3564 Commits

Author	SHA1	Message	Date
Tom Eastep	2bebf1c95a	Make '&' and '|' work with CONNMARK ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-18 11:30:52 -07:00
Tom Eastep	18573037f9	More 'check -r' fixes around Docker ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-18 11:09:39 -07:00
Tom Eastep	818628138b	Add MARK and CONNMARK to the %targets table ... - Also, sort the table entries Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-18 10:21:35 -07:00
Tom Eastep	2adec0eb65	Implement a filename cache for find_file() ... - Don't need to search the CONFIG_PATH for re-open of same file. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-18 09:45:41 -07:00
Tom Eastep	6ae94767b7	Correct a comment ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-18 08:31:52 -07:00
Tom Eastep	9ab2310dc8	Correct an incorrect comment in process_rules() ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-17 08:47:33 -07:00
Tom Eastep	da0653cb2f	Declare passed() in Shorewall::User rather than importing it from Config ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-15 14:16:15 -07:00
Tom Eastep	65ce6ed226	Update modules to use passed() for parameter testing ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-15 12:06:32 -07:00
Tom Eastep	eb9dd3e485	Implement passed() in Config.pm ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-15 12:00:56 -07:00
Tom Eastep	796f191d48	Don't re-stat action files in process_action() ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-15 09:03:36 -07:00
Tom Eastep	71c26beab4	Remove dead code (caused by bad test) ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-14 17:56:34 -07:00
Tom Eastep	6f04902963	Make use of 'state=' in actions a fatal error ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-14 17:55:54 -07:00
Tom Eastep	901c6d34f6	Correct typo in Rules ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-14 15:56:57 -07:00
Tom Eastep	741da14789	Ignore 'state' in the actions file with a warning ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-14 15:46:29 -07:00
Tom Eastep	dd547c90a8	Implement the 'state' action option ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-14 14:30:36 -07:00
Tom Eastep	35fac8c2ea	Avoid repeated %actions lookup in process_action() ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-14 12:37:45 -07:00
Tom Eastep	513b828788	Pass '$prerule' to process_inline() ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-14 10:56:07 -07:00
Tom Eastep	28e0cb5335	Use filename stored in the actions table ... - Avoid a find_file call on each action invocation Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-14 10:55:39 -07:00
Tom Eastep	c631173310	Eliminate the %inlines table ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-14 10:47:18 -07:00
Tom Eastep	2c14b7c9e3	Rename %actparms to %actparams ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-13 15:36:38 -07:00
Tom Eastep	8e7af2e95e	Additional editing of audit action parameters. ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-13 15:28:49 -07:00
Tom Eastep	44c0bffcd3	Add 'audit' option to actions ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-13 14:39:46 -07:00
Tom Eastep	2c3644a510	Make Action/Inline binary options into a bitmap ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-13 14:15:43 -07:00
Tom Eastep	407bc8f8db	More prerule fixes in expand_rule() ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-13 12:57:23 -07:00
Tom Eastep	2743a411ae	Add a jump to DOCKER from OUTPUT ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-13 12:51:36 -07:00
Tom Eastep	c2fd48c4c6	Include pre-rule matches when the target is a chain ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-13 10:08:17 -07:00
Tom Eastep	5f01bc75bd	Better fix for $current_param in the INLINE block of process_rule() ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-12 18:28:27 -08:00
Tom Eastep	0e59b82503	Handle '+' in inline matches the mangle and masq files ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-12 17:14:15 -08:00
Tom Eastep	90ace544eb	Implement '+' to specify inline matches as "early" ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-12 16:39:46 -08:00
Tom Eastep	c36cee28fb	Save/Restore $current_param in process_inline() ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-12 16:39:08 -08:00
Tom Eastep	ec2ebee0e6	Clear inline matches between calls to process_rule() ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-12 15:08:47 -08:00
Tom Eastep	a50c52675b	Correct a comment ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-12 15:08:04 -08:00
Tom Eastep	bb7b3123df	Eliminate ?begin perl ... ?end Perl in many actions ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-12 12:15:07 -08:00
Tom Eastep	3960fa6e0e	Performance tweak to read_a_line() ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-12 09:05:30 -08:00
Tom Eastep	a7fda02d88	Print lines copied into the generated script when tracing ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-11 15:59:49 -08:00
Tom Eastep	68a324c62c	Small tweaks to read_a_line() ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-11 13:56:03 -08:00
Tom Eastep	6779c8307f	Optimize chain resolution in process_mangle_rule1() ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-10 15:26:52 -08:00
Tom Eastep	147c7e284f	Fix a couple of Mangle Action blunders ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-10 13:59:29 -08:00
Tom Eastep	8d657775af	Fix 'check -r' ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-10 13:41:59 -08:00
Tom Eastep	b14bf0e779	Remove unused globals from the Rules module ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-10 11:14:51 -08:00
Tom Eastep	dc286c472c	More tidying up of Mangle Actions ... - Delete an inadvertently-added blank line - Move $convert declaration back to the Tc module - Add comments in the Tc module about key moved declarations Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-09 15:51:54 -08:00
Tom Eastep	87f63b7160	Allow USE_DEFAULT_RT with NetworkManager ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-09 14:17:40 -08:00
Tom Eastep	617218f8ea	Merge branch '5.0.6'	2016-03-09 11:36:46 -08:00
Tom Eastep	09c3be0adb	Correct typo that cases restart failure. ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-09 11:18:05 -08:00
Tom Eastep	ec9148637f	Inline mangle actions ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-09 10:28:02 -08:00
Tom Eastep	991d8d2d3f	Move convert_tos() back to the Tc module ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-08 11:17:14 -08:00
Tom Eastep	301bce5d34	Clean up mangle actions ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-08 09:27:43 -08:00
Tom Eastep	a4aa020a84	Add R chain designator ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-07 13:51:49 -08:00
Tom Eastep	81c16d2d67	More Mangle Action Changes ... - Move open_mangle_for_output() back to the Tc module - Eliminate global variables in process_mangle_rule1() - Allow creation of mangle action chains - Minor (but needed) logic changes Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-07 13:51:28 -08:00
Tom Eastep	bbbf54f7c3	Merge branch '5.0.6'	2016-03-07 08:59:17 -08:00
Tom Eastep	c37e41ee9c	Avoid duplicate route rules from 'disable' ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-06 15:48:33 -08:00
Tom Eastep	ba6dc9c5c0	First cut at mangle actions ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-06 12:42:22 -08:00
Tom Eastep	89b2c2fb55	Move mangle processing into the Rules module ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-06 08:59:37 -08:00
Tom Eastep	2bb143b28c	Save/restore nat OUTPUT jump to DOCKER ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-04 12:21:45 -08:00
Tom Eastep	99f83da3ab	Avoid duplicate rules after reload ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-04 11:09:53 -08:00
Tom Eastep	89e3e959dc	Revert bad change ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-04 10:20:55 -08:00
Tom Eastep	9e41264671	Go back to generating docker0 rules when it is defined to Shorewall ... - Avoids issues after 'stop' Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-04 09:27:47 -08:00
Tom Eastep	3fb715740d	Avoid duplicated code blocks in save_dynamic_chains() ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-04 09:27:04 -08:00
Tom Eastep	ed6ff96aa0	Replace another $VARDIR instance ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-03 14:11:57 -08:00
Tom Eastep	18dac19d86	Remove dead code from save_dynamic_chains() ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-03 14:09:55 -08:00
Tom Eastep	d5ea876e93	Replace $VARDIR with ${VARDIR} for consistency ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-03 11:54:14 -08:00
Tom Eastep	f7a6ad1412	Clean up formatting in define_firewall() and stop_firewall() ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-03 09:24:43 -08:00
Tom Eastep	b279869629	Fix DOCKER issue ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-02 20:59:44 -08:00
Tom Eastep	c56ba534d6	Yet more PAGER fixes ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-02 12:34:39 -08:00
Tom Eastep	90d254f0c3	Add PAGER option ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-02 08:32:49 -08:00
Tom Eastep	a95de8d092	Page the output of verbose commands ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-01 15:12:54 -08:00
Tom Eastep	68cce5ff73	Eliminate some sillyness in normalize_action() ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-29 11:17:15 -08:00
Tom Eastep	1c1881859f	Delete untrue comment ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-29 08:45:47 -08:00
Tom Eastep	5b163e9bc2	Save/restore docker0 rules when it isn't defined to Shorewall ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-27 14:09:29 -08:00
Tom Eastep	71d64ab380	Add DOCKER network support ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-27 13:36:47 -08:00
Tom Eastep	36d8518562	Code compaction ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-26 13:13:56 -08:00
Tom Eastep	6c88eb6916	Add an ECN action to shorewall-mangle(8) ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-26 09:33:16 -08:00
Tom Eastep	6e1cc0f1d0	Correct stop/start Docker handling ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-25 13:37:44 -08:00
Tom Eastep	ee5ef07035	Correct another silly typo -- this time in allowBcast() ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-24 14:58:10 -08:00
Tom Eastep	3c8696b91d	Correct silly typo in setup_ecn() ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-24 09:35:13 -08:00
Tom Eastep	fd4de0c66a	Create more compact DOCKER conditional rules ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-22 14:46:35 -08:00
Tom Eastep	49536562e2	Emit more compact code when conditionally adding DOCKER chains ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-22 13:49:22 -08:00
Tom Eastep	36b6863b02	Update copyright date on lib.core ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-22 13:48:48 -08:00
Tom Eastep	63b501996e	Require ADDRTYPE for DOCKER=Yes ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-21 12:26:39 -08:00
Tom Eastep	7a9e9ad945	Decommit DOCKER=Yes in IPv6. ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-21 12:03:41 -08:00
Tom Eastep	f4312a38b9	Add all Docker rules in the stopped state ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-21 10:33:45 -08:00
Tom Eastep	fc6a1f6d0d	Don't create Docker chains/rules if Docker isn't running ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-21 09:54:37 -08:00
Tom Eastep	83b899b030	Save/Restore Docker-generated rules ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-20 14:02:54 -08:00
Tom Eastep	61f6cacc30	Infrastructure required by Docker ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-20 14:01:48 -08:00
Tom Eastep	caba1cd770	DOCKER=Yes requires IPTABLES_S ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-20 10:03:06 -08:00
Tom Eastep	4306ff1029	Correct 'save_dynamic_chains' ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-20 09:57:11 -08:00
Tom Eastep	663f82c158	Move nat POSTROUTING rules to SHOREWALL if DOCKER=Yes ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-20 09:24:06 -08:00
Tom Eastep	e66d9f6547	Add DOCKER option ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-19 17:42:54 -08:00
Tom Eastep	f33f333937	Make 'default' and 'none' case insensitive in the GATEWAY column ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-17 15:25:46 -08:00
Tom Eastep	94cfe54f92	Allow routing tables with no default route ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-17 11:49:09 -08:00
Tom Eastep	8ac0f96029	Delete blank line ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-09 18:20:00 -08:00
Tom Eastep	894a98f24e	Improve optimizer handling of origin during rule merge ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-04 12:00:05 -08:00
Tom Eastep	bd9e8142b9	Ensure that the chain origin is used when there is no rule origin ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-03 10:43:10 -08:00
Tom Eastep	916a392fb0	Improve chain-completion rule tracking ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-02 14:57:47 -08:00
Tom Eastep	28983a0194	Add comment describing the origin member of a rule ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-01-31 09:29:24 -08:00
Tom Eastep	2cd098ba31	Update heading versions and copyrights ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-01-28 13:46:34 -08:00
Tom Eastep	9188f7efa3	Don't export shortlineinfo2 ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-01-28 13:38:26 -08:00
Tom Eastep	95a029316a	Improve get_keys*() ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-01-28 12:51:23 -08:00
Tom Eastep	d4bea3d3ec	Optimize TRACK_RULES handling in the Chains module ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-01-28 11:38:48 -08:00
Tom Eastep	6085c6092f	Add origin comments to command-mode rules ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-01-28 10:58:09 -08:00