Re: [Shorewall-users] SIP over TCP support?

Mon, 08 Apr 2019 13:26:12 -0700 

On 4/1/19 10:29 AM, Tom Eastep wrote:
> On 3/31/19 10:54 AM, Brian J. Murrell wrote:
>> On Sun, 2019-03-31 at 10:04 -0700, Tom Eastep wrote:
>>>
>>> Brian,
>>
>> Hi Tom,
>>
>>> The lack of macro support for a particular application scenario
>>> generally means that no one with the ability to test that scenario
>>> has
>>> stepped up to produce such a macro.
>>
>> Fair enough.
>>
>>> If you want to test, then:
>>>
>>> a) Modify /etc/shorewall[6]/conntrack to specify both udp and tcp in
>>> the
>>> PROTO column of the SIP entry.
>>
>> Roger.
>>
>> b) Modify macro.SIP to similarly specify both udp and tcp in the
>>> PROTO
>>> column.
>>
>> It should be sufficient to copy and modify the macro in the shorewall
>> configuration dir, yes?  That's what I did at least and it had the
>> desired results.
>>
>> #
>> # Shorewall -- /usr/share/shorewall/macro.SIP
>> #
>> # This macro handles SIP traffic.
>> #
>> ###############################################################################
>> #ACTION      SOURCE  DEST    PROTO   DPORT   SPORT   ORIGDEST        RATE    
>> USER
>>
>> ?if ( __CT_TARGET && ! $AUTOHELPERS && __SIP_HELPER  )
>>  PARAM       -       -       udp     5060 { helper=sip }
>>  PARAM       -       -       tcp     5060 { helper=sip }
>> ?else
>>  PARAM       -       -       udp     5060
>>  PARAM       -       -       tcp     5060
>> ?endif
>>
>>>
>>> If it works satisfactorily, let us know and we will modify the
>>> release
>>> versions accordingly.
>>>
>>
>>    ERROR: The sip helper requires PROTO=udp /etc/shorewall6/gw-CC/conntrack 
>> (line 5)
> 
> Hmmm -- compiler too smart for that simple change...
> 
>>
>> Seems that helpers can only use tcp or udp but not both.  I already
>> tried adding a "sip => TCP" to %helpers in
>> /usr/share/perl5/vendor_perl/Shorewall/Config.pm.
>>
> 
> Please reverse your change and apply the attached patch.
> 

Hi Brian,

Any luck with testing?

Thanks,
-Tom
-- 
Tom Eastep        \   Q: What do you get when you cross a mobster with
Shoreline,         \     an international standard?
Washington, USA     \ A: Someone who makes you an offer you can't
http://shorewall.org \   understand
                      \_______________________________________________

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to