diff options
| author | Norman Rasmussen <norman@rasmussen.co.za> | 2019-10-12 11:02:33 -0700 |
|---|---|---|
| committer | Brian May <brian@linuxpenguins.xyz> | 2019-10-13 11:45:04 +1100 |
| commit | 502b36e9902be727a982a60022079e55fbee8d95 (patch) | |
| tree | 5f7b690abbef8b412257877416d8388df1b1a37a | |
| parent | fe1df00be725dfa79042357d4c793bbaa0f19bab (diff) | |
Add tproxy udp port mark filter that was missed in #144, fixes #367.
| -rw-r--r-- | sshuttle/methods/tproxy.py | 3 | ||||
| -rw-r--r-- | tests/client/test_methods_tproxy.py | 2 |
2 files changed, 3 insertions, 2 deletions
diff --git a/sshuttle/methods/tproxy.py b/sshuttle/methods/tproxy.py index 93eb6f6..9df7988 100644 --- a/sshuttle/methods/tproxy.py +++ b/sshuttle/methods/tproxy.py @@ -244,7 +244,8 @@ class Method(BaseMethod): else: _ipt('-A', mark_chain, '-j', 'MARK', '--set-mark', '1', '--dest', '%s/%s' % (snet, swidth), - '-m', 'udp', '-p', 'udp') + '-m', 'udp', + *udp_ports) _ipt('-A', tproxy_chain, '-j', 'TPROXY', '--tproxy-mark', '0x1/0x1', '--dest', '%s/%s' % (snet, swidth), diff --git a/tests/client/test_methods_tproxy.py b/tests/client/test_methods_tproxy.py index 32521bf..67a993b 100644 --- a/tests/client/test_methods_tproxy.py +++ b/tests/client/test_methods_tproxy.py @@ -168,7 +168,7 @@ def test_setup_firewall(mock_ipt_chain_exists, mock_ipt_ttl, mock_ipt): '--on-port', '1024'), call(AF_INET6, 'mangle', '-A', 'sshuttle-m-1024', '-j', 'MARK', '--set-mark', '1', '--dest', u'2404:6800:4004:80c::/64', - '-m', 'udp', '-p', 'udp'), + '-m', 'udp', '-p', 'udp', '--dport', '8000:9000'), call(AF_INET6, 'mangle', '-A', 'sshuttle-t-1024', '-j', 'TPROXY', '--tproxy-mark', '0x1/0x1', '--dest', u'2404:6800:4004:80c::/64', '-m', 'udp', '-p', 'udp', '--dport', '8000:9000', |