Commit Graph

237 Commits

Author SHA1 Message Date
Tom Eastep
86c35339cd Merge branch '4.5.8' 2012-09-23 07:07:37 -07:00
Tom Eastep
f23fb1535d Correct PPTP control port number in conntrack files (1729->1723).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 07:04:43 -07:00
Tom Eastep
88caf5c9df Correct header in the STOPPEDRULES files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-22 11:51:23 -07:00
Tom Eastep
9d6e0fd9ed Add a PRIORITY column to the tcfilters file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 14:48:32 -07:00
Tom Eastep
bdd66e68c9 Have separate hashes for the two shorewallrc files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 20:09:20 -07:00
Tom Eastep
8e5bd3637d Implement stoppedrules file (less manpages)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 08:44:03 -07:00
Tom Eastep
99efb518bd Add the HELPER column to the rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-18 12:05:42 -07:00
Tom Eastep
1f59e4f449 Update case in conditionals.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-14 11:42:46 -07:00
Tom Eastep
50bd1d6398 Add AUTOHELPER option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-12 07:25:11 -07:00
Tom Eastep
e00616a1fe Don't release blacklist files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-07 07:56:16 -07:00
Tom Eastep
56caf3687f Factor out the ?IF __CT_TARGET tests in the conntrack files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-06 09:26:14 -07:00
Tom Eastep
72307df6d2 Replace the AUTOHELPERS option with the HELPERS option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-03 10:53:20 -07:00
Tom Eastep
21770a89d6 Detect which matches are available.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 15:38:23 -07:00
Tom Eastep
223ed5b3a3 More additions to the helper table and to the conntrack files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 13:25:44 -07:00
Tom Eastep
2ae59bb3cd Add COMMENT directives to conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:58:00 -07:00
Tom Eastep
07e56d129a Add AUTOHELPERS option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:09:18 -07:00
Tom Eastep
62d6d2558e Rename AUTO_COMMENT to AUTOCOMMENT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:06:41 -07:00
Tom Eastep
833e54c9c3 Rename the notrack file to conntrack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:02:17 -07:00
Tom Eastep
735b7c2cf5 Add support for nfacct
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-28 11:21:16 -07:00
Tom Eastep
1db79a91eb 'rpfilter' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-15 10:05:32 -07:00
Tom Eastep
5c176c64b7 Add an ORIGINAL DEST column to /etc/shorewall/masq
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-29 15:32:01 -07:00
Tom Eastep
5b891f1072 Remove quotes from GEOIPDIR setting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-25 07:05:38 -07:00
Tom Eastep
d8ec051114 Load the geoip cc's dynamically.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 08:59:59 -07:00
Tom Eastep
3d541f50c8 Use "(S)" consistently in column headings.
- add synonyms so both the singular and plural forms are accepted.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 12:42:04 -07:00
Tom Eastep
9e743451f6 Add FORMAT 2 to tcrules files. Initialize $format in Tc.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 07:08:06 -07:00
Tom Eastep
097ab853db Apply Tuomo Soini's tunnels patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-04 06:18:22 -07:00
Tom Eastep
bd30d59f3d Fix annotated interfaces files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-03 14:09:49 -07:00
Tom Eastep
e4c4900b32 Add recent changes to a couple of config files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-03 12:32:47 -07:00
Tom Eastep
0f53c3cc7d Convert all interfaces files to format-2 only
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-24 10:53:09 -07:00
Tom Eastep
805166a354 Ressurect LOCKFILE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-16 07:21:06 -07:00
Tom Eastep
bb6e17fd3e Many changes involved in getting a relocated installations to work
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-01 10:47:24 -07:00
Tom Eastep
15ca0fd1f0 Add IPSET_WARNINGS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-18 19:30:04 -07:00
Tom Eastep
b7465262ca Rename MARK/CLASSIFY column to ACTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-16 10:09:13 -07:00
Tom Eastep
48570227ba Big cleanup of TOS handling
- Validate settings/matches
- Allow setting in the tcrules file.
- Deprecate /etc/shorewall[6]/tos
2012-03-09 16:16:25 -08:00
Tom Eastep
d5af9c360d Implement FORMAT-2 interfaces file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-21 11:23:58 -08:00
Tom Eastep
a1ec1dc178 Add DSCP match support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-20 08:47:48 -08:00
Tom Eastep
59fea1a05d Add a SWITCH column to /etc/shorewall/masq
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-18 08:17:14 -08:00
Tom Eastep
4c2df6fea7 Rename route_rules to rtrules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-09 06:38:55 -08:00
Tom Eastep
6f5ab698b4 Add a PROBABILITY column to the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-06 12:54:37 -08:00
Tom Eastep
53451bdaa6 Remove BLACKLIST section from rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 15:32:49 -08:00
Tom Eastep
c03fe0a076 Implement USE_LOGICAL_NAMES.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-20 16:03:56 -08:00
Tom Eastep
3e72442954 Convert sample notrack files to FORMAT 2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-20 14:38:44 -08:00
Tom Eastep
439af55312 Implement RELATED_DISPOSITION and RELATED_LOG_LEVEL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-05 16:08:17 -08:00
Tom Eastep
86c51f24d9 Deprecate the old mark layout options.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 17:14:05 -08:00
Tom Eastep
0adc82f469 Add the mark layout options to shorewall.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 15:29:07 -08:00
Tom Eastep
d053faadde Allow convertion of a legacy blacklist configuration
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-08 12:59:40 -08:00
Tom Eastep
6108a9cad8 Delete BLACKLISTSECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-06 14:46:14 -08:00
Tom Eastep
da7516d401 Update config files and manpages for BLACKLISTSECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-06 12:05:07 -08:00
Tom Eastep
54ba4ed879 Add MARK column to route_rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-23 07:56:53 -07:00
Tom Eastep
835a056eb8 Implement BLACKLIST section in the rules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-03 16:02:01 -07:00
Tom Eastep
caddd65412 Rename condition->switch and add more documentation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-09-23 12:33:55 -07:00
Tom Eastep
75b4540d26 Add support for condition match in the rules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-09-21 15:20:50 -07:00
Tom Eastep
6ae184ccc7 Update the released netmap file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-09-06 15:36:33 -07:00
Tom Eastep
bc706324e9 Add an ALL section to the rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-08-15 15:32:24 -07:00
Tom Eastep
35457f4e95 Remove she-bang from lib.*
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-08-03 07:54:46 -07:00
Tom Eastep
bd1d7d6f92 Don't quote the empty setting of LOGLIMIT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 15:55:45 -07:00
Tom Eastep
f96c32634c Make config file quoting more consistent with update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 15:55:27 -07:00
Tom Eastep
6f2cc31dde Implement .conf file upgrade
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 13:03:55 -07:00
Tom Eastep
10ae91b600 Delete deprecated options from the .conf files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-12 13:46:26 -07:00
Tom Eastep
785bd7c987 Apply Tuomo Soini's patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-12 07:22:26 -07:00
Tom Eastep
7404d912bd Add LOGRATE to */shorewall.conf 2011-05-28 19:12:34 -07:00
Tom Eastep
ec01e39479 Add LOGBURST to */shorewall.conf 2011-05-28 19:03:18 -07:00
Tom Eastep
9dc689dd13 Sort Sample .conf files 2011-05-28 12:38:12 -07:00
Tom Eastep
6d3640dafc Alphabetize config files and sync files and manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 10:34:54 -07:00
Tom Eastep
03ecdc8c06 Clean up shorewall.conf and its documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 09:10:46 -07:00
Tom Eastep
fc34f07a7a Remove PKTTYPE option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 07:11:48 -07:00
Tom Eastep
0287d96aa2 Finish filtering implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-26 13:38:44 -07:00
Tom Eastep
e4d667ca6a Add routeback protection
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 17:07:31 -07:00
Tom Eastep
5d04c93a16 Implement LEGACY_FASTSTART option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-22 15:36:29 -07:00
Tom Eastep
83cdf78b18 Replace A_* builtin actions with builtin targets
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-21 15:02:04 -07:00
Tom Eastep
fd70e73d34 Add ACCOUNTING_TABLE option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-17 12:51:33 -07:00
Tom Eastep
2c2fdab0fe Rename USE_LOCAL_MODULES to EXPORTMODULES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-02-06 08:42:35 -08:00
Tom Eastep
a2b440b093 Add USE_LOCAL_MODULES option 2011-01-22 08:13:17 -08:00
Tom Eastep
08f09d7de0 Deprecate EXPORTPARAMS 2011-01-09 10:12:36 -08:00
Tom Eastep
aba63d5c9b More action/macro documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-13 09:06:29 -08:00
Tom Eastep
2702d7f208 Implement header matching 2010-11-24 10:46:06 -08:00
Tom Eastep
5e1c8f8d2a Add DEVICE column to routes file 2010-11-17 08:35:20 -08:00
Tom Eastep
71eb783fcd Implement explicit provider routing 2010-11-16 20:38:54 -08:00
Tom Eastep
aad8a7b213 Clear FORWARD_CLEAR_MARK setting in the remaining config files 2010-10-09 11:31:19 -07:00
Tom Eastep
38851fe446 Delete obsolete options from shorewall.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-04 07:44:28 -07:00
Tom Eastep
468af44876 Add support for 'scfilter' script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 09:15:58 -07:00
Tom Eastep
f7eb3c3d8c Periodic elimination of trailing white space
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 11:16:18 -07:00
Tom Eastep
65de1e4e6e Re-add OPTIONS column to blacklist templates 2010-09-17 11:56:47 -07:00
Tom Eastep
1d650b41cd Remove blacklisting by destination IP address support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 15:24:58 -07:00
Tom Eastep
bd9041306c Add undocumented OUT-BANDWIDTH column to tcinterfaces 2010-09-12 16:25:45 -07:00
Tom Eastep
828d190436 Change example 2010-09-07 19:14:43 -07:00
Tom Eastep
c6f58ba924 Enhance SELinux support:
- Add state match
- Add user/group match
- Add examples to the man pages
2010-09-06 09:06:40 -07:00
Tom Eastep
15d8d6d8b7 Add SECMARK and CONNSECMARK support 2010-09-04 15:12:08 -07:00
Tom Eastep
33ee9b1481 Add IPSEC Accounting (again) 2010-08-20 06:53:31 -07:00
Tom Eastep
e0780b9a84 Rename the first column of the masq file for clarity 2010-08-11 15:34:27 -07:00
Tom Eastep
0234564a1b Add destination IP blacklisting 2010-08-10 17:33:50 -07:00
Tom Eastep
967629569b Taylor Universal config to work with Shorewall-init and streamline ruleset
- Make interface 'all' optional and set REQUIRE_INTERFACE=Yes
- Add COMPLETE option
- Set FASTACCEPT in Universal samples
- Reset SUBSYSLOCK in Universal samples

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-01 08:36:56 -07:00
Tom Eastep
0c38ba815c Add LOGLIMIT to .conf files while deleting LOGRATE and LOGBURST 2010-07-27 06:44:10 -07:00
Tom Eastep
02fab09a14 Add PERL= option to shorewall.conf and shorewall6.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-05 13:11:52 -07:00
Tom Eastep
312624cef5 Fix NET3 bug (netmap) 2010-07-04 15:58:37 -07:00
Tom Eastep
3cda3d0315 Add REQUIRE_INTERFACE to shorewall*.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-23 12:58:35 -07:00
Tom Eastep
d58127e51c Allow networks to be specified in a NETMAP rule 2010-06-12 13:50:58 -07:00
Tom Eastep
427b14b21d Clean up file headers in the .conf files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 11:53:36 -07:00
Tom Eastep
b1c64913b4 Reformat column header in tcinterfaces 2010-02-10 12:00:17 -08:00
Tom Eastep
ede17e2da0 Set ADD_IP_ALIASES=No in all shorewall.conf files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 08:16:41 -08:00
Tom Eastep
a248acb4d4 Add LOAD_HELPERS_ONLY Option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 15:49:23 -08:00
Tom Eastep
a7d4207bf5 Add TC_PRIOMAP to shorewall*.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 10:38:32 -08:00
Tom Eastep
5cc2edf15a Add the new tc files to the repository
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-18 09:03:05 -08:00
Tom Eastep
957de4b057 Add new options to shorewall[6].conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-17 08:50:32 -08:00
Tom Eastep
f306018159 Update all .conf files to specify 'MODULE_SUFFIX=ko'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-02 09:33:27 -08:00
Tom Eastep
bf8c38e054 Add ZONE2ZONE option to shorewall.conf 2009-11-10 14:12:55 -08:00
Tom Eastep
d0cda6b6ea Add TRACK_PROVIDERS option 2009-10-20 13:24:17 -07:00
Tom Eastep
beac09e45f STARTUP_LOG changes 2009-10-02 16:10:14 -07:00
Tom Eastep
de933ba912 Fix typo in comment 2009-10-02 13:10:49 -07:00
Tom Eastep
9ce5887269 Restore LAST LINE to those files that are processed by the shell 2009-08-05 07:59:32 -07:00
Tom Eastep
e91d3dd905 More LAST LINE deletions 2009-08-05 07:38:02 -07:00
Tom Eastep
902d6e0d45 A couple of cosmetic fixes 2009-07-21 06:57:11 -07:00
Tom Eastep
0bb1fbd9c4 Make DISABLE_IPV6=No the default for released shorewall.conf files 2009-07-06 18:38:10 -07:00
Tom Eastep
f88048ebe4 More revert conflicts 2009-07-06 18:23:23 -07:00
Tom Eastep
050375b211 Delete DISABLE_IPV6 option 2009-06-29 18:33:13 -07:00
Tom Eastep
ca15ead9ab Remove '#LAST LINE' from config files 2009-06-25 06:24:49 -07:00
Tom Eastep
bd55a545b5 Rename lib.user to lib.private 2009-06-20 09:35:08 -07:00
Tom Eastep
01d046fac9 Add lib.user extension script 2009-06-19 14:39:45 -07:00
Tom Eastep
117116eb4e Add USER/GROUP column to /etc/shorewall/masq 2009-06-19 08:00:26 -07:00
Tom Eastep
48452fcc23 Delete 'continue' file 2009-06-15 05:51:21 -07:00
Tom Eastep
c370dc650c Remove support for 'norfc1918' and it's associated settings in shorewall.conf 2009-06-05 10:51:30 -07:00
Tom Eastep
910a91bf47 Add 'return 0' to start file 2009-06-04 10:37:26 -07:00
Tom Eastep
d33532d6cd Add TOS field to tcfilters 2009-05-28 16:41:14 -07:00
Tom Eastep
97fa7a0513 Add LENGTH column to tcfilters file 2009-05-28 14:29:33 -07:00
Tom Eastep
a0071a21e8 Tweak and document HFSC implementation 2009-05-24 10:06:36 -07:00
Tom Eastep
e82716baf4 shorewall.conf rationalization 2009-05-20 16:29:23 -07:00
Tom Eastep
142fab8d46 Some documentation updates 2009-05-20 07:54:17 -07:00
Tom Eastep
2c25deeccf Add additional extension script files -- second phase 2009-05-19 17:11:31 -07:00
Tom Eastep
dba5f719c0 Add additional extension script files 2009-05-19 17:10:42 -07:00
Tom Eastep
34791612b5 Implement WIDE_TC_MARKS. Fix problems reported by Steven Springl. 2009-04-20 13:26:47 -07:00
teastep
985c551d26 Add IP, TC and IPSET configuration options
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9932 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-18 16:28:25 +00:00
teastep
eb533d8b00 Make SHOREWALL_COMPILER=perl explicit in shorewall.conf
Send SHOREWALL_COMPILER errors to STDERR

Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9822 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-07 03:22:02 +00:00
teastep
6c205d922a Add AUTOMAKE option
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9767 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-31 17:31:23 +00:00
teastep
06d0c36e22 Move init to configfiles/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9592 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-04 16:34:55 +00:00
teastep
3c5a26ee31 Change file permissions
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9591 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-04 16:32:37 +00:00
teastep
4fb45619d4 Move overlooked file to configfiles
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9588 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-04 01:23:55 +00:00
teastep
a7f958b739 Create a configfiles directory in SVN to help unclutter the product directory
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9586 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-04 01:15:51 +00:00