Commit Graph

7613 Commits

Author SHA1 Message Date
Tom Eastep
18ba5c7311
Don't verify 'conntrack' utility for 'remote-' commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-02 11:52:35 -08:00
Tom Eastep
09980cc75e
Use split() in uptodate()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-31 15:59:28 -08:00
Tom Eastep
e0a757ea03
Quit find after finding the first newer file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-31 14:15:45 -08:00
Tom Eastep
550003f0f4
Only look at regular files when running 'find'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-31 14:09:51 -08:00
Tom Eastep
4f50303318
Merge branch '5.1.10'
# Conflicts:
#	Shorewall/lib.cli-std
2017-12-31 14:06:52 -08:00
Tom Eastep
5053999442
Don't run 'find' in the PWD
- Also remove -mindepth so as to catch deletions in the directories

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-31 13:33:16 -08:00
Tom Eastep
6b5889177b
Correct startup_error() inadvertent change
- Switch ensure_root() back to calling startup_error()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-30 09:24:21 -08:00
Tom Eastep
377c9f5708
Only search files in each CONFIG_PATH directory - no recursion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-30 08:44:05 -08:00
Tom Eastep
45a164733b
Fix breakage of ipp2p
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-30 08:38:14 -08:00
Tom Eastep
6f82bfe7d1
Handle PROTO '-' in conntrack file processing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-29 15:54:15 -08:00
Tom Eastep
4e5b98d3d9
Only search files in each CONFIG_PATH directory - no recursion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-29 15:42:09 -08:00
Tom Eastep
078c781dfa
Allow override of :syn assumption in CT rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-29 15:15:33 -08:00
Tom Eastep
46f68c6dcb
Move adjustment of the protocol in process_conntrack_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-29 13:51:33 -08:00
Tom Eastep
b42678269c
Revert "Add :syn to each TCP entry in the conntrack file"
This reverts commit f861f8da35.
2017-12-29 13:08:27 -08:00
Tom Eastep
9bd10c0c00
Call fatal_error (not startup_error) when non-root does default compile
- Also reword the message
2017-12-29 12:49:43 -08:00
Tom Eastep
f861f8da35
Add :syn to each TCP entry in the conntrack file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-29 12:38:58 -08:00
Tom Eastep
9e3cb27d0a
Use the synchain name in log messages rather than the base chain name
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-28 14:13:50 -08:00
Tom Eastep
d8a22d13dd
Allow non-root to run many 'show' commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-28 10:49:09 -08:00
Tom Eastep
9afe8daae0
Merge branch '5.1.10'
# Conflicts:
#	Shorewall-core/install.sh
#	Shorewall/install.sh
2017-12-26 15:45:20 -08:00
Tom Eastep
43adcd26a1
Make the /etc and the configfiles .conf files the same
Signed-off-by: Tom Eastep <teastep@shorewall.net>

# Conflicts:
#	Shorewall/install.sh
2017-12-26 15:39:26 -08:00
Tom Eastep
f2a565729f
Replace $PRODUCT with ${PRODUCT}
- Also correct one incidence of PRODUCT that should have been $PRODUCT

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-26 14:00:00 -08:00
Tom Eastep
ea8b2a803a
Make the /etc and the configfiles .conf files the same
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-26 11:48:33 -08:00
Tom Eastep
16832149ca
Remove unneeded modification of $CONFDIR/$PRODUCT/$PRODUCT.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-26 11:35:56 -08:00
Tom Eastep
7edf4918d7
Remove leading ":" from CONFIG_PATH in active shorewall[6].conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-26 10:27:19 -08:00
Tom Eastep
b1d1fa862a
Add comment noting that the 'physwild' interface member is currently unused
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-23 10:58:16 -08:00
Tom Eastep
24acf25451
Delete unused find_interfaces_by_option1()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-23 10:53:16 -08:00
Tom Eastep
229c47ac6c
Don't delete options that are to be ignored from %options
- specifying some options can have side-effects that cause
  $interfaceref->{options}{$option} to be accessed

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-23 10:47:22 -08:00
Tom Eastep
38de9c1732
Make wildcard/option checks order-independent WRT the options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-23 10:24:08 -08:00
Tom Eastep
17f4fd7cd2
Initialize $physwild to $wildcard
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-22 15:42:16 -08:00
Tom Eastep
cfd02c1bb6
More $minroot changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-22 13:58:38 -08:00
Tom Eastep
19b7601c72
Improve handling of wildcard interfaces and options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-22 13:43:45 -08:00
Tom Eastep
5a8e9cd0a3
Correct $minroot logic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-22 09:08:27 -08:00
Tom Eastep
b5a6067588
Describe default interval and decay for rate estimator policing filters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-20 09:04:52 -08:00
Tom Eastep
45468af2d2
Correct ingress policing for later releases of iproute2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-18 11:52:19 -08:00
Tom Eastep
4ab8e1f0a2
Remove PSH from the FIN action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-05 15:25:54 -08:00
Tom Eastep
821d72093a
Rename DEFAULTACTION_SECTION to POLICYACTION_SECTION.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-02 16:25:15 -08:00
Tom Eastep
42d5d13780
Retain proto setting when switching inline <-> noinline
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-02 13:40:41 -08:00
Tom Eastep
7121a0f1b1
Disallow a protocol on the Reject Action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-02 12:58:05 -08:00
Tom Eastep
ab12d63a4f
Change 'default action' to 'policy action' in comments and messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-02 12:55:17 -08:00
Tom Eastep
6ba1d5413b
Allow a protocol to be associated with an action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-02 11:24:08 -08:00
Tom Eastep
4fc572f664
Exit the IPv6 AllowICMPs chain if packet isn't ipv6-icmp
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-01 14:50:17 -08:00
Tom Eastep
138e64c54a
Improve the documentation surrounding DNS names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-01 09:25:20 -08:00
Tom Eastep
b04b65cac8
Clear counters in all tables during 'reset'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-11-30 14:31:59 -08:00
Tom Eastep
5dcb684efc
Don't be specific when deleting IPv6 balanced/fallback default routes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-11-28 15:26:17 -08:00
Tom Eastep
3e87e5004a
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2017-11-27 09:36:13 -08:00
Roberto C. Sánchez
c89b113a61
Fix typos 2017-11-26 15:39:59 -05:00
Tom Eastep
7289175070
Chop first config dir if non-root or if compiling for export.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-11-23 09:57:12 -08:00
Tom Eastep
a9373d727b
Use logical interface names in the samples.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-11-22 09:40:15 -08:00
Tom Eastep
528b473f6b
Add some additional documentation to the Config module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-11-22 08:41:37 -08:00
Tom Eastep
d22210c074
Set g_export before calling get_config()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-11-14 13:46:41 -08:00