Commit Graph

3920 Commits

Author SHA1 Message Date
Tom Eastep
17f4fd7cd2
Initialize $physwild to $wildcard
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-22 15:42:16 -08:00
Tom Eastep
cfd02c1bb6
More $minroot changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-22 13:58:38 -08:00
Tom Eastep
19b7601c72
Improve handling of wildcard interfaces and options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-22 13:43:45 -08:00
Tom Eastep
5a8e9cd0a3
Correct $minroot logic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-22 09:08:27 -08:00
Tom Eastep
45468af2d2
Correct ingress policing for later releases of iproute2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-18 11:52:19 -08:00
Tom Eastep
821d72093a
Rename DEFAULTACTION_SECTION to POLICYACTION_SECTION.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-02 16:25:15 -08:00
Tom Eastep
42d5d13780
Retain proto setting when switching inline <-> noinline
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-02 13:40:41 -08:00
Tom Eastep
7121a0f1b1
Disallow a protocol on the Reject Action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-02 12:58:05 -08:00
Tom Eastep
ab12d63a4f
Change 'default action' to 'policy action' in comments and messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-02 12:55:17 -08:00
Tom Eastep
6ba1d5413b
Allow a protocol to be associated with an action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-02 11:24:08 -08:00
Tom Eastep
b04b65cac8
Clear counters in all tables during 'reset'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-11-30 14:31:59 -08:00
Tom Eastep
5dcb684efc
Don't be specific when deleting IPv6 balanced/fallback default routes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-11-28 15:26:17 -08:00
Tom Eastep
7289175070
Chop first config dir if non-root or if compiling for export.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-11-23 09:57:12 -08:00
Tom Eastep
528b473f6b
Add some additional documentation to the Config module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-11-22 08:41:37 -08:00
Tom Eastep
2a9272ccd1
Clean up RAs involving "|"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-11-14 08:26:17 -08:00
Tom Eastep
130ddff9de
Correct a typo in an error message
- Includes cosmetic changes to Providers.pm

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-11-10 11:25:52 -08:00
Tom Eastep
9cf298482d
Merge branch '5.1.8' 2017-11-09 12:59:59 -08:00
Tom Eastep
c5a586aa37
Allow [...] around gateway address in the providers file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-11-09 12:20:01 -08:00
Tom Eastep
832418585a
Don't make persistent routes and rules dependent on autosrc.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-11-08 09:46:25 -08:00
Tom Eastep
605f61fb3c
Don't make persistent routes and rules dependent on autosrc.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-11-08 09:45:59 -08:00
Tom Eastep
ef8b85fc3e
Implement support for logging in the SNAT file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-11-02 12:44:42 -07:00
Tom Eastep
b35f1112f4
Allow 'noinline' in /etc/shorewall[6]/actions to override 'inline'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-10-20 09:19:50 -07:00
Tom Eastep
77d9eeb915
Eliminate extra parameter editing of TPROXY parameter list.
- Clarify syntax for actions with multiple parameters

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-10-19 13:08:12 -07:00
Tom Eastep
17838c1443
Add TCPMSS to the allowed mangle actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-10-19 12:58:38 -07:00
Tom Eastep
5867ce6c3b
CLAMPMSS now done in the mangle table.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-10-18 15:55:07 -07:00
Tom Eastep
8ea96098bf
Warning when 'persistent' used with RESTORE_DEFAULT_ROUTE=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-10-11 15:22:07 -07:00
Tom Eastep
02ed36332a
Revert "Warn when RESTORE_DEFAULT_ROUTE=Yes and a persistent provider is defined"
This reverts commit 39a3c72057.
2017-10-11 11:24:54 -07:00
Tom Eastep
cb4f9e7261
Don't restore default routes when there is an enabled fallback provider
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-10-11 11:24:13 -07:00
Tom Eastep
ddb12fcad9
Add/correct comments
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-10-11 11:00:46 -07:00
Tom Eastep
42ce754961
Don't restore default routes when a fallback= provider is enabled
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-10-11 11:00:05 -07:00
Tom Eastep
5cd4d63bc5
Delete main default routes when a fallback provider is enabled
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-10-11 10:59:31 -07:00
Tom Eastep
5b567f2d8b
Correct delete_default_routes() in tables other than main
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-10-11 10:58:48 -07:00
Tom Eastep
39a3c72057
Warn when RESTORE_DEFAULT_ROUTE=Yes and a persistent provider is defined
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-10-11 10:58:09 -07:00
Tom Eastep
b47e633c38
Use 'route replace' rather than 'route add' to avoid persistence issues
Previous failure case was:

- disable interface
- reload
- enable interface

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-10-09 08:58:10 -07:00
Tom Eastep
1b55a37a28
Ensure that 'rule add' commands don't fail with persistent interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-10-08 08:53:53 -07:00
Tom Eastep
a97dcd23d0
Allow merging of rules that specify an IPSEC policy
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-10-07 13:17:43 -07:00
Tom Eastep
108b169d8d
Treat LOG_TARGET like all other capabilities
- Previous implementation could generate unworkable script when
  LOAD_HELPERS_ONLY=Yes

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-10-06 08:01:52 -07:00
Tom Eastep
8469f983d8
Merge branch '5.1.7'
# Conflicts:
#	Shorewall/Perl/prog.footer
2017-09-29 15:25:37 -07:00
Tom Eastep
f54acb665a
Correct handling of mark range in MARK target.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-09-29 14:44:33 -07:00
Tom Eastep
3d2e9eb93e
Improve the fix for SELinux "getattr" denials
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-09-28 15:16:50 -07:00
Tom Eastep
c6a939301f
Improve the fix for SELinux "getattr" denials
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-09-28 15:16:00 -07:00
Tom Eastep
1cb98254cc
Handle SELinux getattr denials in open() processing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-09-26 16:42:54 -07:00
Tom Eastep
baa791a1e3
Handle SELinux getattr denials in open() processing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-09-26 16:41:50 -07:00
Tom Eastep
8b4b965f63
Remove unnecessary disable/enable of script generation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-09-21 14:36:30 -07:00
Tom Eastep
8ee2d6246c
Update a comment in the compiler
- get_configuration() also processes the shorewallrc file(s)

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-09-21 12:32:34 -07:00
Tom Eastep
a7be3dfece
Align progress messages produced by 'reenable'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-09-19 13:29:13 -07:00
Tom Eastep
846e8c4ece
Correct reenable logic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-09-19 13:29:08 -07:00
Tom Eastep
e2bf7e6584
Align progress messages produced by 'reenable'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-09-19 13:28:09 -07:00
Tom Eastep
ff3994f6a1
Correct reenable logic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-09-19 13:17:50 -07:00
Tom Eastep
494ec9c59c
Avoid extra comparison in reload_command()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-09-19 10:49:11 -07:00