Package: ferm Version: 2.1-1 Severity: important Tags: patch ipv6
iptables and ip6tables support the TPROXY target, which is an important tool for removing dependency on NAT. A growing selection of system software is making use of the target, but ferm currently does not accept it as valid.
The attached patch adds support to ferm for generating rules for this target.
--- /usr/sbin/ferm.orig 2012-03-25 14:12:32.000000000 +1200 +++ /usr/sbin/ferm 2012-03-25 14:45:00.000000000 +1200 @@ -311,6 +311,7 @@ add_target_def 'TARPIT'; add_target_def 'TCPMSS', qw(set-mss clamp-mss-to-pmtu*0); add_target_def 'TOS', qw(set-tos and-tos or-tos xor-tos); +add_target_def 'TPROXY', qw(tproxy-mark on-port); add_target_def 'TRACE'; add_target_def 'TTL', qw(ttl-set ttl-dec ttl-inc); add_target_def 'ULOG', qw(ulog-nlgroup ulog-prefix ulog-cprange ulog-qthreshold);
