extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 20:24:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,342 Commits 104 Branches 736 Tags 55 MiB
0e9c704069
Commit Graph

3269 Commits

Author SHA1 Message Date
Tom Eastep
0e9c704069 Don't scan the filter table for jumps to 'blacklst' if the 'blacklst' chain does not exist 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-18 08:42:21 -07:00
Tom Eastep
c3299d5f89 Enable blacklist rule promotion 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-18 08:38:22 -07:00
Tom Eastep
6f0893cd7a Correct Chains::promote_blacklist_rules() 
- Interate through chains that jump to 'blacklst' until no rule is promoted
  This is required to promote jumps past exclusion chains
- Correct reference counting; the first cut was horribly wrong

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-18 08:38:14 -07:00
Tom Eastep
c040344bc1 Promote 'in' blacklist rules to the head of the interface chain 
- Added Chains::promote_blacklist_rules()
- Called the function from Rules::generate_matrix()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-18 08:38:02 -07:00
Tom Eastep
801c1cb6b3 Update release docs 2010-09-17 17:44:05 -07:00
Tom Eastep
fd568ece47 Clear raw table on 'clear' 2010-09-17 17:43:57 -07:00
Tom Eastep
1588c700c5 Fix blacklisting vs vservers 2010-09-17 17:43:40 -07:00
Tom Eastep
6106dd3ada Zero out {frozen} in a deleted chain entry 2010-09-17 17:43:04 -07:00
Tom Eastep
c5bb3ecfac Simplify a test 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-17 15:42:05 -07:00
Tom Eastep
c9e876fcf5 Fix an optimization bug with the new blacklisting code 2010-09-17 15:10:02 -07:00
Tom Eastep
85430e459c Restore trace output in move_rules() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-17 14:35:25 -07:00
Tom Eastep
ad660d7fe5 Simplify move_rules() 2010-09-17 13:53:10 -07:00
Tom Eastep
7a6943fa54 Disallow mss and blacklist on firewall and vserver zones 2010-09-17 12:54:58 -07:00
Tom Eastep
b76ee408a5 Emit clearer error messages 2010-09-17 12:54:54 -07:00
Tom Eastep
2e3635ff50 Be sure that {frozen} is defined 2010-09-17 12:54:44 -07:00
Tom Eastep
28aa7b8267 Re-add OPTIONS column to blacklist templates 2010-09-17 12:54:38 -07:00
Tom Eastep
7175f8a63e Revert versions on Rules and Zones modules 2010-09-17 11:08:45 -07:00
Tom Eastep
d898c87617 Eliminate a parameter to add_jump() 2010-09-17 11:08:12 -07:00
Tom Eastep
af24baaecd Update version to RC1 (one more time) 2010-09-17 09:14:56 -07:00
Tom Eastep
e61230a3db Update version to Beta 6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-17 08:23:24 -07:00
Tom Eastep
8e2c8e5a8f Document use of state match for NOTRACK 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-17 08:21:16 -07:00
Tom Eastep
882970a598 Use state match for UNTRACKED 2010-09-17 07:58:21 -07:00
Tom Eastep
2ce3c8aa88 Ensure that blacklist rules are before the other interface-oriented rules 2010-09-16 18:19:16 -07:00
Tom Eastep
27c445381e Treat 'blacklist' uniformly in hosts and zones 2010-09-16 15:48:12 -07:00
Tom Eastep
67b9ae0d2c Update release documents 2010-09-16 15:47:05 -07:00
Tom Eastep
1c870b532a Preserve dynamic blacklist during stop/clear/restore 2010-09-16 12:17:04 -07:00
Tom Eastep
a8c9fc1859 Implement new Blacklisting Scheme 2010-09-16 09:40:28 -07:00
Tom Eastep
3c1cff0794 First steps toward zone-based blacklisting 2010-09-16 06:55:48 -07:00
Tom Eastep
1d650b41cd Remove blacklisting by destination IP address support 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-15 15:24:58 -07:00
Tom Eastep
3ad3f0d9e0 Allow floating point numbers in tcinterfaces fields other than <rate> 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-15 14:07:21 -07:00
Tom Eastep
ba89ec39b5 Add :<burst> to /etc/shorewall/tcdevices 2010-09-15 11:56:14 -07:00
Tom Eastep
69a2fa1907 Replace to/from with dst/src 2010-09-15 11:25:46 -07:00
Tom Eastep
f925b335ef Ignore the 'blacklist' host option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-15 08:10:57 -07:00
Tom Eastep
373fc87165 More blacklisting wrapup 
- Deprecate 'blacklist' in the hosts file
- Base blacklisting on interfaces alone

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-15 07:38:20 -07:00
Tom Eastep
4d0e8d129b Add dup blacklist message 2010-09-14 18:04:27 -07:00
Tom Eastep
10a9ae496a More manpage updates for 4.4.13 2010-09-14 16:47:45 -07:00
Tom Eastep
94cdc73ec2 Restore setpolicy() to prog.header* 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-14 13:50:22 -07:00
Tom Eastep
c4a40d8c7b Set version to RC1 (again) 2010-09-14 13:09:50 -07:00
Tom Eastep
c6960f1ac2 Edit release notes 2010-09-14 07:36:29 -07:00
Tom Eastep
1f2691b052 Another fix for blacklisting; correct composition of $hosts1 2010-09-14 06:47:29 -07:00
Tom Eastep
0f913fca2f Don't create blackout unnecessarily 2010-09-13 18:15:50 -07:00
Tom Eastep
82bccf16b5 Avoid internal error when there are no 'to' entries 2010-09-13 17:55:20 -07:00
Tom Eastep
bb38ed16b0 Document ipset creation fix 2010-09-13 15:54:44 -07:00
Tom Eastep
b1e9bff382 Create new ipsets on 'start' 2010-09-13 15:46:04 -07:00
Tom Eastep
a6194fabd2 Delete blank line 2010-09-13 14:15:47 -07:00
Tom Eastep
33adbe7a27 Update documentation for net TC features 2010-09-13 13:51:25 -07:00
Tom Eastep
1729da87f1 Allow both 'to' and 'from' in blacklist 2010-09-13 12:51:10 -07:00
Tom Eastep
9b4c3e22dd Allow floating point numbers in TC rates 2010-09-13 12:50:50 -07:00
Tom Eastep
cb1f7adea3 Add :<burst> to IN-BANDWIDTH 2010-09-13 11:23:37 -07:00
Tom Eastep
283eda2fa5 Cosmetic change to OUT-BANDWIDTH code 2010-09-12 16:33:19 -07:00