FW3_FAMILY_V6 = 5,
};
-enum fw3_target
+enum fw3_flag
{
- FW3_TARGET_UNSPEC = 0,
- FW3_TARGET_ACCEPT = 6,
- FW3_TARGET_REJECT = 7,
- FW3_TARGET_DROP = 8,
- FW3_TARGET_NOTRACK = 9,
- FW3_TARGET_DNAT = 10,
- FW3_TARGET_SNAT = 11,
+ FW3_FLAG_UNSPEC = 0,
+ FW3_FLAG_ACCEPT = 6,
+ FW3_FLAG_REJECT = 7,
+ FW3_FLAG_DROP = 8,
+ FW3_FLAG_NOTRACK = 9,
+ FW3_FLAG_DNAT = 10,
+ FW3_FLAG_SNAT = 11,
+ FW3_FLAG_SRC_ACCEPT = 12,
+ FW3_FLAG_SRC_REJECT = 13,
+ FW3_FLAG_SRC_DROP = 14,
+ FW3_FLAG_CUSTOM_CHAINS = 15,
+ FW3_FLAG_SYN_FLOOD = 16,
+ FW3_FLAG_MTU_FIX = 17,
+ FW3_FLAG_DROP_INVALID = 18,
+
+ __FW3_FLAG_MAX
};
-enum fw3_default
-{
- FW3_DEFAULT_UNSPEC = 0,
- FW3_DEFAULT_CUSTOM_CHAINS = 12,
- FW3_DEFAULT_SYN_FLOOD = 13,
- FW3_DEFAULT_MTU_FIX = 14,
- FW3_DEFAULT_DROP_INVALID = 15,
-};
-
-extern const char *fw3_flag_names[FW3_DEFAULT_DROP_INVALID + 1];
+extern const char *fw3_flag_names[__FW3_FLAG_MAX];
enum fw3_limit_unit
bool any;
bool invert;
char name[32];
+ struct fw3_device *network;
};
struct fw3_address
bool any;
bool invert;
- uint16_t protocol;
+ uint32_t protocol;
};
struct fw3_port
struct fw3_defaults
{
- enum fw3_target policy_input;
- enum fw3_target policy_output;
- enum fw3_target policy_forward;
+ enum fw3_flag policy_input;
+ enum fw3_flag policy_output;
+ enum fw3_flag policy_forward;
bool drop_invalid;
bool disable_ipv6;
- uint16_t flags;
+ uint32_t flags[2];
};
struct fw3_zone
struct list_head list;
struct list_head running_list;
+ bool enabled;
const char *name;
enum fw3_family family;
- enum fw3_target policy_input;
- enum fw3_target policy_output;
- enum fw3_target policy_forward;
+ enum fw3_flag policy_input;
+ enum fw3_flag policy_output;
+ enum fw3_flag policy_forward;
struct list_head networks;
struct list_head devices;
struct list_head subnets;
+ struct list_head running_networks;
+ struct list_head running_devices;
+
const char *extra_src;
const char *extra_dest;
bool custom_chains;
- uint16_t src_flags;
- uint16_t dst_flags;
+ uint32_t flags[2];
};
struct fw3_rule
{
struct list_head list;
+ bool enabled;
const char *name;
enum fw3_family family;
struct fw3_limit limit;
struct fw3_time time;
- enum fw3_target target;
+ enum fw3_flag target;
const char *extra;
};
{
struct list_head list;
+ bool enabled;
const char *name;
enum fw3_family family;
struct fw3_time time;
- enum fw3_target target;
+ enum fw3_flag target;
const char *extra;
{
struct list_head list;
+ bool enabled;
const char *name;
enum fw3_family family;
struct list_head list;
struct list_head running_list;
+ bool enabled;
const char *name;
enum fw3_family family;
const char *external;
- uint16_t flags;
+ uint32_t flags[2];
};
struct fw3_include
struct list_head list;
struct list_head running_list;
+ bool enabled;
const char *name;
enum fw3_family family;
struct list_head ipsets;
struct list_head includes;
- struct fw3_defaults running_defaults;
struct list_head running_zones;
struct list_head running_ipsets;