Tom Eastep
3c77d83260
Merge branch 'clean-test-ipset' into 'master'
...
Destroy the temporary IP set in the cleanup function
See merge request shorewall/code!13
2024-04-16 02:46:50 +00:00
Tom Eastep
d8e43cee2b
Merge branch 'master' into 'master'
...
Rewrite gethostbyname2 and inet_ntop to newer getaddrinfo and getnameinfo
See merge request shorewall/code!5
2024-04-15 22:57:24 +00:00
Tom Eastep
b0839c30b2
Merge branch '11-update-always-allowed-ipv6-icmp-rules-according-rfc4890' into 'master'
...
Update always allowed ipv6-icmp rules according RFC4890
Closes #11
See merge request shorewall/code!16
2024-04-15 21:33:14 +00:00
Tuomo Soini
5a66c1d9d6
AllowICMPs: certificate path advertisment source must be fe80::/10
...
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2024-03-19 11:21:03 +02:00
Tuomo Soini
de23e641f7
AllowICMPs: certificate path solicitation source must be :: or fe80::/10
...
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2024-03-19 11:21:03 +02:00
Tuomo Soini
a8294ed495
AllowICMPs: listener report v2 source must be :: or fe80::/10
...
rfc3810 section-5
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2024-03-19 11:21:03 +02:00
Tuomo Soini
393cd5043d
AllowICMPs: router-advertisment source must be fe80::/10
...
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2024-03-19 11:21:03 +02:00
Tuomo Soini
0de5e88018
AllowICMPs: allowing redirects is a security issue and not required
...
Also redirect source must be fe80::/10
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2024-03-19 11:21:03 +02:00
Glop
450a16f730
Destroy the temporary IP set in the cleanup function
...
In the IP set capability tests, there is a race condition which
might prevent the removal of the temporary IP set immediately
after flushing the chain that uses this IP set: even though the
rules which used the IP set were deleted, the IP set might still
appear to be “in use by a kernel component.”
In case this happens, we add an extra call to `ipset -X` in the
`cleanup_iptables()` function, just to be sure that the temporary
IP set is indeed destroyed when the compiler exits.
2023-03-03 16:12:04 +01:00
Paul Gear
aae5baedfd
Merge branch 'idl0r_iptablesw' into 'master'
...
Improve iptables --wait check
See merge request shorewall/code!6
2023-02-01 02:47:31 +00:00
Paul Gear
95831e372f
Merge branch 'tor_metrics' into 'master'
...
Add TorMetrics macro
See merge request shorewall/code!7
2023-02-01 02:41:22 +00:00
Paul Gear
77317c1766
Merge branch 'systemd-service-documentation' into 'master'
...
Document related man-pages in Debian systemd service files
See merge request shorewall/code!8
2023-02-01 02:39:27 +00:00
Paul Gear
236b06d480
Merge branch 'gfdl-text-corrections' into 'master'
...
Correct GFDL text embedded in document sources
See merge request shorewall/code!9
2023-02-01 02:38:53 +00:00
Paul Gear
86244d8faf
Merge branch 'shorewall-man-page-stop-command-fix/v1' into 'master'
...
Restore omitted words from `stop` command description
See merge request shorewall/code!10
2023-02-01 02:35:57 +00:00
Paul Gear
b8ef488f64
Merge branch 'init-script-SRWL-definition-fix/v1' into 'master'
...
Move '-6' and '-l' options from SRWL to SRWL_OPTS in Debian init-scripts.
See merge request shorewall/code!12
2023-02-01 01:53:53 +00:00
Jeremy Sowden
b7f2d1b22e
Move '-6' and '-l' options from SRWL to SRWL_OPTS in Debian init-scripts.
...
Changing the definitions of SRWL from /sbin/shorewall6 to
'/sbin/shorewall -6' and so on broke the init-scripts since the scripts
test whether `$SRWL` is executable:
test -x $SRWL || exit 0
which now fails:
sh: test: /sbin/shorewall: binary operator expected
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
2023-01-31 22:52:21 +00:00
Jeremy Sowden
c93817f30b
Correct GFDL text embedded in document sources
...
The invariant sections clause doesn't quite match the official text. It should
read:
with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts
not:
with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
2023-01-31 22:50:37 +00:00
Jeremy Sowden
5637385507
Document related man-pages in Debian systemd service files
...
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
2023-01-31 22:50:18 +00:00
Jeremy Sowden
23f66180e9
Restore omitted words from stop
command description
...
In commit c061d87919
("Fix links in shorewall(8)") the end of one of
the sentences in the description of the `stop` command was erroneously
truncated.
Fixes: c061d87919
("Fix links in shorewall(8)")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
2023-01-31 20:50:00 +00:00
Vincas Dargis
c1e58f6faf
Add TorMetrics macro
...
Add macro for Tor metrics port.
See
https://support.torproject.org/relay-operators/relay-bridge-overloaded/
2022-09-18 15:08:54 +03:00
Christian Ruppert
8b0d829531
Check for wait option if we don't have capabilities
...
Only check for iptables --wait option if we don't already have existing
capabilities. If we have some and they're not up2date / don't match,
it will issue a warning anyway.
If a valid capabilities file exists, it will already cover whether we
can use --wait or not, that's what WAIT_OPTION is for.
Signed-off-by: Christian Ruppert <idl0r@qasl.de>
2022-04-02 11:52:10 +02:00
Christian Ruppert
c941cf4bb5
Run iptables -w check against a usually small chain
...
The iptablesw check, that's just looking for whether -w is supported or
not, previousely caused iptables to list all rules, each time you do
a shorewall check or shorewall start/reload. That might be quite
a lot, depending on the amount of rules you have. It is also no
necessary to parse each rule just to check for -w. Let's switch to the
usually much smaller INPUT chain, to reduce the overhead
2022-04-01 16:45:42 +02:00
Michal Josef Špaček
e9e73a259b
Rewrite gethostbyname2 and inet_ntop to newer getaddrinfo and getnameinfo
...
We don't need Socket6, because Socket has IPv6 implementation now
2022-02-08 00:45:27 +01:00
Tuomo Soini
672c3420a0
support: update chat server address
2021-05-27 01:44:15 +03:00
Tom Eastep
ba87937f49
Replace StandardOutput=syslog by StandardOutput=journal in unit files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-10-30 09:24:47 -07:00
Tom Eastep
69f0d4d881
Simon Mater's patch to support gbits and gbps in rate/burst specifications
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-10-09 09:39:01 -07:00
Tom Eastep
6681191c88
Correct 'show bl|blacklists' syntax
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-10-09 09:26:41 -07:00
Tom Eastep
2ceeb2c934
Merge branch '5.2.8'
2020-09-25 10:05:35 -07:00
Tom Eastep
97165ed41e
Add target file(s) 5.2.8-base
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-24 15:16:51 -07:00
Tom Eastep
5b0cacd9c4
Add NFS V1.4 macro
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-24 14:46:24 -07:00
Tom Eastep
eeec6f2396
Update shorewall-snat(5)
...
- Delete incorrect statement about a list of addresses in SNAT()
- Replace IPv4 Example 6 with one that uses the PROBABILITY column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-24 11:19:46 -07:00
Tom Eastep
2e7d1ac4a3
Update shorewall-snat(5)
...
- Delete incorrect statement about a list of addresses in SNAT()
- Replace IPv4 Example 6 with one that uses the PROBABILITY column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-24 11:19:12 -07:00
Tom Eastep
34c59dca32
Don't export interface_is_plain()
...
- It was used in a superseded change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-19 11:38:41 -07:00
Tom Eastep
9aa2a4b704
Use less obscure code to set $call_generate_all_acasts;
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-19 11:20:10 -07:00
Tom Eastep
d363809859
Complete the table documentation at the top of the file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-18 13:44:41 -07:00
Tom Eastep
6c4383b5ce
Add target file(s) 5.2.8-RC1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-17 14:47:53 -07:00
Tom Eastep
877807943d
Add target file(s) 5.2.8-RC1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-17 14:47:29 -07:00
Tom Eastep
378df2861a
Add target file(s) 5.2.8-RC1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-17 14:47:20 -07:00
Tom Eastep
f84be9faa4
Display consistent banner
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-17 10:46:53 -07:00
Tom Eastep
c6dea1525f
Describe using a shell alias to invoke shorewall6-lite from 'shorewall6'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 18:04:33 -07:00
Tom Eastep
a7505f3ecb
Remove ${SBINDIR}/shorewall when removing Shorewall-core
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 16:57:44 -07:00
Tom Eastep
8c10c96844
Revert "Move ${SBINDIR}/shorewall6 to the Shorewall-core product"
...
This reverts commit 1ca886abd7
.
2020-09-15 16:49:19 -07:00
Tom Eastep
126c5ccd53
Include administrative host name in status output
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 15:16:23 -07:00
Tom Eastep
1ca886abd7
Move ${SBINDIR}/shorewall6 to the Shorewall-core product
...
- Default 'shorewall6' to 'shorewall6-lite' if that product is installed
and 'shorewall6' is not.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 13:55:57 -07:00
Tom Eastep
ca78c0221c
Don't remote ${SBINDIR}/shorewall when uninstalling Shorewall
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 11:58:05 -07:00
Tom Eastep
e4c2122532
Eliminate duplicate function names between lib.cli and lib.cli-std
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 11:45:45 -07:00
Tom Eastep
f16e666858
Redirect STDERR to STDOUT when using $PAGER
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-13 15:46:04 -07:00
Tom Eastep
b5f3294adb
Set SHOREWALL_SHELL=/sbin/sh if it isn't set and export or test
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-13 15:33:01 -07:00
Tom Eastep
8d4e79650e
Refactor ALL_ACASTS code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-11 15:58:59 -07:00
Tom Eastep
b253be8a69
Localize to IPv6 the effect of generating ALL_ACASTS during 'restore'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-11 14:35:17 -07:00