From c8f8bf328f4dd6567513f942c9c1db1dcf73ef93 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 12 May 2015 13:33:08 +0200
Subject: [PATCH] firewall: Add H.323 to the conntrack helpers

---
 lfs/configroot                  |  2 +-
 src/initscripts/init.d/firewall | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/lfs/configroot b/lfs/configroot
index b8976c1f45..8de5e6b517 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -136,7 +136,7 @@ $(TARGET) :
 	echo  "POLICY1=MODE2"		>> $(CONFIG_ROOT)/firewall/settings
 
 	# Add conntrack helper default settings
-	for proto in AMANDA FTP IRC PPTP SIP TFTP; do \
+	for proto in AMANDA FTP H323 IRC PPTP SIP TFTP; do \
 		echo "CONNTRACK_$${proto}=on" >> $(CONFIG_ROOT)/optionsfw/settings; \
 	done
 
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index d19329b9a9..d5c53b81c0 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -105,6 +105,18 @@ iptables_init() {
 		done
 	fi
 
+	# H.323
+	if [ "${CONNTRACK_H323}" = "on" ]; then
+		iptables -A CONNTRACK -m conntrack --ctstate RELATED \
+			-m helper --helper h323 -j ACCEPT
+
+		# Gatekeeper RAS
+		iptables -t raw -A CONNTRACK -p udp --dport 1719 -j CT --helper h323
+
+		# Q.931
+		iptables -t raw -A CONNTRACK -p tcp --dport 1720 -j CT --helper h323
+	fi
+
 	# FTP
 	if [ "${CONNTRACK_FTP}" = "on" ]; then
 		iptables -A CONNTRACK -m conntrack --ctstate RELATED \
-- 
2.39.5