Tom Eastep
|
d7096ae52e
|
Back out default-action macros and document in-line actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-27 10:53:18 -08:00 |
|
Tom Eastep
|
6bf996d4b8
|
Implement inline actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-27 10:32:48 -08:00 |
|
Tom Eastep
|
85a46690c0
|
Improve optimize level 16 fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-26 15:11:07 -08:00 |
|
Tom Eastep
|
a4dcd1071a
|
Revert change to macro level merging.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-26 13:41:12 -08:00 |
|
Tom Eastep
|
78ba8bac50
|
Replace '@' by the chain name in SWITCH columns.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-26 13:28:23 -08:00 |
|
Tom Eastep
|
bf75b2b919
|
$0 expands to the current action chain name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-26 13:23:20 -08:00 |
|
Tom Eastep
|
7673b1ac4b
|
Support multiple parameters in macros.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-26 11:04:19 -08:00 |
|
Tom Eastep
|
fc87576005
|
Back out silly change for output interfaces in the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-26 09:47:42 -08:00 |
|
Tom Eastep
|
3f550622bd
|
Only use routing table for OUTPUT interface in the raw table.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-26 07:51:55 -08:00 |
|
Tom Eastep
|
e7dee420ee
|
Allow interfaces in the DEST column of the conntrack file when the chain is OUTPUT.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 18:37:23 -08:00 |
|
Tom Eastep
|
e45fe53705
|
Correct another optimizer defect.
- Don't declare command-mode rules as duplicates.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 18:00:26 -08:00 |
|
Tom Eastep
|
697fc001c3
|
Return to zone-based handling of 'all'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 16:31:05 -08:00 |
|
Tom Eastep
|
642f192b3d
|
Disallow destination interface in the OUTPUT chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 15:37:53 -08:00 |
|
Tom Eastep
|
7b0578fa84
|
Fix AUDIT on IPv6.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 12:09:18 -08:00 |
|
Tom Eastep
|
5acf0f60e7
|
Only apply log level to bare LOG rules in default-action macro.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 10:17:03 -08:00 |
|
Tom Eastep
|
fb3194d96b
|
Correct handling of default-action macro when specified as "macro.Name"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 10:16:43 -08:00 |
|
Tom Eastep
|
066a017420
|
Correct typo in Raw.pm
- The OUTPUT chain designator test was using '0' (zero) rather than 'O'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 08:52:33 -08:00 |
|
Tom Eastep
|
1870c281a9
|
Make AUDIT support params again.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 08:26:44 -08:00 |
|
Tom Eastep
|
dbfc805707
|
Add 'IU' state in secmarks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 08:10:53 -08:00 |
|
Tom Eastep
|
b7e2b28562
|
Transfer tag when merging into an NFLOG/ULOG rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-24 09:04:56 -08:00 |
|
Tom Eastep
|
67e1e6cf91
|
Allow WHITELIST in IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-23 14:19:14 -08:00 |
|
Tom Eastep
|
cd2854cad0
|
Fix NFLOG/ULOG implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-23 13:49:43 -08:00 |
|
Tom Eastep
|
75c148a2dd
|
Enable 'debug' on the try, stop and clear commands.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-23 11:46:14 -08:00 |
|
Tom Eastep
|
71bbc632ce
|
Handle 'fw' correctly in the SOURCE column of the stoppedrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-23 08:35:51 -08:00 |
|
Tom Eastep
|
b6a1a7d538
|
Make NFLOG and ULOG built-ins.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-23 08:14:24 -08:00 |
|
Tom Eastep
|
30de211bda
|
Implement format-3 conntrack files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-22 20:56:56 -08:00 |
|
Tom Eastep
|
3f7425b6a0
|
Purge %renamed before each table is processed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-22 17:27:09 -08:00 |
|
Tom Eastep
|
26dee73895
|
Support the audited targets on IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-22 08:24:51 -08:00 |
|
Tom Eastep
|
df7ce1a7d1
|
Add the AUDIT built-in and delete the Audit action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-22 08:24:33 -08:00 |
|
Tom Eastep
|
4a05571e7e
|
Add forward prototype for process_macro()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-22 08:00:15 -08:00 |
|
Tom Eastep
|
b89e05740d
|
Insure that nested zone exclusions go in the proper place in raw PREROUTING
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-21 14:49:21 -08:00 |
|
Tom Eastep
|
3040156981
|
Add SWITCH column to the conntrack file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-21 14:20:56 -08:00 |
|
Tom Eastep
|
54dadcc546
|
Ensure that zone-specific rules come before 'all' rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-21 14:20:30 -08:00 |
|
Tom Eastep
|
952aed225d
|
Improve handling of 'all' in the conntrack file.
- Also added 'all-' to represent all off-firewall zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-21 13:07:01 -08:00 |
|
Tom Eastep
|
1efd47a7e9
|
Apply Tuomo Soini's fix for RHEL5
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-21 10:34:00 -08:00 |
|
Tom Eastep
|
374489c3cf
|
Revert "Fix RHEL5 issue with route marking."
This reverts commit 77f342b0e0 .
|
2012-11-21 10:19:24 -08:00 |
|
Tom Eastep
|
77f342b0e0
|
Fix RHEL5 issue with route marking.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-21 09:08:15 -08:00 |
|
Tom Eastep
|
8f52c9744e
|
Correct some issues with default action macros.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-21 08:29:35 -08:00 |
|
Tom Eastep
|
1957af04fd
|
Don't create a _weight file for an optional non-provider interface.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-20 16:10:30 -08:00 |
|
Tom Eastep
|
a0faba2a03
|
Correct interface/provider handling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-20 13:27:15 -08:00 |
|
Tom Eastep
|
c798200b20
|
Another correction to CHECKSUM detection.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-20 10:09:28 -08:00 |
|
Tom Eastep
|
67ae9df0f8
|
Correct handling of unknown interfaces in TC.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-20 08:07:42 -08:00 |
|
Tom Eastep
|
ebb4e1f6e4
|
Don't generate start/stop functions for wildcard optional interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-20 07:06:27 -08:00 |
|
Tom Eastep
|
f458e99390
|
Correct the compiler's CHECKSUM detection
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-20 06:59:40 -08:00 |
|
Tom Eastep
|
5b049d7e9e
|
Improve readability in Rules module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-20 06:59:13 -08:00 |
|
Tom Eastep
|
3b20c0db54
|
Allow Macros to be used as Default Actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-19 16:52:10 -08:00 |
|
Tom Eastep
|
0d8931e49f
|
Don't use ':' as a join character in contatenated macro ACTION expansion.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-19 12:58:29 -08:00 |
|
Tom Eastep
|
47791add99
|
Fix formatting of a line of code.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-19 12:30:25 -08:00 |
|
Tom Eastep
|
be587726f4
|
Merge branch '4.5.9'
|
2012-11-19 08:22:05 -08:00 |
|
Tom Eastep
|
b25ece75de
|
Don't leave temporary chain in the raw table when LOAD_HELPERS_ONLY=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-19 08:18:32 -08:00 |
|
Tom Eastep
|
0db7b6c58a
|
Don't require a parameter with '&'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-18 15:45:58 -08:00 |
|
Tom Eastep
|
57e913d86e
|
Merge branch '4.5.9'
|
2012-11-18 15:02:46 -08:00 |
|
Tom Eastep
|
a4294658b6
|
Add a capability to use log levels as a target.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-18 14:50:59 -08:00 |
|
Tom Eastep
|
65e1b1c9e7
|
Allow NFLOG as a target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-18 13:15:24 -08:00 |
|
Tom Eastep
|
a07cfb0885
|
Allow NFLOG as a target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-18 13:13:43 -08:00 |
|
Tom Eastep
|
c6ffdd67e2
|
Add DROP target to the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-18 11:35:40 -08:00 |
|
Tom Eastep
|
5265cd5bb7
|
Add UNTRACKED match to the secmarks file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-18 11:01:49 -08:00 |
|
Tom Eastep
|
5712438bcb
|
Eliminate Shell syntax error when a provider and its interface have the same name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-16 09:50:36 -08:00 |
|
Tom Eastep
|
a2b14c37ed
|
Treat optional interfaces as pseudo-providers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-16 09:48:21 -08:00 |
|
Tom Eastep
|
b1ffcd8628
|
Apply provider mask in 'routemark' chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-14 11:20:30 -08:00 |
|
Tom Eastep
|
34e3e4bf82
|
Merge branch '4.5.9'
|
2012-11-14 11:17:18 -08:00 |
|
Tom Eastep
|
06a4994488
|
Make exclusion work correctly with TPROXY.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-14 11:16:52 -08:00 |
|
Tom Eastep
|
391113dfe3
|
Apply provider mask in 'routemark' chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-13 06:55:59 -08:00 |
|
Tom Eastep
|
3c58d2180d
|
Improve the efficiency of tcrule processing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-13 06:55:35 -08:00 |
|
Tom Eastep
|
32c9e4274f
|
Rename 'mysplit' to 'split_host_list'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-11 08:42:01 -08:00 |
|
Tom Eastep
|
896d874aab
|
Set VARLIB in the script's initialize() function.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-09 12:29:19 -08:00 |
|
Tom Eastep
|
5fcdfd779c
|
Don't default IPSET to 'ipset'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-09 08:54:54 -08:00 |
|
Tom Eastep
|
860ee6de27
|
Eliminate nonsensical warning message.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-06 07:36:36 -08:00 |
|
Tom Eastep
|
ec17ea1dee
|
Remove superfluous check
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-03 08:19:46 -07:00 |
|
Tom Eastep
|
2e211bc2b6
|
Correct handling of wildcard interfaces in rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-03 07:24:41 -07:00 |
|
Tom Eastep
|
5f0b85b5b9
|
Replace a couple of more hard-coded directory names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-30 09:49:53 -07:00 |
|
Tom Eastep
|
3f1aeb33be
|
Correct mark range with shifted mask.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-26 12:41:06 -07:00 |
|
Tom Eastep
|
e177916c12
|
Implement statistical marking in the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-26 07:10:26 -07:00 |
|
Tom Eastep
|
0387b16983
|
Implement CHECKSUM action in the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-22 15:42:13 -07:00 |
|
Tom Eastep
|
6af16e0cda
|
Allow quotes in parameter to run_iptables()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-14 13:26:08 -07:00 |
|
Tom Eastep
|
ab7975539c
|
Correct typo in get_params()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-14 09:30:27 -07:00 |
|
Tom Eastep
|
dfd0692176
|
Omit IPv6-specific code from checkkernelversion() in IPv4 script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-13 07:28:37 -07:00 |
|
Tom Eastep
|
8b650358d6
|
Don't shout in compiler directives
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-13 07:14:51 -07:00 |
|
Tom Eastep
|
cc90a06958
|
Add RESTORE_ROUTEMARKS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-11 07:34:57 -07:00 |
|
Tom Eastep
|
54e066ec3a
|
Re-order logic in add_group_to_zone
- Need to normalize the address prior to comparing it with ALLIP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-08 08:54:54 -07:00 |
|
Tom Eastep
|
620f88b339
|
Merge branch '4.5.8'
|
2012-10-07 17:41:01 -07:00 |
|
Tom Eastep
|
b7e6b1aa41
|
Allow IP range in the hosts file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-07 17:40:42 -07:00 |
|
Tom Eastep
|
c84603cdc6
|
Merge branch '4.5.8'
Conflicts:
Shorewall/Perl/Shorewall/Zones.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-07 17:04:27 -07:00 |
|
Tom Eastep
|
e2b029b0ba
|
More hosts file corrections.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-07 17:00:35 -07:00 |
|
Tom Eastep
|
0efc0451c1
|
Allow IP range in the hosts file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-07 15:59:30 -07:00 |
|
Tom Eastep
|
9dd66fc6ff
|
Allow IP range in the hosts file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-07 15:55:00 -07:00 |
|
Tom Eastep
|
0c9cc4a233
|
Change the 'dynamic' zone option to 'dynamic_shared'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-07 09:18:18 -07:00 |
|
Tom Eastep
|
c228668500
|
Implement logic associated with 'dynamic' zone option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-06 07:52:06 -07:00 |
|
Tom Eastep
|
afaba46aa3
|
Add 'dynamic' zone option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-06 07:21:49 -07:00 |
|
Tom Eastep
|
1f38a36acf
|
Delete extraneous logic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
Conflicts:
Shorewall/Perl/Shorewall/Zones.pm
|
2012-10-04 09:45:25 -07:00 |
|
Tom Eastep
|
526f72216a
|
Correct handling of dash characters in interface/ipset names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-04 07:34:41 -07:00 |
|
Tom Eastep
|
642ff1be15
|
Correct handling of dash characters in interface/ipset names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-02 10:09:23 -07:00 |
|
Tom Eastep
|
92d39dc56d
|
Expunge the g_perllib variable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-01 06:59:39 -07:00 |
|
Tom Eastep
|
a8e9296473
|
Expunge the g_sbindir variable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-01 06:55:48 -07:00 |
|
Tom Eastep
|
749e239d15
|
Expunge the g_libexec variable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-01 06:51:36 -07:00 |
|
Tom Eastep
|
30d4ba67cc
|
Revert "Allow '-' in the interface for dynamic zone."
This reverts commit b68b34b820 .
|
2012-09-30 16:25:35 -07:00 |
|
Tom Eastep
|
4ef81041be
|
Delete extraneous logic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-09-30 16:09:34 -07:00 |
|
Tom Eastep
|
b68b34b820
|
Allow '-' in the interface for dynamic zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-09-30 16:04:38 -07:00 |
|
Tom Eastep
|
4311dc5ddf
|
Merge branch '4.5.8'
|
2012-09-29 09:03:12 -07:00 |
|
Tom Eastep
|
38faa3e071
|
Correct handling of new ipv6 net syntax in the hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-09-29 09:01:17 -07:00 |
|