Commit Graph

89 Commits

Author SHA1 Message Date
Tom Eastep
73ed66b9b9 Add ULOG and NFLOG capabilities plus LOGMARK for IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-12 14:10:48 -08:00
Tom Eastep
e236be37db Include the rawpost table in dump output
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-05 07:52:40 -07:00
Tom Eastep
8b8140cc9f Add 'Basic Filter' capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-01 06:34:57 -07:00
Tom Eastep
e728d663f9 Implement IPTABLES_S capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-01 13:54:52 -07:00
Tom Eastep
75b4540d26 Add support for condition match in the rules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-09-21 15:20:50 -07:00
Tom Eastep
2749857eb2 Support 'shorewall6 show rawpost'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-09-18 06:57:57 -07:00
Tom Eastep
bcb5d76c2f Remove QUOTA_MATCH code from Shorewall.6 lib.cli
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-08-26 12:56:51 -07:00
Tom Eastep
0b2a8b12c7 Implement Stateless NAT support.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-08-14 12:01:17 -07:00
Tom Eastep
97121116a3 Add rawpost table detection
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-08-13 11:14:29 -07:00
Tom Eastep
4824c9b8ff Add QUOTA_MATCH capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-08-08 14:37:47 -07:00
Tom Eastep
35457f4e95 Remove she-bang from lib.*
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-08-03 07:54:46 -07:00
Tom Eastep
a992ec594a Accomodate kernel version 3.0
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-27 17:03:27 -07:00
Tom Eastep
fb9e3a84c5 Correct check for new ipset match syntax
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-05 15:56:52 -07:00
Tom Eastep
3e8c1f4e3c Add undocumented -c option to show and dump
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-29 11:48:23 -07:00
Tom Eastep
de7d95e7ff Rename 'ipset v4' -> 'ipset v5'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-23 06:36:35 -07:00
Tom Eastep
04d551d8ca Detect ipset V4 and use its syntax
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-22 16:43:42 -07:00
Tom Eastep
7b2cbf2449 Make 'show dynamic <zone>' work correctly with new ipset program
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 17:22:04 -07:00
Tom Eastep
44cbfd8f27 Correct defects found while unit testing IPv6 Dynamic Zones
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 13:33:25 -07:00
Tom Eastep
a0c5647c2a Re-add IPv6 ipset support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-12 06:22:18 -07:00
Tom Eastep
642319d706 Change annotated documentation default
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-06 15:40:21 -07:00
Tom Eastep
468ff6efab First cut at IPSET/Dynamic-zone support in Shorewall6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-31 11:23:43 -07:00
Tom Eastep
2dec3a8ecb Correct handling of AUDIT_TARGET is both cli libraries.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 11:39:21 -07:00
Tom Eastep
471d405f7d Delete A_* from 'show actions' output
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 16:41:08 -07:00
Tom Eastep
d15475efae Cleanup of AUDIT before Beta 3
- Correct merge snafus
- Rename the new actions (e.g., ADROP->A_DROP)
- Correct MACLIST_DISPOSITION logic
2011-05-20 07:47:35 -07:00
Tom Eastep
e9df13a42b Resolve merge conflicts 2011-05-19 15:10:22 -07:00
Tom Eastep
5e68dbfa9a Complete first attempt at AUDIT support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-19 12:06:43 -07:00
Tom Eastep
d2ab27c071 More AUDIT changes 2011-05-18 21:25:57 -07:00
Tom Eastep
ce8df2f66c Revert "Bump version to Beta 3"
This reverts commit 465e729288.
2011-05-18 17:50:12 -07:00
Tom Eastep
465e729288 Bump version to Beta 3 2011-05-18 17:08:07 -07:00
Tom Eastep
f62287ccbf Correct output noise in the output of 'shorewall6 show connections' - take 2 2011-04-04 09:14:22 -07:00
Tom Eastep
66dd89234f Correct output noise in the output of 'shorewall6 show connections' 2011-04-04 09:13:17 -07:00
Tom Eastep
cc633c5bd9 Shorewall 4.4.19 Changes 2011-04-03 09:56:30 -07:00
Tom Eastep
70fc8bdfb6 Add support for per-IP accounting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-01-30 07:20:05 -08:00
Tom Eastep
4cc8e5422d Add ACCOUNT target detection 2011-01-30 07:14:08 -08:00
Tom Eastep
2702d7f208 Implement header matching 2010-11-24 10:46:06 -08:00
Tom Eastep
520608dd66 Implement undocumented dumpfilter extension file 2010-10-07 14:19:09 -07:00
Tom Eastep
cee05d9763 Refine -lite handling of scfilter.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-03 12:52:30 -07:00
Tom Eastep
ac71868cc1 Package the scfilter along with the generated script for -lite
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 10:59:15 -07:00
Tom Eastep
2fa7e11976 Add 'scfilter' extension script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 07:38:14 -07:00
Tom Eastep
0f4d8eb929 Use 'conntrack' for 'show connections' 2010-09-23 19:08:40 -07:00
Tom Eastep
57bcfee559 Add 'Mark in any table' capability 2010-08-27 08:35:33 -07:00
Tom Eastep
0234564a1b Add destination IP blacklisting 2010-08-10 17:33:50 -07:00
Tom Eastep
364ad41cf5 Add support for new ipset match syntax 2010-08-03 21:06:17 -07:00
Tom Eastep
0b9aa0f84b Fix the dump command 2010-07-31 13:52:28 -07:00
Tom Eastep
0b3dfcc844 Revert version to Beta 3 2010-07-31 13:23:53 -07:00
Tom Eastep
74092a9b14 Restrict Shorewall6 netstat call to IPv6 only 2010-07-06 06:42:37 -07:00
Tom Eastep
2ee4fd8f5a Add FWMARK_RT_MASK capability.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-04 09:08:04 -07:00
Tom Eastep
2d6647c445 Make 'shorewall6 show connections' more readable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-22 08:32:15 -07:00
Tom Eastep
055ac41a23 Make IPv6 log output readable 2010-06-21 15:38:47 -07:00
Tom Eastep
6d61e962eb Use -m conntrack if available in place of -m state
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-25 13:35:41 -07:00