conntrackd: RPC helper added to cthelper

How to use this helper in a few steps:

1) You can enable this helper via:

 nfct helper add rpc inet tcp
 nfct helper add rpc inet udp

2) Configure /etc/conntrackd/conntrackd.conf and launch it.

3) You can test this helper locally with the following rule-set:

 iptables -A OUTPUT -t raw -p udp -m udp --dport 111 -j CT --helper rpc
 iptables -A OUTPUT -t raw -p tcp -m tcp --dport 111 -j CT --helper rpc
 iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 111 -j ACCEPT
 iptables -A OUTPUT -p udp -m state --state NEW,ESTABLISHED -m udp --dport 111 -j ACCEPT
 iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 iptables -P OUTPUT DROP

4) Configure NFS and export some local directory. Then, mount it with version 3.

 mount.nfs -onfsvers=3 127.0.0.1:/srv/cvs /mnt/

You should see permanent expectations created for this.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 5 insertions, 2 deletions

diff --git a/src/helpers/Makefile.am b/src/helpers/Makefile.am
index 2c9d63b..f441b29 100644
--- a/src/helpers/Makefile.am
+++ b/src/helpers/Makefile.am
@@ -1,9 +1,12 @@
 include $(top_srcdir)/Make_global.am
 
-pkglib_LTLIBRARIES = ct_helper_ftp.la
+pkglib_LTLIBRARIES = ct_helper_ftp.la	\
+		     ct_helper_rpc.la
 
 ct_helper_ftp_la_SOURCES = ftp.c
 ct_helper_ftp_la_LDFLAGS = -avoid-version -module $(LIBNETFILTER_CONNTRACK_LIBS)
 ct_helper_ftp_la_CFLAGS = $(AM_CFLAGS) $(LIBNETFILTER_CONNTRACK_CFLAGS)
 
-
+ct_helper_rpc_la_SOURCES = rpc.c
+ct_helper_rpc_la_LDFLAGS = -avoid-version -module $(LIBNETFILTER_CONNTRACK_LIBS)
+ct_helper_rpc_la_CFLAGS = $(AM_CFLAGS) $(LIBNETFILTER_CONNTRACK_CFLAGS)