Commit Graph

741 Commits

Author SHA1 Message Date
teastep
1beb8c15aa Generalize the notion of 'exclude list' in the rules file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2503 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-16 00:11:08 +00:00
teastep
dee6d1ad0e Rework fix for bug in exclusion list processing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2499 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-15 20:49:06 +00:00
teastep
a2dca45579 Fix bug in exclusion list processing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2498 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-15 20:25:49 +00:00
teastep
fb9292eb71 Yet another improvement to rules generated for exclusion lists
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2497 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-15 20:21:52 +00:00
teastep
f6565e19a0 More improvements to rules generated for exclusion lists
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2496 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-15 20:16:34 +00:00
teastep
0f7def6c67 Improve rules generated for exclusion lists
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2495 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-15 18:33:51 +00:00
teastep
ef134da4b9 Make -q work with the try command
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2494 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-15 18:30:59 +00:00
teastep
42ee8d0c19 Finally implement exclude lists in rules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2493 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-15 17:35:45 +00:00
teastep
5df7bc0538 Remove sub-zone exclusion feature in preparation for implementing true exclude lists
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2492 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-15 16:04:39 +00:00
teastep
e075e8c3e2 Fix 'Packet type match' availability reporting with PKTTYPE=No
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2491 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-14 19:26:17 +00:00
teastep
999c74bf03 Generate an error when 'norfc1918' is specified for an interface with an RFC 1918 IP address
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2489 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-14 16:45:48 +00:00
teastep
ea1bf1a7c8 Make the calling sequence of 'build_exclusion_chain' more rational
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2488 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-13 21:39:34 +00:00
teastep
daef55a295 Back out ill-advised tcrules portlist patch
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2486 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-12 23:57:35 +00:00
teastep
1625a7c4f3 Allow port lists in tcrules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2484 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-12 22:11:30 +00:00
teastep
370d61970a Add FASTACCEPT option to accept ESTABLISHED/RELATED packets early
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2474 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-11 19:53:07 +00:00
teastep
ed2076a0fc Fix problem with exclusion lists
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2469 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-11 01:40:50 +00:00
teastep
5de0a44eea Modify kernel version patch
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2465 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-08 18:05:22 +00:00
teastep
46210cd6bb Add kernel version information to 'shorewall dump' output
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2462 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-08 17:02:08 +00:00
teastep
41142965a1 Add new macros to the spec file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2461 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-07 18:45:40 +00:00
teastep
68b39a07d9 Update for Shorewall 2.5.1
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2460 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-07 18:37:15 +00:00
teastep
24dc05e6b7 Fix a couple of bugs
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2459 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-07 00:17:29 +00:00
teastep
e2253d6092 Install the Makefile -- Patch by Cristian Rodriquez
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2458 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-06 16:58:18 +00:00
teastep
39ca0828db Infrastructure for Unified Handling of Exclude Lists
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2457 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-05 15:52:03 +00:00
teastep
bba152b119 Don't generate redundant ACCEPT rules for DNAT/REDIRECT/SAME
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2456 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-05 14:13:45 +00:00
teastep
f56e907907 Correct typo in /etc/shorewall/policy; Allow "all+" in SOURCE/DEST in /etc/shorewall/rules to enable intra-zone traffic
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2454 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-04 20:24:23 +00:00
teastep
2b261424d7 Minor tweak to 'dump'; remove the dynamic blacklist in 'forget'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2451 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-03 20:24:55 +00:00
teastep
1b1af2fc65 Remove some dead code and reduce confusion amoung those who read the code (including me)
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2450 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-02 21:06:05 +00:00
teastep
ac1983a5da Large cleanup patch from Tuomo Soini
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2449 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-02 16:46:30 +00:00
teastep
21a7315717 Remove last vestiges of 'nobogons'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2445 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-01 20:43:46 +00:00
teastep
3f748212d6 Globalize shorewall_is_started()
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2443 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-01 20:35:28 +00:00
teastep
c66159abee capitalize 'terminator' variable; duplicate PREROUTING connmark logic in OUTPUT
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2441 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-01 17:17:24 +00:00
teastep
c7cb64e4ee Make a couple of more warnings more emphatic
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2438 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-31 17:15:37 +00:00
teastep
54a5a111a6 Make separate_list handle enclosures in a more general way
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2437 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-31 17:12:04 +00:00
teastep
0a03598d11 Correct anachronistic reference in /etc/shorewall/shorewall.conf
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2436 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-31 16:26:55 +00:00
teastep
0cafde4c74 Correct anachronistic reference in /etc/shorewall/hosts
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2435 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-31 15:07:48 +00:00
teastep
b828793da9 Recombine the 'status' and 'state' commands
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2434 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-30 21:59:12 +00:00
teastep
86f20a374b Little cleanup of release notes and /sbin/shorewall
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2431 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-29 19:06:37 +00:00
teastep
9feb547b6e /sbin/shorewall status rework -- take 2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2430 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-29 18:32:50 +00:00
teastep
48502e75bb Fix 'status' command in /usr/share/shorewall/firewall; try to make release notes clearer
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2429 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-28 20:22:25 +00:00
teastep
989e1e87a5 Fix syntax error in 'help' file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2428 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-28 14:45:59 +00:00
teastep
2a52d3342d Fix Makefile; rename status to dump and create a real status command
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2427 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-28 14:37:56 +00:00
teastep
5f37ce46bf Fix typo which broke use of arping
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2426 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-27 22:41:52 +00:00
teastep
5f58eac0f7 Optimize use of 'arping'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2423 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-27 22:13:25 +00:00
teastep
6c8b63bfe0 Remove dependence on 'which'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2421 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-27 20:30:16 +00:00
teastep
9a42f57a6a Allow 'ipsec' in /etc/shorewall/hosts to work in the presence of dynamic zones
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2419 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-27 17:29:20 +00:00
teastep
03c0415eb5 Fix errors and omissions in shorewall.spec
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2414 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-26 14:22:29 +00:00
teastep
dca0b27564 Fix errors and omissions in shorewall.spec
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2413 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-26 14:09:57 +00:00
teastep
f442002d3b Fix errors and omissions in shorewall.spec
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2412 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-26 14:09:57 +00:00
teastep
2a3353ebe7 Fix errors and omissions in shorewall.spec
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2411 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-26 14:05:23 +00:00
teastep
82e50a632f Fix errors and omissions in shorewall.spec
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2410 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-26 14:02:50 +00:00
teastep
b66929a65e Large merge of function from EXPERIMENTAL to HEAD.
1) Elimination of the "shorewall monitor" command.

2) The /etc/shorewall/ipsec and /etc/shorewall/zones file are combined into
a single /etc/shorewall/zones file. This is done in an upwardly-compatible
way so that current users can continue to use their existing files.

3) Support has been added for the arp_ignore interface option.

4) DROPINVALID has been removed from shorewall.conf. Behavior is as if
DROPINVALID=No was specified.

5) The 'nobogons' option and BOGON_LOG_LEVEL are removed.

6) Error and warning messages have been made easier to spot by using
capitalization (e.g., ERROR: and WARNING:).

7) The /etc/shorewall/policy file now contains a new connection policy and a
policy for ESTABLISHED packets. Useful for users of snort-inline who want to
pass all packets to the QUEUE target.

8) A new 'critical' option has been added to /etc/shorewall/routestopped.
Shorewall insures communication between the firewall and 'critical' hosts
throughout start, restart, stop and clear. Useful for diskless firewall's
with NFS-mounted file systems, LDAP servers, Crossbow, etc.

9) Macros. Macros are very similar to actions but are easier to use, allow
parameter substitution and are more efficient. Almost all of the standard
actions have been converted to macros in the EXPERIMENTAL branch.

10) The default value of ADD_IP_ALIASES in shorewall.conf is changed to No.

11) If you have 'make' installed on your firewall, then when you use
the '-f' option to 'shorewall start' (as happens when you reboot),
if your /etc/shorewall/ directory contains files that were modified
after Shorewall was last restarted then Shorewall is started using
the config files rather than using the saved configuration.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2409 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-25 23:08:09 +00:00
teastep
0d56188e7a Add warning about function use in the 'started' extension script
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2404 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-24 23:44:19 +00:00
teastep
89eaf99906 Pretty up the output of 'show actions'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2403 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-24 16:49:02 +00:00
teastep
aaecd53a29 Add 'shorewall show actions command'
Make it possible for the 'stopped' extension script to save commands in
the 'restore-tail' file by calling 'run_and_save_command' and
'save_command'


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2401 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-24 16:27:21 +00:00
paulgear
d8a471e7b9 Cleaned up additional rules from Debian package. Got rid of versions
and paths in the header comments, since they're just as likely to be
wrong as not.  Changed all service names to port numbers.  eDonkey is a
big one - i wonder whether it isn't too variable for us to consider
providing a default rule.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2395 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-23 03:09:06 +00:00
paulgear
b6649720cb Adding extra actions provided by Debian package
Do not use yet - these need cleaning


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2394 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-22 23:04:36 +00:00
teastep
f3ea3c7edb Avoid annoying 'ipset:not found' message
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2392 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-22 22:24:28 +00:00
teastep
fbabd7d6ef Obviate the need for 'loose'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2389 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-21 19:48:33 +00:00
paulgear
d7f9a22d77 How long have these names been hanging around? :-)
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2381 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-20 03:36:31 +00:00
teastep
ca8e5631d3 Make \!<address> work in the SUBNET column of the masq file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2374 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-20 01:10:28 +00:00
teastep
b0e6e3a893 Given the large number of people shooting themselves in the foot with
poorly-written one-to-one NAT rules, I'm changing the shorewall.conf
file to set ADD_IP_ALIASES=No in shorewall.conf. Hopefully, this will
reduce the amount of whining about routing table modification during
"shorewall [re]start".


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2372 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-19 18:41:05 +00:00
teastep
687704eff2 Add 'loose' provider option; add COPY column to providers file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2370 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 22:40:26 +00:00
teastep
318e204358 Re-implement MACLIST_TTL
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2358 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 22:08:15 +00:00
teastep
c6e3e84352 Disable MACLIST_TTL
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2356 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 16:52:21 +00:00
paulgear
7c0e2c8f77 More disabling until i can get a clean build
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2355 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 11:37:05 +00:00
paulgear
5c01c1e6cd Disabling the Debian-specific stuff until i can get a clean build
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2354 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 06:25:21 +00:00
paulgear
9348d90b3e Correct lintian errors:
E: shorewall: no-template-description shorewall/upgrade_to_14
E: shorewall: unknown-field-in-templates _description
...


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2352 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-16 12:25:14 +00:00
paulgear
44e97f75bb That did not work
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2351 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-16 12:18:32 +00:00
paulgear
794c7919a0 Disabled until i get the autobuild worked out
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2350 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-16 12:17:10 +00:00
paulgear
7ac72d4bb3 Slightly modified versions of Lorenzo's Debian control files for autobuild from CVS
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2349 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-16 11:36:42 +00:00
teastep
1b5ac5c7d3 Make /sbin/shorewall issue a warning whenever startup is disabled
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2348 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-15 20:50:01 +00:00
teastep
57b23fc2ba Update hosts file comments to describe use of ipsets
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2340 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-14 16:31:55 +00:00
paulgear
7d89d6e17e Spelling correction
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2332 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-13 20:27:32 +00:00
teastep
379b58f628 A better patch to avoid blocking DHCP broadcasts during MAC verification
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2330 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-13 15:26:51 +00:00
teastep
ef9d22b647 Avoid blocking DHCP broadcasts during MAC verification
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2327 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-13 14:29:52 +00:00
teastep
d050552a36 Make TCPFLAGS_LOG_LEVEL=ULOG work with iptables-1.3.2.
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2322 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-12 00:42:08 +00:00
teastep
7d924c3b82 A couple of little buglets. 1) detect duplicate tracked interface in providers file; 2) don't permit destination interface in PREROUTING marking rule
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2315 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 23:23:45 +00:00
teastep
d11dc2b58a Apply Cristian's patch for default route after reboot
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2305 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 20:12:49 +00:00
paulgear
13c7bcb6d8 Making sure bogons is still up-to-date. The blank lines make it easier
to drop in contrib/iana_reserved/bogons.body.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2288 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 06:57:12 +00:00
paulgear
92b3ee102f Add appropriate README.txt to all branches
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2272 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 06:46:44 +00:00
paulgear
4f8bbb5866 Copy latest development version from Shorewall2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2269 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 06:13:05 +00:00
paulgear
9b865953a3 Missed a few files on the 2.4 branch copy
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2265 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 05:56:22 +00:00
paulgear
2a19eb8a5a Copy latest 2.4 version from Shorewall2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2264 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 05:55:29 +00:00
paulgear
90dd62e89e Copy latest 2.2 version from STABLE2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2263 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 05:45:05 +00:00
paulgear
921a7223d4 Copy latest 2.0 code from STABLE2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2262 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 04:45:32 +00:00
teastep
ccd528ec8c Shorewall 1.4.10d +
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1216 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-03-20 15:40:06 +00:00
teastep
d711731678 Fix multiple excluded zone handling in DNAT/REDIRECT
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1181 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-03-04 15:24:59 +00:00
teastep
7f19ec0c73 Fix another masq file bug
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1131 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-02-09 20:46:22 +00:00
teastep
76c135e123 Shorewall-1.4.10a
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1129 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-02-08 20:36:46 +00:00
teastep
6ae5a4eb93 Fix problem in masq file parsing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1124 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-02-05 20:19:29 +00:00
teastep
97ea8c60d7 Fix problem in masq file parsing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1123 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-02-05 20:13:24 +00:00
teastep
afee989ee5 Shorewall 1.4.10
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1099 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-31 03:24:02 +00:00
teastep
f67cb1eab8 Fix PROTO fix fix
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1098 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-29 23:29:50 +00:00
teastep
304a502d38 Fix PROTO fix
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1097 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-29 23:24:30 +00:00
teastep
76b5918a13 Fix handling of 'all' or '-' in the PROTO column of an action file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1096 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-29 19:11:51 +00:00
teastep
d116d04fb8 Don't add broadcasts to /0 groups
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1095 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-28 00:52:03 +00:00
teastep
a57c778928 Shorewall 1.4.10 RC3
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1094 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-27 23:39:45 +00:00
teastep
b4d0cbd1b1 Don't feed the smurfs
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1093 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-27 22:33:32 +00:00
teastep
3a82d46762 1.4.10 RC2 and fixes for broadcast rejects, ratelimiting and CONTINUE rules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1092 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-27 21:16:07 +00:00
teastep
2e80e459bb RC1 and 'detectnets' option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1089 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-23 23:48:30 +00:00
teastep
22df211052 Applied Fr�d�ric LESPEZ's patch for packet marking by user/group id
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1088 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-22 20:24:56 +00:00
teastep
58ac5fd852 Correct messages generated out of setup_masq()
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1087 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-22 16:59:40 +00:00
teastep
c07e450d5a Refine masq destination list code
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1086 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-22 03:27:03 +00:00
teastep
d362f734d9 Destination exclude list in masq file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1085 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-22 02:06:56 +00:00
teastep
f22dff0fca Shorewall 1.4.9
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1078 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-13 20:54:58 +00:00
teastep
252eaec29a Minor updates for 1.4.9
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1071 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-09 20:20:43 +00:00
teastep
5338cb48b0 Minor updates for 1.4.9
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1070 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-09 20:18:40 +00:00
teastep
8599101182 Shorewall 1.4.9 Beta 2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1018 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-29 00:37:09 +00:00
teastep
0c6299465d Fix SNAT handling in DNAT rules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@869 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-16 21:52:37 +00:00
teastep
dab17d0783 Update release notes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@822 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-10 15:27:07 +00:00
teastep
795c791669 Remove backquotes from commands in shorewall.conf
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@812 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-08 18:42:25 +00:00
teastep
eeede7f415 Shorewall 1.4.9 Beta 1
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@811 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-08 01:01:29 +00:00
teastep
f3fb164a7b Shorewall 1.4.9 Beta 1
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@810 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-07 23:28:48 +00:00
teastep
9763f0caf3 Allow actions to be used in other actions
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@809 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-07 18:15:55 +00:00
teastep
7a7597466d Clean up Action Change
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@806 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-05 20:34:01 +00:00
teastep
94d91cafa4 Clean up Action Change
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@805 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-05 19:19:08 +00:00
teastep
38ae0154ff Improve release notes 'uname' advise
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@803 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-04 18:52:19 +00:00
teastep
90263f43af Add user-defined Actions
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@801 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-04 02:01:08 +00:00
teastep
5466a7f35b Add MODULE_SUFFIX option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@799 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-01 18:37:41 +00:00
teastep
baa82a4697 Add MODULE_SUFFIX option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@798 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-01 18:30:28 +00:00
teastep
380b8e2ce8 Add MODULE_SUFFIX option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@797 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-01 16:10:08 +00:00
teastep
f9c596a465 Reword desciption of NEWNOTSYN
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@793 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-11-28 17:39:53 +00:00
teastep
9fde389c31 Log 'norfc1918'
packets out of 'rfc1918' chains


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@792 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-11-27 18:39:11 +00:00
teastep
a3eaa7f9af Rework ip_forward handling; update release file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@791 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-11-27 18:24:57 +00:00
teastep
64bd2c9035 One-to-one NAT and updated common.def
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@790 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-11-24 19:08:43 +00:00
teastep
04372ad48c Shorewall-1.4.8
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@787 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-11-08 04:19:13 +00:00
teastep
80981e802e Fix NONE policy validation and 'routeback' for wildcard interfaces
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@786 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-11-08 02:38:30 +00:00
teastep
e147813da0 Shorewall-1.4.8-RC1
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@785 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-11-01 18:16:39 +00:00
teastep
306ca3718f Correct handling of broadcast addresses in MAC verification
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@784 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-31 15:30:07 +00:00
teastep
c334e92103 Shorewall 1.4.8-RC1
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@783 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-31 15:29:30 +00:00
teastep
f046ea3ab1 Fix route filtering
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@782 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-30 15:42:45 +00:00
teastep
ee51d49233 Correct Debian lockfile usage comment in shorewall.conf
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@781 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-27 22:36:22 +00:00
teastep
0f72f92c48 Another fix for <zone>_frwd chains
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@780 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-26 16:22:01 +00:00
teastep
e46c76253c Expand chain naming
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@778 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-25 00:55:58 +00:00
teastep
5448a9cc38 Expand chain naming
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@777 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-25 00:54:01 +00:00
teastep
20a23dc925 Re-add optimization for complex zones
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@771 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-19 14:57:48 +00:00
teastep
1fd0345510 Re-add optimization for complex zones
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@769 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-15 18:34:05 +00:00
teastep
ff2b9ce193 Remove 'complex zone' optimization
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@768 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-15 18:17:23 +00:00
teastep
84486d9115 Added BLACKLISTNEWONLY
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@766 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-11 16:13:52 +00:00
teastep
67ad01a56f Added BLACKLISTNEWONLY
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@765 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-11 16:06:00 +00:00
teastep
55ddfb8c78 Fix error handling after 'Unable to determine the routes...'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@764 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-10 03:00:26 +00:00
teastep
97825f937c Clean up QUEUE target code
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@763 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-09 22:33:44 +00:00
teastep
c80dacd86a p2pwall integration
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@762 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-09 21:26:08 +00:00
teastep
3d7df0dd62 Correct icmp fix
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@761 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-08 18:45:26 +00:00
teastep
5b54d21d07 Don't use multiport match on ICMP
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@760 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-08 15:07:18 +00:00
teastep
9a51cb0b60 Merge Tuomo Soini's fix for /bin/ash
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@758 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-08 14:53:26 +00:00
teastep
acad75f82f Shorewall 1.4.7
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@755 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-06 22:30:46 +00:00
teastep
8c4ccaed9a RC3
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@754 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-06 21:11:34 +00:00
teastep
f30faa416f Fix user/group name and qualified destination
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@752 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-03 14:39:34 +00:00
teastep
1003cd5590 Update RFC1918 to reflect recent IANA allocations
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@751 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-02 15:07:35 +00:00