firewall: fix nat module load for application layer gateways

Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This commit is contained in:
Arne Fitzenreiter
2016-04-20 10:19:46 +02:00
parent c485f38c99
commit 23bb683902
2 changed files with 8 additions and 0 deletions

View File

@@ -1,5 +1,6 @@
etc/system-release
etc/issue
etc/rc.d/init.d/firewall
srv/web/ipfire/cgi-bin/chpasswd.cgi
srv/web/ipfire/cgi-bin/ipinfo.cgi
srv/web/ipfire/cgi-bin/proxy.cgi

View File

@@ -98,6 +98,7 @@ iptables_init() {
# SIP
if [ "${CONNTRACK_SIP}" = "on" ]; then
modprobe nf_nat_sip
iptables -A CONNTRACK -m conntrack --ctstate RELATED \
-m helper --helper sip -j ACCEPT
for proto in udp tcp; do
@@ -107,6 +108,7 @@ iptables_init() {
# H.323
if [ "${CONNTRACK_H323}" = "on" ]; then
modprobe nf_nat_h323
iptables -A CONNTRACK -m conntrack --ctstate RELATED \
-m helper --helper h323 -j ACCEPT
@@ -119,6 +121,7 @@ iptables_init() {
# FTP
if [ "${CONNTRACK_FTP}" = "on" ]; then
modprobe nf_nat_ftp
iptables -A CONNTRACK -m conntrack --ctstate RELATED \
-m helper --helper ftp -p tcp --dport 1024: -j ACCEPT
iptables -t raw -A CONNTRACK -p tcp --dport 21 -j CT --helper ftp
@@ -126,6 +129,7 @@ iptables_init() {
# PPTP
if [ "${CONNTRACK_PPTP}" = "on" ]; then
modprobe nf_nat_pptp
iptables -A CONNTRACK -m conntrack --ctstate RELATED \
-m helper --helper pptp -j ACCEPT
iptables -t raw -A CONNTRACK -p udp --dport 1723 -j CT --helper pptp
@@ -133,6 +137,7 @@ iptables_init() {
# TFTP
if [ "${CONNTRACK_TFTP}" = "on" ]; then
modprobe nf_nat_tftp
iptables -A CONNTRACK -m conntrack --ctstate RELATED \
-m helper --helper tftp -j ACCEPT
iptables -t raw -A CONNTRACK -p udp --dport 69 -j CT --helper tftp
@@ -140,6 +145,7 @@ iptables_init() {
# IRC
if [ "${CONNTRACK_IRC}" = "on" ]; then
modprobe nf_nat_irc
iptables -A CONNTRACK -m conntrack --ctstate RELATED \
-m helper --helper irc -j ACCEPT
iptables -t raw -A CONNTRACK -p tcp --dport 6667 -j CT --helper irc
@@ -147,6 +153,7 @@ iptables_init() {
# Amanda
if [ "${CONNTRACK_AMANDA}" = "on" ]; then
modprobe nf_nat_amanda
iptables -A CONNTRACK -m conntrack --ctstate RELATED \
-m helper --helper amanda -j ACCEPT
iptables -t raw -A CONNTRACK -p tcp -j CT --helper amanda