Commit Graph

83 Commits

Author SHA1 Message Date
Tom Eastep
542f279544 Don't allow a source interface in a DNAT/REDIRECT rule with source == firewall
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-01 10:01:08 -07:00
Tom Eastep
5c176c64b7 Add an ORIGINAL DEST column to /etc/shorewall/masq
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-29 15:32:01 -07:00
Tom Eastep
eb03168685 Cleanup of process_rules1() breakup
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-31 15:32:16 -07:00
Tom Eastep
e88c2c8cd3 Move rules file nat handling to the Nat module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-30 09:01:24 -07:00
Tom Eastep
d904a2de86 Search and destroy trailing whitespace
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-24 14:52:57 -07:00
Tom Eastep
24e2fe4a04 Make options argument to read_a_line manditory
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-14 08:04:28 -07:00
Tom Eastep
6e089fb0e2 Require the correct PROTO to use a port range in the ADDRESS column of masq
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-18 11:21:53 -07:00
Tom Eastep
7273f4d8d4 Implement run-time gateway variables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-23 13:36:00 -08:00
Tom Eastep
59fea1a05d Add a SWITCH column to /etc/shorewall/masq
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-18 08:17:14 -08:00
Tom Eastep
3afd6a3ad3 Correct proto column of the netmap file 2011-10-08 18:20:47 -07:00
Tom Eastep
b5963c6783 Fix alternate nat handling 2011-10-08 17:01:18 -07:00
Tom Eastep
f6092ee52d Eliminate the maxcolumns argument to the split_line functions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-01 11:39:12 -07:00
Tom Eastep
072f4752fc Get rid of minimum column requirement
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-01 09:56:25 -07:00
Tom Eastep
9a4dfc4394 Implement an alternate way of specifying column contents.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-09-25 17:08:53 -07:00
Tom Eastep
7978993d2b Validate NET2 in IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-09-20 16:24:39 -07:00
Tom Eastep
fd1e996fb1 Correct call to dest_iexclusion()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-09-19 08:28:29 -07:00
Tom Eastep
e01276225c Correct port order in the netmap file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-09-19 06:17:02 -07:00
Tom Eastep
c2bcb08483 Add 'i' versions of exclusion functions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-09-18 14:12:22 -07:00
Tom Eastep
95a83f7fdf Allow exclusion in the netmap file's NET1 column 2011-09-17 09:20:15 -07:00
Tom Eastep
e1afc645ba Allow IPv6 stateless NAT (undocumented)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-09-14 08:24:44 -07:00
Tom Eastep
77ca62835f Add PROTO and PORTS columns to netmap 2011-09-05 12:33:42 -07:00
Tom Eastep
e5886abed1 Take care of oversights in the Stateless NAT implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-08-16 14:10:07 -07:00
Tom Eastep
0b2a8b12c7 Implement Stateless NAT support.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-08-14 12:01:17 -07:00
Tom Eastep
71480ff647 Validate nets in the netmap file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-08-13 15:59:42 -07:00
Tom Eastep
ca655a6f52 Use add_ijump for all jump 'irules'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-20 07:30:49 -07:00
Tom Eastep
12b5aa687b More conversion to new rule interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-19 11:58:10 -07:00
Tom Eastep
58de3dd3c1 Fix :persistent and :random in /etc/shorewall/masq
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-18 15:35:07 -07:00
Tom Eastep
d1b8d7b953 Make perl modules version-neutral
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-10 15:10:27 -07:00
Tom Eastep
c264aaae6b Update module versions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 07:41:26 -07:00
Tom Eastep
9ab901927f Use supplied() where appropriate
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 16:14:31 -07:00
Tom Eastep
15e9e3182d Update copyrights
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 10:06:56 -07:00
Tom Eastep
05e385a748 Only use 'our' when required 2011-05-14 13:21:31 -07:00
Tom Eastep
1bcba8bbc7 Update version of changed Perl modules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-19 10:02:29 -07:00
Tom Eastep
96af7bfed6 Fix the prior commit 2011-04-13 17:56:15 -07:00
Tom Eastep
9008cd960c Fix a silly masq bug 2011-04-13 17:01:22 -07:00
Tom Eastep
7555a0953d Add conditional logic for optional run-time address variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-01-29 12:15:34 -08:00
Tom Eastep
7421a679ba Bump version of the Nat module 2011-01-28 16:46:36 -08:00
Tom Eastep
f3aedcf805 Allow runtime address variables in the ADDRESS column of the masq file 2011-01-28 16:32:53 -08:00
Tom Eastep
68f537ac5b Bypass processing logic when an optional config file is absent.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 10:48:44 -07:00
Tom Eastep
1da6d51d1a Reduce the Beta3 patch footprint by making the second arg to known_interface() optional 2010-08-30 16:43:30 -07:00
Tom Eastep
57c54af6ed Re-implement optional interface handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-29 12:32:44 -07:00
Tom Eastep
12f48e1b97 Don't pass '-j' in target arg to expand_rule()
- use the target to locate chain for reference tracking

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-26 10:37:07 -07:00
Tom Eastep
d997ef1653 First cut at IPSEC support in the accounting file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-19 11:46:26 -07:00
Tom Eastep
312624cef5 Fix NET3 bug (netmap) 2010-07-04 15:58:37 -07:00
Tom Eastep
7689831cd7 Minor cleanup of 4.4.11 Beta 3.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-04 09:29:16 -07:00
Tom Eastep
d58127e51c Allow networks to be specified in a NETMAP rule 2010-06-12 13:50:58 -07:00
Tom Eastep
65a5d34276 Update Module Versions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 12:46:29 -07:00
Tom Eastep
c7848be266 Back out the rest of the original change for dup / -[psiod]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 09:59:25 -07:00
Tom Eastep
219b2e0761 A more comprehensive solution to multiple -[piosd] matches.
- eliminate duplicate -[piosd] matches in merged rules
- avoid tracing !* unconditionally

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 07:26:25 -07:00
Tom Eastep
988f7c4d7e More fixes for bad NAT optimization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:50:18 -07:00