Commit Graph

10857 Commits

Author SHA1 Message Date
Tom Eastep
3581b2667e Don't install the blacklist file in /etc/shorewall[6]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-27 14:39:59 -08:00
Tom Eastep
9e149ca038 Correct default values during update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-27 14:12:51 -08:00
Tom Eastep
61d5c6d6da Implement Shorewall::Chains::clone_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-26 09:36:02 -08:00
Tom Eastep
3498076a96 Accurately compare rule key values that are array references.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-26 08:03:02 -08:00
Tom Eastep
15d95b6977 Fix SAME target.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-26 07:48:03 -08:00
Tom Eastep
5cdb74168f Correct port list capture with --multiport.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-25 16:22:23 -08:00
Tom Eastep
613e41c25a Enable OPT 16 in check -r; Suppress duplicate rules 2011-11-25 16:05:07 -08:00
Tom Eastep
90e03e1833 Even more tweaks to optimize 16
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-25 14:46:37 -08:00
Tom Eastep
71bbd7963c Some tweaks to optimize 16 2011-11-25 10:42:10 -08:00
Tom Eastep
0f02b497f6 Document optimize 16 in the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-24 11:11:59 -08:00
Tom Eastep
f305da9d0d Require extended multi-port match for OPTIMIZE 16.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-24 10:57:09 -08:00
Tom Eastep
8d8a681f40 Implement optimization level 16
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-24 10:22:04 -08:00
Tom Eastep
4559c8b5d0 Tweaks to convert_blacklist()
- Reword an error message to handle both missing file and zero-sized file.
- Don't rename file that doesn't exist.
2011-11-21 12:13:39 -08:00
Tom Eastep
1a968ec734 Add routefilter to one-armed router section
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-21 05:54:51 -08:00
Tom Eastep
dffb79e7bd Handle empty blacklist file in 'update -b'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-20 17:02:01 -08:00
Tom Eastep
bd8ba435cd Avoid uninitialized value in hash element.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-20 16:24:42 -08:00
Tom Eastep
4d30811794 Implement 'show marks'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-20 12:29:17 -08:00
Tom Eastep
4a7d4d6abc Bring the upgrade issues doc up to date
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-20 08:46:02 -08:00
Tom Eastep
88a883da71 Update references to WIDE_TC_MARKS and HIGH_ROUTE_MARKS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-20 08:45:47 -08:00
Tom Eastep
e5a6387695 Eliminate use of WIDE_TC_MARKS in the Tc module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-20 08:45:16 -08:00
Tom Eastep
5097d36a33 Update Packing Marking doc for this release
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-20 07:41:17 -08:00
Tom Eastep
382309bc53 Derive default values for the mark-layout options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-20 07:03:33 -08:00
Tom Eastep
86c51f24d9 Deprecate the old mark layout options.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 17:14:05 -08:00
Tom Eastep
9d56fcab89 Update Shorewall6 .conf files and manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 16:54:10 -08:00
Tom Eastep
2fd3766be8 Remove duplicate options from Universal shorewall.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 16:01:23 -08:00
Tom Eastep
9988f744ff Add mark layout options to shorewall.conf manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 15:55:45 -08:00
Tom Eastep
0adc82f469 Add the mark layout options to shorewall.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 15:29:07 -08:00
Tom Eastep
83d7cfa76a Update documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 15:18:43 -08:00
Tom Eastep
ae8aa3a45a More fixes for ZONE_BITS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 08:19:38 -08:00
Tom Eastep
ab1b65d6a8 Fixes for blacklist conversion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 08:18:58 -08:00
Tom Eastep
4f9afc32ec Allow zone names in the MARK column when ZONE_BITS != 0
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-18 07:23:24 -08:00
Tom Eastep
7c0cb69c29 Don't copy limited broadcast routes to provider tables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-18 07:07:51 -08:00
Tom Eastep
364b30fd9b Fix 'update -b' handling of missing files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-18 06:26:37 -08:00
Tom Eastep
72f75c201c Implement zone automark
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-17 16:07:45 -08:00
Tom Eastep
96f5aec71f Add ZONE_BITS configuration option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-17 10:40:47 -08:00
Tom Eastep
fe09646bed Make zone types a power of 2.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-17 09:23:39 -08:00
Tom Eastep
348c6c8cf7 Correct handling of LOGMARK
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-17 07:22:07 -08:00
Tom Eastep
d096b9399a Fix '\!' handling in validate_level()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-15 16:41:32 -08:00
Tom Eastep
afaf0d9de8 Trivial optimiation in validate_level()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-13 06:19:40 -08:00
Tom Eastep
28a1087cd4 Cleanup of rewritten validate_level()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-13 05:58:59 -08:00
Tom Eastep
73ed66b9b9 Add ULOG and NFLOG capabilities plus LOGMARK for IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-12 14:10:48 -08:00
Tom Eastep
bf010dc03e Macro changes from Tuomo Soini 2011-11-11 15:08:57 -08:00
Tom Eastep
ffec7a4d95 More corrections to wildcard interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-11 07:29:44 -08:00
Tom Eastep
04dfe26549 Remove two unused variables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-11 05:23:37 -08:00
Tom Eastep
972721facb Remove some white space
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-10 17:52:25 -08:00
Tom Eastep
6813409c31 Make the previous patch a bit cleaner
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-10 07:19:21 -08:00
Tom Eastep
d85f6970e3 Fix wildcard interfaces
- Suppress extra jumps to interface chains.
- Insure that the 'lo' ACCEPT rule doesn't get masked by a wildcard interface

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-10 06:53:48 -08:00
Tom Eastep
83d373c0aa More documentation cleanup.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-10 06:52:14 -08:00
Tom Eastep
7ebf5a4284 Correct links in shorewall.conf manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-09 09:56:59 -08:00
Tom Eastep
d053faadde Allow convertion of a legacy blacklist configuration
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-08 12:59:40 -08:00