extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-26 01:23:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '5.2.3' into 5.2.4

Browse Source 
# Conflicts:
#	docs/Introduction.xml

Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2020-03-01 13:48:45 -08:00
commit 8b2c79e5ce
No known key found for this signature in database
GPG Key ID: 96E6B3F2423A4D10
9 changed files with 271 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
Shorewall/Perl/Shorewall/Chains.pm
View File

@ -1143,16 +1143,30 @@ sub set_rule_option( $$$ ) {
# #
# Consider each subtype as a separate type # Consider each subtype as a separate type
# #
my ( $invert, $subtype, $val, $rest ) = split ' ', $value; if ( have_capability( 'OLD_CONNTRACK_MATCH' ) ) {
my ( $subtype, $invert, $val, $rest ) = split ' ', $value;
if ( $invert eq '!' ) { if ( $invert eq '!' ) {
assert( ! supplied $rest ); assert( ! supplied $rest );
$option = join( ' ', $option, $invert, $subtype ); $option = join( ' ', $option, $subtype );
$value = $val; $value = join( ' ', $invert, $val );
} else {
assert( ! supplied $val );
$option = join( ' ', $invert , $option );
$value = $invert;
}
} else { } else {
assert( ! supplied $val ); my ( $invert, $subtype, $val, $rest ) = split ' ', $value;
$option = join( ' ', $option, $invert );
$value = $subtype; if ( $invert eq '!' ) {
assert( ! supplied $rest );
$option = join( ' ', $option, $invert, $subtype );
$value = $val;
} else {
assert( ! supplied $val );
$option = join( ' ', $option, $invert );
$value = $subtype;
}
} }
$opttype = EXCLUSIVE; $opttype = EXCLUSIVE;
@ -3369,13 +3383,13 @@ sub initialize_chain_table($) {
add_commands( $chainref, '[ -f ${VARDIR}/.nat_DOCKER ] && cat ${VARDIR}/.nat_DOCKER >&3' ); add_commands( $chainref, '[ -f ${VARDIR}/.nat_DOCKER ] && cat ${VARDIR}/.nat_DOCKER >&3' );
$chainref = new_standard_chain( 'DOCKER-INGRESS' ); $chainref = new_standard_chain( 'DOCKER-INGRESS' );
set_optflags( $chainref, DONT_OPTIMIZE | DONT_DELETE | DONT_MOVE ); set_optflags( $chainref, DONT_OPTIMIZE | DONT_DELETE | DONT_MOVE );
add_commands( $chainref, '[ -f ${VARDIR}/.filter_DOCKER-INGRESS ] && cat ${VARDIR}/.filter_DOCKER-INGRESS >&3' ); add_commands( $chainref, '[ -f ${VARDIR}/.filter_DOCKER-INGRESS ] && cat ${VARDIR}/.filter_DOCKER-INGRESS >&3' );
$chainref = new_standard_chain( 'DOCKER-USER' ); $chainref = new_standard_chain( 'DOCKER-USER' );
set_optflags( $chainref, DONT_OPTIMIZE | DONT_DELETE | DONT_MOVE ); set_optflags( $chainref, DONT_OPTIMIZE | DONT_DELETE | DONT_MOVE );
add_commands( $chainref, '[ -f ${VARDIR}/.filter_DOCKER-USER ] && cat ${VARDIR}/.filter_DOCKER-USER >&3' ); add_commands( $chainref, '[ -f ${VARDIR}/.filter_DOCKER-USER ] && cat ${VARDIR}/.filter_DOCKER-USER >&3' );
$chainref = new_standard_chain( 'DOCKER-ISOLATION' ); $chainref = new_standard_chain( 'DOCKER-ISOLATION' );
set_optflags( $chainref, DONT_OPTIMIZE | DONT_DELETE | DONT_MOVE ); set_optflags( $chainref, DONT_OPTIMIZE | DONT_DELETE | DONT_MOVE );
add_commands( $chainref, '[ -f ${VARDIR}/.filter_DOCKER-ISOLATION ] && cat ${VARDIR}/.filter_DOCKER-ISOLATION >&3' ); add_commands( $chainref, '[ -f ${VARDIR}/.filter_DOCKER-ISOLATION ] && cat ${VARDIR}/.filter_DOCKER-ISOLATION >&3' );
$chainref = new_standard_chain( 'DOCKER-ISOLATION-STAGE-1' ); $chainref = new_standard_chain( 'DOCKER-ISOLATION-STAGE-1' );
set_optflags( $chainref, DONT_OPTIMIZE | DONT_DELETE | DONT_MOVE ); set_optflags( $chainref, DONT_OPTIMIZE | DONT_DELETE | DONT_MOVE );
add_commands( $chainref, '[ -f ${VARDIR}/.filter_DOCKER-ISOLATION-STAGE-1 ] && cat ${VARDIR}/.filter_DOCKER-ISOLATION-STAGE-1 >&3' ); add_commands( $chainref, '[ -f ${VARDIR}/.filter_DOCKER-ISOLATION-STAGE-1 ] && cat ${VARDIR}/.filter_DOCKER-ISOLATION-STAGE-1 >&3' );
@ -8718,20 +8732,15 @@ sub save_docker_rules($) {
qq( $tool -t nat -S OUTPUT | tail -n +2 | fgrep DOCKER > \${VARDIR}/.nat_OUTPUT), qq( $tool -t nat -S OUTPUT | tail -n +2 | fgrep DOCKER > \${VARDIR}/.nat_OUTPUT),
qq( $tool -t nat -S POSTROUTING | tail -n +2 | fgrep -v SHOREWALL | fgrep -v LIBVIRT > \${VARDIR}/.nat_POSTROUTING), qq( $tool -t nat -S POSTROUTING | tail -n +2 | fgrep -v SHOREWALL | fgrep -v LIBVIRT > \${VARDIR}/.nat_POSTROUTING),
qq( $tool -t filter -S DOCKER | tail -n +2 > \${VARDIR}/.filter_DOCKER), qq( $tool -t filter -S DOCKER | tail -n +2 > \${VARDIR}/.filter_DOCKER),
qq( [ -n "\$g_dockeringress" ] && $tool -t filter -S DOCKER-INGRESS | tail -n +2 > \${VARDIR}/.filter_DOCKER-INGRESS), qq( rm -f \${VARDIR}/.filter_DOCKER-*),
qq( [ -n "\$g_dockeruser" ] && $tool -t filter -S DOCKER-USER | tail -n +2 > \${VARDIR}/.filter_DOCKER-USER), qq( [ -n "\$g_dockeringress" ] && $tool -t filter -S DOCKER-INGRESS | tail -n +2 > \${VARDIR}/.filter_DOCKER-INGRESS),
qq( [ -n "\$g_dockeruser" ] && $tool -t filter -S DOCKER-USER | tail -n +2 > \${VARDIR}/.filter_DOCKER-USER),
qq( [ -n "\$g_dockeriso" ] && $tool -t filter -S DOCKER-ISOLATION | tail -n +2 > \${VARDIR}/.filter_DOCKER-ISOLATION),
qq(), qq(),
qq( case "\$g_dockernetwork" in), qq( if [ -n "\$g_dockerisostage" ]; then),
qq( One\)), qq( $tool -t filter -S DOCKER-ISOLATION-STAGE-1 | tail -n +2 > \${VARDIR}/.filter_DOCKER-ISOLATION-STAGE-1),
qq( rm -f \${VARDIR}/.filter_DOCKER-ISOLATION*), qq( $tool -t filter -S DOCKER-ISOLATION-STAGE-2 | tail -n +2 > \${VARDIR}/.filter_DOCKER-ISOLATION-STAGE-2),
qq( $tool -t filter -S DOCKER-ISOLATION | tail -n +2 > \${VARDIR}/.filter_DOCKER-ISOLATION), qq( fi),
qq( ;;),
qq( Two\)),
qq( rm -f \${VARDIR}/.filter_DOCKER-ISOLATION*),
qq( $tool -t filter -S DOCKER-ISOLATION-STAGE-1 | tail -n +2 > \${VARDIR}/.filter_DOCKER-ISOLATION-STAGE-1),
qq( $tool -t filter -S DOCKER-ISOLATION-STAGE-2 | tail -n +2 > \${VARDIR}/.filter_DOCKER-ISOLATION-STAGE-2),
qq( ;;),
qq( esac),
qq(), qq(),
); );
@ -9252,10 +9261,10 @@ sub create_netfilter_load( $ ) {
emit( '[ -n "$g_docker" ] && echo ":DOCKER - [0:0]" >&3' ); emit( '[ -n "$g_docker" ] && echo ":DOCKER - [0:0]" >&3' );
} elsif ( $name eq 'DOCKER-ISOLATION' ) { } elsif ( $name eq 'DOCKER-ISOLATION' ) {
ensure_cmd_mode; ensure_cmd_mode;
emit( '[ "$g_dockernetwork" = One ] && echo ":DOCKER-ISOLATION - [0:0]" >&3' ); emit( '[ -n "$g_dockeriso" ] && echo ":DOCKER-ISOLATION - [0:0]" >&3' );
} elsif ( $name =~ /^DOCKER-ISOLATION-/ ) { } elsif ( $name =~ /^DOCKER-ISOLATION/ ) {
ensure_cmd_mode; ensure_cmd_mode;
emit( qq([ "\$g_dockernetwork" = Two ] && echo ":$name - [0:0]" >&3) ); emit( qq([ "\$g_dockerisostage" = Two ] && echo ":$name - [0:0]" >&3) );
} elsif ( $name eq 'DOCKER-INGRESS' ) { } elsif ( $name eq 'DOCKER-INGRESS' ) {
ensure_cmd_mode; ensure_cmd_mode;
emit( '[ -n "$g_dockeringress" ] && echo ":DOCKER-INGRESS - [0:0]" >&3' ); emit( '[ -n "$g_dockeringress" ] && echo ":DOCKER-INGRESS - [0:0]" >&3' );
@ -9367,11 +9376,11 @@ sub preview_netfilter_load() {
print "\n"; print "\n";
} elsif ( $name eq 'DOCKER-ISOLATION' ) { } elsif ( $name eq 'DOCKER-ISOLATION' ) {
ensure_cmd_mode1; ensure_cmd_mode1;
print( '[ "$g_dockernetwork" = One ] && echo ":DOCKER-ISOLATION - [0:0]" >&3' ); print( '[ -n "$g_dockeriso" ] && echo ":DOCKER-ISOLATION - [0:0]" >&3' );
print "\n"; print "\n";
} elsif ( $name =~ /^DOCKER-ISOLATION-/ ) { } elsif ( $name =~ /^DOCKER-ISOLATION/ ) {
ensure_cmd_mode1; ensure_cmd_mode1;
print( qq([ "\$g_dockernetwork" = Two ] && echo ":$name - [0:0]" >&3) ); print( qq([ "\$g_dockeisostage" ] && echo ":$name - [0:0]" >&3) );
print "\n"; print "\n";
} elsif ( $name eq 'DOCKER-INGRESS' ) { } elsif ( $name eq 'DOCKER-INGRESS' ) {
ensure_cmd_mode1; ensure_cmd_mode1;
@ -9468,10 +9477,10 @@ sub create_stop_load( $ ) {
emit( '[ -n "$g_docker" ] && echo ":DOCKER - [0:0]" >&3' ); emit( '[ -n "$g_docker" ] && echo ":DOCKER - [0:0]" >&3' );
} elsif ( $name eq 'DOCKER-ISOLATION' ) { } elsif ( $name eq 'DOCKER-ISOLATION' ) {
ensure_cmd_mode; ensure_cmd_mode;
emit( '[ -n "$g_dockernetwork" ] && echo ":DOCKER-ISOLATION - [0:0]" >&3' ); emit( '[ -n "$g_dockeriso" ] && echo ":DOCKER-ISOLATION - [0:0]" >&3' );
} elsif ( $name =~ /^DOCKER-ISOLATION-/ ) { } elsif ( $name =~ /^DOCKER-ISOLATION/ ) {
ensure_cmd_mode; ensure_cmd_mode;
emit( qq([ "\$g_dockernetwork" = Two ] && echo ":$name - [0:0]" >&3) ); emit( qq([ -n "\$g_dockerisostage" ] && echo ":$name - [0:0]" >&3) );
} elsif ( $name eq 'DOCKER-INGRESS' ) { } elsif ( $name eq 'DOCKER-INGRESS' ) {
ensure_cmd_mode; ensure_cmd_mode;
emit( '[ -n "$g_dockeringress" ] && echo ":DOCKER-INGRESS - [0:0]" >&3' ); emit( '[ -n "$g_dockeringress" ] && echo ":DOCKER-INGRESS - [0:0]" >&3' );

11
Shorewall/Perl/Shorewall/Compiler.pm
View File

@ -268,13 +268,10 @@ sub generate_script_2() {
emit( '', emit( '',
'chain_exists DOCKER nat && chain_exists DOCKER && g_docker=Yes', 'chain_exists DOCKER nat && chain_exists DOCKER && g_docker=Yes',
); );
emit( 'chain_exists DOCKER-INGRESS && g_dockeringress=Yes' ); emit( 'chain_exists DOCKER-INGRESS && g_dockeringress=Yes' );
emit( 'chain_exists DOCKER-USER && g_dockeruser=Yes' ); emit( 'chain_exists DOCKER-USER && g_dockeruser=Yes' );
emit( 'if chain_exists DOCKER-ISOLATION; then', emit( 'chain_exists DOCKER-ISOLATION && dockeriso=Yes' );
' g_dockernetwork=One', emit( 'chain_exists DOCKER-ISOLATION-STAGE-1 && dockerisostage=Yes' );
'elif chain_exists DOCKER-ISOLATION-STAGE-1; then',
' g_dockernetwork=Two',
'fi' );
} }
pop_indent; pop_indent;

6
Shorewall/Perl/Shorewall/Config.pm
View File

@ -4603,7 +4603,11 @@ sub New_Conntrack_Match() {
} }
sub Old_Conntrack_Match() { sub Old_Conntrack_Match() {
! qt1( "$iptables $iptablesw -A $sillyname -m conntrack ! --ctorigdst 1.2.3.4" ); if ( $family == F_IPV4 ) {
! qt1( "$iptables $iptablesw -A $sillyname -m conntrack ! --ctorigdst 1.2.3.4" );
} else {
! qt1( "$iptables $iptablesw -A $sillyname -m conntrack ! --ctorigdst ::1" );
}
} }
sub Multiport() { sub Multiport() {

16
Shorewall/Perl/Shorewall/Misc.pm
View File

@ -679,18 +679,10 @@ sub create_docker_rules() {
my $chainref = $filter_table->{FORWARD}; my $chainref = $filter_table->{FORWARD};
add_commands( $chainref, '[ -n "$g_dockeringress" ] && echo "-A FORWARD -j DOCKER-INGRESS" >&3', ); add_commands( $chainref, '[ -n "$g_dockeringress" ] && echo "-A FORWARD -j DOCKER-INGRESS" >&3' );
add_commands( $chainref, '[ -n "$g_dockeruser" ] && echo "-A FORWARD -j DOCKER-USER" >&3', ); add_commands( $chainref, '[ -n "$g_dockeruser" ] && echo "-A FORWARD -j DOCKER-USER" >&3' );
add_commands( $chainref , add_commands( $chainref, '[ -n "$g_dockeriso" ] && echo "-A FORWARD -j DOCKER-ISOLATION" >&3' );
'', add_commands( $chainref, '[ -n "$g_dockerisostage" ] && echo "-A FORWARD -j DOCKER-ISOLATION-STAGE-1" >&3' );
'case "$g_dockernetwork" in',
' One)',
' echo "-A FORWARD -j DOCKER-ISOLATION" >&3',
' ;;',
' Two)',
' echo "-A FORWARD -j DOCKER-ISOLATION-STAGE-1" >&3',
' ;;',
'esac' );
if ( my $dockerref = known_interface('docker0') ) { if ( my $dockerref = known_interface('docker0') ) {
add_commands( $chainref, 'if [ -n "$g_docker" ]; then' ); add_commands( $chainref, 'if [ -n "$g_docker" ]; then' );

16
Shorewall/Perl/Shorewall/Providers.pm
View File

@ -1180,14 +1180,14 @@ CEOF
emit "fi\n"; emit "fi\n";
if ( get_interface_option( $interface, 'used_address_variable' ) ) { if ( get_interface_option( $interface, 'used_address_variable' ) ) {
my $variable = interface_address( $interface ); my $variable = get_interface_address( $interface );
emit( "echo \$$variable > \${VARDIR}/${physical}.address" ); emit( "echo $variable > \${VARDIR}/${physical}.address" );
} }
if ( get_interface_option( $interface, 'used_gateway_variable' ) ) { if ( get_interface_option( $interface, 'used_gateway_variable' ) ) {
my $variable = interface_gateway( $interface ); my $variable = get_interface_gateway( $interface );
emit( qq(echo "\$$variable" > \${VARDIR}/${physical}.gateway\n) ); emit( qq(echo "$variable" > \${VARDIR}/${physical}.gateway\n) );
} }
} else { } else {
emit( qq(progress_message "Provider $table ($number) Started") ); emit( qq(progress_message "Provider $table ($number) Started") );
@ -2323,22 +2323,22 @@ sub handle_optional_interfaces() {
emit( 'fi' ); emit( 'fi' );
if ( get_interface_option( $interface, 'used_address_variable' ) ) { if ( get_interface_option( $interface, 'used_address_variable' ) ) {
my $variable = interface_address( $interface ); my $variable = get_interface_address( $interface );
emit( '', emit( '',
"if [ -f \${VARDIR}/${physical}.address ]; then", "if [ -f \${VARDIR}/${physical}.address ]; then",
" if [ \$(cat \${VARDIR}/${physical}.address) != \$$variable ]; then", " if [ \$(cat \${VARDIR}/${physical}.address) != $variable ]; then",
' g_forcereload=Yes', ' g_forcereload=Yes',
' fi', ' fi',
'fi' ); 'fi' );
} }
if ( get_interface_option( $interface, 'used_gateway_variable' ) ) { if ( get_interface_option( $interface, 'used_gateway_variable' ) ) {
my $variable = interface_gateway( $interface ); my $variable = get_interface_gateway( $interface );
emit( '', emit( '',
"if [ -f \${VARDIR}/${physical}.gateway ]; then", "if [ -f \${VARDIR}/${physical}.gateway ]; then",
" if [ \$(cat \${VARDIR}/${physical}.gateway) != \"\$$variable\" ]; then", " if [ \$(cat \${VARDIR}/${physical}.gateway) != \"$variable\" ]; then",
' g_forcereload=Yes', ' g_forcereload=Yes',
' fi', ' fi',
'fi' ); 'fi' );

3
Shorewall/Perl/prog.footer
View File

@ -148,7 +148,8 @@ g_compiled=
g_file= g_file=
g_docker= g_docker=
g_dockeringress= g_dockeringress=
g_dockernetwork= g_dockeriso=
g_dockerisostage=
g_forcereload= g_forcereload=
g_fallback= g_fallback=

2
docs/Build.xml
View File

@ -113,7 +113,6 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<variablelist>
<varlistentry> <varlistentry>
<term>tools/files</term> <term>tools/files</term>
@ -122,7 +121,6 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<variablelist>
<varlistentry> <varlistentry>
<term>tools/testing</term> <term>tools/testing</term>

30
docs/Introduction.xml
View File

@ -16,7 +16,7 @@
<pubdate><?dbtimestamp format="Y/m/d"?></pubdate> <pubdate><?dbtimestamp format="Y/m/d"?></pubdate>
<copyright> <copyright>
<year>2003-2015</year> <year>2003-2020</year>
<year>2019</year> <year>2019</year>
@ -173,18 +173,22 @@ dmz ipv4</programlisting>
file. In the three-interface sample, the three zones are defined using file. In the three-interface sample, the three zones are defined using
that file as follows:</para> that file as follows:</para>
<programlisting>#ZONE INTERFACE OPTIONS <programlisting>#ZONE INTERFACE OPTIONS
net NET_IF dhcp,routefilter net NET_IF tcpflags,dhcp,nosmurfs,routefilter,logmartians,sourceroute=0,physical=eth0
loc LOC_IF loc LOC_IF tcpflags,nosmurfs,routefilter,logmartians,physical=eth1
dmz DMZ_IF</programlisting> dmz DMZ_IF tcpflags,nosmurfs,routefilter,logmartians,physical=eth2</programlisting>
<para>The above file defines the <emphasis>net</emphasis> zone as all IPv4 <para>The above file defines the <emphasis>net</emphasis> zone as all IPv4
hosts interfacing to the firewall through NET_IF, the hosts interfacing to the firewall through NET_IF, the
<emphasis>loc</emphasis> zone as all IPv4 hosts interfacing through LOC_IF <emphasis>loc</emphasis> zone as all IPv4 hosts interfacing through LOC_IF
and the <emphasis>dmz</emphasis> as all IPv4 hosts interfacing through and the <emphasis>dmz</emphasis> as all IPv4 hosts interfacing through
DMZ_IF. It is important to note that the composition of a zone is defined eth2. The interface names shown in the INTERFACE column are <emphasis>
in terms of a combination of addresses <emphasis logical</emphasis> names which are used throughout the configuration to
role="bold">and</emphasis> interfaces. When using the <ulink refer to the individual interfaces. The actual interface names are
specified using the <emphasis role="bold">physical</emphasis> option. It
is important to note that the composition of a zone is defined in terms of
a combination of addresses <emphasis role="bold">and</emphasis>
interfaces. When using the <ulink
url="manpages/shorewall-interfaces.html"><filename>/etc/shorewall/interfaces</filename></ulink> url="manpages/shorewall-interfaces.html"><filename>/etc/shorewall/interfaces</filename></ulink>
file to define a zone, all addresses are included; when you want to define file to define a zone, all addresses are included; when you want to define
a zone that contains a limited subset of the IPv4 address space, you use a zone that contains a limited subset of the IPv4 address space, you use
@ -193,10 +197,12 @@ dmz DMZ_IF</programlisting>
file or you may use the nets= option in file or you may use the nets= option in
<filename>/etc/shorewall/interfaces</filename>:</para> <filename>/etc/shorewall/interfaces</filename>:</para>
<programlisting>#ZONE INTERFACE BROADCAST OPTIONS <programlisting>#ZONE INTERFACE OPTIONS
net NET_IF detect dhcp,routefilter,nets=(!192.168.0.0/23),physical=eth0 net NET_IF tcpflags,dhcp,nosmurfs,routefilter,logmartians,sourceroute=0,physical=eth0
loc LOC_IF detect nets=(192.168.0.0/24),physical=eth1 loc LOC_IF tcpflags,nosmurfs,routefilter,logmartians,physical=eth1,<emphasis
dmz DMZ_IF detect nets=(192.168.1.0/24),physical=eth2</programlisting> role="bold">nets=172.20.1.0/24</emphasis>
dmz DMZ_IF tcpflags,nosmurfs,routefilter,logmartians,physical=eth2
</programlisting>
<para>The above file defines the <emphasis>net</emphasis> zone as all IPv4 <para>The above file defines the <emphasis>net</emphasis> zone as all IPv4
hosts interfacing to the firewall through eth0 <emphasis>except</emphasis> hosts interfacing to the firewall through eth0 <emphasis>except</emphasis>

234
docs/html.css
View File

@ -1,48 +1,188 @@
div.informalexample { background-color: #d5dee3; /* global styles */
border-top-width: 2px; body {
border-top-style: double; font-family: sans-serif;
border-top-color: #d3d3d3; }
border-bottom-width: 2px; div {
border-bottom-style: double; border: 0;
border-bottom-color: #d3d3d3; padding: 0.5em;
padding: 4px; }
margin: 0em; img {
margin-left: 2em; border: 0;
} }
hr {
color: #8b8b8b;
}
h4 {
text-align: center;
font-weight: bold;
padding: 0.25em 0.5em;
margin: 0 0 1px;
}
.quote {
font-style: italic;
text-align: center;
}
.strong {
font-weight: bold;
}
.warning {
font-weight: bold;
color: #ff0000;
}
a {
display: block;
border-width: 0;
text-decoration: none;
color: #0060b5;
background: #ffffff;
}
a:hover {
color: #ffffff;
background: #0060b5;
}
/* header styles */
div#header {
position: absolute;
font-size: small;
top: 0;
left: 0;
height: 100px;
width: 95%;
margin: 10px;
}
div#header p {
text-align: center;
}
div#header div#search-form {
float: left;
margin: 0;
padding: 0;
}
div#header div#search-form input#search-text {
background-color: #ffffff;
color: #0060b5;
font-size: small;
border: 1px solid;
vertical-align: middle;
}
div#header div#search-form input#submit-button {
background-color: #ffffff;
color: #0060b5;
font-size: small;
font-weight: bold;
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
border-radius:6px;
text-decoration: none;
cursor: pointer;
border: 1px solid;
vertical-align: middle;
}
div#header div#search-form input#submit-button:hover {
border: 1px solid;
background-color: #0060b5;
color: #ffffff;
box-shadow: 0px 0px 1px #777;
}
div#header div#ml-search {
float: right;
margin: 0;
padding: 0;
}
div#header div#logo {
margin: 0;
padding: 0;
clear: both;
}
/* sidebar styles */
div#sidebar {
position: fixed;
top: 125px;
left: 0;
width: 15%;
margin: 10px;
font-size: small;
}
div#sidebar:hover {
background-position: 0px 0px;
}
div#sidebar a {
text-align: center;
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
border-radius:6px;
}
/* menu styles */
/* main panel styles */
div#main {
position: absolute;
top: 150px;
left: 16%;
width: 62%;
margin: 10px;
}
div#main a {
display: inline;
padding: 0;
}
div#main a:hover {
color: #0060b5;
background: #ffffff;
text-decoration: underline;
}
/* content styles */
div#content div {
padding: 0;
}
div#content code, pre {
font: 100% monospace;
}
div#content table {
width: 100%;
}
div#content table#changelog {
font-size: x-small;
}
/* footer styles */
div#footer p {
text-align: center;
font-size: small;
}
div#footer table {
margin-left: auto;
margin-right: auto;
}
/* doc panel styles */
div#doc {
float: right;
top: 125px;
left: 80%;
width: 15%;
margin: 125px 10px 10px 10px;
font-size: small;
}
div#doc:hover {
background-position: 0px 0px;
}
div#doc a {
padding: 0 5px 0 5px;
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
border-radius:6px;
}
div#doc p.go-top, div#doc p.go-top a, div#doc p.go-top a:hover {
opacity: 0.75;
filter:alpha(opacity=75); /* For IE8 and earlier */
position: fixed;
bottom: 0.5em;
right: 0.5em;
text-decoration: none;
font-size: small;
padding: 0;
display: block;
}
div#doc p.go-top a:hover {
opacity: 1.0;
filter:alpha(opacity=100); /* For IE8 and earlier */
}
pre.programlisting { whitespace: pre;
font-family: monospace;
background-color: #BEE1F6;
border-top-width: 1px;
border-top-style: single;
border-top-color: #d3d3d3;
border-bottom-width: 1px;
border-bottom-style: single;
border-bottom-color: #d3d3d3;
padding: 4px;
margin: 0em;
}
div.sidebar { whitespace: pre;
font-family: monospace;
background-color: #A6D5EC;
border-top-width: 1px;
border-top-style: single;
border-top-color: #d3d3d3;
border-bottom-width: 1px;
border-bottom-style: single;
border-bottom-color: #d3d3d3;
padding: 4px;
margin: 0em;
}
div.informalexample pre { whitespace: pre;
font-family: monospace;
border-top-width: 0px;
border-bottom-width: 0px;
padding: 0px;
}
div.caution h3 { color:#CC3333; }
div.note h3 { color:#000066; }