Commit Graph

2907 Commits

Author SHA1 Message Date
Tom Eastep
00c5985458 Rename clone_rule() to clone_irule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 12:38:16 -07:00
Tom Eastep
1a44b66656 Cleaner handling of trailing spaces from log_irule_limit.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 12:32:35 -07:00
Tom Eastep
b215cf379a Generate a warning when Limit is invoked.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 12:31:29 -07:00
Tom Eastep
3ec6745df9 Use log_irule_limit() internally where possible.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 11:48:02 -07:00
Tom Eastep
55be5b0119 Add log_irule_limit() and log_irule() functions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 11:47:19 -07:00
Tom Eastep
42a649d093 Create $globals{LOGILIMIT}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 09:00:36 -07:00
Tom Eastep
18e7e43b2f Eliminate globals{STATEMATCH}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-01 16:01:57 -07:00
Tom Eastep
6803ce5d41 Add constants for %used values.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-01 15:36:16 -07:00
Tom Eastep
565fb74795 Correct bridge detection and 'qt' implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-24 13:07:38 -07:00
Tom Eastep
fc754040d5 Avoid shell error when detecting owner name match
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-24 09:51:32 -07:00
Tom Eastep
cc5a59231b Make qt() work correctly when tracing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-24 07:17:15 -07:00
Tom Eastep
25f96e6a88 Reword unreachable warning (again)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-20 10:50:28 -07:00
Tom Eastep
71bcd11ab6 Make ?...shell/perl directives case insensitive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-20 10:39:39 -07:00
Tom Eastep
4bd35a0b93 Allow 'routeback=0'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-16 08:37:53 -07:00
Tom Eastep
cb132e2421 Include the chain name in the 'unreachable' warning.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-11 06:29:07 -07:00
Tom Eastep
53f1cd40df Add 'unmanaged' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-10 12:36:18 -07:00
Tom Eastep
c653d9ce83 Only issue one 'unreachable' warning per chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-08 10:02:19 -07:00
Tom Eastep
254d2037ef Delete unused variable.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-04 15:34:25 -07:00
Tom Eastep
cb8e76b1d2 Add sub get_opttype to emphasize where rule option types are used.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-04 12:49:20 -07:00
Tom Eastep
2b579d2dff Small efficiency change in helper processing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-04 12:48:22 -07:00
Tom Eastep
fc3e3dbf3c Cosmetic change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-03 10:53:33 -07:00
Tom Eastep
81acedd1b3 Reword the 'unreachable' warning.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-02 17:13:41 -07:00
Tom Eastep
d8f53cc0a9 Merge branch '4.5.17'
Conflicts:
	Shorewall/Perl/Shorewall/Chains.pm
2013-06-02 15:31:45 -07:00
Tom Eastep
481811d29f Merge NFACCT and EXPENSIVE matches during optimization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-02 13:29:13 -07:00
Tom Eastep
3867902b27 Use 'NONE' policies for LOOPBACK and LOCAL zones to non-firewall zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-02 07:31:32 -07:00
Tom Eastep
adf51d0059 Revise the unreachable warning stuff.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 16:32:46 -07:00
Tom Eastep
7dbd50708b Clear the current filename after last file is processed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 13:05:35 -07:00
Tom Eastep
4340bcffb1 Don't optimize away a rule that includes nfacct matches.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 13:05:25 -07:00
Tom Eastep
4a05e56d6d Disable warning on unreachable rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 13:05:16 -07:00
Tom Eastep
2d8078033c Clear the current filename after last file is processed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 13:03:10 -07:00
Tom Eastep
c5f2eeea80 Don't optimize away a rule that includes nfacct matches.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 13:02:39 -07:00
Tom Eastep
5343243f6b Disable warning on unreachable rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 13:01:55 -07:00
Tom Eastep
4865899018 Avoid a forward jump for local zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-30 06:52:09 -07:00
Tom Eastep
9b68204865 Generate an 'unreachable rule(s)' warning.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-30 06:17:22 -07:00
Tom Eastep
a550dd3eed Issue a warning when a rule is dropped do to terminated chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-29 21:01:07 -07:00
Tom Eastep
f0aa29222f Correct minor IPv6 TPROXY bug
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-29 07:18:46 -07:00
Tom Eastep
eaf1d0e5c2 Another error check for hosts files and loopback zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-28 10:00:07 -07:00
Tom Eastep
446f764d19 Allow config with only local and firewall zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-28 08:03:44 -07:00
Tom Eastep
9b0b3d4b70 Correct ICMPV6 type name translation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-28 08:03:19 -07:00
Tom Eastep
a48a4b7a2e Don't allow fowarding between local zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-28 06:14:44 -07:00
Tom Eastep
8743b64e00 Export 'shorewall' from the Config module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-27 06:52:45 -07:00
Tom Eastep
2de0fbf7d0 Change 'local' to 'loopback' and add 'local' zones that match non-loopback interfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-26 14:06:51 -07:00
Tom Eastep
f89c704d01 Disallow 'virtual' physical interfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-26 08:47:44 -07:00
Tom Eastep
0b5a316cfc Emit 'expensive' matches last unless there are '-m nfacct' matches in the rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-26 08:03:54 -07:00
Tom Eastep
31f9ea5b93 Add progess and warning messages to 'update -D'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-25 16:31:55 -07:00
Tom Eastep
dde1f0a779 Only enable helpers during a 'clear' operation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-25 16:31:27 -07:00
Tom Eastep
60d0a50d9d Add some warning/progress messages to help understand 'update -D' behavior.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-25 13:20:12 -07:00
Tom Eastep
064f9f974c Cosmetic change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-23 09:49:25 -07:00
Tom Eastep
fd11eb7d82 Omit fw->fw jumps when there is a local zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-22 09:19:34 -07:00
Tom Eastep
9e77bb5499 Ensure correct match ordering with trivial exclusion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-22 08:46:22 -07:00