From 50354ffe3a946f314b5bf4f8648fa14d14c14667 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 12 May 2015 13:27:24 +0200
Subject: [PATCH] firewall: Add IRC to the conntrack helpers

---
 lfs/configroot                  | 2 +-
 src/initscripts/init.d/firewall | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/lfs/configroot b/lfs/configroot
index ae9ceec4b4..b8976c1f45 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -136,7 +136,7 @@ $(TARGET) :
 	echo  "POLICY1=MODE2"		>> $(CONFIG_ROOT)/firewall/settings
 
 	# Add conntrack helper default settings
-	for proto in AMANDA FTP PPTP SIP TFTP; do \
+	for proto in AMANDA FTP IRC PPTP SIP TFTP; do \
 		echo "CONNTRACK_$${proto}=on" >> $(CONFIG_ROOT)/optionsfw/settings; \
 	done
 
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 0c74e02450..d19329b9a9 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -126,6 +126,13 @@ iptables_init() {
 		iptables -t raw -A CONNTRACK -p udp --dport 69 -j CT --helper tftp
 	fi
 
+	# IRC
+	if [ "${CONNTRACK_IRC}" = "on" ]; then
+		iptables -A CONNTRACK -m conntrack --ctstate RELATED \
+			-m helper --helper irc -j ACCEPT
+		iptables -t raw -A CONNTRACK -p tcp --dport 6667 -j CT --helper irc
+	fi
+
 	# Amanda
 	if [ "${CONNTRACK_AMANDA}" = "on" ]; then
 		iptables -A CONNTRACK -m conntrack --ctstate RELATED \
-- 
2.39.5