firewall: Allow overriding the TTL

In instances where a cluster pod in a local VM needs to access a server that is sshuttle'd from the host, since the packets arriving at the host already made a hop, their TTL is 63 and so get ignored by sshuttle. Allowing an override of the firewall TTL rule allows the packets to go through.
author: Victor Kareh <vkareh@redhat.com> 2021-01-18 15:28:52 -0500
committer: Brian May <brian@linuxpenguins.xyz> 2021-03-05 08:53:53 +1100
commit: 167a57e739bf62b83dcfb46e7d01a581981ef431 (patch)
tree: 9cb75c1c02ac0df67297b408cc4eda2ec130a08b /sshuttle/methods/pf.py
parent: 0e51da519fe5e277fd77ac7860a4f39b5f7e5e78 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/sshuttle/methods/pf.py b/sshuttle/methods/pf.py
index 4119273..1bc67e7 100644
--- a/sshuttle/methods/pf.py
+++ b/sshuttle/methods/pf.py
@@ -444,7 +444,7 @@ class Method(BaseMethod):
         return sock.getsockname()
 
     def setup_firewall(self, port, dnsport, nslist, family, subnets, udp,
-                       user):
+                       user, ttl):
         if family not in [socket.AF_INET, socket.AF_INET6]:
             raise Exception(
                 'Address family "%s" unsupported by pf method_name'
author	Victor Kareh <vkareh@redhat.com>	2021-01-18 15:28:52 -0500
committer	Brian May <brian@linuxpenguins.xyz>	2021-03-05 08:53:53 +1100
commit	167a57e739bf62b83dcfb46e7d01a581981ef431 (patch)
tree	9cb75c1c02ac0df67297b408cc4eda2ec130a08b /sshuttle/methods/pf.py
parent	0e51da519fe5e277fd77ac7860a4f39b5f7e5e78 (diff)