enum fw3_target
{
- FW3_TARGET_UNSPEC = 0,
- FW3_TARGET_ACCEPT = 6,
- FW3_TARGET_REJECT = 7,
- FW3_TARGET_DROP = 8,
- FW3_TARGET_NOTRACK = 9,
- FW3_TARGET_DNAT = 10,
- FW3_TARGET_SNAT = 11,
+ FW3_TARGET_UNSPEC = 0,
+ FW3_TARGET_ACCEPT = 6,
+ FW3_TARGET_REJECT = 7,
+ FW3_TARGET_DROP = 8,
+ FW3_TARGET_NOTRACK = 9,
+ FW3_TARGET_DNAT = 10,
+ FW3_TARGET_SNAT = 11,
+ FW3_TARGET_SRC_ACCEPT = 12,
+ FW3_TARGET_SRC_REJECT = 13,
+ FW3_TARGET_SRC_DROP = 14,
+ FW3_TARGET_CUSTOM_CNS_V4 = 15,
+ FW3_TARGET_CUSTOM_CNS_V6 = 16,
};
enum fw3_default
{
FW3_DEFAULT_UNSPEC = 0,
- FW3_DEFAULT_CUSTOM_CHAINS = 12,
- FW3_DEFAULT_SYN_FLOOD = 13,
- FW3_DEFAULT_MTU_FIX = 14,
- FW3_DEFAULT_DROP_INVALID = 15,
+ FW3_DEFAULT_CUSTOM_CHAINS = 17,
+ FW3_DEFAULT_SYN_FLOOD = 18,
+ FW3_DEFAULT_MTU_FIX = 19,
+ FW3_DEFAULT_DROP_INVALID = 20,
};
extern const char *fw3_flag_names[FW3_DEFAULT_DROP_INVALID + 1];
bool any;
bool invert;
- uint16_t protocol;
+ uint32_t protocol;
};
struct fw3_port
bool disable_ipv6;
- uint16_t flags;
+ uint32_t flags;
+ uint32_t running_flags;
};
struct fw3_zone
bool custom_chains;
- uint16_t src_flags;
- uint16_t dst_flags;
+ uint32_t src_flags;
+ uint32_t dst_flags;
+
+ uint32_t running_src_flags;
+ uint32_t running_dst_flags;
};
struct fw3_rule
const char *external;
- uint16_t flags;
+ uint32_t flags;
+ uint32_t running_flags;
};
struct fw3_include
struct list_head ipsets;
struct list_head includes;
- struct fw3_defaults running_defaults;
struct list_head running_zones;
struct list_head running_ipsets;