Tom Eastep
|
50dc02da07
|
Implement the 'REQUIRE_INTERFACE' option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-19 07:32:02 -07:00 |
|
Tom Eastep
|
4690075ed8
|
Start firewall on up event for optional interface.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-18 20:29:03 -07:00 |
|
Tom Eastep
|
0c9a0150d2
|
Document Shorewall-init; delete old auto-stop code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-18 14:42:39 -07:00 |
|
Tom Eastep
|
f9d187c288
|
Correct issues found in Fedora Testing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-18 10:27:12 -07:00 |
|
Tom Eastep
|
499b0cddaa
|
Log the text from startup errors.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-17 07:02:30 -07:00 |
|
Tom Eastep
|
a534bca914
|
Fix an existing bug in Shorewall6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-16 19:28:49 -07:00 |
|
Tom Eastep
|
a501222194
|
Fix some bugs in the Shorewall-init implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-16 17:41:09 -07:00 |
|
Tom Eastep
|
4f428d8135
|
De-implement 'close'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-16 15:31:41 -07:00 |
|
Tom Eastep
|
749d6be64e
|
Add 'optional' interfaces to updown processing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-15 17:06:00 -07:00 |
|
Tom Eastep
|
a3589dc6e9
|
Implement the 'up' and 'down' script commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-15 12:48:04 -07:00 |
|
Tom Eastep
|
88188202cc
|
Add 'wait' interface option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-15 09:52:46 -07:00 |
|
Tom Eastep
|
16e451a7d8
|
Add 'required' interface option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-15 09:04:32 -07:00 |
|
Tom Eastep
|
a2758421ed
|
Bump version to 4.4.10-Beta1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-13 17:03:14 -07:00 |
|
Tom Eastep
|
529f9a07b4
|
Update Rules.pm version to 4.4.10
|
2010-05-13 16:39:52 -07:00 |
|
Tom Eastep
|
1d0b8b1cec
|
Correct syntax error in generated code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-13 16:32:42 -07:00 |
|
Tom Eastep
|
449ca038ba
|
Implement 'close' command
|
2010-05-13 16:29:25 -07:00 |
|
Tom Eastep
|
65a5d34276
|
Update Module Versions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-03 12:46:29 -07:00 |
|
Tom Eastep
|
96bef5bd49
|
Assume 'routeback' in routestopped based on interface config.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-03 12:31:11 -07:00 |
|
Tom Eastep
|
fca404eeaf
|
Update version to 4.4.9
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-03 10:02:02 -07:00 |
|
Tom Eastep
|
c7848be266
|
Back out the rest of the original change for dup / -[psiod]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-03 09:59:25 -07:00 |
|
Tom Eastep
|
70c6a2cdf3
|
Update version to 4.4.9-RC2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-02 07:25:50 -07:00 |
|
Tom Eastep
|
639b3ea57d
|
Simplify checking for /! -[piosd] /
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-01 09:13:16 -07:00 |
|
Tom Eastep
|
311372013d
|
More fixes to optimization
Only disallow / ! -[piosd] / if the target is a chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-01 08:58:41 -07:00 |
|
Tom Eastep
|
518416ec2e
|
Add a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-01 08:08:39 -07:00 |
|
Tom Eastep
|
94c6b37e8e
|
Avoid leaving an orphan '!' behind.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-01 07:51:24 -07:00 |
|
Tom Eastep
|
219b2e0761
|
A more comprehensive solution to multiple -[piosd] matches.
- eliminate duplicate -[piosd] matches in merged rules
- avoid tracing !* unconditionally
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-01 07:26:25 -07:00 |
|
Tom Eastep
|
16161d9cfc
|
Add new trace types.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-05-01 06:43:09 -07:00 |
|
Tom Eastep
|
1173518d78
|
More minor cleanup of first code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-30 07:22:09 -07:00 |
|
Tom Eastep
|
076da4bd5c
|
Couple of tweaks to my earliest code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-29 11:19:50 -07:00 |
|
Tom Eastep
|
2c1cede54e
|
Revise addressless bridge change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-27 15:23:38 -07:00 |
|
Tom Eastep
|
d8b0f496df
|
Allow simple configuration of a bridge with no IP address
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-27 12:26:58 -07:00 |
|
Tom Eastep
|
988f7c4d7e
|
More fixes for bad NAT optimization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-26 16:50:18 -07:00 |
|
Tom Eastep
|
0e4698d57c
|
Fix rare optimization bug
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-26 16:19:58 -07:00 |
|
Tom Eastep
|
6d61e962eb
|
Use -m conntrack if available in place of -m state
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-25 13:35:41 -07:00 |
|
Tom Eastep
|
21e0c68ef2
|
Bump version to 4.4.9 RC1
|
2010-04-25 09:37:17 -07:00 |
|
Tom Eastep
|
fb2ddcee7b
|
Bump Version to 4.4.9 Beta 5
|
2010-04-24 21:53:12 -07:00 |
|
Tom Eastep
|
b821bdcdfd
|
One more pass at improving regex's for target isolation and matching
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-22 14:45:34 -07:00 |
|
Tom Eastep
|
64bf772594
|
Set OUTPUT policy to ACCEPT when optimize_chain deletes all of its rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-22 13:38:38 -07:00 |
|
Tom Eastep
|
fb754b3a2e
|
Don't remove a lone ACCEPT rule from the OUTPUT chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-22 11:35:14 -07:00 |
|
Tom Eastep
|
a1a78cf09b
|
Abandon the fantesy that multiple optimize 8 passes will achieve anything.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-16 17:12:08 -07:00 |
|
Tom Eastep
|
c52a3dcd14
|
Don't generate policy chains for fw to bridgeport zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-16 09:56:11 -07:00 |
|
Tom Eastep
|
1030c852f9
|
Simplify a test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-16 09:21:30 -07:00 |
|
Tom Eastep
|
e7a4aaafc1
|
Modify optimization 8 loop to continue until no chains are combined.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-16 09:17:57 -07:00 |
|
Tom Eastep
|
4f00de0c57
|
Make additional optimize 8 passes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-16 08:42:25 -07:00 |
|
Tom Eastep
|
21b44ac42b
|
Change version to 4.4.9-Beta4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-16 07:25:53 -07:00 |
|
Tom Eastep
|
82d6ba511f
|
Unify the REs that look for '-[jg] <chain>'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-15 18:02:31 -07:00 |
|
Tom Eastep
|
cec59360f6
|
Use '-j' rather than '-g' when jumping to tcpre, just to be safe
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-15 14:14:13 -07:00 |
|
Tom Eastep
|
46d207a86f
|
Restore original amount of whitespace in maclist rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-15 14:13:37 -07:00 |
|
Tom Eastep
|
e9a94b0cfb
|
Unify reference count adjustment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-15 14:12:48 -07:00 |
|
Tom Eastep
|
cf59d9ec68
|
Fix an optimize 8 bug.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-04-15 12:45:00 -07:00 |
|