Commit Graph

7495 Commits

Author SHA1 Message Date
Tom Eastep
b13014c9ab
Expand variables in .conf except when upgrading
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-11 11:21:07 -08:00
Tom Eastep
76aef6cb04
Correct generation of '! --syn'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-11 08:43:04 -08:00
Tom Eastep
4c72b3ee58
Make sure that $LOG_LEVEL is defined
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-10 11:06:23 -08:00
Tom Eastep
d9071c5308
Correct $LOG_LEVEL expansion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-10 10:24:24 -08:00
Tom Eastep
3d8d5aa469
quote $LOG_LEVEL in shorewall[6].conf files
- Delete AllowICMPs from IPv4 policy action settings

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-08 14:16:24 -08:00
Tom Eastep
49811d24fa
Correct convertion of tcrules->mangle when a writable mangle exists
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-07 15:21:45 -08:00
Tom Eastep
fe4aaee1b4
Fix typos in action.dropNotSyn
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-07 14:37:08 -08:00
Tom Eastep
0ec7bc846e
Correct logging in inline policy actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-07 13:58:14 -08:00
Tom Eastep
dbcd4d9d16
Correct typo in action.AllowICMPs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-07 13:57:05 -08:00
Tom Eastep
5a996cbda7
Change AllowICMPs to an inline action
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/actions.std
2017-03-07 13:56:44 -08:00
Tom Eastep
6019adaae5
Change macro.ICMPs to an inline action
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/actions.std
2017-03-07 13:54:52 -08:00
Tom Eastep
4f869c3506
More manpage updates for tcp:!syn
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-07 11:13:58 -08:00
Tom Eastep
e3c2874b21
Modify dropNotSyn to use {proto=6:!syn}
- also make the same change in the rejNotSyn audited case
2017-03-07 11:00:39 -08:00
Tom Eastep
e8a0142480
Document tcp:!syn support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-07 10:48:24 -08:00
Tom Eastep
a4768776f7
Modify rejNotSyn to use new/corrected features
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-07 10:34:15 -08:00
Tom Eastep
8e000b158e
Correct the handling of tcp-reset
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-07 10:33:51 -08:00
Tom Eastep
f1d1ab6411
Implement tcp:!syn in PROTO column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-07 10:33:20 -08:00
Tom Eastep
cd103bb715
Correct rejNotSyn
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-06 16:01:31 -08:00
Tom Eastep
5f1370f1b4
Clear the firewall on Debian systemd 'stop' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-06 11:22:55 -08:00
Tom Eastep
dc53fa2665
Correct file/line from ?error
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-06 11:02:06 -08:00
Tom Eastep
71d9a03697
Update shorewall[6]-rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-05 14:29:57 -08:00
Tom Eastep
137d4bcc90
Alter logging behavior of Limit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-05 13:03:57 -08:00
Tom Eastep
356d3fa2dd
Correct new directives with respect to omitting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-05 12:09:54 -08:00
Tom Eastep
80d93235b5
Eliminate builtin actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-05 12:09:33 -08:00
Tom Eastep
c1e7fce1c5
Report the file/line where action invoked
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-05 09:29:00 -08:00
Tom Eastep
63ec936f21
Remove determinism sorts 2017-03-04 19:05:33 -08:00
Tom Eastep
dabe0bd205
Set PERL_HASH_SEED to make compilation deterministic.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-04 18:48:48 -08:00
Tom Eastep
63cf7dd699
Revert "Move $test to the config module."
This reverts commit 876d76b294.
2017-03-04 18:45:40 -08:00
Matt Darfeuille
0b3a32b365
Change the preferred way to remove sysvinit script
- Correct typo in command
 - Correct spacing

Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-04 09:03:59 -08:00
Tom Eastep
a7d45e9566
Restore logging to the BLACKLIST action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-03 10:14:30 -08:00
Tom Eastep
876d76b294
Move $test to the config module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-02 11:42:07 -08:00
Tom Eastep
9075a6dd7a
Copy libs and footer when compiling for test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-02 10:49:49 -08:00
Tom Eastep
61f5e3531c
Rename action.allowUPnP to action.allowinUPnP
- Allows 'show action allowinUPnP' to work correctly.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-02 10:05:31 -08:00
Matt Darfeuille
7ffe8e4e4b
shorewall: Document the -p option in installer
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-23 09:33:35 -08:00
Matt Darfeuille
06c6a017d5
Use a specific parameter file for systemd script
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-22 17:56:25 -08:00
Matt Darfeuille
75fd8ccb37
Use a specific parameter file for sysvinit script
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-22 17:56:21 -08:00
Matt Darfeuille
8c7e6fddfd
Use a common uninstaller for Sw and Sw6
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-22 17:56:11 -08:00
Matt Darfeuille
783e438b4a
Be more verbose while uninstalling Shorewall
- Remove version file as a file and not as a directory.

Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-22 17:56:00 -08:00
Matt Darfeuille
27a620347a
shorewall: Fail if Shorewall-core is not installed
Shorewall-core's version file resides in ${SHAREDIR}/shorewall.

Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-22 17:55:56 -08:00
Matt Darfeuille
a496edef54
Use a function to fail on fatal error
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-22 17:55:50 -08:00
Matt Darfeuille
22b044f350
shorewall: Use a function to install file
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-22 17:55:41 -08:00
Matt Darfeuille
c58efe7698
Unify the uninstallers
- Clean up code
 - Use the .service suffix

Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-22 17:55:36 -08:00
Matt Darfeuille
f48b2e715f
Unify the installers
- Clean up code

Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-22 17:55:31 -08:00
Matt Darfeuille
f6f7e691d0
Fail if the rc file can not be loaded
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-22 17:54:40 -08:00
Matt Darfeuille
a9048b63f2
Correct typos
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-22 17:54:36 -08:00
Matt Darfeuille
bc1df90829
Group comment lines with corresponding command
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-22 17:54:33 -08:00
Matt Darfeuille
09462cf92b
Use 4 octal digits as numeric mode in installers
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-22 17:54:29 -08:00
Matt Darfeuille
315d4c39b8
Create and set directory mode using a function
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-22 17:54:04 -08:00
Matt Darfeuille
42554f8f31
Add cant_autostart() to the installers's library
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-22 17:53:59 -08:00
Matt Darfeuille
f0debcb6fb
Copy only required libraries to run Shorewall
Copy only libraries that are required by Shorewall to operate properly.

Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-22 17:53:54 -08:00
Matt Darfeuille
20cc56f2f1
Load uninstallers's common functions
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-22 17:53:39 -08:00
Matt Darfeuille
4e771083c7
Load installers's common functions
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-22 16:42:38 -08:00
Matt Darfeuille
a6eebc8ecf
Replace product names by product vars
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-22 16:40:41 -08:00
Tom Eastep
6966270822
Allow 'show action' on buitin actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-19 13:43:23 -08:00
Tom Eastep
118e4f73c9
Correct validation of LOG_LEVEL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-19 10:25:44 -08:00
Tom Eastep
10b39f3855
Correct typo (allowMast -> allowMcast)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-19 10:25:27 -08:00
Tom Eastep
a71b61c238
Delete the deprecated macros and actions during install
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-15 10:16:53 -08:00
Tom Eastep
944888c04f
Handle broadcast and muticast separately
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-15 10:16:20 -08:00
Tom Eastep
48d301b2cf
Rename the policy LIMIT column to RATE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-12 10:17:43 -08:00
Tom Eastep
735919d8d3
Add LOG_LEVEL option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-12 09:52:55 -08:00
Tom Eastep
b4561e97c8
Deprecate Drop and Reject in actions.std
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-12 09:28:38 -08:00
Tom Eastep
66a63a4da5
Fix instances of $LOGrmation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-12 08:33:56 -08:00
Tom Eastep
8c9fb501fd
Adjust .conf files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-11 13:41:28 -08:00
Tom Eastep
977fa81d46
Make 'none' case-insensitive in policy action specifications
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-10 11:43:51 -08:00
Tom Eastep
09fda9eb6c
Manpage updates:
- interfaces: Clarify the 'bridge' option
- rtrules:    Warn about similar rules with same priority
2017-02-10 11:43:04 -08:00
Tom Eastep
7e984af094
Some cleanup of policy actions
- Allow '+' in policy file action list

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-07 13:19:53 -08:00
Tom Eastep
af8d4e32c2
Replace 'info' with '$LOG' in the sample policy files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-07 08:27:19 -08:00
Tom Eastep
ca33a7ef65
Fix Sample .conf files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 18:28:05 -08:00
Tom Eastep
e91f414223
Document policy action changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 17:09:23 -08:00
Tom Eastep
5cd2f26b51
Correct shorewall.conf(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 14:46:10 -08:00
Tom Eastep
dab9e1d7c4
Assume no default actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 14:45:43 -08:00
Tom Eastep
b9471a2499
Correct parsing of the POLICY column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 14:15:24 -08:00
Tom Eastep
95ffada759
Change sample IPv4 default actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 13:47:02 -08:00
Tom Eastep
b2553fb008
Another change to allow builtin actions as default actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 13:25:10 -08:00
Tom Eastep
8bc70674f3
Make DropDNSrep an inline action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 11:21:56 -08:00
Tom Eastep
cecb8a1950
Deprecate the Drop and Reject actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 10:52:31 -08:00
Tom Eastep
079d862bb3
Document default-action lists
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 10:51:57 -08:00
Tom Eastep
92133e5a6b
Default-action lists
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 10:11:48 -08:00
Tom Eastep
686ca9d3a3
Allow builtin actions in xxx_DEFAULT settings.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-05 15:21:57 -08:00
Tom Eastep
70a395892f
Make BLACKLIST work correctly in the blrules file
- Add the 'section' action option

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-23 15:03:02 -08:00
Tom Eastep
d2d11df4f6
Make action.BLACKLIST behave correctly in the blrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-23 13:35:10 -08:00
Tom Eastep
b985654600
Correct typo in heading of Reject and Drop actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-23 11:54:40 -08:00
Tom Eastep
62ff6d3fa5
Remove obsolete macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-23 09:26:19 -08:00
Tom Eastep
2bbb5c8c1e
Add hack to distinguish between the BLACKLIST macro and action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-23 09:23:26 -08:00
Tom Eastep
33b4ee4d31
Don't quote variable values in ERROR/WARNING/INFO directives
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-23 09:00:18 -08:00
Tom Eastep
d111e4f186
Handle built-in actions in 'show action'
- Remove a couple of non-actions from IPv4 actions.std

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-22 15:40:36 -08:00
Tom Eastep
634c8debda
Use ?REQUIRE in several actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-22 14:59:37 -08:00
Tom Eastep
71dd5d016b
Add ?REQUIRE compiler directive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-22 14:48:18 -08:00
Tom Eastep
6b408869d2
Correct the synopsis in two action files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-22 11:47:12 -08:00
Tom Eastep
edf08bf408
Cosmetic change in compiler()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-21 19:47:50 -08:00
Tom Eastep
9c3a82f628
Add BLACKLIST action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-19 14:08:15 -08:00
Tom Eastep
e6933f4c8d
Add BLACKLIST policy
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-18 10:55:15 -08:00
Tom Eastep
cc3b8793e0
Make BALANCE_PROVIDERS default the setting of USE_DEFAULT_RT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-17 15:02:16 -08:00
Tom Eastep
ac5fd195ec
Correct provider/routefilter check wrt optional interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-17 09:34:13 -08:00
Tom Eastep
45b9ddf188
Add BALANCE_PROVIDERS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-17 08:58:09 -08:00
Tom Eastep
2d16fac9ed
Revert "Implement USE_DEFAULT_RT=Exact"
This reverts commit 2ca1ae734a.
2017-01-17 08:25:33 -08:00
Tom Eastep
f23970b4f7
Include LOG_MARTIANS in test for setting log_martians with routefilter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-14 13:03:24 -08:00
Tom Eastep
04112647d3
Correct provider/routefilter checking
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-14 12:40:39 -08:00
Tom Eastep
2ca1ae734a
Implement USE_DEFAULT_RT=Exact
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-14 08:14:08 -08:00
Tom Eastep
64c249a174
Set logmartians along with routefilter.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-11 15:53:55 -08:00
Tom Eastep
0019ca53e5
Include ROUTE_FILTER in routefilter/provider checks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-11 15:39:13 -08:00
Tom Eastep
0d2a5089a9
Merge branch '5.1.0' 2017-01-11 12:29:57 -08:00
Tom Eastep
50d09e76cb
Catch 'routefilter' with provider interfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-11 11:47:10 -08:00
Tom Eastep
73772efb85
Correct typo in shorewall-interfaces(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-11 11:20:07 -08:00
Tom Eastep
568f461763
Propogate PAGER to -lite systems
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-11 11:18:57 -08:00
Tom Eastep
cb150f9c09
Allow compact IPv6 addresses in IP6TABLES() rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-07 10:01:03 -08:00
Tom Eastep
19ce2093d8
Correct splitting of IP(6)TABLES options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-07 10:00:37 -08:00
Tom Eastep
b8c322a05f
Ignore SUBSYSLOCK when $SERVICEDIR is non-empty
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-06 15:50:26 -08:00
Tom Eastep
f68d3fd9fa
Revert "Remove SUBSYSLOCK"
This reverts commit 386b137e9b.
2017-01-06 09:49:40 -08:00
Tom Eastep
386b137e9b
Remove SUBSYSLOCK
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-05 10:03:03 -08:00
Tom Eastep
ce68f84d9d
Remove Makefile from Shorewall[6][-lite]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-05 08:22:02 -08:00
Tom Eastep
5aed31d37a
Restore SUBSYSLOCK setting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-04 19:39:08 -08:00
Tom Eastep
0b3d1b1d36
Revert code that assumed no CLI symlinks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-04 17:12:20 -08:00
Tom Eastep
2f9ef4dda7
Update kernel module files
- Include additional nat modules

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-30 10:56:16 -08:00
Tom Eastep
5174fe0161
Avoid echo options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-28 11:09:08 -08:00
Tom Eastep
65bf33bcf3
Correct handling of safe-restart with SAVE_IPSETS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-27 16:29:01 -08:00
Tom Eastep
638c7c5bca
Implement NETMAP_TARGET capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-27 08:26:51 -08:00
Tom Eastep
c4bbb46e3f
Eliminate rawpost table support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-26 14:20:08 -08:00
Tom Eastep
c9f45277b8
Move the action files to their own directory
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-23 09:05:37 -08:00
Tom Eastep
541291b729
Add do_condition() call in process_mangle_rule1()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-21 08:46:16 -08:00
Tom Eastep
9dcac6012b
Remove redundent test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-20 14:41:29 -08:00
Tom Eastep
4af278338f
Correct intra-zone handling in policies
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-19 09:11:41 -08:00
Matt Darfeuille
b33d853703
shorewall: Don't set the 'file' var needlessly
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-19 08:14:48 -08:00
Matt Darfeuille
30331fecda
shorewall: Don't set the 'file' var needlessly
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-19 08:14:48 -08:00
Tom Eastep
a9583aaf3a
Correct merge compatibility change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-18 19:00:37 -08:00
Tom Eastep
c2c2dc0b22
Exercise care when merging rules including -m multiport
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-18 18:39:19 -08:00
Tom Eastep
e3951cb5a3
Re-add volume 8 manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-18 16:16:50 -08:00
Matt Darfeuille
bac6848362
shorewall: Correct the filepath of .shorewallrc
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-18 12:14:25 -08:00
Matt Darfeuille
fa8e92cbd3
shorewall: Correct the filepath of .shorewallrc
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-18 12:14:24 -08:00
Matt Darfeuille
f502e5b2e3
shorewall: Correct displaying of shorewall version
Add the Product name variable to properly display the product name
when the '-v' option is passed to the script.

Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-18 12:14:24 -08:00
Tom Eastep
154395c20f
Create symbolic links for the CLI programs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-18 11:48:05 -08:00
Tom Eastep
095c9212f4
Fatal error for empty action file
- Issue error if a file with the name of the action exists on the
  CONFIG_PATH

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-12 16:31:46 -08:00
Tom Eastep
08c6b80e1e
Correct typo in the snat manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-11 14:32:27 -08:00
Tom Eastep
cb7ab3908a
SOURCE/DEST changes in the mangle manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-11 14:06:59 -08:00
Tom Eastep
b756c63b1e
More SOURCE/DEST manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-10 14:41:08 -08:00
Tom Eastep
eea9882953
Implement CPU Fanout for NFQUEUE.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-09 10:46:39 -08:00
Tom Eastep
cc937ffaba
NFQUEUE should be non-terminating
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-09 09:49:23 -08:00
Tom Eastep
5ea3334a66
Support a richer SOURCE and DEST syntax
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-09 09:43:10 -08:00
Tom Eastep
a2e040998b
Move shorewall(8) to shorewall.core
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-04 18:03:18 -08:00
Tom Eastep
53adfbe863
Normalize parameters by removing trailing omitted args
- Avoids needless duplicate action chains
2016-12-03 11:34:02 -08:00
Tom Eastep
4a0a906510
Correct progress message in optimize_level4()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-03 08:28:14 -08:00
Tom Eastep
7ceb0228e9
Merge branch 'master' into 5.1.0 2016-12-02 15:27:16 -08:00
Tom Eastep
f537e3e15c
Fix optimization bug in merge_rules()
- Reset the simple member if a unique option is merged

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-02 14:47:03 -08:00
Tom Eastep
5ae062317f
Merge branch 'master' into 5.1.0 2016-12-01 19:35:14 -08:00
Tom Eastep
a1981823f4
Correct typo (syntax error!)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-01 15:21:25 -08:00
Tom Eastep
77e83f0afd
Eliminate the CHAIN_SCRIPTS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-29 16:33:23 -08:00
Tom Eastep
a45fe692cc
Add a SWITCH column to the mangle files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-29 16:13:44 -08:00
Tom Eastep
799b17210c
Enhanced syntax for SOURCE and DEST columns in the rules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-25 15:10:14 -08:00
Tom Eastep
01306e1230
Try another approach to the RCP_/RSH_COMMAND formatting issue
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-23 14:48:28 -08:00
Tom Eastep
963dea54c5
Modify update defaults for LOGPREFIX and LOGLIMIT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-23 14:30:07 -08:00