diff options
| author | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2012-06-28 13:47:05 +0000 |
|---|---|---|
| committer | Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> | 2012-06-28 13:47:05 +0000 |
| commit | 563a3fc1c7c32fca71c3037c96ed5b3176682b14 (patch) | |
| tree | 5577377cfec12002da9f8d49946dc7621dc77f2d | |
| parent | 2567a46b8f04d6b6fd2108c82ed89edbe3e391a7 (diff) | |
| download | awall-563a3fc1c7c32fca71c3037c96ed5b3176682b14.tar.bz2 awall-563a3fc1c7c32fca71c3037c96ed5b3176682b14.tar.xz | |
support for bypassing connection tracking for inbound packets
| -rw-r--r-- | awall/modules/notrack.lua | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/awall/modules/notrack.lua b/awall/modules/notrack.lua new file mode 100644 index 0000000..3a2d1ee --- /dev/null +++ b/awall/modules/notrack.lua @@ -0,0 +1,47 @@ +--[[ +Connection tracking bypass module for Alpine Wall +Copyright (C) 2012 Kaarle Ritvanen +Licensed under the terms of GPL2 +]]-- + + +module(..., package.seeall) + +require 'awall.model' +require 'awall.util' + +local model = awall.model + + +local NoTrackRule = model.class(model.Rule) + +function NoTrackRule:init(context) + model.Rule.init(self, context) + for i, dir in ipairs({'in', 'out'}) do + if awall.util.contains(self[dir], model.fwzone) then + error('Connection tracking bypass rules not allowed for firewall zone') + end + end +end + +function NoTrackRule:defaultzones() return {nil} end + +function NoTrackRule:checkzoneoptfrag(ofrag) + if ofrag.out then + error('Cannot specify outbound interface for connection tracking bypass rule') + end +end + +function NoTrackRule:table() return 'raw' end + +function NoTrackRule:chain() return 'PREROUTING' end + +function NoTrackRule:target() + if self.action then return model.Rule.target(self) end + return 'NOTRACK' +end + + +classes = {{'notrack', NoTrackRule}} + +defrules = {} |