FW3_FAMILY_V6 = 5,
};
-enum fw3_target
+enum fw3_flag
{
- FW3_TARGET_UNSPEC = 0,
- FW3_TARGET_ACCEPT = 6,
- FW3_TARGET_REJECT = 7,
- FW3_TARGET_DROP = 8,
- FW3_TARGET_NOTRACK = 9,
- FW3_TARGET_DNAT = 10,
- FW3_TARGET_SNAT = 11,
- FW3_TARGET_CUSTOM_CNS_V4 = 12,
- FW3_TARGET_CUSTOM_CNS_V6 = 13,
+ FW3_FLAG_UNSPEC = 0,
+ FW3_FLAG_ACCEPT = 6,
+ FW3_FLAG_REJECT = 7,
+ FW3_FLAG_DROP = 8,
+ FW3_FLAG_NOTRACK = 9,
+ FW3_FLAG_DNAT = 10,
+ FW3_FLAG_SNAT = 11,
+ FW3_FLAG_SRC_ACCEPT = 12,
+ FW3_FLAG_SRC_REJECT = 13,
+ FW3_FLAG_SRC_DROP = 14,
+ FW3_FLAG_CUSTOM_CHAINS = 15,
+ FW3_FLAG_SYN_FLOOD = 16,
+ FW3_FLAG_MTU_FIX = 17,
+ FW3_FLAG_DROP_INVALID = 18,
+ FW3_FLAG_HOTPLUG = 19,
+
+ __FW3_FLAG_MAX
};
-enum fw3_default
-{
- FW3_DEFAULT_UNSPEC = 0,
- FW3_DEFAULT_CUSTOM_CHAINS = 14,
- FW3_DEFAULT_SYN_FLOOD = 15,
- FW3_DEFAULT_MTU_FIX = 16,
- FW3_DEFAULT_DROP_INVALID = 17,
-};
-
-extern const char *fw3_flag_names[FW3_DEFAULT_DROP_INVALID + 1];
+extern const char *fw3_flag_names[__FW3_FLAG_MAX];
enum fw3_limit_unit
FW3_INC_TYPE_RESTORE = 1,
};
+enum fw3_reflection_source
+{
+ FW3_REFLECTION_INTERNAL = 0,
+ FW3_REFLECTION_EXTERNAL = 1,
+};
+
struct fw3_ipset_datatype
{
struct list_head list;
bool any;
bool invert;
char name[32];
+ struct fw3_device *network;
};
struct fw3_address
struct fw3_defaults
{
- enum fw3_target policy_input;
- enum fw3_target policy_output;
- enum fw3_target policy_forward;
+ enum fw3_flag policy_input;
+ enum fw3_flag policy_output;
+ enum fw3_flag policy_forward;
bool drop_invalid;
bool disable_ipv6;
- uint32_t flags;
- uint32_t running_flags;
+ uint32_t flags[2];
};
struct fw3_zone
enum fw3_family family;
- enum fw3_target policy_input;
- enum fw3_target policy_output;
- enum fw3_target policy_forward;
+ enum fw3_flag policy_input;
+ enum fw3_flag policy_output;
+ enum fw3_flag policy_forward;
struct list_head networks;
struct list_head devices;
struct list_head subnets;
+ struct list_head running_networks;
+ struct list_head running_devices;
+
const char *extra_src;
const char *extra_dest;
bool custom_chains;
- uint32_t src_flags;
- uint32_t dst_flags;
-
- uint32_t running_src_flags;
- uint32_t running_dst_flags;
+ uint32_t flags[2];
};
struct fw3_rule
struct fw3_limit limit;
struct fw3_time time;
- enum fw3_target target;
+ enum fw3_flag target;
const char *extra;
};
struct fw3_time time;
- enum fw3_target target;
+ enum fw3_flag target;
const char *extra;
bool reflection;
+ enum fw3_reflection_source reflection_src;
};
struct fw3_forward
const char *external;
- uint32_t flags;
- uint32_t running_flags;
+ uint32_t flags[2];
};
struct fw3_include
bool fw3_parse_ipset_datatype(void *ptr, const char *val);
bool fw3_parse_include_type(void *ptr, const char *val);
+bool fw3_parse_reflection_source(void *ptr, const char *val);
bool fw3_parse_date(void *ptr, const char *val);
bool fw3_parse_time(void *ptr, const char *val);
projects / project / firewall3.git / blobdiff