Commit Graph

3424 Commits

Author SHA1 Message Date
Tom Eastep
3248fc8ab1 Add additional progress messages to updown() 2010-07-22 15:11:19 -07:00
Tom Eastep
49a8861f5b Pretty up the code 2010-07-22 13:57:34 -07:00
Tom Eastep
7db9645225 Avoid an extra blank line 2010-07-22 13:51:47 -07:00
Tom Eastep
666cc35b46 Don't slow down stop with 'wait' 2010-07-22 12:56:49 -07:00
Tom Eastep
055f92c3d2 Document fix for :random with REDIRECT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-22 07:28:43 -07:00
Tom Eastep
4e33efd8a6 Allow :random to work with REDIRECT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-22 07:26:38 -07:00
Tom Eastep
8959245375 Update version to 4.4.12-Beta1 2010-07-21 20:35:36 -07:00
Tom Eastep
411d392ccd Additional progress messages during up/down processing 2010-07-21 20:35:03 -07:00
Tom Eastep
d897635af5 Allow bizarre overriding of SOURCE/DEST with ipsets
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-20 16:03:12 -07:00
Tom Eastep
1de257be19 Make ADD and DELETE work with any type of ipset.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-20 15:42:11 -07:00
Tom Eastep
79128605b1 Validate all IPSET Names 2010-07-18 17:18:10 -07:00
Tom Eastep
cbb524b067 Implement ADD/DEL commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-18 08:46:38 -07:00
Tom Eastep
47961f3fd5 Update release notes to mention link local network error
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-16 10:19:29 -07:00
Tom Eastep
d99aff5e09 Use Perl Constants rather literals for IPv6 Networks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-16 10:06:29 -07:00
Tom Eastep
27937f32e3 Document IPv6 multicast network fix 2010-07-16 09:37:38 -07:00
Tom Eastep
17bdcc1360 Eradicate incorrect multicast network address 2010-07-16 09:33:17 -07:00
Tom Eastep
e0ae48f4c4 Document fix for IPv6 shorecap program
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-15 13:32:10 -07:00
Tom Eastep
f92f75196c Correct accidental modification of action.Drop 2010-07-14 06:27:27 -07:00
Tom Eastep
a29921c9d2 Reverse order of ICMPv6 and Multicast/anycast filtering 2010-07-13 13:03:55 -07:00
Tom Eastep
b52b7c422f Drop multicast and anycast in Drop and Reject actions 2010-07-12 16:44:34 -07:00
Tom Eastep
c1b212225e Use uniform coding style in latest changes 2010-07-12 13:07:11 -07:00
Tom Eastep
328e1b7f6a Don't generate rules to link local net from vserver zones 2010-07-12 12:39:51 -07:00
Tom Eastep
59189d6324 Don't generate rules from link local net to vserver zones 2010-07-12 11:52:56 -07:00
Tom Eastep
4792d1e5f1 Fix nets= in Shorewall6 2010-07-11 19:52:18 -07:00
Tom Eastep
5a5546ef1b Set version to 4.4.11 2010-07-09 09:01:08 -07:00
Tom Eastep
d0c1c3d69c Change comment to clarify assumption about function arguments 2010-07-08 17:45:18 -07:00
Tom Eastep
9eca7fb37b Simplify logic in loopback helper functions 2010-07-08 17:11:27 -07:00
Tom Eastep
591a4bc7f6 Revert version of modules with only whitespace changes; rename a couple of functions for clarity 2010-07-07 06:43:07 -07:00
Tom Eastep
02fab09a14 Add PERL= option to shorewall.conf and shorewall6.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-05 13:11:52 -07:00
Tom Eastep
4547067da9 Document fix for missing closing quote 2010-07-05 11:43:37 -07:00
Tom Eastep
31a9d24164 Fix missing quote when REQUIRE_INTERFACE=Yes 2010-07-05 09:47:03 -07:00
Tom Eastep
f977631af9 Just reset provider bits in FORWARD chain 2010-07-05 09:46:24 -07:00
Tom Eastep
b445b4fdd9 Fix compiler detection of FWMARK_RT_MASK -- take 2 2010-07-05 08:51:13 -07:00
Tom Eastep
0e87ccbcfd Fix compiler detection of FWMARK_RT_MASK 2010-07-05 08:39:32 -07:00
Tom Eastep
542557069e Back out a couple of harmless but unintended changes 2010-07-05 08:02:51 -07:00
Tom Eastep
aa6bb6e911 Improve wording of FORWARD_CLEAR_MARK description 2010-07-05 07:53:31 -07:00
Tom Eastep
898c3a045f Bump version to RC1 2010-07-05 07:08:06 -07:00
Tom Eastep
6a644716c9 Unconditionally use /usr/bin/perl 2010-07-04 17:13:33 -07:00
Tom Eastep
312624cef5 Fix NET3 bug (netmap) 2010-07-04 15:58:37 -07:00
Tom Eastep
7689831cd7 Minor cleanup of 4.4.11 Beta 3.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-04 09:29:16 -07:00
Tom Eastep
2ee4fd8f5a Add FWMARK_RT_MASK capability.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-04 09:08:04 -07:00
Tom Eastep
d3e30b5fe4 Add FORWARD_CLEAR_MARK option 2010-07-03 17:03:42 -07:00
Tom Eastep
5d1e19364a Bump version to Beta 3 2010-07-03 10:54:39 -07:00
Tom Eastep
148b251766 Only send loopback traffic to the 'loopback' chain 2010-07-03 10:53:25 -07:00
Tom Eastep
21ce6f9b84 Add new zone-list function to return all but firewall zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-03 08:33:10 -07:00
Tom Eastep
c8274f0538 Minor vserver doc update 2010-07-02 13:34:21 -07:00
Tom Eastep
63154367ad Forbid 'ipsec' in a vserver host entry
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 13:12:23 -07:00
Tom Eastep
e5d3ce582a Correct Old Defect in ipsec match generation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 13:11:57 -07:00
Tom Eastep
9e81a5101f Cleaner fix for ipsec/vserver issue
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 12:24:58 -07:00
Tom Eastep
261af19b4e Fix invalid policy match with vserver zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 12:18:18 -07:00
Tom Eastep
364cddf99b Update release documents for find_hosts_by_option() fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 07:40:30 -07:00
Tom Eastep
f2ca9e25c9 Make find_hosts_by_option() work with options specified on the interface 2010-07-02 07:19:52 -07:00
Tom Eastep
db8dba66db Correct defect in the handling of 'trace' and 'debug'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-01 15:56:57 -07:00
Tom Eastep
338c021272 Fix refression in handling of mss= 2010-07-01 09:05:25 -07:00
Tom Eastep
64decb25fe Bump version to 4.4.11-Beta2 2010-07-01 07:08:11 -07:00
Tom Eastep
9f15ccb24f Update Raw.pm version.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-30 20:40:26 -07:00
Tom Eastep
e4afc15370 Finish Vserver Implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-30 20:35:46 -07:00
Tom Eastep
9e37fe1ffa Deimplement flawed rate limiting with simple TC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-26 07:42:08 -07:00
Tom Eastep
fc95cb8dc6 Run insserv when installed on Debian
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-26 07:34:34 -07:00
Tom Eastep
914d752f1d Fix latency parsing 2010-06-25 16:10:26 -07:00
Tom Eastep
fe27554fd0 Document undefined value issue
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-24 14:18:48 -07:00
Tom Eastep
2909b6fd92 Quiet down the Perl interpreter on some boxen 2010-06-24 13:58:46 -07:00
Tom Eastep
cc376ab72e Update release documents for REQUIRE_INTERFACE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-23 13:00:00 -07:00
Tom Eastep
3cda3d0315 Add REQUIRE_INTERFACE to shorewall*.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-23 12:58:35 -07:00
Tom Eastep
1cb22d0bcf First feeble steps toward vserver zones 2010-06-22 16:42:20 -07:00
Tom Eastep
d5aaa97d4e Update release documents for changes ported from the 4.4.10 branch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-22 08:40:07 -07:00
Tom Eastep
efa4cfa921 Update release documents for 4.4.11 Beta 1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-18 12:09:43 -07:00
Tom Eastep
dbbe6b264d Fix the IPSET fix 2010-06-18 12:06:12 -07:00
Tom Eastep
e7340dabc0 Fix IPSET issue 2010-06-18 12:05:44 -07:00
Tom Eastep
503b1cf795 Update release note version banner 2010-06-16 16:46:56 -07:00
Tom Eastep
32d8a9d996 Allow patch from Gabriel 2010-06-12 14:10:40 -07:00
Tom Eastep
d58127e51c Allow networks to be specified in a NETMAP rule 2010-06-12 13:50:58 -07:00
Tom Eastep
9acec39898 Fix a couple of issues with Simple TC 2010-06-12 13:50:11 -07:00
Tom Eastep
625f254d02 Add tcfilters to manpage index 2010-06-10 06:15:15 -07:00
Tom Eastep
6040f02bb0 Don't set variables needlessly 2010-06-08 16:33:54 -07:00
Tom Eastep
32d575a8c8 Remove extra logic 2010-06-08 16:18:23 -07:00
Tom Eastep
dcd64cd096 Move ipset-load code to Chains.pm. Better there than in Compiler.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-08 16:18:14 -07:00
Tom Eastep
a5816c23d4 Move save_dynamic_chains to Chains.pm where it belongs.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-08 16:17:57 -07:00
Tom Eastep
6537c1e55a Improve readability 2010-06-08 16:16:23 -07:00
Tom Eastep
52a80e69a9 More tweaks to saving/restoring dynamic chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-08 11:27:09 -07:00
Tom Eastep
ec3fdbde98 More changes having to do with with dynamic chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-08 11:26:53 -07:00
Tom Eastep
aa4b0f71af Much cleaner implementation of save_dynamic_chains()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-07 10:11:33 -07:00
Tom Eastep
0978f3d41a More periodic removal of trailing white space 2010-06-07 09:16:56 -07:00
Tom Eastep
3467969c26 Periodic removal of trailing white space 2010-06-07 07:30:56 -07:00
Tom Eastep
04de6fac6d Make dynamic chain saving work with IPv6
Also, use hidden files to save the chain contents.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-07 07:18:21 -07:00
Tom Eastep
b741ff2a81 Document first 4.4.11 features 2010-06-06 20:40:39 -07:00
Tom Eastep
db138edbd1 Update versions of modified modules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-06 13:49:26 -07:00
Tom Eastep
b3370dfd78 Initiate 4.4.11
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-06 13:36:45 -07:00
Tom Eastep
17b6e370af Purge saved dynamic blacklist if the chain doesn't exist 2010-06-06 13:24:09 -07:00
Tom Eastep
25c0e3c7b3 Retain UPnP and dynamic blacklist over 'restart' 2010-06-06 13:23:49 -07:00
Tom Eastep
ca7d145746 Don't enter command mode for upnpclient rule for non-optional interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-06 08:05:19 -07:00
Tom Eastep
99a0226a43 Slight improvement of regular expression used to insert chain name into rules after '-A'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-06 08:04:28 -07:00
Tom Eastep
fdc3b698a9 Version to 4.4.10 (again) 2010-06-05 15:58:23 -07:00
Tom Eastep
d388b29d70 Let Zones.pm export chain_base rather than Chains.pm 2010-06-05 08:40:00 -07:00
Tom Eastep
0e995d65ac Version to 4.4.10-RC2 2010-06-04 16:19:15 -07:00
Tom Eastep
742a3b2eef Make wait and required work on wildcard interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-04 10:35:45 -07:00
Tom Eastep
82a74d7534 Resolve Optional/Required interfaces with wildcard names
Optional is allowed
Required is not

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-04 08:46:29 -07:00
Tom Eastep
165535cd8b Disallow wildcard optional/required interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-04 07:18:55 -07:00
Tom Eastep
7625b4069b Delete references to prenet subsystem locks.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-03 12:31:39 -07:00
Tom Eastep
43afd03b9b Bump version to 4.4.10 2010-06-03 11:18:02 -07:00
Tom Eastep
f29b06ec07 Update .spec files to use DESTDIR
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-01 07:18:37 -07:00
Tom Eastep
91840acb18 Remove unused RUNLEVELS variable from the install scripts.
Add some documentation

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-01 07:12:19 -07:00
Tom Eastep
fe55fa0f31 Rename PREFIX->DESTDIR
If DESTDIR is not supplied, look for PREFIX

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-01 06:42:11 -07:00
Tom Eastep
c52d0c4d9f Update release notes for 'version -a'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-31 08:05:33 -07:00
Tom Eastep
858a422da3 Extend 'version -a' behavior to all CLIs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-31 07:32:17 -07:00
Tom Eastep
47c4cbd85a Remove extra step in DSL modem access 2010-05-30 11:31:41 -07:00
Tom Eastep
347757a190 Yet more updates for build on the Mac 2010-05-29 10:57:27 -07:00
Tom Eastep
58ad0bc9e0 More updates for build on the Mac 2010-05-29 10:50:39 -07:00
Tom Eastep
226eb6ca3e Cleanup of optimization fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 09:56:14 -07:00
Tom Eastep
5bd1bac70d Document fix for optimization bug
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 09:13:52 -07:00
Tom Eastep
e29d6d080d Restore -a functionality to the version command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 08:59:45 -07:00
Tom Eastep
50ce5bab68 Fix Optimization Bug
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 08:58:16 -07:00
Tom Eastep
d58480943a Bump version to 4.4.10 RC 1 2010-05-27 17:21:11 -07:00
Tom Eastep
3125a4d0d3 Restore RPM RedHat compatibility
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-27 06:49:49 -07:00
Tom Eastep
cc269d5d19 Make RPM SuSE-only 2010-05-26 18:49:33 -07:00
Tom Eastep
e627e0ea76 Bump version to 4.4.10-Beta4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-26 16:47:49 -07:00
Tom Eastep
84909de8b9 Fixes for Debian
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-25 16:02:57 -07:00
Tom Eastep
cdcb42ce9c Increment version to 4.4.10-Beta3.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-25 07:17:57 -07:00
Tom Eastep
3db31f2f65 Add SAFESTOP setting to /etc/default/shorewall*.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-25 07:16:02 -07:00
Tom Eastep
2d19cd1ebb Add options to readlink
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-24 06:37:02 -07:00
Tom Eastep
9c0564831a Fix syntax error in generated shell script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-24 06:23:45 -07:00
Tom Eastep
620f5cf76b More build fixes 2010-05-23 17:12:42 -07:00
Tom Eastep
0f7b4cf7f4 Fix logrotate issue 2010-05-23 17:01:31 -07:00
Tom Eastep
0ef4cd1653 Allow Debian install with PREFIX
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-23 16:10:36 -07:00
Tom Eastep
60c751b98f First stage rework of Shorewall install script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-23 16:02:28 -07:00
Tom Eastep
d32ed01cf0 Use readlink(1) where appropriate
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-23 13:37:26 -07:00
Tom Eastep
1d87fc0102 Update .spec files with virtual requires/provides
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-21 10:12:37 -07:00
Tom Eastep
eaad566978 Update documents for Shorewall-lite 2010-05-20 17:06:53 -07:00
Tom Eastep
4264524448 Bump Version to 4.4.10-Beta2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-20 14:13:38 -07:00
Tom Eastep
2a870088d8 Remove 'close' from CLI programs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-20 14:09:40 -07:00
Tom Eastep
182f433772 Add note about supported distributions to release notes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-20 06:32:34 -07:00
Tom Eastep
50dc02da07 Implement the 'REQUIRE_INTERFACE' option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-19 07:32:02 -07:00
Tom Eastep
06a17c8973 Adjust manpage specifications in spec file 2010-05-18 20:59:24 -07:00
Tom Eastep
4e748f9255 Add Shorewall-init manpage and update release notes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 20:40:03 -07:00
Tom Eastep
4690075ed8 Start firewall on up event for optional interface.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 20:29:03 -07:00
Tom Eastep
1eb5e5b081 Fail the install on unknown distros.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 15:30:53 -07:00
Tom Eastep
9c5fb89b4c Improve documentation in the release notes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 14:55:16 -07:00
Tom Eastep
0c9a0150d2 Document Shorewall-init; delete old auto-stop code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 14:42:39 -07:00
Tom Eastep
5b2affbd01 Changes to make RedHat work with NetworkManager
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 13:41:01 -07:00
Tom Eastep
f9d187c288 Correct issues found in Fedora Testing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 10:27:12 -07:00
Tom Eastep
499b0cddaa Log the text from startup errors.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-17 07:02:30 -07:00
Tom Eastep
a534bca914 Fix an existing bug in Shorewall6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-16 19:28:49 -07:00
Tom Eastep
a501222194 Fix some bugs in the Shorewall-init implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-16 17:41:09 -07:00
Tom Eastep
4f428d8135 De-implement 'close'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-16 15:31:41 -07:00
Tom Eastep
749d6be64e Add 'optional' interfaces to updown processing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 17:06:00 -07:00
Tom Eastep
a3589dc6e9 Implement the 'up' and 'down' script commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 12:48:04 -07:00
Tom Eastep
ff388ca5c4 Detect the 'closed' state in the status command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 12:46:47 -07:00
Tom Eastep
88188202cc Add 'wait' interface option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 09:52:46 -07:00
Tom Eastep
16e451a7d8 Add 'required' interface option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 09:04:32 -07:00
Tom Eastep
a2758421ed Bump version to 4.4.10-Beta1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-13 17:03:14 -07:00
Tom Eastep
529f9a07b4 Update Rules.pm version to 4.4.10 2010-05-13 16:39:52 -07:00
Tom Eastep
a04d8126e1 Finish implementing 'close'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-13 16:39:01 -07:00
Tom Eastep
1d0b8b1cec Correct syntax error in generated code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-13 16:32:42 -07:00
Tom Eastep
449ca038ba Implement 'close' command 2010-05-13 16:29:25 -07:00
Tom Eastep
74c515016e Add back stuff merged earlier: 2010-05-08 16:32:03 -07:00
Tom Eastep
679ad6cf04 Allow OS X to be an Administrative System
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-06 09:07:16 -07:00
Tom Eastep
65a5d34276 Update Module Versions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 12:46:29 -07:00
Tom Eastep
96bef5bd49 Assume 'routeback' in routestopped based on interface config.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 12:31:11 -07:00
Tom Eastep
fca404eeaf Update version to 4.4.9
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 10:02:02 -07:00
Tom Eastep
c7848be266 Back out the rest of the original change for dup / -[psiod]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 09:59:25 -07:00
Tom Eastep
70c6a2cdf3 Update version to 4.4.9-RC2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-02 07:25:50 -07:00
Tom Eastep
7d2df848c9 Tighten up the new mDNS rule 2010-05-01 12:13:02 -07:00
Tom Eastep
9bcd9fd12b Allow for mDNS multicast responses 2010-05-01 12:01:58 -07:00
Tom Eastep
639b3ea57d Simplify checking for /! -[piosd] /
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 09:13:16 -07:00
Tom Eastep
311372013d More fixes to optimization
Only disallow / ! -[piosd] / if the target is a chain

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 08:58:41 -07:00
Tom Eastep
518416ec2e Add a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 08:08:39 -07:00
Tom Eastep
94c6b37e8e Avoid leaving an orphan '!' behind.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 07:51:24 -07:00
Tom Eastep
219b2e0761 A more comprehensive solution to multiple -[piosd] matches.
- eliminate duplicate -[piosd] matches in merged rules
- avoid tracing !* unconditionally

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 07:26:25 -07:00
Tom Eastep
16161d9cfc Add new trace types.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 06:43:09 -07:00
Tom Eastep
1173518d78 More minor cleanup of first code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-30 07:22:09 -07:00
Tom Eastep
2864841a9e Correct release notes
update version to RC1
correct typo

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-29 11:21:31 -07:00
Tom Eastep
076da4bd5c Couple of tweaks to my earliest code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-29 11:19:50 -07:00
Tom Eastep
a997d6507d Update release notes with more common example of failure.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-28 08:09:10 -07:00
Tom Eastep
039668b333 Update release notes to reflect reality.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-28 06:57:45 -07:00
Tom Eastep
2c1cede54e Revise addressless bridge change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 15:23:38 -07:00
Tom Eastep
d8b0f496df Allow simple configuration of a bridge with no IP address
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 12:26:58 -07:00
Tom Eastep
988f7c4d7e More fixes for bad NAT optimization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:50:18 -07:00
Tom Eastep
f49848bd5b Document rare optimization fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:32:53 -07:00
Tom Eastep
0e4698d57c Fix rare optimization bug
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:19:58 -07:00
Tom Eastep
6d61e962eb Use -m conntrack if available in place of -m state
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-25 13:35:41 -07:00
Tom Eastep
21e0c68ef2 Bump version to 4.4.9 RC1 2010-04-25 09:37:17 -07:00
Tom Eastep
fb2ddcee7b Bump Version to 4.4.9 Beta 5 2010-04-24 21:53:12 -07:00
Tom Eastep
6053352f8c A better fix for find_first_interface_address()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-23 20:06:45 -07:00
Tom Eastep
2cb3bac946 Document fix for find_first_interface_address() 2010-04-23 12:18:51 -07:00
Tom Eastep
232fc21fe2 Allow find_first_interface_address[_if_any] to work properly in the params file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-23 11:54:36 -07:00
Tom Eastep
b821bdcdfd One more pass at improving regex's for target isolation and matching
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 14:45:34 -07:00
Tom Eastep
64bf772594 Set OUTPUT policy to ACCEPT when optimize_chain deletes all of its rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 13:38:38 -07:00
Tom Eastep
b0b39cfc39 Document optimization level 2 fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 11:55:13 -07:00
Tom Eastep
fb754b3a2e Don't remove a lone ACCEPT rule from the OUTPUT chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 11:35:14 -07:00
Tom Eastep
0dde75d345 Fix install scripts (again)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-19 13:08:03 -07:00
Tom Eastep
a0abb11f67 Extend 'show log <ipaddr>' to search for a regular expression.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-19 13:02:21 -07:00
Tom Eastep
8c09f21e5d Implement 'show log <token>'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-19 10:20:28 -07:00
Tom Eastep
a1a78cf09b Abandon the fantesy that multiple optimize 8 passes will achieve anything.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 17:12:08 -07:00
Tom Eastep
938cfd7ba4 Don't create fw-><bport> chains and rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 12:29:51 -07:00
Tom Eastep
c52a3dcd14 Don't generate policy chains for fw to bridgeport zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:56:11 -07:00
Tom Eastep
1030c852f9 Simplify a test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:21:30 -07:00
Tom Eastep
e7a4aaafc1 Modify optimization 8 loop to continue until no chains are combined.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:17:57 -07:00
Tom Eastep
8e1284f74c Document OPTIMIZE=15
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:17:12 -07:00
Tom Eastep
4f00de0c57 Make additional optimize 8 passes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 08:42:25 -07:00
Tom Eastep
21b44ac42b Change version to 4.4.9-Beta4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 07:25:53 -07:00
Tom Eastep
82d6ba511f Unify the REs that look for '-[jg] <chain>'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 18:02:31 -07:00
Tom Eastep
cec59360f6 Use '-j' rather than '-g' when jumping to tcpre, just to be safe
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 14:14:13 -07:00
Tom Eastep
46d207a86f Restore original amount of whitespace in maclist rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 14:13:37 -07:00
Tom Eastep
e9a94b0cfb Unify reference count adjustment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 14:12:48 -07:00
Tom Eastep
cf59d9ec68 Fix an optimize 8 bug.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 12:45:00 -07:00
Tom Eastep
dde540c42d Update release notes for optimize 4 problems.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 12:44:37 -07:00
Tom Eastep
c1bcf360ee Fix another 'add_rule' that should have been an 'add_jump'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 09:59:57 -07:00
Tom Eastep
f7e48a94da Fix install scripts.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 09:39:21 -07:00
Tom Eastep
96d69bd8c3 Centralize message generation; optimize optimization-8 loop
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 09:29:37 -07:00
Tom Eastep
9ad5ee1818 Add correct release id.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 07:25:35 -07:00
Tom Eastep
aeb90969f7 Optimize 8 Documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-14 17:12:25 -07:00
Tom Eastep
cff6f0010f Remove chain name after '-A' (again).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-14 17:05:03 -07:00
Tom Eastep
f8bacb54ef Optimize 8
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-14 13:21:10 -07:00
Tom Eastep
4137961169 Speed up the replace_references* functions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-11 09:00:24 -07:00
Tom Eastep
715ea9ef32 Speed up delete_jumps()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-11 08:38:14 -07:00
Tom Eastep
91a711b34f Document startup log fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 11:54:54 -07:00
Tom Eastep
4365b83b15 Rationalize init logs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 11:46:50 -07:00
Tom Eastep
76b9ef7005 Use unshift rather than splice for readability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 09:25:29 -07:00
Tom Eastep
2e443df8e3 Adjust references in move_rules()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 09:09:46 -07:00
Tom Eastep
ff73d802da More cleanup of rule and chain deletion:
- Rename purge_jumps() to delete_jumps()
- Add delete_chain() function
- Remove an unnecessary assertion

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 08:37:17 -07:00
Tom Eastep
1de304bfd9 Relocate purge_jumps() and change the loop exit condition to be a bit safer.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 13:51:44 -07:00
Tom Eastep
14477d61fe Verify that purge_jumps() reset the 'to' chain's referenced flag.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 12:28:01 -07:00
Tom Eastep
2ff1df53da Unify chain deletion.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 11:38:18 -07:00
Tom Eastep
7a831107c7 Replace the complex rule deletion loops with C-stype for loops.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 09:58:32 -07:00
Tom Eastep
9dc8267888 Don't apply RE to rules that we've already checked.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 09:46:07 -07:00
Tom Eastep
1e078b8c8d Use splice() to delete rules from chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 09:38:03 -07:00
Tom Eastep
2f3f591af1 Document removal of fallback scripts.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 07:43:36 -07:00
Tom Eastep
56bc28a182 Prepare 4.4.9 Beta 3
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 07:32:21 -07:00
Tom Eastep
c2c0fb0dd2 Fix deletion of only rule in a chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 17:20:11 -07:00
Tom Eastep
ab1a27ca2a Update version to 4.4.9 Beta 2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 13:14:51 -07:00
Tom Eastep
9a00191c88 Remove a 'defined' test that is no longer needed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 13:12:17 -07:00
Tom Eastep
359c221783 Keep rules arrays compressed throughout the compilation process
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 12:53:30 -07:00
Tom Eastep
3937c10251 Keep rule arrays compressed during optimization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 11:35:15 -07:00
Tom Eastep
9126cc63d9 Delete unused rules arrays
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 10:55:31 -07:00
Tom Eastep
c668707aac Update release docs with optimize 4 fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 20:18:56 -07:00
Tom Eastep
cca2c18370 Another case where reference counts are wrong
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 20:07:03 -07:00
Tom Eastep
aeb3b277b0 Fix reference count issue
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 19:47:49 -07:00
Tom Eastep
9d7d7e06d8 Update release documents
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 14:43:50 -07:00
Tom Eastep
3711e64d71 Fix for 0 values propagated to the script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 14:38:29 -07:00
Tom Eastep
3092a85999 SWAG regarding LOG_VERBOSITY issue
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 13:43:57 -07:00
Tom Eastep
c49e3076ec Recode fix for find_first_interface_address()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 13:28:07 -07:00
Tom Eastep
62c9cb7b36 Change 'first_install' tests
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 13:16:16 -07:00
Tom Eastep
f17365cf6d Fix find_first_interface_address()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 13:05:42 -07:00
Tom Eastep
3b317afb2f Add mDNS macro from Vincent Smeets.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-03 15:57:50 -07:00
Tom Eastep
427b14b21d Clean up file headers in the .conf files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 11:53:36 -07:00
Tom Eastep
af893b6296 Add 'N' trace records for chain creation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 07:32:38 -07:00
Tom Eastep
c57ee7d68d Update release notes with additional trace information.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 07:23:17 -07:00
Tom Eastep
b2d8039ff6 Remove unnecessary text and 'before' images from trace entries
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 07:12:22 -07:00
Tom Eastep
7e97e9519d Conditionally trace writes by copy2().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 11:56:26 -07:00
Tom Eastep
51d4bf19b5 Conditionally trace writes by copy2().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 11:56:06 -07:00
Tom Eastep
dc7d4bdb09 Document CS->GS trace change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 09:50:42 -07:00
Tom Eastep
350a89e449 More complete generated script trace
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 09:48:23 -07:00
Tom Eastep
5c91fb40e2 Remove unneeded test; correct typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 09:04:45 -07:00
Tom Eastep
db2bed06d8 Add 'T' to the documented netfilter trace types.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 08:31:12 -07:00
Tom Eastep
b261a5b2ec Document netfilter trace types.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 07:23:17 -07:00
Tom Eastep
6d7226ae93 Remove special trace entries
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 16:31:03 -07:00
Tom Eastep
1fd656b8c9 Tweak trace facility
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 15:31:05 -07:00
Tom Eastep
3b07053d3b Document new 'trace' facility
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 14:37:22 -07:00
Tom Eastep
b0733d93ee Implement a more robust trace
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 13:09:04 -07:00
Tom Eastep
ef4237f5a0 Avoid verbosity overflow/underflow
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 07:27:27 -07:00
Tom Eastep
3e215d0482 Minor cleanup in the Chains module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-27 08:18:41 -07:00
Tom Eastep
1153ff0c75 Avoid a shell warning when brctl is not installed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-27 07:33:40 -07:00
Tom Eastep
f30cd7e287 Clarify provisional policy handling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-26 08:02:49 -07:00
Tom Eastep
5a36606167 Document fix of EXTERNAL handling in proxyarp.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-25 12:13:52 -07:00
Tom Eastep
6cdc1ab7a2 Allow a logical interface name in the EXTERNAL column of the proxyarp file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-25 11:41:06 -07:00
Tom Eastep
a0a5c55a63 Add omitted defect to 4.4.8 problems corrected
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-25 10:14:39 -07:00
Tom Eastep
7d91edc6ec Remove redundant line of code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-23 12:49:06 -07:00
Tom Eastep
626b28fcd0 Auto-detect bridge when no options specified. Remove extra logic.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-23 09:28:11 -07:00
Tom Eastep
05752dcf0b Auto-detection of bridges -- release documents.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-23 08:58:44 -07:00
Tom Eastep
5e9aceae68 Detect bridges
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-23 08:38:54 -07:00
Tom Eastep
914d829a49 Don't optimize the 'blacklst' chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-22 06:47:39 -07:00
Tom Eastep
6ac549ef4e Add a comment explaining why avoiding creation of the blacklst chain
and branching to it is a bad idea.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-21 07:24:29 -07:00
Tom Eastep
6fc347b9be Prepare 4.4.9-Beta1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-20 07:06:47 -07:00
Tom Eastep
9a88156769 Back off on not jumping to the blacklist chain when there are no blacklist entries.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 11:32:22 -07:00
Tom Eastep
fae29bcf6f Change version to 4.4.8
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 10:17:32 -07:00
Tom Eastep
508475d80b Avoid panic among the user base by suppressing missing table error messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 10:10:20 -07:00
Tom Eastep
b22b279bd1 Some additional idiot-proofing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 10:01:02 -07:00
Tom Eastep
a71f5df64f Fix indentation and quoting in TC progress messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 06:59:58 -07:00
Tom Eastep
f44dbcf20b More copyright updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-18 11:13:51 -07:00
Tom Eastep
91bc3b3293 Mark a restored configuration as 'Restored' rather than 'Started'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-17 10:10:56 -07:00
Tom Eastep
1177540fd8 Update version to RC2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 12:39:35 -07:00
Tom Eastep
66c883de2c Fix UDPLITE handling of source port when no dest port given.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 10:45:31 -07:00
Tom Eastep
b2a56cd542 Copyright update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 09:53:51 -07:00
Tom Eastep
a01fa345b7 Add support for UDP Lite
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 09:42:50 -07:00
Tom Eastep
5ac2b16936 Correct typo in comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 08:49:17 -07:00
Tom Eastep
16bbe780c7 Try to avoid printing import banners unnecessarily
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 07:23:02 -07:00
Tom Eastep
787cec4fe7 Fix 'uninitialized variable' bug in Config::copy2
Bug reported by Tuomo Soini

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 07:12:39 -07:00
Tom Eastep
a2ac726ce9 Add changelog entry
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-11 18:16:31 -08:00
Tom Eastep
196cd5417f Allow 'default' optimizations to be disabled by specifying optimization 4096.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-11 17:15:44 -08:00
Tom Eastep
57dc5731b2 Add change log entry
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-10 17:31:35 -08:00
Tom Eastep
249f9412f6 Add undocumented OPTIMIZE=-1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-10 17:31:08 -08:00
Tom Eastep
4f32be03d7 Fix typo in comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-08 15:34:38 -08:00
Tom Eastep
93494c6ae3 Eliminate nested function declarations in generate_matrix()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-08 13:11:10 -08:00
Tom Eastep
fb4f7ebd67 Update release notes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-08 08:18:10 -08:00
Tom Eastep
07cba9e066 Bump version to RC1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-08 08:11:00 -08:00
Tom Eastep
efed2286b0 Move qt1() to lib.common
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-07 11:50:54 -08:00
Tom Eastep
ce8d1cbc59 Change port range in release notes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-07 08:39:09 -08:00
Tom Eastep
f246f728e7 Flag '-' used as a port range separator
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-07 08:36:26 -08:00
Tom Eastep
4e18414fd7 Uninstall the logrotate scripts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 09:24:51 -08:00
Tom Eastep
5671a7ae2f Add new options to online usage info.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 08:45:43 -08:00
Tom Eastep
88447bfc7d Avoid dropping first line of library source text
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 08:45:21 -08:00
Tom Eastep
2d458b46b4 Update help text in prog.header*
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 08:13:33 -08:00
Tom Eastep
928b162d3c Fix bug in handling of -p option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 08:12:04 -08:00
Tom Eastep
7557b4b5fb Update version to 4.4.8 Beta 3
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 07:41:29 -08:00
Tom Eastep
fe089ddc36 Don't copy headers in imported libraries
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 07:40:43 -08:00
Tom Eastep
c8d8d75cae Cosmetic change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-05 10:40:18 -08:00
Tom Eastep
35974535b2 More removal/relocation of functions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-05 07:29:27 -08:00
Tom Eastep
f8c7a284a5 Remove duplicate/unneeded functions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-05 07:02:00 -08:00
Tom Eastep
8e5114859c Only load lib.base and lib.cli (lib.base loads lib.common)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-05 06:51:13 -08:00
Tom Eastep
b4d4cedef9 Fix silly bug in 'show dynamic <zone>'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 19:05:47 -08:00
Tom Eastep
abb943bfb7 Do library consolidation on IPv6 and load lib.cli into shorecap.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 13:11:33 -08:00
Tom Eastep
50330f71f6 Move many routines into lib.common.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 12:38:02 -08:00
Tom Eastep
3e4d9b3118 Rename lib.run -> lib.common 2010-03-04 12:13:41 -08:00
Tom Eastep
7757c0bc20 Rename lib.run to lib.common
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:54:56 -08:00
Tom Eastep
41d709b043 Allow 'get_script_version' to correctly handle point releases
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:40:48 -08:00
Tom Eastep
7b52d812ae Generate correct library path name
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:40:18 -08:00
Tom Eastep
24432a5f76 Back out dumb change to install.sh
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:17:57 -08:00
Tom Eastep
4c081e5998 Add lib.run
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:12:48 -08:00
Tom Eastep
5d87983803 Update change log. Remove anacronistic comment.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 16:14:15 -08:00
Tom Eastep
1d52683af8 Don't display 'Old' capabilities that are not enabled.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 15:28:49 -08:00
Tom Eastep
a963c8f955 Don't export CONFDIR or SHAREDIR
Document CONFDIR, SHAREDIR and VARDIR
Add FILEMODE to the old reserved variable names

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 11:46:23 -08:00
Tom Eastep
a4414a9695 Delete references to unimplemented functions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 10:53:40 -08:00
Tom Eastep
3f73b3c408 Export *DIR variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 10:39:18 -08:00
Tom Eastep
49c1350aa0 Documentation for final cleanup of variable names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 10:28:09 -08:00
Tom Eastep
c6981de0e5 Complete elimination of globals that are not .conf options
Documentation to follow

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 09:50:07 -08:00
Tom Eastep
ee74696747 IPv6 work to only export when necessary
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 08:59:58 -08:00
Tom Eastep
234e4fa754 Update module versions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 08:51:55 -08:00
Tom Eastep
7457f643ee Don't export globals when the script is 4.4.8 or later
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 08:51:40 -08:00
Tom Eastep
70296b4bd6 Some fixes for -lite changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 17:16:11 -08:00
Tom Eastep
78a39ccad5 Centralize exporting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 16:03:44 -08:00
Tom Eastep
cce4bf277a Reduce export usage; Allow PURGE and RESTOREFILE to be specified on the run-line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 14:49:31 -08:00
Tom Eastep
2656a9b0c7 Eliminate use of PRODUCT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 12:34:36 -08:00
Tom Eastep
5613d0105a Remove all reliance on HOSTNAME
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 11:59:38 -08:00
Tom Eastep
68f5215f07 Remove Reliance on HOSTNAME in generated programs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 11:45:35 -08:00
Tom Eastep
3ea6f6792f Eliminate VERSION reserved variable name
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 08:02:10 -08:00
Tom Eastep
5fc6d58e19 Eliminate STOPPING variable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 07:37:30 -08:00
Tom Eastep
d4936f4bad Tweak to an RE used in optimization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 06:58:09 -08:00
Tom Eastep
169f97d76b Fix typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 11:28:54 -08:00
Tom Eastep
8cfcacc862 Update release document with fix for multiple policy matches
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 08:40:20 -08:00
Tom Eastep
f11bfd3890 Eliminate redundate setting of PRODUCT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 08:32:59 -08:00
Tom Eastep
cfa09dce22 Avoid multiple policy matches with OPTIMIZE=7 and not KLUDGEFREE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 08:32:37 -08:00
Tom Eastep
3ba797cb14 Correct several bugs in the VERBOSITY overhaul
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 06:57:04 -08:00
Tom Eastep
53c73bc8e9 Eliminate VERBOSE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 17:58:01 -08:00
Tom Eastep
14f83759ae Propagate VERBOSITY even though we don't use it yet
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 17:39:35 -08:00
Tom Eastep
546a48543d Propagate LOG_VERBOSITY
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 17:30:11 -08:00
Tom Eastep
39883aa690 Eliminate LOG_VERBOSE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 16:58:30 -08:00
Tom Eastep
fb55d63eaf Allow verbosity to be separate from -V
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 16:42:50 -08:00
Tom Eastep
333ac21c2f Prepare the footers for 4.6.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 15:25:25 -08:00
Tom Eastep
83ed0a401b I'll eventually get it the way I like it
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 13:45:33 -08:00
Tom Eastep
585711caa8 Even simpler RE for detecting builtins
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 13:29:26 -08:00
Tom Eastep
693d0e5d4c Make new test in add_jump() a bit safer.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 12:44:29 -08:00
Tom Eastep
91a14b4e82 Make -s the default on Debian; Issue message when installing in a distro-specific way
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 09:15:11 -08:00
Tom Eastep
d2992c21f4 Update version to Beta 2 2010-02-28 09:04:37 -08:00
Tom Eastep
c9c957c5b8 HKP Macro
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 07:37:16 -08:00
Tom Eastep
3c4b41fbe0 Implement -s option in the major installers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-27 11:48:39 -08:00
Tom Eastep
643d4831ab More all-caps variable elimination
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-26 17:05:35 -08:00
Tom Eastep
061d850c16 Rename RESTOREPATH to g_restorepath
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-26 08:35:50 -08:00
Tom Eastep
c1ac19a81e Correct a couple of typos 2010-02-25 16:35:19 -08:00
Tom Eastep
8aaddf368b More reserved variable names documented
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 12:37:22 -08:00
Tom Eastep
e66b8759d6 Document variable name changes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 12:18:41 -08:00
Tom Eastep
7fe7ebc891 Fix Handling of NFQUEUE(queue-num) in policies
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 08:44:28 -08:00
Tom Eastep
4059fe6956 Belatedly update some version numbers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 08:43:32 -08:00
Tom Eastep
4415050fd2 Eliminate another reserved variable name
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-23 17:00:26 -08:00
Tom Eastep
bffb1793d7 More global variable renaming
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-23 07:52:35 -08:00
Tom Eastep
70a246501e Update version of Tc.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-23 07:08:48 -08:00
Tom Eastep
b2350829b9 Rename 'debugging' to 'g_debugging'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 16:43:38 -08:00
Tom Eastep
3fc10cd94b Prepend 'SW_' to constructed shell variable names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 10:27:59 -08:00
Tom Eastep
88d29d2e35 Eliminate a couple of more all-caps variable name restrictions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 08:24:29 -08:00
Tom Eastep
55c9cf3e99 Eliminate some of the reserved all-caps variable names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 08:05:23 -08:00
Tom Eastep
2a965d42b9 Add a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-21 07:57:34 -08:00
Tom Eastep
e690303937 Modify Roberto's patch for 'show <chain>' error reporting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 19:09:54 -08:00
Tom Eastep
8baa4e60c9 Merge branch 'master' of ssh://teastep@shorewall.git.sourceforge.net/gitroot/shorewall/shorewall 2010-02-20 18:59:17 -08:00
Roberto C. Sanchez
6a3b2b0dee Clarify error message when user asks shorewall to show a non-existent chain 2010-02-20 21:57:45 -05:00
Tom Eastep
6307653a01 Pick up one fix from 4.4.7.4 regarding CONTINUE rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 09:42:58 -08:00
Tom Eastep
5696742ef3 Update release Document with 4.4.7.5 changes and Debian Init Script Fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 08:34:47 -08:00
Tom Eastep
a83663bf25 Return failure status when a supported command fails.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 08:20:42 -08:00
Tom Eastep
edaf541850 Don't apply rate limiting twice in ACCEPT+ rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-19 14:01:45 -08:00
Tom Eastep
ceff8adc78 Restore duplicate interface detection in tcinterfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 16:11:30 -08:00
Tom Eastep
3a2173ddb4 Some code cleanup in Tc.pm.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 15:56:59 -08:00
Tom Eastep
ea8be87720 Use Hex representation of device numbers > 9 in simple TC.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 12:53:01 -08:00
Tom Eastep
4e0225a4c3 Update Documentation for per-IP rate limiting fixes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 07:12:36 -08:00
Tom Eastep
ea8a6c837f Document per-IP rate change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 15:41:12 -08:00
Tom Eastep
00b0490cd7 Create a unique hashtable for each instance of a per-IP rate limit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 15:39:21 -08:00
Tom Eastep
625963a4f0 Final (hopefully) fix for SFQ handle assignment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 09:02:18 -08:00
Tom Eastep
41bb0782a3 Another tweak to SFQ handle assignment.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 08:06:27 -08:00
Tom Eastep
5649dbf9a8 Improve assignment of class ID for SFQ classses
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 07:41:30 -08:00
Tom Eastep
115ce7b87d Update release documents for bug fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 06:49:13 -08:00
Tom Eastep
eaafeb8c2b Add --hashlimit-htable-expire if the units are minutes or larger 2010-02-17 06:43:52 -08:00
Tom Eastep
375160d733 Avoid duplicate SFQ class numbers 2010-02-17 06:43:16 -08:00
Tom Eastep
167b29c2c5 Bump module version in Compiler.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 14:24:52 -08:00
Tom Eastep
8aaf4aab3a Don't create log chain for 'RETURN' rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 14:24:00 -08:00
Tom Eastep
4546394531 Cosmetic changes to Compiler.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 14:07:35 -08:00
Tom Eastep
5d08d51fe5 Add $remote_fs to Required-Start and Required-Stop for Debian
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 08:39:50 -08:00
Tom Eastep
12d3420a5d Detect FLOW_FILTER when LOAD_HELPERS_ONLY=No 2010-02-14 10:34:19 -08:00
Tom Eastep
0624451537 Fix for OLD_HL_MATCH.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-14 07:22:12 -08:00
Tom Eastep
5e9ecf1491 Update version of Config module 2010-02-13 11:00:34 -08:00
Tom Eastep
50d246c8be A little cleanup of compiler.pl
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-13 10:03:32 -08:00
Tom Eastep
ec95e5b32c Document fix for rate limiting of NAT rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-13 09:11:14 -08:00
Tom Eastep
1258149e0e Don't apply rate limiting twice in NAT rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-13 07:21:27 -08:00
Tom Eastep
ea5a6c79bc Bump CAPVERSION 2010-02-11 16:22:47 -08:00