Commit Graph

4088 Commits

Author SHA1 Message Date
Tom Eastep
10ae91b600 Delete deprecated options from the .conf files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-12 13:46:26 -07:00
Tom Eastep
8780aff7f2 Rename PLAIN->ANNOTATED 2011-06-12 09:45:50 -07:00
Tom Eastep
65d4709372 Drop IPv6 IPSET support for now 2011-06-12 09:14:33 -07:00
Tom Eastep
785bd7c987 Apply Tuomo Soini's patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-12 07:22:26 -07:00
Tom Eastep
9ab901927f Use supplied() where appropriate
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 16:14:31 -07:00
Tom Eastep
774aac1228 Add a supplied() function
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 15:40:55 -07:00
Tom Eastep
b7a3142620 Document parameterized default actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 15:25:48 -07:00
Tom Eastep
a60fe6e665 Allow parameters to be specified to Default Actions in the policy file
and in shorewall.conf.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 14:58:54 -07:00
Tom Eastep
68bf99ec69 Parameterize the standard default actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 08:34:37 -07:00
Tom Eastep
3dd363677c Implement set_action_param
Export both set_action_params and read_action_param by default

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 08:33:21 -07:00
Tom Eastep
8b6a7a7053 Implement read_action_param()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 07:49:57 -07:00
Tom Eastep
f278d05637 Rename action param functions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 07:46:54 -07:00
Tom Eastep
2549982528 Fix DEFAULTS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 07:23:41 -07:00
Tom Eastep
af1898b17b Document default values for parameters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 07:18:11 -07:00
Tom Eastep
6e6be468a9 Support for DEFAULT statements in actions 2011-06-10 17:05:09 -07:00
Tom Eastep
32c7d36cd0 Make zones with multiple interfaces complex
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-10 15:37:26 -07:00
Tom Eastep
dbd30f981c Set the interface routeback option if there are any IP host groups with 'routeback'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-10 15:37:09 -07:00
Tom Eastep
8a7ad569e4 Don't leave unused sfilter chains in the config
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 17:22:48 -07:00
Tom Eastep
3e9a54d404 Couple of tweaks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 17:22:34 -07:00
Tom Eastep
a0b0c5bdac Jump (don't go) to sfilter1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 14:24:44 -07:00
Tom Eastep
1399a8ffde Don't move rules from a chain with references
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 14:24:38 -07:00
Tom Eastep
9555a552c2 Fix FORWARD with ipsec dest
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 14:24:08 -07:00
Tom Eastep
71177c3ca3 Exempt ipsec from sfilter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 07:27:06 -07:00
Tom Eastep
fa2746d469 Apply sfilter to INPUT as well as FORWARD
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-08 09:40:28 -07:00
Tom Eastep
35d1586672 Correct sfq handle assignment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-07 13:58:45 -07:00
Tom Eastep
a3968beb7e Add fix inadvertently dropped from 4.4.19.4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-07 13:57:52 -07:00
Tom Eastep
0e839f3d7b Initiate 4.4.21
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-07 09:54:35 -07:00
Tom Eastep
9fb2ab718c Have AUTOMAKE follow CONFIG_PATH
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-07 08:51:36 -07:00
Tom Eastep
9c2c562bf5 Correct autorepeat wart
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-07 06:45:50 -07:00
Tom Eastep
cf0275a049 Make FAKE_AUDIT work again 2011-06-06 16:08:29 -07:00
Tom Eastep
59c11e205b Update release notes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-06 15:48:26 -07:00
Tom Eastep
642319d706 Change annotated documentation default
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-06 15:40:21 -07:00
Tom Eastep
cfb3d6a801 Merge branch '4.4.20' 2011-06-06 14:09:26 -07:00
Tom Eastep
6136e986cf Update version to 4.4.20.1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-06 14:08:25 -07:00
Tom Eastep
186f89f387 Merge branch '4.4.20' 2011-06-06 13:23:47 -07:00
Tom Eastep
e8f61e2109 Restate vulnerability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-06 13:19:40 -07:00
Tom Eastep
447d0f0b2d Don't modify the .conf file installed in configfiles.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-06 09:46:52 -07:00
Tom Eastep
c42c6864b4 Don't modify the .conf file installed in configfiles.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-06 09:46:22 -07:00
Tom Eastep
2803d3ee0b Merge branch '4.4.20' 2011-06-06 07:02:57 -07:00
Tom Eastep
c2e78bfaf8 Correct address of the FSF
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-06 06:55:40 -07:00
Tom Eastep
aabefe91f1 Merge branch '4.4.20' 2011-06-04 08:46:40 -07:00
Tom Eastep
f1cbfab7ac More blacklist/audit fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-04 08:45:23 -07:00
Tom Eastep
653a61a04a Merge branch '4.4.20' 2011-06-04 07:44:24 -07:00
Tom Eastep
a9c0824a30 Correct BLACKLIST_DISPOSITION=A_xxx with BLACKLIST_LOG_LEVEL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-04 07:44:07 -07:00
Tom Eastep
aa86b65ec3 Merge branch '4.4.20' 2011-06-02 11:44:15 -07:00
Tom Eastep
254e1ed784 Add 'I' STATE to secmarks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-02 11:43:55 -07:00
Tom Eastep
c3b56c1e73 Merge branch '4.4.20' 2011-06-02 10:07:03 -07:00
Tom Eastep
561d461a25 Add 'NI' STATE setting in secmarks.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-02 10:06:27 -07:00
Tom Eastep
169c995940 Fix a typo in the release notes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-02 06:50:10 -07:00
Tom Eastep
1e883c2fdf Merge branch '4.4.20' 2011-06-02 06:47:09 -07:00
Tom Eastep
086a99ea24 Don't initialize PLAIN
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-02 06:23:57 -07:00
Tom Eastep
f9c5b8b0d5 Improve some comments
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-02 06:23:37 -07:00
Tom Eastep
36aee407ef Merge branch '4.4.20' 2011-06-01 13:01:27 -07:00
Tom Eastep
5f08605adc Delete some cruft
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-01 12:26:05 -07:00
Tom Eastep
faff915dd2 Fix a typo in the release notes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-01 06:53:09 -07:00
Tom Eastep
b30d1bfc48 Merge branch '4.4.20' 2011-06-01 06:34:43 -07:00
Tom Eastep
f253bb5a11 Corrections to release notes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-01 06:31:02 -07:00
Tom Eastep
243a09783c Merge branch '4.4.20' 2011-05-31 15:45:09 -07:00
Tom Eastep
7bf74bb8c9 Add new builtin targets to %builtin_target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-31 15:43:42 -07:00
Tom Eastep
21d2c5720b Clarify 'bridge_nf_call_*'; mention that problems corrected in 4.4.19 dot releases are included
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-31 12:22:45 -07:00
Tom Eastep
468ff6efab First cut at IPSET/Dynamic-zone support in Shorewall6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-31 11:23:43 -07:00
Tom Eastep
8df470b5f5 Version to 4.4.20 2011-05-31 09:30:18 -07:00
Tom Eastep
5ce3a1f4d1 Update release documents
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-31 07:03:56 -07:00
Tom Eastep
2f6c5fd260 Set 'bridge-nf-call-ip6?tables' if bridges are configured.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-31 06:59:43 -07:00
Tom Eastep
4f296b62ae Another fix for auditone 2011-05-30 16:37:56 -07:00
Tom Eastep
e6275ba31d Fix a bug in auditing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 15:28:00 -07:00
Tom Eastep
d89a915f26 Load IPv6 libraries when processing /etc/shorewall6/params
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 13:24:36 -07:00
Tom Eastep
2dec3a8ecb Correct handling of AUDIT_TARGET is both cli libraries.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 11:39:21 -07:00
Tom Eastep
26d08b92c0 Correct use of null value as a hash
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 11:38:49 -07:00
Tom Eastep
b0447b8bd3 Remove another MACLIST defect 2011-05-30 08:49:41 -07:00
Tom Eastep
7b560eefe4 Allow compound options in the installers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 08:15:59 -07:00
Tom Eastep
60d33740f6 Fix MACLIST_DISPOSITION defect introduced earlier in this release
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 07:59:44 -07:00
Tom Eastep
11c209c55f Restore access to $Shorewall::Rules::family 2011-05-29 17:22:36 -07:00
Tom Eastep
2852cdeb53 Another attempt at the IPMARK fix 2011-05-29 14:42:23 -07:00
Tom Eastep
a71136fd5a Rework configuration files for Shorewall and Shorewall6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-29 14:34:18 -07:00
Tom Eastep
7404d912bd Add LOGRATE to */shorewall.conf 2011-05-28 19:12:34 -07:00
Tom Eastep
ec01e39479 Add LOGBURST to */shorewall.conf 2011-05-28 19:03:18 -07:00
Tom Eastep
9dc689dd13 Sort Sample .conf files 2011-05-28 12:38:12 -07:00
Tom Eastep
6d3640dafc Alphabetize config files and sync files and manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 10:34:54 -07:00
Tom Eastep
03ecdc8c06 Clean up shorewall.conf and its documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 09:10:46 -07:00
Tom Eastep
243e8f1dbe Fix check for unreferenced 'sfilter' chain 2011-05-28 08:31:36 -07:00
Tom Eastep
fc34f07a7a Remove PKTTYPE option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 07:11:48 -07:00
Tom Eastep
a37dbf76dc Delete 'sfilter' chain if it isn't referenced
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 19:56:54 -07:00
Tom Eastep
1a2c9a08e1 Don't include comment in audit chain rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 19:56:04 -07:00
Tom Eastep
5082b0701a Get release notes changes for filter->sfilter 2011-05-27 19:43:13 -07:00
Tom Eastep
bac640e731 Get changes from 4.5.0 branch 2011-05-27 19:42:09 -07:00
Tom Eastep
586a3537bf Delete 'sfiter' chain if it doesn't have referenes 2011-05-27 19:38:03 -07:00
Tom Eastep
790c96c90a Version to RC 1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 09:11:47 -07:00
Tom Eastep
c6e9de65f1 Prevent duplicate 'filter' rules when combining two interface chains
into the same zone forwarding chain.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 06:43:47 -07:00
Tom Eastep
8a0dc9f0f6 Clean up release notes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 06:42:56 -07:00
Tom Eastep
fbfe7b9f93 Don't create 'reject' and AUDIT' in the 'stopped' case.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-26 14:11:36 -07:00
Tom Eastep
0287d96aa2 Finish filtering implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-26 13:38:44 -07:00
Tom Eastep
6c3163cc27 Routeback corrections
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-25 10:45:57 -07:00
Tom Eastep
e4d667ca6a Add routeback protection
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 17:07:31 -07:00
Tom Eastep
bbe165c3cf Bump version to Beta 5
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 11:40:11 -07:00
Tom Eastep
0beb327f0a Rename audited actions and Macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 11:31:42 -07:00
Tom Eastep
84b844ae79 Implement -T option for compile and check
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 10:21:49 -07:00
Tom Eastep
ee98772349 Add -c to the start command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 09:13:02 -07:00
Tom Eastep
021048379f Additions to the Beta 4 Documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 08:54:43 -07:00
Tom Eastep
e6c1de3829 Correct ADrop action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 07:47:42 -07:00