Tom Eastep
7aa33c140d
Add an AutoBL action with helper AutoBLL
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-17 10:19:18 -07:00
Tom Eastep
d6d0cad2f9
Add 'show event[s]' to manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 10:37:27 -07:00
Tom Eastep
282bf0a78c
Allow Events with Shorewall6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 09:45:41 -07:00
Tom Eastep
71bcd11ab6
Make ?...shell/perl directives case insensitive
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-20 10:39:39 -07:00
Tom Eastep
4bd35a0b93
Allow 'routeback=0'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-16 08:37:53 -07:00
Tom Eastep
53f1cd40df
Add 'unmanaged' option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-10 12:36:18 -07:00
Tom Eastep
a48a4b7a2e
Don't allow fowarding between local zones.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-28 06:14:44 -07:00
Tom Eastep
2de0fbf7d0
Change 'local' to 'loopback' and add 'local' zones that match non-loopback interfaces.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-26 14:06:51 -07:00
Tom Eastep
fd11eb7d82
Omit fw->fw jumps when there is a local zone.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-22 09:19:34 -07:00
Tom Eastep
ac02c484f5
Change 'local' interface option to a zone type.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-19 15:35:20 -07:00
Tom Eastep
b38f1416aa
Mention "all+' in the "Important" notes at the top
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-13 13:41:12 -07:00
Tom Eastep
c8133145e6
Add support for "all+" in the policy file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-13 09:01:12 -07:00
Tom Eastep
e3d9b2762d
Add 'destonly' and 'local' to the interface manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-12 12:48:58 -07:00
Tom Eastep
7215b61aa4
Document changes introduced by Mr-4.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-07 10:16:38 -07:00
Tom Eastep
577db69719
Support conditional compilation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-07 09:36:02 -07:00
Roberto C. Sanchez
a0228e9d3b
Fix typos in manpages
2013-05-03 12:19:45 -04:00
Tom Eastep
8bb03a741d
Update blrules manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-24 08:17:10 -07:00
Tom Eastep
f543c3bd1e
Finish Mr-4's NFACCT patch
...
- Correct indentation
- Remove '$type' argument to split_nfacct_list
- Update manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-23 06:55:30 -07:00
Tom Eastep
5ad69aa650
Add CHAIN_SCRIPTS option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-21 07:30:31 -07:00
Tom Eastep
a56dcc745d
Clarify <chain>:COUNT in the accounting files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-20 17:11:46 -07:00
Tom Eastep
1b9fd642bb
Add INLINE to the accounting file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-20 08:02:02 -07:00
Tom Eastep
1fd62e1612
Restore order in the NFACCT target.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 11:11:37 -07:00
Tom Eastep
6c2679ce75
Allow incrementing an nfacct object when an ipset matches.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 10:44:57 -07:00
Tom Eastep
91c4dd2e56
Document multiple nfacct objects in one rule.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 06:38:02 -07:00
Tom Eastep
8ef11a376b
Document 'HELPERS=none'.
...
- Also make 'check -u' work correctly regarding HELPERS=
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-18 11:30:47 -07:00
Tom Eastep
ef01748dc9
Update manpages for INLINE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-17 07:34:00 -07:00
Tom Eastep
beec4a188f
Implement INLINE action (again).
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 09:15:59 -07:00
Tom Eastep
50494f667c
Implement INLINE action
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-08 17:30:00 -07:00
Tom Eastep
efebda76d2
Improve the description of 'accept_ra' in shorewall6-interfaces(5)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-01 14:25:49 -07:00
Tom Eastep
d415de1883
Add the accept_ra Shorewall6 interface option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-30 16:44:18 -07:00
Tom Eastep
b5ea4067e4
Implement USE_RT_NAMES
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-24 10:56:38 -07:00
Tom Eastep
1e866eac28
Implement the other forms of NULL routing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-16 08:20:52 -07:00
Tom Eastep
fe6533943c
Correct 'routes' manpages.
...
- change 4.5.15 with 4.5.14 for the availability of blackhole routes
- Add 'main' to the legal providers.
2013-03-08 08:26:08 -08:00
Tom Eastep
06e7f297f7
Allow addition of blackhole routes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 11:48:09 -08:00
Tom Eastep
631c1ac843
Mention the multiport match requirement for '='
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-04 12:53:00 -08:00
Tom Eastep
49918b654e
Support '=' in SOURCE PORT(S) columns
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-04 09:56:10 -08:00
Tom Eastep
8960f72532
Handle DNAT with no port correctly.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-01 07:58:58 -08:00
Tom Eastep
252dd9b676
Correct SUBSYSLOCK setting in shorewall6.conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-28 07:45:17 -08:00
Tom Eastep
418034579f
Support IPv6 Masquerade
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-27 09:25:26 -08:00
Tom Eastep
7006c62892
Correct port pair handling in the snat ADDRESS column.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-25 15:31:36 -08:00
Tom Eastep
0349a9a88c
Rename the IPv6 masq file 'snat'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-19 13:05:24 -08:00
Tom Eastep
524d6242b0
More SNAT/DNAT manpage updates
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-19 12:42:09 -08:00
Tom Eastep
b562f7f311
Allow specification of destination addresses in Shorewall6 masq.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-19 08:34:03 -08:00
Tom Eastep
ce28c70c60
SNAT and DNAT support for IPv6.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-19 07:08:08 -08:00
Tom Eastep
010c44d07a
Correct description of the 'sourceroute' interface option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-18 11:33:19 -08:00
Tom Eastep
e486c16513
Correct all configpath files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-14 15:10:21 -08:00
Tom Eastep
f44becdee1
Rename BLACKLIST_LOGLEVEL to BLACKLIST_LOG_LEVEL for consistent naming.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-12 07:47:02 -08:00
Tom Eastep
aae6e001fe
Convert dropInvalid and allowInvalid to inline actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-07 11:21:13 -08:00
Tom Eastep
aa528dd075
Revert "Convert allowInvalid and dropInvalid into macros"
...
This reverts commit 272e1d330c
.
2013-02-07 09:09:56 -08:00
Tom Eastep
272e1d330c
Convert allowInvalid and dropInvalid into macros
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-06 09:54:12 -08:00
Tom Eastep
61c219ed3a
Clarify the CHAIN column in the accounting manpage. Also mention ipset support.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 08:00:24 -08:00
Tom Eastep
0616dd9fcb
Add 'New' action for conntrack state NEW
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 09:33:24 -08:00
Tom Eastep
c68d4c6e27
Simplify Perl from actions even further.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 15:55:39 -08:00
Tom Eastep
9f82d82a92
Update Shorewall6 actions.std
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 12:59:24 -08:00
Evangelos Foutras
c9247c8074
Remove Arch Linux init file
...
Arch Linux only supports systemd now.
Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 10:13:54 -08:00
Tom Eastep
f407068d20
Update shorewall[6]-actions(5) regarding inline for some standard actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 08:27:30 -08:00
Tom Eastep
fc73c3934b
Replace BLACKLISTNEWONLY with BLACKLIST
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 08:00:47 -08:00
Tom Eastep
6b889e537f
Correct typo in the actions.std files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 12:07:04 -08:00
Tom Eastep
519861d7b2
Add CONTINUE as a possible setting for RELATED_DISPOSITION.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:58:03 -08:00
Tom Eastep
f7bdb71aad
Add an Established action.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 15:40:53 -08:00
Tom Eastep
69b660ba56
Add Related and Untracked actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-26 09:45:16 -08:00
Tom Eastep
c958329d14
More manpage updates for RELATED and UNTRACKED rules sections.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 19:24:01 -08:00
Tom Eastep
575673a8f5
Correct broken links in the .conf manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 15:42:20 -08:00
Tom Eastep
6403f4959d
Implement UNTRACKED SECTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 15:42:01 -08:00
Tom Eastep
c2bc74cdfe
Add INVALID section to the rules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 08:33:59 -08:00
Tom Eastep
a03e793907
Added OUT-BANDWIDTH to the tcinterfaces column
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-22 16:33:57 -08:00
Tom Eastep
17eae4adee
Update the description of BLACKLISTNEWONLY to match the implementation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-22 09:11:15 -08:00
Tom Eastep
b5cb27e84e
Correct .service files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-20 15:15:46 -08:00
Tom Eastep
89a09f0256
Implement DEFER_DNS_RESOLUTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-13 17:00:14 -08:00
Tom Eastep
f41b2fbffc
Clarify the LENGTH column of the tcrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-09 16:22:38 -08:00
Tom Eastep
414a74d23c
Support protocol lists in most files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 16:06:54 -08:00
Tom Eastep
d4c9885c09
Change interpretation of the log tag when LOGTAGONLY=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-06 13:10:18 -08:00
Tom Eastep
f955abe18b
Unify IPv4 and IPv6 modules.xtables files
...
- only difference now is xt_ipp2p
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-01 08:44:36 -08:00
Tom Eastep
25b2341ecf
Add sch_fq_codel to modules.tc
...
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-01 08:29:41 -08:00
Tom Eastep
4590e25052
Correct modules.xtables
...
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2012-12-31 08:54:32 -08:00
Tom Eastep
115081dda5
Tweak fq_codel documentation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 11:20:16 -08:00
Tom Eastep
6d9cca1cff
fq_codel
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 10:58:11 -08:00
Tom Eastep
ebe4267c49
Rename IGNOREOLDCAPVERSIONS to WARNOLDCAPVERSION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:58:45 -08:00
Tom Eastep
f96bc7cc2d
Cosmetic cleanup of the .conf manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:01:37 -08:00
Tom Eastep
8bb6f81dc5
Rename IGNOREOLDCAPS to IGNOREOLDCAPVERSIONS
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 08:54:22 -08:00
Tom Eastep
01a8ff20d4
Add the xtables modules to modules.xtables
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 16:06:54 -08:00
Tom Eastep
ef0102e9f1
Add the 'IGNOREOLDCAPS' option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 15:48:08 -08:00
Tom Eastep
4d2379f542
Implement update -D
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-23 10:50:31 -08:00
Tom Eastep
c9eccaf3b8
Implement ?COMMENT directive
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-23 10:49:32 -08:00
Tom Eastep
96b61ea05c
Update documentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-21 16:13:23 -08:00
Tom Eastep
dbd55acba2
Update samples, standard Actions and Macros to use ?FORMAT
2012-12-21 15:51:14 -08:00
Tom Eastep
1cbeaa6a9f
Apply Tuomo Soini's tabs patches for the rules files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-13 09:26:09 -08:00
Tom Eastep
8a0abab4cc
Rename 'ALLOWUNKNOWNVARIABLES' to 'IGNOREUNKNOWNVARIABLES'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-12 11:51:31 -08:00
Tom Eastep
88d4814209
Merge branch '4.5.10'
...
Conflicts:
Shorewall/Perl/Shorewall/Config.pm
2012-12-08 20:54:33 -08:00
Tom Eastep
4d064d6713
Replace spaces with tabs in rules files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-07 16:48:55 -08:00
Tom Eastep
56d7b6248b
Begin Action Documentaiton Update
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-05 19:07:42 -08:00
Tom Eastep
02cbd72a91
Merge branch '4.5.10'
2012-12-04 10:56:09 -08:00
Tom Eastep
60012d1208
Add additional space for the OPTIONS column
...
- actions and actions.std problem
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 10:54:32 -08:00
Tom Eastep
903e25a91a
Add ALLOWUNKNOWNVARIABLES to the sample configurations.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 09:04:34 -08:00
Tom Eastep
8f1e8bf475
Add 'ALLOWUNKNOWNVARIABLES' to the manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 08:50:23 -08:00
Tom Eastep
cd5e9be467
Carefully suppress duplicate rules in all tables
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-02 12:20:24 -08:00
Tom Eastep
cc657e571d
Update action templates with new columns.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 10:25:10 -08:00
Tom Eastep
f358a78eca
Revise the description of 'noinline' to match the changed implementation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 09:33:38 -08:00
Tom Eastep
8cbe26e32c
Ignore 'inline' for certain actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 07:54:42 -08:00
Tom Eastep
15121e0743
Also substitute the chain name for '@0' in SWITCH names.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-29 08:05:49 -08:00
Tom Eastep
9c0d8a2533
Use '@{0}' as the chain name surrogate in SWITCH columns
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-29 07:17:13 -08:00
Tom Eastep
bff91cd325
Allow overriding 'inline' on some standard actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-28 15:03:08 -08:00
Tom Eastep
8006d150f1
Allow switch initialization.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-27 16:17:43 -08:00
Tom Eastep
d7096ae52e
Back out default-action macros and document in-line actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-27 10:53:18 -08:00
Tom Eastep
6bf996d4b8
Implement inline actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-27 10:32:48 -08:00
Tom Eastep
7673b1ac4b
Support multiple parameters in macros.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 11:04:19 -08:00
Tom Eastep
fc87576005
Back out silly change for output interfaces in the conntrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 09:47:42 -08:00
Tom Eastep
21c2963691
Correct Format-3 syntax for the SOURCE column of the conntrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 07:48:43 -08:00
Tom Eastep
fb3194d96b
Correct handling of default-action macro when specified as "macro.Name"
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 10:16:43 -08:00
Tom Eastep
629717f7cc
Correct policy manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 09:33:46 -08:00
Tom Eastep
8c2db40783
Correct errors in the conntrack manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 08:52:51 -08:00
Tom Eastep
dbfc805707
Add 'IU' state in secmarks
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 08:10:53 -08:00
Tom Eastep
748d532175
Correct the explaination of ULOG and NFLOG in the manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-24 09:11:28 -08:00
Tom Eastep
30de211bda
Implement format-3 conntrack files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 20:56:56 -08:00
Tom Eastep
47ef3db53c
Add SWITCH column to sample IPv6 conntrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 09:10:30 -08:00
Tom Eastep
8a744de906
Document semantic change to 'all' handling in the conntrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 09:10:07 -08:00
Tom Eastep
059095e366
Corrected shorewall6-rules(8)
...
- delete A_ACCEPT+
- correct a typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 09:09:35 -08:00
Tom Eastep
df7ce1a7d1
Add the AUDIT built-in and delete the Audit action.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 08:24:33 -08:00
Tom Eastep
3040156981
Add SWITCH column to the conntrack file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 14:20:56 -08:00
Tom Eastep
952aed225d
Improve handling of 'all' in the conntrack file.
...
- Also added 'all-' to represent all off-firewall zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 13:07:01 -08:00
Tom Eastep
7bfbf522bc
Document that parameters are allowed in default actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 11:12:55 -08:00
Tom Eastep
3b20c0db54
Allow Macros to be used as Default Actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-19 16:52:10 -08:00
Tom Eastep
be587726f4
Merge branch '4.5.9'
2012-11-19 08:22:05 -08:00
Tom Eastep
60a509c926
Add new macros and alphabetize the ACTION list in the rules manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-19 08:19:12 -08:00
Tom Eastep
37779038da
More expunging of USE_ACTIONS
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 20:54:24 -08:00
Tom Eastep
9dac330756
Remove references to USE_ACTIONS
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 13:13:20 -08:00
Tom Eastep
dfd02c932e
Correct typo in shorewall(8) and shorewall6(8).
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 13:12:03 -08:00
Tom Eastep
c6ffdd67e2
Add DROP target to the conntrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 11:35:40 -08:00
Tom Eastep
5265cd5bb7
Add UNTRACKED match to the secmarks file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 11:01:49 -08:00
Tom Eastep
ab381ed95e
Expand the description of enable/disable on optional non-provider interfaces.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 09:01:38 -08:00
Tom Eastep
0277d6628e
Correct typo in shorewall(8) and shorewall6(8).
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 08:30:47 -08:00
Tom Eastep
a2b14c37ed
Treat optional interfaces as pseudo-providers.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-16 09:48:21 -08:00
Tom Eastep
86ae74005a
Correct invalid information in shorewall[6]-tcclasses.
...
- Delete part about an interface only appearing once.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-29 12:46:58 -07:00
Tom Eastep
e908473d29
Clean up description of CHECKSUM in the manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-26 11:22:54 -07:00
Tom Eastep
e177916c12
Implement statistical marking in the tcrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-26 07:10:26 -07:00
Tom Eastep
0387b16983
Implement CHECKSUM action in the tcrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-22 15:42:13 -07:00
Tom Eastep
f24e194819
Don't display chains with no matched entries when -b
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-22 14:15:37 -07:00
Paul Gear
cf68379c4c
Document brief option for show command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-20 07:11:56 -07:00
Paul Gear
6c06302d2a
Make formatting of interface options consistent
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-20 07:11:48 -07:00
Tom Eastep
cc90a06958
Add RESTORE_ROUTEMARKS option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-11 07:34:57 -07:00
Tom Eastep
1195661264
Document new Dynamic Zone implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 12:20:36 -07:00
Tom Eastep
92d39dc56d
Expunge the g_perllib variable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-01 06:59:39 -07:00
Tom Eastep
a8e9296473
Expunge the g_sbindir variable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-01 06:55:48 -07:00
Tom Eastep
749e239d15
Expunge the g_libexec variable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-01 06:51:36 -07:00
Togan Muftuoglu
58e277f48b
Systemd service files usrmove
...
On 09/24/2012 10:19 PM, Tom Eastep wrote:
> On 09/24/2012 02:31 AM, Jonathan Underwood wrote:
>> Such a change is something I've been meaning to submit a (trivial) patch
>> for - from a fedora perspective this would be a welcome change.
>
> Okay -- if one of you would send me a patch, I'll apply it. 4.5.8 is
> about to be released, so I would like the patch ASAP if you want it
> included in 4.5.8.
Hope not late and it works, see attached
Togan
>From 3ec45217b6ac93437d002315c56a1b3354160ff2 Mon Sep 17 00:00:00 2001
From: Togan Muftuoglu <toganm@opensuse.org>
Date: Sun, 23 Sep 2012 14:26:07 +0200
Subject: [PATCH] Fix sbin
The service files need to be executed from /usr/sbin not from /sbin
Signed-off-by: Togan Muftuoglu <toganm@opensuse.org>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 14:03:55 -07:00
Tom Eastep
86c35339cd
Merge branch '4.5.8'
2012-09-23 07:07:37 -07:00
Tom Eastep
f23fb1535d
Correct PPTP control port number in conntrack files (1729->1723).
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 07:04:43 -07:00
Tom Eastep
607c93125c
Don't unconditionally detect helpers when LOAD_HELPERS_ONLY=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
Conflicts:
docs/Internals.xml
2012-09-23 06:55:00 -07:00
Tom Eastep
2d01af8256
Correct typos (omma -> comma) in the stoppedrules manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 06:52:32 -07:00
Tom Eastep
9dd5f73581
Replace IPv4 addresses in shorewall6-stoppedrules(5)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 06:52:26 -07:00
Tom Eastep
83d3d04afb
Correct typos (omma -> comma) in the stoppedrules manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 06:51:56 -07:00
Tom Eastep
693c573fc3
Replace IPv4 addresses in shorewall6-stoppedrules(5)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 06:46:50 -07:00
Tom Eastep
88caf5c9df
Correct header in the STOPPEDRULES files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-22 11:51:23 -07:00
Tom Eastep
32f89fa24b
Don't unconditionally detect helpers when LOAD_HELPERS_ONLY=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-22 09:27:13 -07:00
Tom Eastep
af5eb575c2
Add tcfilter example with PRIORITY
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-21 07:40:33 -07:00
Tom Eastep
e14f5e5199
Swicth from postincrement to preincrement when bumping 'filterpri'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-17 10:46:31 -07:00
Tom Eastep
0400cedc6c
More TC manpage updates
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-14 08:01:08 -07:00
Tom Eastep
a581958042
Document filter priority algorithm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 16:31:39 -07:00
Tom Eastep
14073e8943
Change TOS priority offset from 10 to 15
...
- Make it distinct from tcp-ack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 08:25:05 -07:00
Tom Eastep
e02906e4f9
Add TOS to classification priority enumeration
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 07:46:52 -07:00
Tom Eastep
75953a87cb
Optional priority on hfsc classes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 13:39:54 -07:00
Tom Eastep
e431d5ab53
Document changes to filter priorities
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 17:12:59 -07:00
Tom Eastep
f6e3107c00
Redefine tc filter priorities
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 10:03:16 -07:00
Tom Eastep
9d6e0fd9ed
Add a PRIORITY column to the tcfilters file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 14:48:32 -07:00
Tom Eastep
5c62bf297a
Document multiple GID/UIDs in the USER/GROUP column
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 08:18:25 -07:00
Tom Eastep
6aaf06c2e8
Add stoppedrules files to the samples
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 09:06:45 -07:00
Tom Eastep
2050d566b8
Handle PRODUCT correctly at run-time.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 07:36:47 -07:00
Tom Eastep
bdd66e68c9
Have separate hashes for the two shorewallrc files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 20:09:20 -07:00
Tom Eastep
afd9875d3a
Update Manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 10:52:22 -07:00
Tom Eastep
8e5bd3637d
Implement stoppedrules file (less manpages)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 08:44:03 -07:00
Tom Eastep
34ee00a986
Document the <directory> argument to the 'try' command.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 10:53:35 -07:00
Tom Eastep
303dc65d13
Merge branch '4.5.7'
2012-08-28 11:46:04 -07:00
Tom Eastep
d838cf41bf
Allow TTL and HL in the PREROUTING chain.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-28 11:45:32 -07:00
Togan Muftuoglu
1a324fa37f
Suse specific patches
...
Hi Tom,
I have been patching shorewall packages for the opensuse releases, but I
guess it is better to send them to you . the upstream so it gets
incorporated into shorewall itself and I do not have to patch it ;)
I believe I have incorparted most of my patches in to this one. If you
can review them and if appropriate apply them that would be great
Thanks
Togan
>From 6072c08de753e7d1cc31bb758295dee198197e41 Mon Sep 17 00:00:00 2001
From: Togan Muftuoglu <toganm@opensuse.org>
Date: Fri, 24 Aug 2012 13:17:12 +0200
Subject: [PATCH] suse-specific
Signed-off-by: Togan Muftuoglu <toganm@opensuse.org>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-25 08:45:57 -07:00
Tom Eastep
b45d15eec6
Revert "Apply Togan Muftuoglu's SuSE-specific init patches"
...
This reverts commit 2412998b57
.
2012-08-25 08:45:18 -07:00
Togan Muftuoglu
906795a4d7
Suse specific patches
...
Hi Tom,
I have been patching shorewall packages for the opensuse releases, but I
guess it is better to send them to you . the upstream so it gets
incorporated into shorewall itself and I do not have to patch it ;)
I believe I have incorparted most of my patches in to this one. If you
can review them and if appropriate apply them that would be great
Thanks
Togan
>From 6072c08de753e7d1cc31bb758295dee198197e41 Mon Sep 17 00:00:00 2001
From: Togan Muftuoglu <toganm@opensuse.org>
Date: Fri, 24 Aug 2012 13:17:12 +0200
Subject: [PATCH] suse-specific
Signed-off-by: Togan Muftuoglu <toganm@opensuse.org>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-25 08:41:28 -07:00
Tom Eastep
519e799ef1
Unify the mode of init files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-24 06:59:11 -07:00
Tom Eastep
2412998b57
Apply Togan Muftuoglu's SuSE-specific init patches
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-24 06:32:30 -07:00
Tom Eastep
64edd30a76
Correct link in shorewall[6].conf manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-21 07:54:51 -07:00
Tom Eastep
99efb518bd
Add the HELPER column to the rules files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-18 12:05:42 -07:00
Tom Eastep
1f59e4f449
Update case in conditionals.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-14 11:42:46 -07:00
Tom Eastep
fdc45a990d
Arrange for HELPER to match in the RELATED section.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-13 15:44:19 -07:00
Tom Eastep
44a550870c
Add HELPER action.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-13 13:23:38 -07:00
Tom Eastep
f1fbb95d48
Update documentation for content merged from the 4.5.8 (master) path
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-13 08:16:36 -07:00
Tom Eastep
50bd1d6398
Add AUTOHELPER option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-12 07:25:11 -07:00
Tom Eastep
e00616a1fe
Don't release blacklist files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-07 07:56:16 -07:00
Tom Eastep
56caf3687f
Factor out the ?IF __CT_TARGET tests in the conntrack files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-06 09:26:14 -07:00
Tom Eastep
b4c812b676
Correct helper parsing in the Raw module.
...
- Require (...) around multiple ctevents
- Detect invalid options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-05 08:09:17 -07:00
Tom Eastep
093985dd93
Use HELPERS to enable/disable helper association.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-03 19:26:02 -07:00
Tom Eastep
72307df6d2
Replace the AUTOHELPERS option with the HELPERS option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-03 10:53:20 -07:00
Tom Eastep
7689b1e84b
Remove the 'zone' helper option for now.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-03 06:39:58 -07:00
Tom Eastep
21770a89d6
Detect which matches are available.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 15:38:23 -07:00
Tom Eastep
223ed5b3a3
More additions to the helper table and to the conntrack files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 13:25:44 -07:00
Tom Eastep
2ae59bb3cd
Add COMMENT directives to conntrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:58:00 -07:00
Tom Eastep
07e56d129a
Add AUTOHELPERS option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:09:18 -07:00
Tom Eastep
62d6d2558e
Rename AUTO_COMMENT to AUTOCOMMENT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:06:41 -07:00
Tom Eastep
833e54c9c3
Rename the notrack file to conntrack
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:02:17 -07:00
Tom Eastep
ac6e67e371
Correct typo in rules manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-30 07:23:40 -07:00
Tom Eastep
735b7c2cf5
Add support for nfacct
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-28 11:21:16 -07:00
Tom Eastep
c0e4d4093c
Clarify TOS value
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-16 15:53:22 -07:00