enum fw3_table
{
- FW3_TABLE_FILTER,
- FW3_TABLE_NAT,
- FW3_TABLE_MANGLE,
- FW3_TABLE_RAW,
+ FW3_TABLE_FILTER = 0,
+ FW3_TABLE_NAT = 1,
+ FW3_TABLE_MANGLE = 2,
+ FW3_TABLE_RAW = 3,
};
enum fw3_family
{
FW3_FAMILY_ANY = 0,
- FW3_FAMILY_V4 = 1,
- FW3_FAMILY_V6 = 2,
+ FW3_FAMILY_V4 = 4,
+ FW3_FAMILY_V6 = 5,
};
enum fw3_target
{
FW3_TARGET_UNSPEC = 0,
- FW3_TARGET_ACCEPT = 1,
- FW3_TARGET_REJECT = 2,
- FW3_TARGET_DROP = 3,
- FW3_TARGET_NOTRACK = 4,
- FW3_TARGET_DNAT = 5,
- FW3_TARGET_SNAT = 6,
+ FW3_TARGET_ACCEPT = 6,
+ FW3_TARGET_REJECT = 7,
+ FW3_TARGET_DROP = 8,
+ FW3_TARGET_NOTRACK = 9,
+ FW3_TARGET_DNAT = 10,
+ FW3_TARGET_SNAT = 11,
};
+enum fw3_default
+{
+ FW3_DEFAULT_UNSPEC = 0,
+ FW3_DEFAULT_CUSTOM_CHAINS = 12,
+ FW3_DEFAULT_SYN_FLOOD = 13,
+ FW3_DEFAULT_MTU_FIX = 14,
+ FW3_DEFAULT_DROP_INVALID = 15,
+};
+
+extern const char *fw3_flag_names[FW3_DEFAULT_DROP_INVALID + 1];
+
+
enum fw3_limit_unit
{
FW3_LIMIT_UNIT_SECOND = 0,
bool custom_chains;
bool disable_ipv6;
+
+ uint16_t flags;
};
struct fw3_zone
{
struct list_head list;
+ struct list_head running_list;
const char *name;
bool custom_chains;
- bool has_src_target[FW3_TARGET_SNAT + 1];
- bool has_dest_target[FW3_TARGET_SNAT + 1];
+ uint16_t src_flags;
+ uint16_t dst_flags;
};
struct fw3_rule
struct fw3_ipset
{
struct list_head list;
+ struct list_head running_list;
const char *name;
enum fw3_family family;
int timeout;
const char *external;
+
+ uint16_t flags;
};
struct fw3_state
struct list_head forwards;
struct list_head ipsets;
+ struct fw3_defaults running_defaults;
+ struct list_head running_zones;
+ struct list_head running_ipsets;
+
bool disable_ipsets;
+ bool statefile;
};
projects / project / firewall3.git / blobdiff