Tom Eastep
|
2de0fbf7d0
|
Change 'local' to 'loopback' and add 'local' zones that match non-loopback interfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-26 14:06:51 -07:00 |
|
Tom Eastep
|
f89c704d01
|
Disallow 'virtual' physical interfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-26 08:47:44 -07:00 |
|
Tom Eastep
|
0b5a316cfc
|
Emit 'expensive' matches last unless there are '-m nfacct' matches in the rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-26 08:03:54 -07:00 |
|
Tom Eastep
|
31f9ea5b93
|
Add progess and warning messages to 'update -D'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-25 16:31:55 -07:00 |
|
Tom Eastep
|
dde1f0a779
|
Only enable helpers during a 'clear' operation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-25 16:31:27 -07:00 |
|
Tom Eastep
|
60d0a50d9d
|
Add some warning/progress messages to help understand 'update -D' behavior.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-25 13:20:12 -07:00 |
|
Tom Eastep
|
064f9f974c
|
Cosmetic change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-23 09:49:25 -07:00 |
|
Tom Eastep
|
fd11eb7d82
|
Omit fw->fw jumps when there is a local zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-22 09:19:34 -07:00 |
|
Tom Eastep
|
9e77bb5499
|
Ensure correct match ordering with trivial exclusion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-22 08:46:22 -07:00 |
|
Tom Eastep
|
8df8fe990a
|
Allow 'local' zone to work with 'destonly'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-22 07:34:04 -07:00 |
|
Tom Eastep
|
ac02c484f5
|
Change 'local' interface option to a zone type.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-19 15:35:20 -07:00 |
|
Tom Eastep
|
5ec72dad6c
|
Add routes for standard tables when there are no providers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-16 15:32:05 -07:00 |
|
Tom Eastep
|
f6a55bbf05
|
Allow the '-V' option in the CLI programs.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-16 14:29:36 -07:00 |
|
Tom Eastep
|
739f3779f5
|
Generate warnings for local->non-firewall and non-firewall->local rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-16 07:51:12 -07:00 |
|
Tom Eastep
|
2e293dd356
|
Make 'local,destonly' work correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-14 14:36:51 -07:00 |
|
Tom Eastep
|
bc6a38ca64
|
Remove most special handling of 'Auth'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-14 10:44:26 -07:00 |
|
Tom Eastep
|
a5412cff38
|
Issue a warning when a rule will be optimized away due to 'destonly'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-14 09:30:59 -07:00 |
|
Tom Eastep
|
46a6a7b258
|
Correct earlier optimization.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-14 07:27:57 -07:00 |
|
Tom Eastep
|
b38f1416aa
|
Mention "all+' in the "Important" notes at the top
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-13 13:41:12 -07:00 |
|
Tom Eastep
|
105d1db85d
|
Cosmetic change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-13 11:24:09 -07:00 |
|
Tom Eastep
|
200d347ac8
|
Small Efficiency Change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-13 10:52:04 -07:00 |
|
Tom Eastep
|
c8133145e6
|
Add support for "all+" in the policy file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-13 09:01:12 -07:00 |
|
Tom Eastep
|
e3d9b2762d
|
Add 'destonly' and 'local' to the interface manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-12 12:48:58 -07:00 |
|
Tom Eastep
|
9178ecbab0
|
Suppress superfluous ACCEPT rule when 'lo' is attached to a 'local' zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-12 10:38:44 -07:00 |
|
Tom Eastep
|
d06a7b55b6
|
Add a 'destonly' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-12 10:37:40 -07:00 |
|
Tom Eastep
|
2fb01bec8d
|
Don't assume 'destonly' with 'local'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-12 09:58:37 -07:00 |
|
Tom Eastep
|
6551d67b2e
|
Call delete_chain_and_references recursively.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-12 09:29:29 -07:00 |
|
Tom Eastep
|
4b76d8c462
|
Handle optimize level 0 in the IPV6 nat table.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-12 09:28:25 -07:00 |
|
Tom Eastep
|
1bb5b89ee1
|
Add the 'local' interface option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-12 09:27:12 -07:00 |
|
Tom Eastep
|
c3901f1161
|
Release mutex on error.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-09 09:57:09 -07:00 |
|
Tom Eastep
|
3923092468
|
Take 2 on conditional compilation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-08 19:01:39 -07:00 |
|
Tom Eastep
|
7215b61aa4
|
Document changes introduced by Mr-4.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-07 10:16:38 -07:00 |
|
Tom Eastep
|
577db69719
|
Support conditional compilation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-07 09:36:02 -07:00 |
|
Tom Eastep
|
56318e6cc8
|
Try to ensure that cp doesn't copy the firewall script to itself.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-06 09:22:16 -07:00 |
|
Tom Eastep
|
13c90e2aef
|
Correct my update to Mr-4's bup patch.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-04 18:40:14 -07:00 |
|
Tom Eastep
|
fdfdb49951
|
Apply Mr-4's priority->perf patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-04 14:05:03 -07:00 |
|
Tom Eastep
|
61cb105c02
|
Apply Mr-4's noautosrc patch (modified)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-04 14:00:25 -07:00 |
|
Tom Eastep
|
4621dccd53
|
Apply Mr-4's special route handling in COPY (modified).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-04 13:27:34 -07:00 |
|
Tom Eastep
|
14cf5aa0d6
|
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
|
2013-05-03 12:23:40 -07:00 |
|
Roberto C. Sanchez
|
a0228e9d3b
|
Fix typos in manpages
|
2013-05-03 12:19:45 -04:00 |
|
Tom Eastep
|
b83ca4812b
|
Include trailing space in a regular expression.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-03 08:36:38 -07:00 |
|
Tom Eastep
|
80efd095a8
|
Correct handling of INLINE without '-j' in the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-01 14:52:48 -07:00 |
|
Tom Eastep
|
d6961c4c3b
|
Clean up the temporary chains sooner.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-01 14:48:27 -07:00 |
|
Tom Eastep
|
54f5aaca63
|
Fix handling of CT_TARGET
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-01 11:15:36 -07:00 |
|
Tom Eastep
|
1012251957
|
Apply Mr-4's 4a patch (modified)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-27 07:04:40 -07:00 |
|
Tom Eastep
|
20d38e8b52
|
Centralize the validation of nfacct object names.
- Also correct a missing ' ' from the output generated by INLINE
freeform input.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-26 09:09:08 -07:00 |
|
Tom Eastep
|
52f5ae15d1
|
Apply Mr-4's cosmetic patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-25 17:29:41 -07:00 |
|
Tom Eastep
|
7e830e5df4
|
Allow special characters in nfacct names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-25 10:07:49 -07:00 |
|
Tom Eastep
|
8bb03a741d
|
Update blrules manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-24 08:17:10 -07:00 |
|
Tom Eastep
|
f543c3bd1e
|
Finish Mr-4's NFACCT patch
- Correct indentation
- Remove '$type' argument to split_nfacct_list
- Update manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-23 06:55:30 -07:00 |
|