firewall: Add IRC to the conntrack helpers

diff --git a/lfs/configroot b/lfs/configroot
index ae9ceec4b46ec81eaedf5189be3315463206d904..b8976c1f458fe969fbb522ef4451508da0c9ba02 100644 (file)
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -136,7 +136,7 @@ $(TARGET) :
        echo  "POLICY1=MODE2"           >> $(CONFIG_ROOT)/firewall/settings
 
        # Add conntrack helper default settings
-       for proto in AMANDA FTP PPTP SIP TFTP; do \
+       for proto in AMANDA FTP IRC PPTP SIP TFTP; do \
                echo "CONNTRACK_$${proto}=on" >> $(CONFIG_ROOT)/optionsfw/settings; \
        done
 

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 0c74e02450074df3bf4c9c82f0b7c1a5fa9bc338..d19329b9a9d3721522c0913ad3d167097d322912 100644 (file)
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -126,6 +126,13 @@ iptables_init() {
                iptables -t raw -A CONNTRACK -p udp --dport 69 -j CT --helper tftp
        fi
 
+       # IRC
+       if [ "${CONNTRACK_IRC}" = "on" ]; then
+               iptables -A CONNTRACK -m conntrack --ctstate RELATED \
+                       -m helper --helper irc -j ACCEPT
+               iptables -t raw -A CONNTRACK -p tcp --dport 6667 -j CT --helper irc
+       fi
+
        # Amanda
        if [ "${CONNTRACK_AMANDA}" = "on" ]; then
                iptables -A CONNTRACK -m conntrack --ctstate RELATED \