Tom Eastep
|
00c5985458
|
Rename clone_rule() to clone_irule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-02 12:38:16 -07:00 |
|
Tom Eastep
|
1a44b66656
|
Cleaner handling of trailing spaces from log_irule_limit.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-02 12:32:35 -07:00 |
|
Tom Eastep
|
b215cf379a
|
Generate a warning when Limit is invoked.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-02 12:31:29 -07:00 |
|
Tom Eastep
|
3ec6745df9
|
Use log_irule_limit() internally where possible.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-02 11:48:02 -07:00 |
|
Tom Eastep
|
55be5b0119
|
Add log_irule_limit() and log_irule() functions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-02 11:47:19 -07:00 |
|
Tom Eastep
|
42a649d093
|
Create $globals{LOGILIMIT}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-02 09:00:36 -07:00 |
|
Tom Eastep
|
18e7e43b2f
|
Eliminate globals{STATEMATCH}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-01 16:01:57 -07:00 |
|
Tom Eastep
|
6803ce5d41
|
Add constants for %used values.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-01 15:36:16 -07:00 |
|
Tom Eastep
|
565fb74795
|
Correct bridge detection and 'qt' implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-24 13:07:38 -07:00 |
|
Tom Eastep
|
fc754040d5
|
Avoid shell error when detecting owner name match
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-24 09:51:32 -07:00 |
|
Tom Eastep
|
cc5a59231b
|
Make qt() work correctly when tracing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-24 07:17:15 -07:00 |
|
Tom Eastep
|
25f96e6a88
|
Reword unreachable warning (again)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-20 10:50:28 -07:00 |
|
Tom Eastep
|
71bcd11ab6
|
Make ?...shell/perl directives case insensitive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-20 10:39:39 -07:00 |
|
Tom Eastep
|
4bd35a0b93
|
Allow 'routeback=0'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-16 08:37:53 -07:00 |
|
Tom Eastep
|
cb132e2421
|
Include the chain name in the 'unreachable' warning.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-11 06:29:07 -07:00 |
|
Tom Eastep
|
53f1cd40df
|
Add 'unmanaged' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-10 12:36:18 -07:00 |
|
Tom Eastep
|
c653d9ce83
|
Only issue one 'unreachable' warning per chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-08 10:02:19 -07:00 |
|
Tom Eastep
|
254d2037ef
|
Delete unused variable.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-04 15:34:25 -07:00 |
|
Tom Eastep
|
cb8e76b1d2
|
Add sub get_opttype to emphasize where rule option types are used.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-04 12:49:20 -07:00 |
|
Tom Eastep
|
2b579d2dff
|
Small efficiency change in helper processing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-04 12:48:22 -07:00 |
|
Tom Eastep
|
fc3e3dbf3c
|
Cosmetic change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-03 10:53:33 -07:00 |
|
Tom Eastep
|
81acedd1b3
|
Reword the 'unreachable' warning.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-02 17:13:41 -07:00 |
|
Tom Eastep
|
d8f53cc0a9
|
Merge branch '4.5.17'
Conflicts:
Shorewall/Perl/Shorewall/Chains.pm
|
2013-06-02 15:31:45 -07:00 |
|
Tom Eastep
|
481811d29f
|
Merge NFACCT and EXPENSIVE matches during optimization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-02 13:29:13 -07:00 |
|
Tom Eastep
|
3867902b27
|
Use 'NONE' policies for LOOPBACK and LOCAL zones to non-firewall zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-02 07:31:32 -07:00 |
|
Tom Eastep
|
adf51d0059
|
Revise the unreachable warning stuff.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-01 16:32:46 -07:00 |
|
Tom Eastep
|
7dbd50708b
|
Clear the current filename after last file is processed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-01 13:05:35 -07:00 |
|
Tom Eastep
|
4340bcffb1
|
Don't optimize away a rule that includes nfacct matches.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-01 13:05:25 -07:00 |
|
Tom Eastep
|
4a05e56d6d
|
Disable warning on unreachable rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-01 13:05:16 -07:00 |
|
Tom Eastep
|
2d8078033c
|
Clear the current filename after last file is processed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-01 13:03:10 -07:00 |
|
Tom Eastep
|
c5f2eeea80
|
Don't optimize away a rule that includes nfacct matches.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-01 13:02:39 -07:00 |
|
Tom Eastep
|
5343243f6b
|
Disable warning on unreachable rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-01 13:01:55 -07:00 |
|
Tom Eastep
|
4865899018
|
Avoid a forward jump for local zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-30 06:52:09 -07:00 |
|
Tom Eastep
|
9b68204865
|
Generate an 'unreachable rule(s)' warning.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-30 06:17:22 -07:00 |
|
Tom Eastep
|
a550dd3eed
|
Issue a warning when a rule is dropped do to terminated chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-29 21:01:07 -07:00 |
|
Tom Eastep
|
f0aa29222f
|
Correct minor IPv6 TPROXY bug
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-29 07:18:46 -07:00 |
|
Tom Eastep
|
eaf1d0e5c2
|
Another error check for hosts files and loopback zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-28 10:00:07 -07:00 |
|
Tom Eastep
|
446f764d19
|
Allow config with only local and firewall zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-28 08:03:44 -07:00 |
|
Tom Eastep
|
9b0b3d4b70
|
Correct ICMPV6 type name translation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-28 08:03:19 -07:00 |
|
Tom Eastep
|
a48a4b7a2e
|
Don't allow fowarding between local zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-28 06:14:44 -07:00 |
|
Tom Eastep
|
8743b64e00
|
Export 'shorewall' from the Config module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-27 06:52:45 -07:00 |
|
Tom Eastep
|
2de0fbf7d0
|
Change 'local' to 'loopback' and add 'local' zones that match non-loopback interfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-26 14:06:51 -07:00 |
|
Tom Eastep
|
f89c704d01
|
Disallow 'virtual' physical interfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-26 08:47:44 -07:00 |
|
Tom Eastep
|
0b5a316cfc
|
Emit 'expensive' matches last unless there are '-m nfacct' matches in the rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-26 08:03:54 -07:00 |
|
Tom Eastep
|
31f9ea5b93
|
Add progess and warning messages to 'update -D'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-25 16:31:55 -07:00 |
|
Tom Eastep
|
dde1f0a779
|
Only enable helpers during a 'clear' operation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-25 16:31:27 -07:00 |
|
Tom Eastep
|
60d0a50d9d
|
Add some warning/progress messages to help understand 'update -D' behavior.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-25 13:20:12 -07:00 |
|
Tom Eastep
|
064f9f974c
|
Cosmetic change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-23 09:49:25 -07:00 |
|
Tom Eastep
|
fd11eb7d82
|
Omit fw->fw jumps when there is a local zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-22 09:19:34 -07:00 |
|
Tom Eastep
|
9e77bb5499
|
Ensure correct match ordering with trivial exclusion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-22 08:46:22 -07:00 |
|