extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-03 04:53:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,333 Commits 104 Branches 736 Tags 55 MiB
2769b09f64
Commit Graph

1531 Commits

Author SHA1 Message Date
Tom Eastep
166d27f6d4 Minor tweak to blacklisting 
Reverse order of tests for 'from' and 'src'.
Use equivalent logic for generating unknown option error

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-18 11:13:03 -07:00
Tom Eastep
5ab6f8e0e5 Set quantum in subordinate SFQ class to the MTU for HFSC parents. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-18 10:34:46 -07:00
Tom Eastep
568e54b50d Update version to Beta 2 2011-05-18 09:58:35 -07:00
Tom Eastep
e940f5018e Implement whitelisting. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-18 08:30:01 -07:00
Tom Eastep
cec07a6be5 Don't apply HTB quantum to HFSC 2011-05-17 18:34:41 -07:00
Tom Eastep
495aa9b9ac Implement NFLOG accounting action. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-17 13:42:13 -07:00
Tom Eastep
fd70e73d34 Add ACCOUNTING_TABLE option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-17 12:51:33 -07:00
Tom Eastep
680ca519ed Correct deletion of ipv6 'shorewall' chain 2011-05-17 11:33:56 -07:00
Tom Eastep
11ff245697 Don't generate refresh rules unless the command is 'refresh' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-16 13:08:32 -07:00
Tom Eastep
ffe7a1b777 Avoid inconsistencies and errors in refresh 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-16 11:34:41 -07:00
Tom Eastep
30f2fbff60 Issue warning on missing IPSET 2011-05-15 11:48:34 -07:00
Tom Eastep
72a330cba2 Don't emit degenerate tcfilters 2011-05-15 10:57:02 -07:00
Tom Eastep
e459fbf997 Don't allow non-leaf default class 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-15 10:56:46 -07:00
Tom Eastep
3f90f00081 Issue warnings and ignore non-leaf class in tcfilters and tcrules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-15 10:56:31 -07:00
Tom Eastep
7d25f6356b Augment a comment 2011-05-15 08:45:41 -07:00
Tom Eastep
c247140063 Restore 'our' to a couple of exported variables in the Config module 2011-05-14 14:18:22 -07:00
Tom Eastep
00add745b7 Use -o when copying routing tables 2011-05-14 13:56:39 -07:00
Tom Eastep
05e385a748 Only use 'our' when required 2011-05-14 13:21:31 -07:00
Tom Eastep
0626594cda Restore accuracy of tcclasses diagram 2011-05-14 09:27:51 -07:00
Tom Eastep
539e42aa2e Correct earlier patch 2011-05-09 16:34:31 -07:00
Tom Eastep
bbab1c9682 Ensure USER/GROUP is only specified when SOURCE in $FW 2011-05-09 16:33:34 -07:00
Tom Eastep
359de906ca Refinement to fix for double exclusion 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-09 16:28:53 -07:00
Tom Eastep
1a48dd3eb9 Correct last merged patch 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-08 05:51:58 -07:00
Tom Eastep
93d8b538eb Ensure route to gateway in the main table 2011-05-08 05:43:53 -07:00
Tom Eastep
a1bd664447 Fix issues with 'gawk' 2011-05-08 05:39:07 -07:00
Tom Eastep
afed909e52 Simplify the fix for double exclusion in ipset lists 2011-05-07 06:38:08 -07:00
Tom Eastep
0c59e0231d Correct double-exclusion fix 2011-05-07 06:37:37 -07:00
Tom Eastep
58c25e8517 Let tcfilters deal correctly with hex device numbers 2011-05-05 10:12:20 -07:00
Tom Eastep
59ea511201 Complain if there is no default class defined 2011-05-05 10:12:14 -07:00
Tom Eastep
91d8f39f2e Enforce limits on device and class numbers 2011-05-05 10:11:47 -07:00
Tom Eastep
349960294c Detect double exclusion in ipset expressions 2011-05-05 10:11:30 -07:00
Tom Eastep
368fe46932 Correct Comment 2011-05-05 10:11:22 -07:00
Tom Eastep
d8c2845085 Back out part of TC change 2011-05-05 10:11:13 -07:00
Tom Eastep
9a95bad17e Don't require '0x' on devnum > 10 in tcclasses 2011-05-05 10:06:55 -07:00
Tom Eastep
4300ef3ee2 Fix another couple of bugs with device numbers > 9 2011-05-05 10:06:41 -07:00
Tom Eastep
222c5dbf46 Normalize hex numbers before using them in string comparisons 2011-05-02 10:08:36 -07:00
Tom Eastep
e66d491f11 Correct patch for > 9 interfaces with tcfilters 2011-05-02 10:08:19 -07:00
Tom Eastep
bf10e104b7 Fix bug in tcfilters with device numbers > 9 2011-05-02 07:25:21 -07:00
Tom Eastep
d2407cb7a0 Don't allow IFB classes in tcrules 2011-05-02 07:23:28 -07:00
Tom Eastep
a0b00b4bd6 More fixes for TC 2011-05-01 21:24:52 -07:00
Tom Eastep
61c654634b Correct some TC issues 2011-05-01 06:40:14 -07:00
Tom Eastep
e2b1069c1c Support ipsets in the ORIGINAL DEST column for DNAT and REDIRECT rules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-04-28 12:22:26 -07:00
Tom Eastep
59024ff49d Delete some blank lines 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-04-24 08:29:28 -07:00
Tom Eastep
67e920eb53 Use del/add for provider ipv6 routes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-04-19 10:56:59 -07:00
Tom Eastep
1bcba8bbc7 Update version of changed Perl modules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-04-19 10:02:29 -07:00
Tom Eastep
ec8bb8049a Delete/Add routes for NDP rather than replace 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-04-19 09:40:24 -07:00
Tom Eastep
1a0388080f Initiate 4.4.20 
Update versions
    Update release documents
    Apply Togan Muftuoglu's change to increase installation flexibility
 2011-04-16 08:31:46 -07:00
Tom Eastep
4f5970b5f2 Use 'ip route list' rather than 'ip route ls' for busybox compatability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-04-15 11:15:32 -07:00
Tom Eastep
d42a65fd11 Correct one more default route save/restore defect 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-04-15 07:09:34 -07:00
Tom Eastep
dff405683c Correct default route save/restore 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-04-14 12:25:33 -07:00
Tom Eastep
96af7bfed6 Fix the prior commit 2011-04-13 17:56:15 -07:00
Tom Eastep
9a8f411531 Update version to 4.4.19.1 and document corrected problems 2011-04-13 17:22:07 -07:00
Tom Eastep
9008cd960c Fix a silly masq bug 2011-04-13 17:01:22 -07:00
Tom Eastep
16276b9900 Don't assume that all nexthop routes are default routes 2011-04-13 13:57:22 -07:00
Tom Eastep
a0b16e2803 Delete duplicate rule 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-04-13 06:56:17 -07:00
Tom Eastep
5919c234f4 Update version of IPAddrs.pm 2011-04-12 07:21:24 -07:00
Tom Eastep
53571043c0 Fix another proto editing defect 2011-04-11 17:18:39 -07:00
Tom Eastep
18f4b11b09 Don't allow '\!0' in the PROTO column 2011-04-11 16:25:19 -07:00
Tom Eastep
73754521b1 Correct Perl module versions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-04-11 15:05:18 -07:00
Tom Eastep
ca46052410 Fix file name in split_line error message for proxyndp file 2011-04-10 13:19:42 -07:00
Tom Eastep
512008170d Revert "Fold some long lines" 
This reverts commit 3674cfd387.
 2011-04-10 11:20:50 -07:00
Tom Eastep
3674cfd387 Fold some long lines 2011-04-10 10:10:00 -07:00
Tom Eastep
8abc78331b Two minor cosmetic changes 2011-04-10 09:52:00 -07:00
Tom Eastep
1be89edb49 Version to 4.4.19 2011-04-09 07:58:13 -07:00
Tom Eastep
92611d6789 A couple of tweaks before releasing RC1 2011-04-08 07:50:54 -07:00
Tom Eastep
7ab55f4217 Ensure that the PREROUTING->dnat jump is added when a wildcard interface is present 2011-04-06 15:14:39 -07:00
Tom Eastep
755c3cfd80 Quote param values that include shell metacharacters 2011-04-06 14:52:32 -07:00
Tom Eastep
6626ef06fb Fix yet another optimizer bug 2011-04-06 10:10:42 -07:00
Tom Eastep
159c871f18 Make simple TC work with both IPv4 and IPv6 2011-04-04 09:55:45 -07:00
Tom Eastep
7466895919 Revert tcpri change 2011-04-04 09:14:46 -07:00
Tom Eastep
3b0da84b8d Exit POSTROUTING early if a mark is restored 2011-04-04 08:19:58 -07:00
Tom Eastep
c1160ec076 Version to RC1 2011-04-03 15:54:36 -07:00
Tom Eastep
8609c97d1c Version to Beta 5 2011-04-03 10:30:33 -07:00
Tom Eastep
86f4d3bad6 Revert "Set version RC1" 
This reverts commit ae9558c7c6.
 2011-04-03 10:28:20 -07:00
Tom Eastep
ae9558c7c6 Set version RC1 2011-04-03 10:04:53 -07:00
Tom Eastep
cc633c5bd9 Shorewall 4.4.19 Changes 2011-04-03 09:56:30 -07:00
Tom Eastep
26e7f86c87 Fix icmp u32 match with type/code 2011-03-19 14:29:03 -07:00
Tom Eastep
742aa95660 Tighten editing of TC_PRIOMAP value 2011-03-17 11:50:13 -07:00
Tom Eastep
965ab0257f Correct fix for Tuomo's problem 2011-03-13 15:24:48 -07:00
Tom Eastep
f5d06024fc Bump version to 4.4.18.1 2011-03-13 07:56:12 -07:00
Tom Eastep
8383a6e75a Eliminate extra newline in WARNING message 2011-03-13 07:52:25 -07:00
Tom Eastep
68b15c9544 Fix for Tuomo's params issue 2011-03-13 07:47:06 -07:00
Tom Eastep
57f1a0fa34 Accomodate tcfilters entries for non-present interfaces 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-03-03 07:44:12 -08:00
Tom Eastep
0283a8eeec Fix for previous commit 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-03-03 07:43:37 -08:00
Tom Eastep
87240b00c9 Update version of the Tc module 2011-03-02 07:52:38 -08:00
Tom Eastep
1bbd963c3f Bump version to 4.4.18 2011-03-02 07:43:03 -08:00
Tom Eastep
329655cc66 Make burst in tcdevices IN-BANDWIDTH column work 2011-03-02 07:34:55 -08:00
Tom Eastep
e4e574605e Fix an edit about duplicate device:class 2011-03-01 20:48:40 -08:00
Tom Eastep
f92349edba Correct handling of IPv6 address used in a net context 2011-03-01 13:49:19 -08:00
Tom Eastep
428e898bfe Update version to RC1 2011-02-28 15:24:04 -08:00
Tom Eastep
9decf354d5 Update the version of the Config module 2011-02-24 16:50:48 -08:00
Tom Eastep
de7a0df550 Cosmetic changes to the Chains module 2011-02-24 15:56:50 -08:00
Tom Eastep
951f641a6c Cleanup of Rules file 2011-02-21 08:13:46 -08:00
Tom Eastep
fcebdc3ec2 Correct typo in Chains module 2011-02-21 08:09:33 -08:00
Tom Eastep
cf60752988 Move section processing to the Rules module where it belongs 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-02-20 15:35:58 -08:00
Tom Eastep
c03caf7c2f Combine the Policy and Rules modules 2011-02-20 11:28:47 -08:00
Tom Eastep
052bc87bd5 Set version to Beta 4 2011-02-20 09:20:43 -08:00
Tom Eastep
b90ea8a9e0 Change default for MODULE_PREFIX 2011-02-20 08:52:07 -08:00
Tom Eastep
685de1c588 Cosmetic changes to the Accounting module" 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-02-19 15:50:18 -08:00
Tom Eastep
f44b643038 Fix another bug with tri-value 2011-02-19 15:46:06 -08:00
Tom Eastep
e69de13eff Fix common-rule/action2 processing order 2011-02-19 15:44:39 -08:00
Tom Eastep
59ac90d717 Couple of minor issues in the Chains module 2011-02-19 09:08:43 -08:00
Tom Eastep
30768a03d1 Bump version to Beta 3 2011-02-19 08:55:28 -08:00
Tom Eastep
974a542585 Improve MARK column validation 2011-02-19 08:18:21 -08:00
Tom Eastep
9173b22b58 Disallow USER/GROUP anywhere but in the OUTPUT section 2011-02-19 08:00:00 -08:00
Tom Eastep
cf2d4e154f Add a comment 2011-02-18 21:05:44 -08:00
Tom Eastep
d8c36da069 Make reserved name illegal for Actions -- take 2 2011-02-18 17:46:41 -08:00
Tom Eastep
011c90e6b8 Make reserved name illegal for Actions 2011-02-18 17:44:14 -08:00
Tom Eastep
b4946dcf65 Enforce a couple of accounting restrictions 2011-02-18 16:47:12 -08:00
Tom Eastep
e47cb61c33 Introduce 'accountfwd' chain for forwarded accounting in sectioned configuration 2011-02-18 15:44:55 -08:00
Tom Eastep
2e2472a15a Tighen up an RE 2011-02-17 17:56:29 -08:00
Tom Eastep
58e480b502 Correct defects in the prior commit 2011-02-17 17:35:56 -08:00
Tom Eastep
993bdc740d Make it invalid to to use a config file name as a chain name 2011-02-17 16:31:22 -08:00
Tom Eastep
b06630091d Make procedure to delete a chain plus references to it; make exclusion chains begin with '~' 2011-02-17 14:53:39 -08:00
Tom Eastep
6f00f2127c Delete optimize_okay() and add a couple of assertions 2011-02-17 10:48:46 -08:00
Tom Eastep
5634b08e22 Don't clear dont_optimize flag in accounting in sectioned configuration 2011-02-17 10:47:57 -08:00
Tom Eastep
300d931922 Assert correctness in decrement_reference_count() 2011-02-16 13:16:42 -08:00
Tom Eastep
fa8c8f5850 Dont optimize chains with RETURN 2011-02-16 13:15:29 -08:00
Tom Eastep
030839e4a4 Remove recursive_delete_references 2011-02-16 12:49:04 -08:00
Tom Eastep
2974167f06 Finally fix issue with copy_rules() 2011-02-16 10:08:11 -08:00
Tom Eastep
b03e3b94ef More optimization fixes 2011-02-15 19:24:14 -08:00
Tom Eastep
99f38bfca1 Make the source-net and dest-match routines more readable 2011-02-14 20:11:38 -08:00
Tom Eastep
32f341c279 Correct optimization fix 2011-02-14 16:54:27 -08:00
Tom Eastep
6a9ca303d1 Remove masking declaration 2011-02-14 15:56:02 -08:00
Tom Eastep
4ad9a83996 Centralize handling of MACs in the Chains module 2011-02-14 15:34:11 -08:00
Tom Eastep
0fa027802f Don't allow accounting or manual changes to have the name of a builtin target 2011-02-14 10:50:04 -08:00
Tom Eastep
3b7232a5fa Fix a bug in the optimizer 2011-02-14 10:00:28 -08:00
Tom Eastep
59e361e93e Split the 'restriction' member into two members 2011-02-14 09:22:27 -08:00
Tom Eastep
e64070f9e1 Restore loop detection in sectioned accounting rules 2011-02-13 16:38:01 -08:00
Tom Eastep
dd81eedb42 Fix another accounting sectioning bug 2011-02-13 14:32:11 -08:00
Tom Eastep
46a99a7cd9 Correct Config.pm version again 2011-02-13 11:46:56 -08:00
Tom Eastep
567824b7e2 Correct Config.pm version 2011-02-13 11:45:46 -08:00
Tom Eastep
95f8100696 Cosmetic change 2011-02-13 11:34:53 -08:00
Tom Eastep
b1abb3f554 Don't do unref/loop detection when accounting file is sectioned 2011-02-13 11:13:43 -08:00
Tom Eastep
a1eefea224 Fix FORWARD chain jumps with sectioning 2011-02-13 08:23:48 -08:00
Tom Eastep
1438332bbe Remove hard-coded 0.0.0.0/0 from Providers.pm 2011-02-13 08:13:22 -08:00
Tom Eastep
5c0b592934 Section the accounting file 2011-02-12 12:47:15 -08:00
Tom Eastep
195903444d Insist that SECTION headers have exactly two columns 2011-02-12 07:54:20 -08:00
Tom Eastep
677bd08d5d Add more targets 2011-02-11 17:13:48 -08:00
Tom Eastep
4acdc5314a Add 'NG' value for ACCOUNTING 2011-02-11 17:01:10 -08:00
Tom Eastep
9e921beb49 Fix a tri-value bug 2011-02-11 16:53:49 -08:00
Tom Eastep
af363888ab Alphabetize the builtin target list 2011-02-10 16:55:04 -08:00
Tom Eastep
64614b7464 Add CLASSIFY to the builtin targets 2011-02-10 16:46:44 -08:00
Tom Eastep
2885081d86 Add more keywords to %builtin_targets 2011-02-10 13:11:58 -08:00
Tom Eastep
a3232516bb Detect loops in accounting chain jumps 2011-02-09 15:43:19 -08:00
Tom Eastep
88244dc132 Don't allow MAC addresses in the accounting file 2011-02-07 17:12:43 -08:00
Tom Eastep
b4b59119ef Don't allow non-accounting chain in the CHAIN accounting column 2011-02-07 16:32:38 -08:00
Tom Eastep
6e66736d28 Make IPv6 logic safer; cosmetic improvements in the generated script 2011-02-06 08:57:48 -08:00
Tom Eastep
2c2fdab0fe Rename USE_LOCAL_MODULES to EXPORTMODULES 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-02-06 08:42:35 -08:00
Tom Eastep
2b8579c090 Tweak USE_LOCAL_MODULES change 
Make the "Other than /usr/share" test dependent on export

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-02-06 08:28:10 -08:00