extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 20:24:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,337 Commits 104 Branches 736 Tags 55 MiB
003daec41c
Commit Graph

2086 Commits

Author SHA1 Message Date
Tom Eastep
6bed5e5e55 Merge branch '4.4.27' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-30 07:28:14 -08:00
Tom Eastep
5b2f960db3 Disallow :P in CLASSIFY rules and complain if :F is used when the SOURCE or DEST is $FW. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-30 07:22:14 -08:00
Tom Eastep
1da7f52ed5 Copy output interface options rather than jump 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 18:49:47 -08:00
Tom Eastep
39f214208a Fix silly bug in the new option chain implementation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 17:57:39 -08:00
Tom Eastep
6926bcdbb9 More refinements of the option chain stuff. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 14:52:07 -08:00
Tom Eastep
f9960a0c94 Restore blacklst and blackout chains 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 13:45:35 -08:00
Tom Eastep
2c441b5393 Copy option rules into interface chains if no blacklist 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 09:32:16 -08:00
Tom Eastep
bddfb4f41c Add output option chains 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 08:22:00 -08:00
Tom Eastep
03610181fd Disallow :P in CLASSIFY rules and complain if :F is used when the SOURCE or DEST is $FW. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 07:49:53 -08:00
Tom Eastep
3ca9577f04 Cruft removal 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-28 16:22:11 -08:00
Tom Eastep
8cdc83638e Don't allow PREROUTING CLASSIFY rules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-28 14:07:12 -08:00
Tom Eastep
a98c85cbc4 Make 'audit' work on a converted blacklist file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-28 10:30:24 -08:00
Tom Eastep
eda918215d Option chain phase II implementation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-28 10:29:15 -08:00
Tom Eastep
0518def9cf Merge branch '4.4.27' 2011-12-28 09:58:19 -08:00
Tom Eastep
09f58512be Make 'audit' work on a converted blacklist file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-28 09:34:34 -08:00
Tom Eastep
eff447ac11 Phase one option chain implementation. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-27 18:12:58 -08:00
Tom Eastep
ea9c59a297 Add an interface filter chain for each interface. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-27 13:52:44 -08:00
Tom Eastep
49eb84b9e2 Remove more helper/proto silliness 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-27 13:06:37 -08:00
Tom Eastep
8a8214704e Centralize checking for required proto with helper 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-27 13:04:19 -08:00
Tom Eastep
aa743f2886 Merge branch '4.4.27' 2011-12-27 13:02:08 -08:00
Tom Eastep
c5868ef6e4 Revert "Remove redundant check." 
This reverts commit 53dd13cf15.
 2011-12-27 13:01:27 -08:00
Tom Eastep
7721644209 Merge branch '4.4.27' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall into 4.4.27 
Conflicts:
	Shorewall/Perl/Shorewall/Chains.pm
	Shorewall/Perl/Shorewall/Raw.pm
 2011-12-27 12:32:13 -08:00
Tom Eastep
1c2ab238a5 Merge branch '4.4.27' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall into 4.4.27 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-26 13:22:30 -08:00
Tom Eastep
3541767881 Don't croak when adding gateway route fails for IPv6. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-26 11:58:06 -08:00
Tom Eastep
53dd13cf15 Remove redundant check. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-26 11:57:34 -08:00
Tom Eastep
5520a6d31d Validate helper<->protocol 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-24 09:24:01 -08:00
Tom Eastep
be4cb9d26a Validate helper<->protocol 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-23 17:55:13 -08:00
Tom Eastep
97354c8ce8 Detect CT_TARGET when LOAD_HELPERS_ONLY=No 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-23 11:59:51 -08:00
Tom Eastep
0e3ad6ff91 Omit the chain designator from an error message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-23 07:51:12 -08:00
Tom Eastep
1c535ee0f9 Correct handling of a chain designator in CLASSIFY rules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-23 07:44:16 -08:00
Tom Eastep
3081ab1da1 Correct RELATED_DISPOSITION error message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-22 15:51:50 -08:00
Tom Eastep
ce735e9415 Allow a chain designator in CLASSIFY rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-22 15:41:16 -08:00
Tom Eastep
e93dbdcb99 Stop generation of superfluous routing rules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-21 08:01:25 -08:00
Tom Eastep
c03fe0a076 Implement USE_LOGICAL_NAMES. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-20 16:03:56 -08:00
Tom Eastep
1c8f6d3856 Eliminate a variable 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-18 15:05:03 -08:00
Tom Eastep
c00068e08d Another correction to the 'CT' target 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-18 07:21:32 -08:00
Tom Eastep
a80b46be81 Allow a port number to be appended to a helper name 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-17 17:08:24 -08:00
Tom Eastep
ec848ebc01 Parenthesize qa/.../ in embedded Perl 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-17 10:09:23 -08:00
Tom Eastep
ba5db8753e Fix CT helpers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-17 08:59:27 -08:00
Tom Eastep
9d66f34932 Allow config options to be used as shell variables 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-15 12:52:22 -08:00
Tom Eastep
10d10b1c16 Remove a redundant capability test 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-15 12:52:06 -08:00
Tom Eastep
6194eceaa4 Restore text of 'Provider "..." compiled' message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-15 12:51:39 -08:00
Tom Eastep
2142baca4f Avoid inappropriate RELATED,ESTABLISHED rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-06 19:04:43 -08:00
Tom Eastep
004d0bcc38 Allow rules in the RELATED section when there are non-default settions of 
the new RELATED_* options.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-06 13:38:11 -08:00
Tom Eastep
d4957696d1 Update man pages and sample files 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-05 17:45:09 -08:00
Tom Eastep
439af55312 Implement RELATED_DISPOSITION and RELATED_LOG_LEVEL 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-05 16:08:17 -08:00
Tom Eastep
febe9e5222 Apply Chris Boot's fix for TC_ENABLED=Shared 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-05 12:22:48 -08:00
Tom Eastep
2cffae738f Initial implementation of CT target support in the 'notrack' file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-04 17:15:58 -08:00
Tom Eastep
a794027f63 Implement CT capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-04 14:35:53 -08:00
Tom Eastep
e7d2b1d4ed Consolidate the lib.common files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-04 09:19:48 -08:00
Tom Eastep
6bb487bb68 Pass $CONFIG_PATH to compiler.pl 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-02 07:36:23 -08:00
Tom Eastep
8c6914d1a2 Don't deprecate 'optional' for shared providers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-01 11:23:22 -08:00
Tom Eastep
a27f5655a7 Merge branch '4.4.26' 2011-12-01 10:41:22 -08:00
Tom Eastep
99bf7fb994 Don't do TC stuff during enable/disable of a shared provider 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-01 10:41:03 -08:00
Tom Eastep
568e3b2e5b Allow a provider name in addition to an interface name in enable/disable 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-01 10:32:54 -08:00
Tom Eastep
8f14485d67 Allow a provider name in addition to an interface name in enable/disable 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-01 10:30:42 -08:00
Tom Eastep
3110f7c74a Add enable/disable commands to the CLIs 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-01 10:25:51 -08:00
Tom Eastep
d8caa6498a Add tracing to Optimize 16. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-30 07:57:19 -08:00
Tom Eastep
9e149ca038 Correct default values during update 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-27 14:12:51 -08:00
Tom Eastep
61d5c6d6da Implement Shorewall::Chains::clone_rule() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-26 09:36:02 -08:00
Tom Eastep
3498076a96 Accurately compare rule key values that are array references. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-26 08:03:02 -08:00
Tom Eastep
15d95b6977 Fix SAME target. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-26 07:48:03 -08:00
Tom Eastep
5cdb74168f Correct port list capture with --multiport. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-25 16:22:23 -08:00
Tom Eastep
613e41c25a Enable OPT 16 in check -r; Suppress duplicate rules 2011-11-25 16:05:07 -08:00
Tom Eastep
90e03e1833 Even more tweaks to optimize 16 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-25 14:46:37 -08:00
Tom Eastep
71bbd7963c Some tweaks to optimize 16 2011-11-25 10:42:10 -08:00
Tom Eastep
f305da9d0d Require extended multi-port match for OPTIMIZE 16. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-24 10:57:09 -08:00
Tom Eastep
8d8a681f40 Implement optimization level 16 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-24 10:22:04 -08:00
Tom Eastep
4559c8b5d0 Tweaks to convert_blacklist() 
- Reword an error message to handle both missing file and zero-sized file.
- Don't rename file that doesn't exist.
 2011-11-21 12:13:39 -08:00
Tom Eastep
dffb79e7bd Handle empty blacklist file in 'update -b' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-20 17:02:01 -08:00
Tom Eastep
bd8ba435cd Avoid uninitialized value in hash element. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-20 16:24:42 -08:00
Tom Eastep
4d30811794 Implement 'show marks' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-20 12:29:17 -08:00
Tom Eastep
e5a6387695 Eliminate use of WIDE_TC_MARKS in the Tc module 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-20 08:45:16 -08:00
Tom Eastep
382309bc53 Derive default values for the mark-layout options 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-20 07:03:33 -08:00
Tom Eastep
83d7cfa76a Update documentation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-19 15:18:43 -08:00
Tom Eastep
ae8aa3a45a More fixes for ZONE_BITS 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-19 08:19:38 -08:00
Tom Eastep
ab1b65d6a8 Fixes for blacklist conversion 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-19 08:18:58 -08:00
Tom Eastep
4f9afc32ec Allow zone names in the MARK column when ZONE_BITS != 0 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-18 07:23:24 -08:00
Tom Eastep
7c0cb69c29 Don't copy limited broadcast routes to provider tables 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-18 07:07:51 -08:00
Tom Eastep
364b30fd9b Fix 'update -b' handling of missing files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-18 06:26:37 -08:00
Tom Eastep
72f75c201c Implement zone automark 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-17 16:07:45 -08:00
Tom Eastep
96f5aec71f Add ZONE_BITS configuration option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-17 10:40:47 -08:00
Tom Eastep
fe09646bed Make zone types a power of 2. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-17 09:23:39 -08:00
Tom Eastep
348c6c8cf7 Correct handling of LOGMARK 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-17 07:22:07 -08:00
Tom Eastep
d096b9399a Fix '\!' handling in validate_level() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-15 16:41:32 -08:00
Tom Eastep
afaf0d9de8 Trivial optimiation in validate_level() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-13 06:19:40 -08:00
Tom Eastep
28a1087cd4 Cleanup of rewritten validate_level() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-13 05:58:59 -08:00
Tom Eastep
73ed66b9b9 Add ULOG and NFLOG capabilities plus LOGMARK for IPv6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-12 14:10:48 -08:00
Tom Eastep
ffec7a4d95 More corrections to wildcard interfaces 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-11 07:29:44 -08:00
Tom Eastep
04dfe26549 Remove two unused variables. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-11 05:23:37 -08:00
Tom Eastep
972721facb Remove some white space 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-10 17:52:25 -08:00
Tom Eastep
6813409c31 Make the previous patch a bit cleaner 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-10 07:19:21 -08:00
Tom Eastep
d85f6970e3 Fix wildcard interfaces 
- Suppress extra jumps to interface chains.
- Insure that the 'lo' ACCEPT rule doesn't get masked by a wildcard interface

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-10 06:53:48 -08:00
Tom Eastep
d053faadde Allow convertion of a legacy blacklist configuration 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-08 12:59:40 -08:00
Tom Eastep
6108a9cad8 Delete BLACKLISTSECTION 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-06 14:46:14 -08:00
Tom Eastep
da7516d401 Update config files and manpages for BLACKLISTSECTION 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-06 12:05:07 -08:00
Tom Eastep
1091c24348 Implement the BLACKLISTSECTION option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-06 08:43:38 -08:00
Tom Eastep
689e9b0fe1 Make replacement of '+' by '*' global in case statements. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-04 13:49:10 -07:00
Tom Eastep
352dba1aac More cleanup of the IN_BANDWIDTH code 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-02 06:34:35 -07:00
Tom Eastep
b9a7374130 Omit estimator when no avrate. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-01 11:16:51 -07:00
Tom Eastep
cfa33e894f Restore IN_BANDWIDTH functionality on moribund distributions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-01 07:02:32 -07:00
Tom Eastep
8b8140cc9f Add 'Basic Filter' capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-01 06:34:57 -07:00
Tom Eastep
f3b5d5585f Correct detection of FLOW_FILTER 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-01 06:21:34 -07:00
Tom Eastep
dc1f815679 Reload blacklistsection chains even when legacy blacklisting is used. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-31 08:04:32 -07:00
Tom Eastep
29f6f6e3f2 Allow 'refresh' to reload chains from the BLACKLIST section. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-30 06:05:24 -07:00
Tom Eastep
16457ce85b Evaluate a variable at compile-time rather than at run-time 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-27 07:07:38 -07:00
Tom Eastep
c319921365 Correct validation of 4in6 addresses 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-25 06:19:34 -07:00
Tom Eastep
3258806f6c Insure that 32767 default rule exists on IPv6. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-24 21:15:09 -07:00
Tom Eastep
ccdda4c73b Tighten the rule compatibility test in sub compatible(). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-24 13:16:17 -07:00
Tom Eastep
3c98094242 Combine all IPV6 filtering in the routing table copy routines 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-24 13:15:36 -07:00
Tom Eastep
14764acd2d Restore a blank line in the generated script 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-24 08:50:15 -07:00
Tom Eastep
ee66be8f32 Place all ip-address rules at priority 20000. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-23 17:11:41 -07:00
Tom Eastep
54ba4ed879 Add MARK column to route_rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-23 07:56:53 -07:00
Tom Eastep
4b419f7497 Cleanup if IPv6 provider work 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-22 12:48:07 -07:00
Tom Eastep
d3d9380df5 Don't combine incompatible chains 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-21 11:55:30 -07:00
Tom Eastep
f31f3dc92a Implement 'fallback' and 'balance' for IPv6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-21 11:55:15 -07:00
Tom Eastep
20cd943a60 Make route-table copying work on IPv6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-20 10:32:09 -07:00
Tom Eastep
a42e2dff7f Allow caps in IPv6 addresses 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-19 07:47:49 -07:00
Tom Eastep
62d43ab6dd Cleanup of new IN-BANDWIDTH handling. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-18 05:53:50 -07:00
Tom Eastep
dbe936c7c9 Cleanup of new IN-BANDWIDTH handling (avoids a syntax error) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-17 06:29:27 -07:00
Tom Eastep
4d83201843 Allow configuraton of a rate estimated policing filter 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-16 14:38:27 -07:00
Tom Eastep
ebc944f027 Add optional MTU parameter in IN_BANDWIDTH 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-16 10:52:45 -07:00
Tom Eastep
a077a9821d Implement rate estimation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-11 15:27:24 -07:00
Tom Eastep
25a6f10025 Fix complex traffic shaping 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-11 10:52:37 -07:00
Tom Eastep
ede17cb771 Restore lost function from merging 4.4.24 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-10 16:51:27 -07:00
Tom Eastep
6d56a8aa45 Merge branch '4.4.24' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-10 06:57:05 -07:00
Tom Eastep
a12a4a5a89 Add '6in4' as a synonym for '6to4' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-10 06:54:31 -07:00
Tom Eastep
99b21fdfc5 Implement HL manipulation for IPv6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-09 14:01:40 -07:00
Tom Eastep
668926c2a6 Add BALANCE_TABLE. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-09 09:00:14 -07:00
Tom Eastep
a5010ec9a6 Correct alternate specification in the tunnels file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-09 08:50:55 -07:00
Tom Eastep
31e0b186bf More fixes for 'fallback' without weight 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-09 07:53:59 -07:00
Tom Eastep
809f27decd More alternate-specification fixes. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-09 07:06:01 -07:00
Tom Eastep
8115934adf More alternate-specification fixes. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-09 07:05:08 -07:00
Tom Eastep
035db174d8 Fix 'fallback' without weight 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-09 06:58:41 -07:00
Tom Eastep
3afd6a3ad3 Correct proto column of the netmap file 2011-10-08 18:20:47 -07:00
Tom Eastep
2d6f5da6bc Correct proto column of the netmap file 2011-10-08 18:19:08 -07:00
Tom Eastep
c304661217 Fix earlier change 2011-10-08 17:10:23 -07:00
Tom Eastep
661606ef95 Merge branch '4.4.24' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-08 17:07:12 -07:00
Tom Eastep
b5963c6783 Fix alternate nat handling 2011-10-08 17:01:18 -07:00
Tom Eastep
e6b120a805 Implement BALANCE table 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-08 13:54:39 -07:00
Tom Eastep
e322e60d73 Fix 'fallback' 2011-10-08 12:32:29 -07:00
Tom Eastep
04c2007d53 Resolve merge conflicts 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-08 07:03:01 -07:00
Tom Eastep
5d4a0172b7 A bit of cleanup 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-05 09:32:26 -07:00
Tom Eastep
835a056eb8 Implement BLACKLIST section in the rules file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-03 16:02:01 -07:00
Tom Eastep
57650e8dd9 Add two new actions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-02 18:41:58 -07:00
Tom Eastep
0a5d5821ec Support additional forms of column/value pair specification 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-02 11:45:55 -07:00
Tom Eastep
e728d663f9 Implement IPTABLES_S capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-01 13:54:52 -07:00
Tom Eastep
2f0829596f Fix format-1 Actions 2011-10-01 12:17:29 -07:00
Tom Eastep
f6092ee52d Eliminate the maxcolumns argument to the split_line functions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-01 11:39:12 -07:00
Tom Eastep
072f4752fc Get rid of minimum column requirement 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-01 09:56:25 -07:00
Tom Eastep
c76957cc39 Reword an error message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-26 08:51:05 -07:00
Tom Eastep
4c7f1a03a0 Catch multiple semicolons on a line. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-26 07:42:44 -07:00
Tom Eastep
9a4dfc4394 Implement an alternate way of specifying column contents. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-25 17:08:53 -07:00
Tom Eastep
da5b6b99d4 Implement TTL support in tcrules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-24 16:17:52 -07:00
Tom Eastep
dbf5f17b41 More tweaks to switch implementation. 
1) Switch names may be 30 characters long.
2) Switch settings are retained over restart.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-24 07:34:58 -07:00
Tom Eastep
40bc6df07a Correct handling of SWITCH column 
- Handle exclusion
- Correctly detect CONDITION_MATCH at compile time
- Include condition match in the filter part of a NAT rule

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-23 15:01:40 -07:00
Tom Eastep
caddd65412 Rename condition->switch and add more documentation. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-23 12:33:55 -07:00
Tom Eastep
75b4540d26 Add support for condition match in the rules file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-21 15:20:50 -07:00
Tom Eastep
7978993d2b Validate NET2 in IPv6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-20 16:24:39 -07:00
Tom Eastep
a5e05c9e8e Don't allow long port lists or icmp lists in netmap 2011-09-19 13:27:27 -07:00
Tom Eastep
990d6e504d Correct icmp-type and icmpv6-type 2011-09-19 10:05:58 -07:00
Tom Eastep
fd1e996fb1 Correct call to dest_iexclusion() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-19 08:28:29 -07:00
Tom Eastep
e01276225c Correct port order in the netmap file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-19 06:17:02 -07:00
Tom Eastep
c2bcb08483 Add 'i' versions of exclusion functions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-18 14:12:22 -07:00
Tom Eastep
95a83f7fdf Allow exclusion in the netmap file's NET1 column 2011-09-17 09:20:15 -07:00
Tom Eastep
5aac5870a1 Call setup_netmap if IPv6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-17 07:31:18 -07:00
Tom Eastep
86847957bf Merge branch '4.4.23' 2011-09-16 09:03:43 -07:00
Tom Eastep
76fc55d750 Fix TC_ENABLED=Shared 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-16 06:50:34 -07:00
Tom Eastep
be1765f44d Don't emit 'enable' code for required providers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-15 14:46:29 -07:00
Tom Eastep
fcb8fa79c0 Don't emit 'enable' code for required providers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-14 08:25:47 -07:00
Tom Eastep
e1afc645ba Allow IPv6 stateless NAT (undocumented) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-14 08:24:44 -07:00
Tom Eastep
fe9df4dfd1 Remove interface weight file if not balance or default. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-14 06:24:22 -07:00
Tom Eastep
ab1fac3fc6 Add some comments to getparams 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-11 09:52:12 -07:00
Tom Eastep
d4b37d1c52 Better way of handling environmental variables with embedded quotes. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-10 15:46:26 -07:00
Tom Eastep
fb6d4ffaf9 Merge branch '4.4.23' 2011-09-10 08:34:45 -07:00
Tom Eastep
8ce60ce825 Don't emit dangerous %ENV entries to the generated script 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-10 08:18:46 -07:00
Tom Eastep
7ed52360d5 Set all interfaces's 'routefilter' option if ROUTE_FILTER=on 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-07 12:19:13 -07:00
Tom Eastep
6f2fd75a8c Merge branch '4.4.23' 2011-09-07 11:14:11 -07:00
Tom Eastep
5f85646418 Fix disable of last balanced route 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-07 07:00:18 -07:00
Tom Eastep
b19a6f0bfd Merge branch '4.4.23' 2011-09-05 17:25:03 -07:00
Tom Eastep
77ca62835f Add PROTO and PORTS columns to netmap 2011-09-05 12:33:42 -07:00
Tom Eastep
02009ee060 Set 'use_..._chain' on interfaces with sfilters 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-05 06:23:18 -07:00
Tom Eastep
2285dce4d1 Fix debugging of ipv6 ruleset 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-03 13:58:05 -07:00
Tom Eastep
29e0f57928 Cosmetic/readability changes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-03 08:44:15 -07:00
Tom Eastep
d1fea7c682 Correct 'disable' with dynamic gateway 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-02 11:01:06 -07:00
Tom Eastep
46d9faa63a Correct sed invocation in add_gateway() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-02 10:28:41 -07:00
Tom Eastep
a63d4dad44 More sfilter tweaks 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-02 08:41:42 -07:00
Tom Eastep
6afd18646d Remove backslashes from routes before processing them. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-02 08:41:15 -07:00
Tom Eastep
f5c2e9b211 Make the sfilter logic cleaner and add a comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-01 14:15:15 -07:00
Tom Eastep
a0bbd72a39 Avoid a calculation in a loop in the generated code 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-01 06:06:50 -07:00
Tom Eastep
3fa646845f Fix busybox anomaly 2011-08-31 16:38:58 -07:00
Tom Eastep
82a806d788 Merge branch 'master' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-31 07:58:51 -07:00
Tom Eastep
b8951259bd Avoid emitting out-of-function statements. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-30 16:55:44 -07:00
Tom Eastep
78a25bb51b Avoid undefined value error. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-30 16:43:38 -07:00
Tom Eastep
abdd6bec27 More corrections to undo_routing 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-30 09:31:06 -07:00
Tom Eastep
3031c37edd Handle routes and rules for main and default 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-29 10:05:36 -07:00
Tom Eastep
45bc3a7ea0 Split add_a_provider() into two functions. 
- Avoid generating add_xxx_routes() and add_xxx_rules
- Only configure tc during 'enable'
- Fix a bad bug (routes were actually rules)

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-28 08:04:06 -07:00
Tom Eastep
65fe958e8e Split add_a_provider() into two functions. 
- Avoid generating add_xxx_routes() and add_xxx_rules
- Only configure tc during 'enable'
- Fix a bad bug (routes were actually rules)

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-28 07:54:47 -07:00
Tom Eastep
90f83fd9fd Clear device TC on 'disable' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-27 12:33:24 -07:00
Tom Eastep
ed7d70e54b Merge branch 'EdW' 2011-08-27 11:45:37 -07:00
Tom Eastep
0ef8e3b1d6 Give tcpri processing its own function. Add some comments 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-27 11:44:42 -07:00
Tom Eastep
eb9d798ad3 Correct traffic-shaping handling 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-27 11:17:08 -07:00
Tom Eastep
5d21b55ecc Configure /proc during 'enable' processing. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-27 09:21:02 -07:00
Tom Eastep
cedf203c21 Allow tc config during 'enable' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-27 08:29:55 -07:00
Tom Eastep
7d66b3e60f Correct typo in prog.footer 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-26 14:13:34 -07:00
Tom Eastep
a8d0f5f40b Fix the log message when 'enable' fails. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-26 11:02:42 -07:00
Tom Eastep
528f2b0aa2 Implement enable and disable commands for IPv4 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-25 16:00:27 -07:00
Tom Eastep
2ef7dd5201 Re-factor Provider startup 2011-08-24 17:37:39 -07:00
Tom Eastep
8c8326fa58 Correct handling of Wildcard Providers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-20 06:49:02 -07:00
Tom Eastep
8ae9b2948e Make 'start debug' work with the rawpost table. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-16 16:17:02 -07:00
Tom Eastep
ca8e99ed51 Correct implementation of the ALL section. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-16 14:10:21 -07:00
Tom Eastep
e5886abed1 Take care of oversights in the Stateless NAT implementation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-16 14:10:07 -07:00
Tom Eastep
bc706324e9 Add an ALL section to the rules files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-15 15:32:24 -07:00
Tom Eastep
d5290fc881 Correct typo that caused an internal error 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-15 10:11:12 -07:00
Tom Eastep
0b2a8b12c7 Implement Stateless NAT support. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-14 12:01:17 -07:00
Tom Eastep
71480ff647 Validate nets in the netmap file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-13 15:59:42 -07:00
Tom Eastep
97121116a3 Add rawpost table detection 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-13 11:14:29 -07:00
Tom Eastep
37b08dd991 Merge branch '4.4.22' 2011-08-13 10:48:27 -07:00
Tom Eastep
dec4f4f186 Separate target and targetopts in add_ijump calls. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-13 09:56:14 -07:00
Tom Eastep
b1b323191c Merge branch '4.4.22' 2011-08-11 20:19:47 -07:00
Tom Eastep
786455b287 Unlink .bak file if no changes to .conf. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-11 20:19:30 -07:00
Tom Eastep
39c71418da Merge branch '4.4.22' 2011-08-10 09:34:37 -07:00
Tom Eastep
7708c251db Fix ECN when MANGLE_FORWARD is not available. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-10 09:34:15 -07:00
Tom Eastep
8eff66dcfd Fix handling or ORIGINAL DEST when CONNTRACK_MATCH is not available 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-10 07:12:13 -07:00
Tom Eastep
67c1fa1e63 Fix old state match 2011-08-08 20:35:55 -07:00
Tom Eastep
8fe064914b Fix old state match 2011-08-08 20:32:02 -07:00
Tom Eastep
4824c9b8ff Add QUOTA_MATCH capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-08 14:37:47 -07:00
Tom Eastep
b0fe8e1e60 Merge branch '4.4.22' 2011-08-03 07:20:57 -07:00
Tom Eastep
a548bddea8 Remove she-bang from first line of prog.header* 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-03 07:20:34 -07:00
Tom Eastep
679de4ccf6 Apply Orion Poplawski's 'qtnoin' patch 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-02 16:51:49 -07:00
Tom Eastep
50a29f6858 Correct detection of OLD_IPSET_MATCH when LOAD_MODULES_ONLY=No 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-02 11:58:54 -07:00
Tom Eastep
ae0cffa588 Fix handling of zone names beginning with 'all' 2011-08-02 09:13:23 -07:00
Tom Eastep
d358285d56 Remove obsolete comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-31 11:34:46 -07:00
Tom Eastep
512273fa91 Avoid undefined reference in Shorewall::rules::save_policies 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-30 07:04:42 -07:00
Tom Eastep
42ae3ba581 Cleaner fix for TCP_FLAGS_DISPOSITION 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-30 06:57:18 -07:00
Tom Eastep
d9fe6e7a42 Handle missing TCP_FLAGS_DISPOSITION setting 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-28 15:56:34 -07:00
Tom Eastep
6c025d20c9 Fix Shorewall6 Kernel Version test 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-28 15:53:35 -07:00
Tom Eastep
a992ec594a Accomodate kernel version 3.0 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-27 17:03:27 -07:00
Tom Eastep
a18c502796 Correct reference counting in one more place in expand_rule() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-25 07:42:01 -07:00
Tom Eastep
ecd2e2276e Add some comments and remove extra whitespace 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-25 06:56:05 -07:00
Tom Eastep
215e923562 A little cleanup 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-24 16:17:22 -07:00
Tom Eastep
703bc88bfd Move merge_rules() back to where it was. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-24 15:06:42 -07:00
Tom Eastep
ac5a6f4471 Cleanup of progress messages 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-24 09:13:46 -07:00
Tom Eastep
f2c9647579 Set empty target in rules created via add_irule() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-24 08:28:43 -07:00
Tom Eastep
e693665be1 Add correct reference counting to merge_rules() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-24 08:03:45 -07:00
Tom Eastep
ea4b8cdb6f Exempt policy chains from optimization level 8. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-23 16:34:01 -07:00
Tom Eastep
b789d825f8 Unify the setting of $targetref and $jump 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-23 14:47:16 -07:00
Tom Eastep
83e6e2f105 Another fix for reference counting. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-23 13:54:56 -07:00
Tom Eastep
028fc20741 Correct reference accounting when long port lists are split 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-23 07:31:58 -07:00
Tom Eastep
3d616980a6 Don't delete the {target} member in clear_rule_target() but instead set it to '' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-23 07:30:56 -07:00