Tom Eastep
02006288b0
Fixes for Shorewall-init
...
- Enable at boot on debian
- Clear environment for each product
2012-05-31 19:15:23 -07:00
Tom Eastep
de184b32bc
Fix sectioned IPSEC accounting.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-30 14:37:29 -07:00
Tom Eastep
ea173ab628
Correct IPSEC accounting manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-30 14:09:41 -07:00
Tom Eastep
303c661409
Eliminate bogus term in an expression.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-30 12:49:18 -07:00
Tom Eastep
32e0f154b5
Correct pptpserver tunnel configuration.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-29 06:46:40 -07:00
Tom Eastep
db50454afc
Complete removal of optimize level 4 when level 4 is set.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-25 15:42:34 -07:00
Tom Eastep
3a5875dc73
Add MSSQL Macro
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-25 07:09:23 -07:00
Tom Eastep
5211b32aa6
Remove quotes from GEOIPDIR setting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-25 07:09:07 -07:00
Tom Eastep
92ce190bf0
Remove Geoip from Shorewall6/actions.std.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-21 12:31:01 -07:00
Tom Eastep
182a4c3080
Correct 'compile' usage text
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-21 07:10:38 -07:00
Tom Eastep
ab2376d61d
Document 15-cc limit.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-21 07:03:53 -07:00
Tom Eastep
f147046288
Change 'cc' to 'country-code' in invalid cc list error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-21 07:01:07 -07:00
Tom Eastep
daaf3c031f
Change the 'no isocodes' error message to include the address family.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 09:40:37 -07:00
Tom Eastep
73e5bb0374
Expand the GEOIP documentation to describe GEOIPDIR option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 09:40:00 -07:00
Tom Eastep
6b23eff650
Add a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 09:05:42 -07:00
Tom Eastep
ef974b5c8d
Clear the DEFAULT table if no FALLBACK providers are up.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 09:00:22 -07:00
Tom Eastep
d8ec051114
Load the geoip cc's dynamically.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 08:59:59 -07:00
Tom Eastep
84f92aa87c
Don't capture result of an RE match. Correct a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 07:06:59 -07:00
Tom Eastep
70e4c26df1
Delete a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 16:46:57 -07:00
Tom Eastep
db96f6ead2
Reject long CC lists.
...
- include offending CC in 'Invalid or Unknown' error
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 12:44:24 -07:00
Tom Eastep
f0a3e1652a
Bracket non-trivial cc lists with [...]
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 09:39:49 -07:00
Tom Eastep
56b8a9b9fa
Some code cleanup:
...
- Store config value in a local rather than repeatedly referencing the
%config hash.
- Centralize generation of the valid table array
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 09:02:44 -07:00
Tom Eastep
231c5dbca0
Eliminate need to call optimize_policy_chains() when OPTIMIZE 4 is selected
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 08:15:20 -07:00
Tom Eastep
1a9789a3da
Optimization tracing
...
- Correct tracing in optimize_chain()
- Add tracing to new level 4 optimization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 07:54:50 -07:00
Tom Eastep
f15e6d3995
Additional optimization in level 4.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-18 16:50:08 -07:00
Tom Eastep
3f42350a7b
Don't overwrite empty mark geometry settings.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-18 11:37:49 -07:00
Tom Eastep
e8648c993d
Use blackhole routes rather than unreachable.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-18 10:50:13 -07:00
Tom Eastep
cb72948739
Add Geoip match to config basics doc. Clarify variable search algorithm.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-18 07:27:33 -07:00
Tom Eastep
55c88e8e81
Replace curly brace enclosure with a preceding caret to avoid ambiguity.
...
- {...} is used to enclose a set of column/value pairs and it is certain
that the two will become confused.
2012-05-17 15:26:16 -07:00
Tom Eastep
e086067567
Reverse logic in the installer to allow for Digest::SHA being the default now
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-17 14:29:57 -07:00
Tom Eastep
f5f80d2ccc
Re-arrange enforcement of restrictions on geoip.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-17 13:59:56 -07:00
Tom Eastep
d1519345c4
Add TOC Link to ISO-3661.html; Correct typo in ISO-3661 page.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-17 12:26:02 -07:00
Tom Eastep
3436fbd6ad
Don't use ?INCLUDE in modules files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-17 10:45:12 -07:00
Tom Eastep
d220d3d9d5
Abandon action.GeoIP in favor of extended syntax in the SOURCE and DEST columns.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-17 10:44:02 -07:00
Tom Eastep
6148c909f2
fix multiple ipsets in an imatch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-16 19:52:41 -07:00
Tom Eastep
cc07e74532
Correct typo in TPROXY documentation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-16 15:56:19 -07:00
Tom Eastep
2eb25f3f6a
Correct the grammar in an error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-16 07:52:42 -07:00
Tom Eastep
0673898e85
GeoIP tweaks:
...
- Error if no CC
- switch an 'if' expression to 'unless'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-16 07:52:19 -07:00
Tom Eastep
43d882db2b
Cosmetic cleanup
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-15 16:44:35 -07:00
Tom Eastep
78af118b9a
Quote original list when a translated list is ill-formed.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-15 16:39:46 -07:00
Tom Eastep
85f58d6906
Avoid funny-looking ERROR: messages out of Embedded Perl.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-15 16:38:56 -07:00
Tom Eastep
885830b67c
Correct configure and configure.pl to output SPARSE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-15 12:27:16 -07:00
Tom Eastep
17e25932f0
Fixes for GeoIP
...
- Correct check for valid ACTION
- Add to Shorewall6/actions.std
- Only use geoip once per invocation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-15 11:14:28 -07:00
Tom Eastep
63ae00e4a4
Fix bug in 'interface_is_usable'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-15 06:58:03 -07:00
Tom Eastep
ac2ed505bb
Add GeoIP support
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-14 17:12:46 -07:00
Tom Eastep
926e589414
Exit the tcpost chain if a connection mark is restored
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-14 10:35:42 -07:00
Tom Eastep
9f1c920a39
Don't allow RSTs to be REJECTed
2012-05-14 10:34:11 -07:00
Tom Eastep
9ea233d55f
Split a couple of functions with address-family dependent logic.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-13 15:53:02 -07:00
Tom Eastep
60bde6231a
Improve interface_is_usable()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-13 13:49:59 -07:00
Tom Eastep
3d575a45bd
Re-code interface_is_usable()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-13 11:56:52 -07:00