Commit Graph

3560 Commits

Author SHA1 Message Date
Tom Eastep
05e4049174 Ipset-based blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 16:07:56 -07:00
Tom Eastep
5db6cb1b7d Correct load_ipsets()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-09 16:07:10 -07:00
Tom Eastep
321476fd51 Tweak terminating() implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-08 08:24:57 -07:00
Tom Eastep
bd6b32eb25 Add a progress message for REJECT_ACTION processing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 10:30:54 -07:00
Tom Eastep
4fdf54eca1 Tweak process_reject_action()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 10:02:48 -07:00
Tom Eastep
70bbd21b35 Ensure that the REJECT_ACTION is terminating
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 09:34:38 -07:00
Tom Eastep
87a9b95f73 Catch case where a transformed rule jumps to its own chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 08:58:50 -07:00
Tom Eastep
ecd7261365 Use -g when target is a terminating chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 08:48:36 -07:00
Tom Eastep
293cd1d66a Always go to the reject chain rather than jump to it
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-06 09:14:06 -07:00
Tom Eastep
436b5d89ce Correct comment
- The chain will only exist if logging wasn't specified for the same
  disposition.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-06 08:50:29 -07:00
Tom Eastep
26795cf082 Correct setup of $usedactions{A_REJECT}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-06 08:18:36 -07:00
Tom Eastep
3ac3ae279f Add A_REJECT action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-05 16:38:39 -07:00
Tom Eastep
e9467326f3 Allow allow REJECT to take a parameter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-05 11:20:44 -07:00
Tom Eastep
75df718865 Reword comment in push_action_params()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-04 09:41:28 -07:00
Tom Eastep
ae8e2f70ea Efficiency change to known_interface()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-03 17:34:02 -07:00
Tom Eastep
39f5b77e5f Fix known_interface()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-03 16:31:45 -07:00
Tom Eastep
cb5a2519f3 Keep hyphens in @chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-03 16:30:31 -07:00
Tom Eastep
4151f7c504 Revert change to log_[i]rule_limit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-03 16:29:52 -07:00
Tom Eastep
054837aeea Use the real chain name in log messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-03 13:04:25 -07:00
Tom Eastep
b637d303b9 Correct use of a physical interface name in the hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-02 17:27:20 -07:00
Tom Eastep
0dbf42424d Make physical name a synonym for the correcponding logical name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-02 10:04:05 -07:00
Tom Eastep
f22e8d6d55 Allow physical interface to work in the ecn file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-01 15:10:49 -07:00
Tom Eastep
d98305c6f4 Correct default for MINIUPNOD
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-01 12:20:42 -07:00
Tom Eastep
3cbfdadb32 Merge branch '5.0.7' 2016-04-01 09:46:53 -07:00
Tom Eastep
df1b1f6768 Add MINIUPNPD option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-01 08:57:08 -07:00
Tom Eastep
3881b38e02 Fix similar INTERFACE column issue in the nat and netmap files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-31 14:16:43 -07:00
Tom Eastep
8a8f3b6f59 Merge branch '5.0.7' 2016-03-31 12:55:16 -07:00
Tom Eastep
b9bed00123 Correct handling of a physical name in a masq rule
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-31 12:52:30 -07:00
Tom Eastep
38aa7797c4 Allow protocol and user lists in actions and macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-30 08:34:42 -07:00
Tom Eastep
404540ffe1 Merge branch '5.0.7' 2016-03-30 08:17:19 -07:00
Tom Eastep
dd3c0daa08 Handle inline matches correctly in the mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-29 13:33:47 -07:00
Tom Eastep
4fddfcfba0 More complete fix for inline matches
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-29 13:15:01 -07:00
Tom Eastep
421d5f6043 Move Raw matches to last.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-29 09:31:27 -07:00
Tom Eastep
382ab380a2 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2016-03-29 07:36:49 -07:00
Tuomo Soini
2342c7cd9c Perl/Shorewall/Chains.pm: Fix warning with older perl 2016-03-29 09:58:33 +03:00
Tom Eastep
66ae4975b2 Allow :R with DIVERT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-28 15:52:49 -07:00
Tom Eastep
5b7a9db170 Correct clearing of inline matches
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-28 15:48:59 -07:00
Tom Eastep
ad87d94e33 Small efficiency change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-26 13:12:33 -07:00
Tom Eastep
f86abf9552 Eliminate @columnstack -- simple save the columns array on the call stack.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-22 10:49:40 -07:00
Tom Eastep
9fe1a34412 Tighten up editing of configuration options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-21 12:03:45 -07:00
Tom Eastep
abe533b6e3 Correct the action on ingress filters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-19 13:45:33 -07:00
Tom Eastep
1c3140789c Add stab to ingress qdiscs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-19 13:25:39 -07:00
Tom Eastep
0399a346d0 Replace a silly line of code.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-19 12:05:45 -07:00
Tom Eastep
6ed3861d76 Correct Mangle Action Handling for second visit to the same action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 15:25:52 -07:00
Tom Eastep
7a18847c14 Correct handling of log level in a _DEFAULT setting.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 15:25:14 -07:00
Tom Eastep
273c89a753 Implement MARK and CONNMARK in the rules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 11:42:58 -07:00
Tom Eastep
2bebf1c95a Make '&' and '|' work with CONNMARK
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 11:30:52 -07:00
Tom Eastep
18573037f9 More 'check -r' fixes around Docker
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 11:09:39 -07:00
Tom Eastep
818628138b Add MARK and CONNMARK to the %targets table
- Also, sort the table entries

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 10:21:35 -07:00
Tom Eastep
2adec0eb65 Implement a filename cache for find_file()
- Don't need to search the CONFIG_PATH for re-open of same file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 09:45:41 -07:00