enum fw3_target
{
- FW3_TARGET_UNSPEC = 0,
- FW3_TARGET_ACCEPT = 6,
- FW3_TARGET_REJECT = 7,
- FW3_TARGET_DROP = 8,
- FW3_TARGET_NOTRACK = 9,
- FW3_TARGET_DNAT = 10,
- FW3_TARGET_SNAT = 11,
+ FW3_TARGET_UNSPEC = 0,
+ FW3_TARGET_ACCEPT = 6,
+ FW3_TARGET_REJECT = 7,
+ FW3_TARGET_DROP = 8,
+ FW3_TARGET_NOTRACK = 9,
+ FW3_TARGET_DNAT = 10,
+ FW3_TARGET_SNAT = 11,
+ FW3_TARGET_CUSTOM_CNS_V4 = 12,
+ FW3_TARGET_CUSTOM_CNS_V6 = 13,
};
enum fw3_default
{
FW3_DEFAULT_UNSPEC = 0,
- FW3_DEFAULT_CUSTOM_CHAINS = 12,
- FW3_DEFAULT_SYN_FLOOD = 13,
- FW3_DEFAULT_MTU_FIX = 14,
- FW3_DEFAULT_DROP_INVALID = 15,
+ FW3_DEFAULT_CUSTOM_CHAINS = 14,
+ FW3_DEFAULT_SYN_FLOOD = 15,
+ FW3_DEFAULT_MTU_FIX = 16,
+ FW3_DEFAULT_DROP_INVALID = 17,
};
extern const char *fw3_flag_names[FW3_DEFAULT_DROP_INVALID + 1];
FW3_IPSET_TYPE_SET = 5,
};
+enum fw3_include_type
+{
+ FW3_INC_TYPE_SCRIPT = 0,
+ FW3_INC_TYPE_RESTORE = 1,
+};
+
struct fw3_ipset_datatype
{
struct list_head list;
bool any;
bool invert;
- uint16_t protocol;
+ uint32_t protocol;
};
struct fw3_port
bool tcp_syncookies;
bool tcp_ecn;
- bool tcp_westwood;
bool tcp_window_scaling;
bool accept_redirects;
bool disable_ipv6;
- uint16_t flags;
+ uint32_t flags;
+ uint32_t running_flags;
};
struct fw3_zone
struct list_head list;
struct list_head running_list;
+ bool enabled;
const char *name;
enum fw3_family family;
bool custom_chains;
- uint16_t src_flags;
- uint16_t dst_flags;
+ uint32_t src_flags;
+ uint32_t dst_flags;
+
+ uint32_t running_src_flags;
+ uint32_t running_dst_flags;
};
struct fw3_rule
{
struct list_head list;
+ bool enabled;
const char *name;
enum fw3_family family;
{
struct list_head list;
+ bool enabled;
const char *name;
enum fw3_family family;
{
struct list_head list;
+ bool enabled;
const char *name;
enum fw3_family family;
struct list_head list;
struct list_head running_list;
+ bool enabled;
const char *name;
enum fw3_family family;
const char *external;
- uint16_t flags;
+ uint32_t flags;
+ uint32_t running_flags;
+};
+
+struct fw3_include
+{
+ struct list_head list;
+ struct list_head running_list;
+
+ bool enabled;
+ const char *name;
+ enum fw3_family family;
+
+ const char *path;
+ enum fw3_include_type type;
};
struct fw3_state
struct list_head redirects;
struct list_head forwards;
struct list_head ipsets;
+ struct list_head includes;
- struct fw3_defaults running_defaults;
struct list_head running_zones;
struct list_head running_ipsets;
bool fw3_parse_ipset_method(void *ptr, const char *val);
bool fw3_parse_ipset_datatype(void *ptr, const char *val);
+bool fw3_parse_include_type(void *ptr, const char *val);
+
bool fw3_parse_date(void *ptr, const char *val);
bool fw3_parse_time(void *ptr, const char *val);
bool fw3_parse_weekdays(void *ptr, const char *val);