Tom Eastep
119d38c92b
Enable dynamic zones for IPv6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 10:41:29 -07:00
Tom Eastep
785de281b5
More IPv6 ipset fixes
...
- use 'family inet6' rather than 'family ipv6'
- Correct one more case of 'iphash' vs 'hash:ip family inet6'
- Encapsulate ipset -N into an 'ensure_ipset()' function
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 07:43:32 -07:00
Tom Eastep
4c2f12e645
Some whitespace changes
2011-06-19 19:08:32 -07:00
Tom Eastep
e4bcc12301
Use 'here documents' rather than single quotes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 18:33:10 -07:00
Tom Eastep
2097d0f4a0
Accomodate new syntax of ipset saved commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 14:06:42 -07:00
Tom Eastep
46d64e39d1
Use correct syntax to create IPv6 ipsets.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 14:04:53 -07:00
Tom Eastep
be6b08f835
Be sure to detect IPSET_MATCH before OLD_IPSET_MATCH.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 13:29:10 -07:00
Tom Eastep
7753f798b0
Bump Version to Beta 3
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 10:09:53 -07:00
Tom Eastep
c264aaae6b
Update module versions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 07:41:26 -07:00
Tom Eastep
4916610033
Rename upgrade => update
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 07:14:27 -07:00
Tom Eastep
55242d1ed6
Add a few comments
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 16:55:00 -07:00
Tom Eastep
d66c7d478e
Eliminate expansion of shell variables in the upgraded config file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 16:33:41 -07:00
Tom Eastep
380443f26d
Eliminate %defaults
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 15:44:07 -07:00
Tom Eastep
faeb2da2ba
Corrections to Defaults
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 15:38:08 -07:00
Tom Eastep
f93ac02bfc
Provide default values for added entries
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 14:50:07 -07:00
Tom Eastep
96f6dc3558
More defined => supplied changes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 13:08:26 -07:00
Tom Eastep
6f2cc31dde
Implement .conf file upgrade
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 13:03:55 -07:00
Tom Eastep
d23f932ebe
Don't generate INPUT hairpin rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 06:21:36 -07:00
Tom Eastep
f9ee8c494d
Exempt wildcard interfaces from sfilter
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-14 06:45:22 -07:00
Tom Eastep
9aedd407cc
Quell compiler warnings from Perl 5.14.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-13 06:40:03 -07:00
Tom Eastep
9ab901927f
Use supplied() where appropriate
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 16:14:31 -07:00
Tom Eastep
774aac1228
Add a supplied() function
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 15:40:55 -07:00
Tom Eastep
a60fe6e665
Allow parameters to be specified to Default Actions in the policy file
...
and in shorewall.conf.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 14:58:54 -07:00
Tom Eastep
3dd363677c
Implement set_action_param
...
Export both set_action_params and read_action_param by default
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 08:33:21 -07:00
Tom Eastep
8b6a7a7053
Implement read_action_param()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 07:49:57 -07:00
Tom Eastep
f278d05637
Rename action param functions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 07:46:54 -07:00
Tom Eastep
2549982528
Fix DEFAULTS
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 07:23:41 -07:00
Tom Eastep
6e6be468a9
Support for DEFAULT statements in actions
2011-06-10 17:05:09 -07:00
Tom Eastep
32c7d36cd0
Make zones with multiple interfaces complex
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-10 15:37:26 -07:00
Tom Eastep
dbd30f981c
Set the interface routeback option if there are any IP host groups with 'routeback'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-10 15:37:09 -07:00
Tom Eastep
8a7ad569e4
Don't leave unused sfilter chains in the config
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 17:22:48 -07:00
Tom Eastep
3e9a54d404
Couple of tweaks
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 17:22:34 -07:00
Tom Eastep
a0b0c5bdac
Jump (don't go) to sfilter1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 14:24:44 -07:00
Tom Eastep
1399a8ffde
Don't move rules from a chain with references
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 14:24:38 -07:00
Tom Eastep
9555a552c2
Fix FORWARD with ipsec dest
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 14:24:08 -07:00
Tom Eastep
71177c3ca3
Exempt ipsec from sfilter
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 07:27:06 -07:00
Tom Eastep
fa2746d469
Apply sfilter to INPUT as well as FORWARD
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-08 09:40:28 -07:00
Tom Eastep
35d1586672
Correct sfq handle assignment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-07 13:58:45 -07:00
Tom Eastep
a3968beb7e
Add fix inadvertently dropped from 4.4.19.4
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-07 13:57:52 -07:00
Tom Eastep
0e839f3d7b
Initiate 4.4.21
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-07 09:54:35 -07:00
Tom Eastep
9c2c562bf5
Correct autorepeat wart
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-07 06:45:50 -07:00
Tom Eastep
cf0275a049
Make FAKE_AUDIT work again
2011-06-06 16:08:29 -07:00
Tom Eastep
642319d706
Change annotated documentation default
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-06 15:40:21 -07:00
Tom Eastep
cfb3d6a801
Merge branch '4.4.20'
2011-06-06 14:09:26 -07:00
Tom Eastep
6136e986cf
Update version to 4.4.20.1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-06 14:08:25 -07:00
Tom Eastep
aabefe91f1
Merge branch '4.4.20'
2011-06-04 08:46:40 -07:00
Tom Eastep
f1cbfab7ac
More blacklist/audit fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-04 08:45:23 -07:00
Tom Eastep
653a61a04a
Merge branch '4.4.20'
2011-06-04 07:44:24 -07:00
Tom Eastep
a9c0824a30
Correct BLACKLIST_DISPOSITION=A_xxx with BLACKLIST_LOG_LEVEL
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-04 07:44:07 -07:00
Tom Eastep
aa86b65ec3
Merge branch '4.4.20'
2011-06-02 11:44:15 -07:00
Tom Eastep
254e1ed784
Add 'I' STATE to secmarks
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-02 11:43:55 -07:00
Tom Eastep
c3b56c1e73
Merge branch '4.4.20'
2011-06-02 10:07:03 -07:00
Tom Eastep
561d461a25
Add 'NI' STATE setting in secmarks.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-02 10:06:27 -07:00
Tom Eastep
1e883c2fdf
Merge branch '4.4.20'
2011-06-02 06:47:09 -07:00
Tom Eastep
f9c5b8b0d5
Improve some comments
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-02 06:23:37 -07:00
Tom Eastep
36aee407ef
Merge branch '4.4.20'
2011-06-01 13:01:27 -07:00
Tom Eastep
5f08605adc
Delete some cruft
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-01 12:26:05 -07:00
Tom Eastep
243a09783c
Merge branch '4.4.20'
2011-05-31 15:45:09 -07:00
Tom Eastep
7bf74bb8c9
Add new builtin targets to %builtin_target
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-31 15:43:42 -07:00
Tom Eastep
468ff6efab
First cut at IPSET/Dynamic-zone support in Shorewall6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-31 11:23:43 -07:00
Tom Eastep
8df470b5f5
Version to 4.4.20
2011-05-31 09:30:18 -07:00
Tom Eastep
2f6c5fd260
Set 'bridge-nf-call-ip6?tables' if bridges are configured.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-31 06:59:43 -07:00
Tom Eastep
4f296b62ae
Another fix for auditone
2011-05-30 16:37:56 -07:00
Tom Eastep
e6275ba31d
Fix a bug in auditing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 15:28:00 -07:00
Tom Eastep
d89a915f26
Load IPv6 libraries when processing /etc/shorewall6/params
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 13:24:36 -07:00
Tom Eastep
26d08b92c0
Correct use of null value as a hash
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 11:38:49 -07:00
Tom Eastep
b0447b8bd3
Remove another MACLIST defect
2011-05-30 08:49:41 -07:00
Tom Eastep
60d33740f6
Fix MACLIST_DISPOSITION defect introduced earlier in this release
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 07:59:44 -07:00
Tom Eastep
11c209c55f
Restore access to $Shorewall::Rules::family
2011-05-29 17:22:36 -07:00
Tom Eastep
2852cdeb53
Another attempt at the IPMARK fix
2011-05-29 14:42:23 -07:00
Tom Eastep
a71136fd5a
Rework configuration files for Shorewall and Shorewall6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-29 14:34:18 -07:00
Tom Eastep
243e8f1dbe
Fix check for unreferenced 'sfilter' chain
2011-05-28 08:31:36 -07:00
Tom Eastep
a37dbf76dc
Delete 'sfilter' chain if it isn't referenced
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 19:56:54 -07:00
Tom Eastep
1a2c9a08e1
Don't include comment in audit chain rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 19:56:04 -07:00
Tom Eastep
bac640e731
Get changes from 4.5.0 branch
2011-05-27 19:42:09 -07:00
Tom Eastep
586a3537bf
Delete 'sfiter' chain if it doesn't have referenes
2011-05-27 19:38:03 -07:00
Tom Eastep
790c96c90a
Version to RC 1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 09:11:47 -07:00
Tom Eastep
c6e9de65f1
Prevent duplicate 'filter' rules when combining two interface chains
...
into the same zone forwarding chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 06:43:47 -07:00
Tom Eastep
fbfe7b9f93
Don't create 'reject' and AUDIT' in the 'stopped' case.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-26 14:11:36 -07:00
Tom Eastep
0287d96aa2
Finish filtering implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-26 13:38:44 -07:00
Tom Eastep
6c3163cc27
Routeback corrections
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-25 10:45:57 -07:00
Tom Eastep
e4d667ca6a
Add routeback protection
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 17:07:31 -07:00
Tom Eastep
bbe165c3cf
Bump version to Beta 5
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 11:40:11 -07:00
Tom Eastep
84b844ae79
Implement -T option for compile and check
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 10:21:49 -07:00
Tom Eastep
ee98772349
Add -c to the start command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 09:13:02 -07:00
Tom Eastep
f464ec5624
Fixes for AUDIT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 20:59:33 -07:00
Tom Eastep
c050b29985
Factor some similar code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 14:20:14 -07:00
Tom Eastep
15e9e3182d
Update copyrights
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 10:06:56 -07:00
Tom Eastep
e95003b82a
Add FAKE_AUDIT option
2011-05-22 17:42:50 -07:00
Tom Eastep
5d04c93a16
Implement LEGACY_FASTSTART option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-22 15:36:29 -07:00
Tom Eastep
981b503fa4
Bump version to Beta 4
2011-05-22 11:05:22 -07:00
Tom Eastep
529e256856
Assigned unused dev numbers
2011-05-22 10:18:26 -07:00
Tom Eastep
83cdf78b18
Replace A_* builtin actions with builtin targets
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-21 15:02:04 -07:00
Tom Eastep
71ef1f48e2
Allow auditing of the builtin actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-21 10:38:25 -07:00
Tom Eastep
82d6a00c9e
Implement some extentions to AUDIT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-21 09:25:58 -07:00
Tom Eastep
61b5dbbb95
Eliminate cruft left over from when Action.pm and Policy.pm were folded into Rules.pm - Phase II
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 10:48:28 -07:00
Tom Eastep
f64e171c19
Eliminate cruft left over from when Action.pm and Policy.pm were folded into Rules.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 10:46:18 -07:00
Tom Eastep
ac2e9cce64
Shrink process_actions2 further.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 10:28:30 -07:00
Tom Eastep
676af32ebc
Simplify a loop in process_actions2()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 10:11:23 -07:00
Tom Eastep
7cbf113ba0
Simplify an RE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 08:33:36 -07:00