Commit Graph

575 Commits

Author SHA1 Message Date
Tom Eastep
69a2fa1907 Replace to/from with dst/src 2010-09-15 11:25:46 -07:00
Tom Eastep
8147671eb2 Document JUMP 2010-09-15 09:49:37 -07:00
Tom Eastep
f925b335ef Ignore the 'blacklist' host option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 08:10:57 -07:00
Tom Eastep
373fc87165 More blacklisting wrapup
- Deprecate 'blacklist' in the hosts file
- Base blacklisting on interfaces alone

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 07:38:20 -07:00
Tom Eastep
10a9ae496a More manpage updates for 4.4.13 2010-09-14 16:47:45 -07:00
Tom Eastep
33adbe7a27 Update documentation for net TC features 2010-09-13 13:51:25 -07:00
Tom Eastep
3f93ebdda8 Update blacklist manpages 2010-09-13 13:23:32 -07:00
Tom Eastep
47ad42659c Mention ipsets in the secmarks manpage 2010-09-12 08:12:41 -07:00
Tom Eastep
37a5a01185 Correct INPUT marking documentation 2010-09-11 12:47:32 -07:00
Tom Eastep
69817007bf Some more fixes for blacklisting 2010-09-09 14:53:12 -07:00
Tom Eastep
7f72d66b90 A couple of documentation updates 2010-09-08 11:55:16 -07:00
Tom Eastep
b091169ed9 Remove deprecated syntax from examples 2010-09-08 06:04:57 -07:00
Tom Eastep
46bbb26b6b Tweak secmarks example to use ESTABLISHED,RELATED 2010-09-07 13:59:33 -07:00
Tom Eastep
ee83b7f022 Add link to James Morris blog re SECMARK 2010-09-07 13:52:43 -07:00
Tom Eastep
ab87d8800a List secmarks as SEE ALSO 2010-09-07 12:27:39 -07:00
Tom Eastep
8d63e04926 Yet more docunentation updates 2010-09-06 20:37:34 -07:00
Tom Eastep
50b4bd8dfe More Blacklist and Secmark documentation updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-06 17:26:49 -07:00
Tom Eastep
f3255cd83a Rework blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-06 15:29:20 -07:00
Tom Eastep
c6f58ba924 Enhance SELinux support:
- Add state match
- Add user/group match
- Add examples to the man pages
2010-09-06 09:06:40 -07:00
Tom Eastep
b139ff7e90 Update docs and implementation of SECMARK 2010-09-04 16:08:29 -07:00
Tom Eastep
15d8d6d8b7 Add SECMARK and CONNSECMARK support 2010-09-04 15:12:08 -07:00
Tom Eastep
5aceddbf37 Update Accounting Documents 2010-08-22 16:40:04 -07:00
Tom Eastep
33ee9b1481 Add IPSEC Accounting (again) 2010-08-20 06:53:31 -07:00
Tom Eastep
4322d7b2af Zone exclusion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 16:10:58 -07:00
Tom Eastep
255cd6cf9c Implement zone lists in rules file entries
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 12:18:58 -07:00
Tom Eastep
36054b7784 Add additional vserver notes in rules manpages 2010-08-12 17:52:22 -07:00
Tom Eastep
e35e9d2c99 Clarify nesting of vserver zones
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-12 15:26:30 -07:00
Tom Eastep
0234564a1b Add destination IP blacklisting 2010-08-10 17:33:50 -07:00
Tom Eastep
1efa50e6fa Try to make the masq manpage more obvious 2010-08-05 16:50:48 -07:00
Tom Eastep
967629569b Taylor Universal config to work with Shorewall-init and streamline ruleset
- Make interface 'all' optional and set REQUIRE_INTERFACE=Yes
- Add COMPLETE option
- Set FASTACCEPT in Universal samples
- Reset SUBSYSLOCK in Universal samples

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-01 08:36:56 -07:00
Tom Eastep
aac343b476 Document mark geometry capability 2010-07-27 08:05:54 -07:00
Tom Eastep
bd5facda30 Implement per-IP log rate limiting 2010-07-25 12:42:39 -07:00
Tom Eastep
7f4a7372ef Remove nic registration requirement for IRC channel 2010-07-24 16:04:21 -07:00
Tom Eastep
1de257be19 Make ADD and DELETE work with any type of ipset.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-20 15:42:11 -07:00
Tom Eastep
8eeb71dc1b Fix inconsistencies in manpages 2010-07-19 14:45:05 -07:00
Tom Eastep
cbb524b067 Implement ADD/DEL commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-18 08:46:38 -07:00
Tom Eastep
d2bb96be88 Emphasize that you must have a Nic to post on the Shorewall channel 2010-07-18 07:34:03 -07:00
Tom Eastep
e4d35ee3cb Add 'yes' to valid ipsec options in /etc/shorewall/masq 2010-07-14 07:01:18 -07:00
Tom Eastep
d447482dd6 Fix typo in rules manpages 2010-07-13 07:37:14 -07:00
Tom Eastep
8d5f04d5a5 Correct TC_PRIO description in shorewall.conf and shorewall6.conf manpages 2010-07-07 15:35:26 -07:00
Tom Eastep
02fab09a14 Add PERL= option to shorewall.conf and shorewall6.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-05 13:11:52 -07:00
Tom Eastep
7689831cd7 Minor cleanup of 4.4.11 Beta 3.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-04 09:29:16 -07:00
Tom Eastep
d3e30b5fe4 Add FORWARD_CLEAR_MARK option 2010-07-03 17:03:42 -07:00
Tom Eastep
e4afc15370 Finish Vserver Implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-30 20:35:46 -07:00
Tom Eastep
de3c28ded3 Add 6to4 to documented tunnel types
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-27 08:12:14 -07:00
Tom Eastep
d58127e51c Allow networks to be specified in a NETMAP rule 2010-06-12 13:50:58 -07:00
Tom Eastep
34e1826d59 Point out that example 5 uses a deprecated form 2010-06-01 12:45:41 -07:00
Tom Eastep
925de3cee9 Fix typo in tcrules manpages 2010-05-26 06:42:37 -07:00
Tom Eastep
896e18be00 Document REQUIRE_INTERFACE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-19 07:37:49 -07:00
Tom Eastep
159ddfcc55 Fix problem in the shorewall-init manpage 2010-05-18 20:49:17 -07:00
Tom Eastep
4e748f9255 Add Shorewall-init manpage and update release notes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 20:40:03 -07:00
Tom Eastep
b42d80cb29 Update 'wait' documentation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 09:59:57 -07:00
Tom Eastep
88188202cc Add 'wait' interface option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 09:52:46 -07:00
Tom Eastep
16e451a7d8 Add 'required' interface option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 09:04:32 -07:00
Tom Eastep
74c515016e Add back stuff merged earlier: 2010-05-08 16:32:03 -07:00
Tom Eastep
96bef5bd49 Assume 'routeback' in routestopped based on interface config.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 12:31:11 -07:00
Tom Eastep
013567496c Update manpages for addressless bridge
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 12:40:57 -07:00
Tom Eastep
0a9b7c75d0 Delete misleading wording in the explaination of rate limiting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 06:24:35 -07:00
Tom Eastep
aeb90969f7 Optimize 8 Documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-14 17:12:25 -07:00
Tom Eastep
9a720cf516 Further clarify the use of log levels with macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 08:14:32 -07:00
Tom Eastep
18bb6c94ca Improve formatting of 'rules' manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 08:08:57 -07:00
Tom Eastep
5ad0088ce7 Describe required quoting in shorewall[6].conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 07:12:16 -07:00
Tom Eastep
f9327d34e1 Add 'blacklst' to the documented unoptimized chains.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-22 06:58:29 -07:00
Tom Eastep
2e7a0297db More LOGBURST/LOGRATE clarification.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-21 07:35:38 -07:00
Tom Eastep
925c61f6bd Additional advice re: LOGBURST and LOGRATE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-20 07:08:10 -07:00
Tom Eastep
a01fa345b7 Add support for UDP Lite
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 09:42:50 -07:00
Tom Eastep
a963c8f955 Don't export CONFDIR or SHAREDIR
Document CONFDIR, SHAREDIR and VARDIR
Add FILEMODE to the old reserved variable names

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 11:46:23 -08:00
Tom Eastep
49c1350aa0 Documentation for final cleanup of variable names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 10:28:09 -08:00
Tom Eastep
2656a9b0c7 Eliminate use of PRODUCT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 12:34:36 -08:00
Tom Eastep
5613d0105a Remove all reliance on HOSTNAME
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 11:59:38 -08:00
Tom Eastep
55e1124bbe Update docs regarding VERSION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 08:18:01 -08:00
Tom Eastep
5fc6d58e19 Eliminate STOPPING variable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 07:37:30 -08:00
Tom Eastep
53c73bc8e9 Eliminate VERBOSE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 17:58:01 -08:00
Tom Eastep
061d850c16 Rename RESTOREPATH to g_restorepath
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-26 08:35:50 -08:00
Tom Eastep
8aaddf368b More reserved variable names documented
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 12:37:22 -08:00
Tom Eastep
570497766b Add COMMAND to the list of reserved variable names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-23 07:18:54 -08:00
Tom Eastep
4320ebb8b0 Add SW_* to the list of reserved variable names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-23 06:57:29 -08:00
Tom Eastep
efa41d1801 Correct a typo 2010-02-22 08:36:31 -08:00
Tom Eastep
8bc6f2144a Remove mention of variable name change in 4.4.8
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-21 15:14:40 -08:00
Tom Eastep
8c3bb22511 Additions to reserved shell variables 2010-02-21 08:34:21 -08:00
Tom Eastep
c030bc900c List variable names to be avoided in manpages and config file basics doc.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-19 08:12:56 -08:00
Tom Eastep
4e0225a4c3 Update Documentation for per-IP rate limiting fixes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 07:12:36 -08:00
Tom Eastep
433fc385bc 'bridge' implies 'routeback'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-09 14:04:36 -08:00
Tom Eastep
add302d02a Correct typo in manpages 2010-02-09 06:49:30 -08:00
Tom Eastep
76f053246a Add description of bandwidth specification to the tcinterfaces man pages 2010-02-09 06:42:31 -08:00
Tom Eastep
9408a114c6 Don't load unused modules when LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-25 10:50:49 -08:00
Tom Eastep
f74771a118 More LOAD_HELPERS_ONLY documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 20:30:35 -08:00
Tom Eastep
188bd64242 Mention route_rules in masq manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-19 07:59:00 -08:00
Tom Eastep
5ae3e239e6 Update manpages for functionality backported from 4.5
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 11:51:32 -08:00
Tom Eastep
25d433b36f Update TRACK_PROVIDER description in the man pages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-14 08:36:22 -08:00
Tom Eastep
ce96bb003e Update manpages for TRACK_PROVIDERS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-14 07:48:01 -08:00
Tom Eastep
416f600181 Update shorewall.conf(5) for Simplified TC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 17:27:23 -08:00
Tom Eastep
4420eed8d7 Allow users to preview the generated ruleset.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 15:32:50 -08:00
Tom Eastep
cab1f8548a Update manpage for correct version at introduction.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 13:43:52 -08:00
Tom Eastep
5bd050f8b6 Update manpage for 'show macro' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 13:40:54 -08:00
Tom Eastep
4d3887c4f6 Recommend EXPORTPARAMS=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-04 16:31:49 -08:00
Tom Eastep
1175fa23b8 Update shorewall.conf (5) to indicate that SAVE_IPSETS was re-enabled in
shorewall 4.4.6.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-04 14:38:01 -08:00
Tom Eastep
559e22706b Correct manpage re save/restore
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-04 12:45:58 -08:00
Tom Eastep
91b65125aa Update manpage for SAVE_IPSETS.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-04 11:50:33 -08:00
Tom Eastep
7e3675fb30 Move 4.5 manpage/doc updates to master 2009-12-26 12:40:16 -08:00
Tom Eastep
436169f0b2 Update documentation for rp_filter change 2009-12-19 16:09:20 -08:00
Tom Eastep
232423edf8 Fix typo in both 'notrack' manpages 2009-12-11 08:54:35 -08:00
Tom Eastep
117d4f9f2a Revert "Partial update to manpage"
This reverts commit 8d2408a8d6.
2009-11-30 11:26:33 -08:00
Tom Eastep
8d2408a8d6 Partial update to manpage 2009-11-30 11:26:00 -08:00
Tom Eastep
4e8d753682 Revert "Finish Virtual Zones"
This reverts commit 222c8cf88f.
2009-11-28 07:20:52 -08:00
Tom Eastep
0b1621027b Revert "Make 'virtual' a zone type rather than an option"
This reverts commit 18eedf7e34.
2009-11-28 07:19:10 -08:00
Tom Eastep
f5378e7652 Revert "More doc updates for virtual zones"
This reverts commit a37e56d823.
2009-11-28 07:18:46 -08:00
Tom Eastep
a37e56d823 More doc updates for virtual zones 2009-11-27 08:49:00 -08:00
Tom Eastep
18eedf7e34 Make 'virtual' a zone type rather than an option 2009-11-27 08:17:18 -08:00
Tom Eastep
222c8cf88f Finish Virtual Zones 2009-11-26 12:14:58 -08:00
Tom Eastep
d189c08533 Revert "Add 'virtual' zone support"
This reverts commit a2cd4bd1f4.
2009-11-25 11:51:13 -08:00
Tom Eastep
a2cd4bd1f4 Add 'virtual' zone support 2009-11-25 09:42:28 -08:00
Tom Eastep
c39a9fb5eb Fix typo in shorewall-rules(5) 2009-11-18 19:55:20 -08:00
Tom Eastep
9d5dd2ad3a Implement an '-l' option to the 'show' command 2009-11-16 15:14:24 -08:00
Tom Eastep
dd543a2934 Tweak policies display 2009-11-16 09:30:37 -08:00
Tom Eastep
f5a019becc Implement 'show policies' command 2009-11-15 09:24:56 -08:00
Tom Eastep
20ef4e584b Fix markup on tcrules manpage 2009-11-15 07:46:49 -08:00
Tom Eastep
a4eb581d44 Document full logical interface implementation 2009-11-11 10:45:01 -08:00
Tom Eastep
1735e168b1 Fix manpages 2009-11-10 15:48:49 -08:00
Tom Eastep
bf8c38e054 Add ZONE2ZONE option to shorewall.conf 2009-11-10 14:12:55 -08:00
Tom Eastep
7014bd3ea0 Add 'physical' interface option for bridge ports 2009-11-06 08:07:13 -08:00
Tom Eastep
7e21488aec Document ICMP codes 2009-11-05 11:58:54 -08:00
Tom Eastep
99c77d2611 Fix typo in shorewall-rules(5) 2009-10-29 17:51:06 -07:00
Tom Eastep
4c3b0c7571 Re-word 'limit' description 2009-10-28 11:29:12 -07:00
Tom Eastep
105754823a Raise max limit to 128 2009-10-26 13:03:26 -07:00
Tom Eastep
f0b4b1f42e Add limit option to tcclasses 2009-10-26 12:23:32 -07:00
Tom Eastep
d0cda6b6ea Add TRACK_PROVIDERS option 2009-10-20 13:24:17 -07:00
Tom Eastep
49f361124e Make 'track' the default 2009-10-20 12:24:28 -07:00
Cristian Rodríguez
b24544306c fix some typos reported by Justin 2009-10-13 19:47:13 -03:00
Tom Eastep
dd70456430 Add '-p' to 'start' synopsis 2009-10-01 10:34:05 -07:00
Tom Eastep
904754c074 Correct syntax of TIME column 2009-09-13 07:03:25 -07:00
Tom Eastep
6f54b5ea2f Formatting in zones manpage 2009-09-11 10:49:49 -07:00
Tom Eastep
460428b21a More formatting fixes to shorewall-zones(5) 2009-09-10 19:43:52 -07:00
Tom Eastep
02d9888513 Document ipsec4/6 2009-09-10 14:56:39 -07:00
Tom Eastep
fefff9fd83 Add MAPOLDACTIONS 2009-09-07 17:04:09 -07:00
Tom Eastep
9a1cb0c6b6 Admin that PKTTYPE is a no-op 2009-09-07 16:44:19 -07:00
Tom Eastep
acfdc7e481 nets= allows multicast 2009-08-28 15:17:10 -07:00
Tom Eastep
a62d86aca7 Update interfaces manpage 2009-08-28 13:45:00 -07:00
Tom Eastep
b5bf7f5c47 Add link from shorewall.conf (5) to logging article 2009-08-27 13:35:44 -07:00
Tom Eastep
f7772505e5 Remove redundant COMMENT information from shorewall-nat(5) 2009-08-27 11:33:02 -07:00
Tom Eastep
088e164f18 Redefine 'full' when used in a sub-class definition 2009-08-24 11:56:16 -07:00
Tom Eastep
55f75604b3 Add support for 'persistent' 2009-08-15 08:15:38 -07:00
Tom Eastep
4917ddee38 Fix broken link 2009-08-12 14:04:22 -07:00
Tom Eastep
2bac824207 Fix provider number in masq entry 2009-08-12 13:52:56 -07:00
Tom Eastep
ff5e95b164 Update manpages to mention mixed type nesting 2009-07-29 15:09:32 -07:00
Tom Eastep
58f0110ad3 Purge more manpages of outdated references 2009-07-15 19:15:52 -07:00
Tom Eastep
f16b2300b6 Remove references to Shorewall-shell, Shorewall-perl and prior Shorewall versions from the manpages 2009-07-15 17:50:55 -07:00
Tom Eastep
73b9f04fc6 Don't allow the -p start/stop option with Shorewall6; remove Shorewall-shell/Shorewall-perl references from the 'shorewall' manpage 2009-07-15 13:47:16 -07:00
Tom Eastep
8e9bef0a61 Fix routing with no providers 2009-07-15 13:03:49 -07:00
Tom Eastep
5044c70230 Remove bizarre sentence from tcclasses man pages 2009-06-20 17:37:09 -07:00