onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-05-13 20:45:48 +02:00
Code Issues Releases Wiki Activity

fwbuilder now supports conntrack instead of state module for recent iptables

Browse Source
This commit is contained in:
Rolf Fokkens
2015-03-28 18:20:13 +01:00
parent 786fbe7934
commit c3fc79968a
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/iptlib/PolicyCompiler_PrintRule.cpp
View File

@@ -1632,11 +1632,17 @@ string PolicyCompiler_ipt::PrintRule::PolicyRuleToString(PolicyRule *rule)
*/ */
if (!ruleopt->getBool("stateless") || rule->getBool("force_state_check") ) if (!ruleopt->getBool("stateless") || rule->getBool("force_state_check") )
{ {
string state_module_option;
/* /*
* But not, when the line already contains a state matching * But not, when the line already contains a state matching
*/ */
if (command_line.str().find("-m state --state", 0) == string::npos) if (XMLTools::version_compare(version, "1.4.4")>=0)
command_line << " -m state --state NEW "; state_module_option = "-m conntrack --ctstate";
else
state_module_option = "-m state --state";
if (command_line.str().find(state_module_option, 0) == string::npos)
command_line << " " << state_module_option << " NEW ";
} }
command_line << _printTimeInterval(rule); command_line << _printTimeInterval(rule);