_PrintRule.cpp
View File

@@ -1632,11 +1632,17 @@ string PolicyCompiler_ipt::PrintRule::PolicyRuleToString(PolicyRule *rule)
*/
if (!ruleopt->getBool("stateless") || rule->getBool("force_state_check") )
{
string state_module_option;
/*
* But not, when the line already contains a state matching
*/
if (command_line.str().find("-m state --state", 0) == string::npos)
command_line << " -m state --state NEW ";
if (XMLTools::version_compare(version, "1.4.4")>=0)
state_module_option = "-m conntrack --ctstate";
else
state_module_option = "-m state --state";
if (command_line.str().find(state_module_option, 0) == string::npos)
command_line << " " << state_module_option << " NEW ";
}
command_line << _printTimeInterval(rule);