extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-18 20:30:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,397 Commits 104 Branches 736 Tags 55 MiB
216029c3a9
Commit Graph

2738 Commits

Author SHA1 Message Date
Tom Eastep
216029c3a9 Copy blackhole routes to secondary tables. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-03-06 11:04:23 -08:00
Tom Eastep
32b2030e59 Remove duplicate interface names in generated case statement. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-03-06 07:03:41 -08:00
Tom Eastep
0bb62ed290 Avoid duplicate echo command in generated script. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-03-06 06:12:43 -08:00
Tom Eastep
49918b654e Support '=' in SOURCE PORT(S) columns 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-03-04 09:56:10 -08:00
Tom Eastep
0857eb27d5 Another case of detecting invalid server IP address. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-03-02 09:08:13 -08:00
Tom Eastep
69f6149d4c Detect missing, NIL or ALL server IP address in a DNAT rule. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-03-02 09:00:08 -08:00
Tom Eastep
5ca3b795fc Correct IPv6 REDIRECT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-03-01 16:44:49 -08:00
Tom Eastep
9499a47a0d Revert "Use '--to-dest' for IPv6 rather than '--to-destination'" 
This reverts commit c9d8c22b60.
 2013-03-01 10:44:40 -08:00
Tom Eastep
c9d8c22b60 Use '--to-dest' for IPv6 rather than '--to-destination' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-03-01 09:03:22 -08:00
Tom Eastep
8960f72532 Handle DNAT with no port correctly. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-03-01 07:58:58 -08:00
Tom Eastep
ee091d09eb Allow ports with UDPLITE 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-28 06:27:51 -08:00
Tom Eastep
22c614d30b Don't allow :persistent in a MASQUERADE rule. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-27 12:48:27 -08:00
Tom Eastep
418034579f Support IPv6 Masquerade 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-27 09:25:26 -08:00
Tom Eastep
78babf0941 Fixes for IPv6 DNAT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-26 10:24:25 -08:00
Tom Eastep
45d53bdb1d Delete superfluous statement. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-25 17:50:33 -08:00
Tom Eastep
fb17de0595 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2013-02-25 17:29:49 -08:00
Tom Eastep
6ed1caedd0 Validate IPv4 port range in ADDRESSES column 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-25 17:29:33 -08:00
Tom Eastep
1d4f189b5f Don't allow interior brackets in an address range. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-25 17:26:17 -08:00
Tom Eastep
7006c62892 Correct port pair handling in the snat ADDRESS column. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-25 15:31:36 -08:00
Tom Eastep
6b825abeb4 Catch ::<port-range> in /etc/shorewall6/snat 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-25 13:41:43 -08:00
Tom Eastep
f2ee46b83e Correct IPv6 address range parsing in handle_one_masq1 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-25 13:37:22 -08:00
Tom Eastep
e873cb28f4 Correctly handle a port number/range with an address variable 
- ADDRESSES column of the masq/snat files.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-25 08:00:15 -08:00
Tom Eastep
de1a5a8024 Handle SNAT 'ADDRESS' without enclosing [...] 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-25 06:42:19 -08:00
Tom Eastep
34c6013f1b Handle missing provider in a masq/snat entry. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-24 08:12:02 -08:00
Tom Eastep
82f9ba8bb7 Correct detection of IPv6 PERSISTENT_SNAT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-23 12:59:38 -08:00
Tom Eastep
6035d49ede Correct NAT capability required error message. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-23 11:57:32 -08:00
Tom Eastep
67ef1f8b93 Correct detection of IPv6 NAT_ENABLED. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-23 11:57:07 -08:00
Tom Eastep
0349a9a88c Rename the IPv6 masq file 'snat'. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-19 13:05:24 -08:00
Tom Eastep
2591a17946 Cosmetic change to the output with the '-r' option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-19 11:59:57 -08:00
Tom Eastep
b562f7f311 Allow specification of destination addresses in Shorewall6 masq. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-19 08:34:03 -08:00
Tom Eastep
ce28c70c60 SNAT and DNAT support for IPv6. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-19 07:08:08 -08:00
Tom Eastep
d0b2d05d5b Add optional argument to have_capability(). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-18 15:15:26 -08:00
Tom Eastep
088fc1a3a3 Report used/required capabilities 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-18 08:48:18 -08:00
Tom Eastep
6d92d293b8 Use 'here documents' in the usage() function. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-17 07:44:10 -08:00
Tom Eastep
7859267539 Eliminate $globals{CONFDIR} 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-14 17:24:49 -08:00
Tom Eastep
c68513672d Comments and documentation. 
- Removes the Actions-4.5 article

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-14 08:48:45 -08:00
Tom Eastep
93b3fd9be5 Correct IPv6 address checking (again) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-13 13:37:26 -08:00
Tom Eastep
138638cb1a Effectively use the specified directory as the CONFIG_PATH til .conf is read 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-13 07:45:24 -08:00
Tom Eastep
c5bb16ac26 Another fix for IPv6 address lists. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-13 07:44:19 -08:00
Tom Eastep
f44becdee1 Rename BLACKLIST_LOGLEVEL to BLACKLIST_LOG_LEVEL for consistent naming. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-12 07:47:02 -08:00
Tom Eastep
84c5822c20 Correct IPv6 List Handling 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-11 16:45:03 -08:00
Tom Eastep
b4977db5b2 Add %section_states that maps sections to their related state(s). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-11 14:59:48 -08:00
Tom Eastep
8d0a80a7e2 Merge branch '4.5.13' 2013-02-11 06:40:11 -08:00
Tom Eastep
b9d5b92f1b Correct handling of expressions consisting of a single number. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 15:19:30 -08:00
Tom Eastep
b349cc0f22 A better fix for inline default action with parameters. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 09:29:30 -08:00
Tom Eastep
a312bfbb42 Add a section => name function map 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 09:27:43 -08:00
Tom Eastep
c35e753b1d A better fix for inline default action with parameters. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 09:16:18 -08:00
Tom Eastep
8b4349b356 Merge branch '4.5.13' 2013-02-10 09:05:41 -08:00
Tom Eastep
54c43396f0 Correct default action handling: 
- isolate basic target before testing for action/inline
- delete the action chain if appropriate.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 09:00:13 -08:00
Tom Eastep
f9dc89dc61 Allow arbitrary $n variables when IGNOREUNKNOWNVARIABLES=Yes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 07:56:04 -08:00