From a93bf696170d32a45ccc76b29f68ca9b4df9ddb3 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 12 May 2015 13:25:04 +0200
Subject: [PATCH] firewall: Add amanda to the conntrack helpers

---
 lfs/configroot                  | 2 +-
 src/initscripts/init.d/firewall | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/lfs/configroot b/lfs/configroot
index 26583a4eac..ae9ceec4b4 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -136,7 +136,7 @@ $(TARGET) :
 	echo  "POLICY1=MODE2"		>> $(CONFIG_ROOT)/firewall/settings
 
 	# Add conntrack helper default settings
-	for proto in FTP PPTP SIP TFTP; do \
+	for proto in AMANDA FTP PPTP SIP TFTP; do \
 		echo "CONNTRACK_$${proto}=on" >> $(CONFIG_ROOT)/optionsfw/settings; \
 	done
 
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 4e6fd94f17..0c74e02450 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -126,6 +126,13 @@ iptables_init() {
 		iptables -t raw -A CONNTRACK -p udp --dport 69 -j CT --helper tftp
 	fi
 
+	# Amanda
+	if [ "${CONNTRACK_AMANDA}" = "on" ]; then
+		iptables -A CONNTRACK -m conntrack --ctstate RELATED \
+			-m helper --helper amanda -j ACCEPT
+		iptables -t raw -A CONNTRACK -j CT --helper amanda
+	fi
+
 	# Fix for braindead ISP's
 	iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 
-- 
2.39.2