Commit Graph

5272 Commits

Author SHA1 Message Date
Tom Eastep
5f0b85b5b9 Replace a couple of more hard-coded directory names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-30 09:49:53 -07:00
Tom Eastep
86ae74005a Correct invalid information in shorewall[6]-tcclasses.
- Delete part about an interface only appearing once.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-29 12:46:58 -07:00
Tom Eastep
3f1aeb33be Correct mark range with shifted mask.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-26 12:41:06 -07:00
Tom Eastep
e908473d29 Clean up description of CHECKSUM in the manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-26 11:22:54 -07:00
Tom Eastep
e177916c12 Implement statistical marking in the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-26 07:10:26 -07:00
Tom Eastep
0387b16983 Implement CHECKSUM action in the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-22 15:42:13 -07:00
Tom Eastep
f24e194819 Don't display chains with no matched entries when -b
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-22 14:15:37 -07:00
Paul Gear
59a75512be Add Teredo macro
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-21 07:20:29 -07:00
Tom Eastep
5a103e8ec5 Make options consistent (add a '-' before 't')
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-20 07:15:44 -07:00
Paul Gear
cf68379c4c Document brief option for show command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-20 07:11:56 -07:00
Paul Gear
6c06302d2a Make formatting of interface options consistent
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-20 07:11:48 -07:00
Tom Eastep
b00dc658b2 Correct error messages in action.RST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-15 07:17:17 -07:00
Tom Eastep
6af16e0cda Allow quotes in parameter to run_iptables()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-14 13:26:08 -07:00
Tom Eastep
ab7975539c Correct typo in get_params()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-14 09:30:27 -07:00
Tom Eastep
dfd0692176 Omit IPv6-specific code from checkkernelversion() in IPv4 script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-13 07:28:37 -07:00
Tom Eastep
8b650358d6 Don't shout in compiler directives
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-13 07:14:51 -07:00
Paul Gear
78aab70dfb Add Puppet macro
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-13 07:04:55 -07:00
Tom Eastep
cc90a06958 Add RESTORE_ROUTEMARKS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-11 07:34:57 -07:00
Tom Eastep
54e066ec3a Re-order logic in add_group_to_zone
- Need to normalize the address prior to comparing it with ALLIP

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-08 08:54:54 -07:00
Tom Eastep
620f88b339 Merge branch '4.5.8' 2012-10-07 17:41:01 -07:00
Tom Eastep
b7e6b1aa41 Allow IP range in the hosts file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 17:40:42 -07:00
Tom Eastep
c84603cdc6 Merge branch '4.5.8'
Conflicts:
	Shorewall/Perl/Shorewall/Zones.pm

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 17:04:27 -07:00
Tom Eastep
e2b029b0ba More hosts file corrections.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 17:00:35 -07:00
Tom Eastep
0efc0451c1 Allow IP range in the hosts file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 15:59:30 -07:00
Tom Eastep
9dd66fc6ff Allow IP range in the hosts file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 15:55:00 -07:00
Tom Eastep
1195661264 Document new Dynamic Zone implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 12:20:36 -07:00
Tom Eastep
0c9cc4a233 Change the 'dynamic' zone option to 'dynamic_shared'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 09:18:18 -07:00
Tom Eastep
c228668500 Implement logic associated with 'dynamic' zone option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-06 07:52:06 -07:00
Tom Eastep
afaba46aa3 Add 'dynamic' zone option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-06 07:21:49 -07:00
Tom Eastep
1f38a36acf Delete extraneous logic
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:

	Shorewall/Perl/Shorewall/Zones.pm
2012-10-04 09:45:25 -07:00
Tom Eastep
526f72216a Correct handling of dash characters in interface/ipset names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-04 07:34:41 -07:00
Tom Eastep
642ff1be15 Correct handling of dash characters in interface/ipset names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-02 10:09:23 -07:00
Tom Eastep
92d39dc56d Expunge the g_perllib variable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-01 06:59:39 -07:00
Tom Eastep
a8e9296473 Expunge the g_sbindir variable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-01 06:55:48 -07:00
Tom Eastep
749e239d15 Expunge the g_libexec variable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-01 06:51:36 -07:00
Tom Eastep
30d4ba67cc Revert "Allow '-' in the interface for dynamic zone."
This reverts commit b68b34b820.
2012-09-30 16:25:35 -07:00
Tom Eastep
4ef81041be Delete extraneous logic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-30 16:09:34 -07:00
Tom Eastep
b68b34b820 Allow '-' in the interface for dynamic zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-30 16:04:38 -07:00
Tom Eastep
4311dc5ddf Merge branch '4.5.8' 2012-09-29 09:03:12 -07:00
Tom Eastep
38faa3e071 Correct handling of new ipv6 net syntax in the hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-29 09:01:17 -07:00
Tom Eastep
81f92546d8 Merge branch '4.5.8' 2012-09-29 08:08:00 -07:00
Tom Eastep
91e2c31a58 Correct handling of new ipv6 net syntax in the hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-27 14:51:28 -07:00
Tom Eastep
9c893a0e21 Restore the original calling sequences of validate_[46]net()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-27 07:22:40 -07:00
Tom Eastep
c8c1585dfc Merge branch '4.5.8' 2012-09-26 15:48:44 -07:00
Tom Eastep
ffcf262de4 Ensure that the 1:1 NAT chain jumps always come last in PREROUTING.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-26 15:46:52 -07:00
Tom Eastep
ca79147db3 Merge branch '4.5.8' 2012-09-25 11:07:49 -07:00
Tom Eastep
bac0f36818 Yet another fix for TTL/HL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 16:23:15 -07:00
Tom Eastep
a8f324b25c Ensure that the .service files run the utility in ${SBINDIR}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 14:32:20 -07:00
Tom Eastep
b451e10dd8 More fixes for HL and TTL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 14:25:31 -07:00
Togan Muftuoglu
58e277f48b Systemd service files usrmove
On 09/24/2012 10:19 PM, Tom Eastep wrote:
> On 09/24/2012 02:31 AM, Jonathan Underwood wrote:
>> Such a change is something I've been meaning to submit a (trivial) patch
>> for - from a fedora perspective this would be a welcome change.
>
> Okay -- if one of you would send me a patch, I'll apply it. 4.5.8 is
> about to be released, so I would like the patch ASAP if you want it
> included in 4.5.8.

Hope not late and it works, see attached

Togan

>From 3ec45217b6ac93437d002315c56a1b3354160ff2 Mon Sep 17 00:00:00 2001
From: Togan Muftuoglu <toganm@opensuse.org>
Date: Sun, 23 Sep 2012 14:26:07 +0200
Subject: [PATCH] Fix sbin

The service files need to be executed from /usr/sbin not from /sbin

Signed-off-by: Togan Muftuoglu <toganm@opensuse.org>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 14:03:55 -07:00
Tom Eastep
6d0142525c Merge branch '4.5.8' 2012-09-24 08:44:07 -07:00
Tom Eastep
cf130a7e16 Correct handling of {+-}0 in the TTL and HL tcrule actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 07:14:44 -07:00
Tom Eastep
e1309b06b1 Correct PPTP Macro
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 12:19:41 -07:00
Tom Eastep
70c76f577c Permit "[<ipv6 address>]/vlsm" in addition to "[<ipv6 address>/vlsm]"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 12:16:17 -07:00
Tom Eastep
86c35339cd Merge branch '4.5.8' 2012-09-23 07:07:37 -07:00
Tom Eastep
f23fb1535d Correct PPTP control port number in conntrack files (1729->1723).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 07:04:43 -07:00
Tom Eastep
607c93125c Don't unconditionally detect helpers when LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	docs/Internals.xml
2012-09-23 06:55:00 -07:00
Tom Eastep
2d01af8256 Correct typos (omma -> comma) in the stoppedrules manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 06:52:32 -07:00
Tom Eastep
83d3d04afb Correct typos (omma -> comma) in the stoppedrules manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 06:51:56 -07:00
Tom Eastep
88caf5c9df Correct header in the STOPPEDRULES files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-22 11:51:23 -07:00
Tom Eastep
32f89fa24b Don't unconditionally detect helpers when LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-22 09:27:13 -07:00
Tom Eastep
8bd5ee355c Merge branch '4.5.8' 2012-09-21 08:56:19 -07:00
Tom Eastep
af5eb575c2 Add tcfilter example with PRIORITY
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-21 07:40:33 -07:00
Tom Eastep
4aeebb0b15 Merge branch '4.5.8' 2012-09-19 10:07:31 -07:00
Tom Eastep
e14f5e5199 Swicth from postincrement to preincrement when bumping 'filterpri'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-17 10:46:31 -07:00
Tom Eastep
483374d356 Continue development of the Internals document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-17 07:52:18 -07:00
Tom Eastep
fc361afbc3 Disallow ':' as the only contents of the USER/GROUP column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-16 16:25:41 -07:00
Tom Eastep
124dafbf52 Delete IPAddrs dependency from Compiler.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-16 15:48:06 -07:00
Tom Eastep
78f3255bf0 Correct getparams.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-16 09:06:32 -07:00
Tom Eastep
adc983bccb Issue progress messages to display the priority of Shorewall-generated filters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-15 07:25:16 -07:00
Tom Eastep
0400cedc6c More TC manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-14 08:01:08 -07:00
Tom Eastep
a581958042 Document filter priority algorithm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 16:31:39 -07:00
Tom Eastep
e0f85edab3 Assign sequential priorities to filters
- Also remove a redundant 0x prefix from a table number.

Signed-off-by: Tom Eastep <teastep@shorewall.net
2012-09-13 09:30:11 -07:00
Tom Eastep
14073e8943 Change TOS priority offset from 10 to 15
- Make it distinct from tcp-ack

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 08:25:05 -07:00
Tom Eastep
e02906e4f9 Add TOS to classification priority enumeration
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 07:46:52 -07:00
Tom Eastep
75953a87cb Optional priority on hfsc classes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 13:39:54 -07:00
Tom Eastep
a223245c01 Don't create classic blacklist chains if no blacklist file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 07:30:34 -07:00
Tom Eastep
89289f95ba Allow specification of priority for Shorewall-generated tc filters.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 07:22:07 -07:00
Tom Eastep
e431d5ab53 Document changes to filter priorities
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 17:12:59 -07:00
Tom Eastep
8c7b8c9390 Correct missing VARLIB handling in the installers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 11:12:43 -07:00
Tom Eastep
f6e3107c00 Redefine tc filter priorities
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 10:03:16 -07:00
Tom Eastep
b4098ff5dd Appease the Fedora 17 version of emacs.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 10:02:47 -07:00
Tom Eastep
9d6e0fd9ed Add a PRIORITY column to the tcfilters file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 14:48:32 -07:00
Tom Eastep
0e1e38b035 Adjust VARDIR/VARLIB for old shorewallrc files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 13:12:32 -07:00
Tom Eastep
5c62bf297a Document multiple GID/UIDs in the USER/GROUP column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 08:18:25 -07:00
Tom Eastep
d7354aca14 Add a warning regarding the blacklist option being deprecated.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-05 07:19:48 -07:00
Tom Eastep
ebc4ad2f1e Add warning message when an OUTPUT stopped rule is ignored due to ADMINISABSENTMINDED
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-05 07:16:40 -07:00
Tom Eastep
6614239b32 Allow multiple USER/GROUPs in a rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 17:03:26 -07:00
Tom Eastep
3993abad4e Revert routestopped changes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 17:03:02 -07:00
Tom Eastep
5e07ad8caa Allow a directory to be specified with -e.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 14:05:52 -07:00
Tom Eastep
6aaf06c2e8 Add stoppedrules files to the samples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 09:06:45 -07:00
Tom Eastep
eb854f1dbe Only process routestopped when stoppedrules does not exist or is empty
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 08:46:04 -07:00
Tom Eastep
2050d566b8 Handle PRODUCT correctly at run-time.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 07:36:47 -07:00
Tom Eastep
188f05e130 Make ./firewall the default file when compile -e
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 07:35:03 -07:00
Tom Eastep
4260e5f6ba Correctly handle the product name in export shorewallrc.
- Also re-arranged the processing of the shorewallrc file to eliminate
  the kludgy shuffling of hashes.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 06:59:16 -07:00
Tom Eastep
bdd66e68c9 Have separate hashes for the two shorewallrc files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 20:09:20 -07:00
Tom Eastep
55e3b11a28 Pass both shorewallrc files to the compiler from lib.cli-std
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 15:07:50 -07:00
Tom Eastep
b8e6a812bd Specify the cwd when compiling or checking for export
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 11:33:58 -07:00
Tom Eastep
09ce6239a7 Install stoppedrules rather than routestopped
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 11:00:22 -07:00
Tom Eastep
afd9875d3a Update Manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 10:52:22 -07:00