Tom Eastep
409c427134
Add support for future condition initial values.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-29 12:15:15 -08:00
Tom Eastep
7bdce1bc97
Disallow superfluous leading zeros in action parameter numbers.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-29 08:29:20 -08:00
Tom Eastep
e1524763ad
Also substute the chain name for '@0'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-29 08:28:52 -08:00
Tom Eastep
15121e0743
Also substitute the chain name for '@0' in SWITCH names.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-29 08:05:49 -08:00
Tom Eastep
9c0d8a2533
Use '@{0}' as the chain name surrogate in SWITCH columns
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-29 07:17:13 -08:00
Tom Eastep
bff91cd325
Allow overriding 'inline' on some standard actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-28 15:03:08 -08:00
Tom Eastep
8006d150f1
Allow switch initialization.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-27 16:17:43 -08:00
Tom Eastep
e44acdc6af
Corrections to in-line actions.
...
- Avoid reference to uninitialized variable.
- Remove another vestage of multi-parameter macros.
- Correct a typo.
- Correct handling of SOURCE and DEST in an in-line action body.
- Correct a comment.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-27 12:56:14 -08:00
Tom Eastep
e2297f2582
Remove meaningless type from an error message.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-27 12:53:47 -08:00
Tom Eastep
d7096ae52e
Back out default-action macros and document in-line actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-27 10:53:18 -08:00
Tom Eastep
6bf996d4b8
Implement inline actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-27 10:32:48 -08:00
Tom Eastep
85a46690c0
Improve optimize level 16 fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 15:11:07 -08:00
Tom Eastep
a4dcd1071a
Revert change to macro level merging.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 13:41:12 -08:00
Tom Eastep
78ba8bac50
Replace '@' by the chain name in SWITCH columns.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 13:28:23 -08:00
Tom Eastep
bf75b2b919
$0 expands to the current action chain name.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 13:23:20 -08:00
Tom Eastep
7673b1ac4b
Support multiple parameters in macros.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 11:04:19 -08:00
Tom Eastep
fc87576005
Back out silly change for output interfaces in the conntrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 09:47:42 -08:00
Tom Eastep
3f550622bd
Only use routing table for OUTPUT interface in the raw table.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 07:51:55 -08:00
Tom Eastep
21c2963691
Correct Format-3 syntax for the SOURCE column of the conntrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 07:48:43 -08:00
Tom Eastep
e7dee420ee
Allow interfaces in the DEST column of the conntrack file when the chain is OUTPUT.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 18:37:23 -08:00
Tom Eastep
e45fe53705
Correct another optimizer defect.
...
- Don't declare command-mode rules as duplicates.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 18:00:26 -08:00
Tom Eastep
697fc001c3
Return to zone-based handling of 'all'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 16:31:05 -08:00
Tom Eastep
642f192b3d
Disallow destination interface in the OUTPUT chain.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 15:37:53 -08:00
Tom Eastep
7b0578fa84
Fix AUDIT on IPv6.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 12:09:18 -08:00
Tom Eastep
5acf0f60e7
Only apply log level to bare LOG rules in default-action macro.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 10:17:03 -08:00
Tom Eastep
fb3194d96b
Correct handling of default-action macro when specified as "macro.Name"
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 10:16:43 -08:00
Tom Eastep
629717f7cc
Correct policy manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 09:33:46 -08:00
Tom Eastep
8e239c90c1
Update columns in the macro template file.
...
- It was missing SWITCH and HELPER
2012-11-25 08:54:19 -08:00
Tom Eastep
8c2db40783
Correct errors in the conntrack manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 08:52:51 -08:00
Tom Eastep
066a017420
Correct typo in Raw.pm
...
- The OUTPUT chain designator test was using '0' (zero) rather than 'O'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 08:52:33 -08:00
Tom Eastep
1870c281a9
Make AUDIT support params again.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 08:26:44 -08:00
Tom Eastep
dbfc805707
Add 'IU' state in secmarks
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 08:10:53 -08:00
Tom Eastep
748d532175
Correct the explaination of ULOG and NFLOG in the manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-24 09:11:28 -08:00
Tom Eastep
b7e2b28562
Transfer tag when merging into an NFLOG/ULOG rule.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-24 09:04:56 -08:00
Tom Eastep
67e1e6cf91
Allow WHITELIST in IPv6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-23 14:19:14 -08:00
Tom Eastep
cd2854cad0
Fix NFLOG/ULOG implementation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-23 13:49:43 -08:00
Tom Eastep
75c148a2dd
Enable 'debug' on the try, stop and clear commands.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-23 11:46:14 -08:00
Tom Eastep
71bbc632ce
Handle 'fw' correctly in the SOURCE column of the stoppedrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-23 08:35:51 -08:00
Tom Eastep
b6a1a7d538
Make NFLOG and ULOG built-ins.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-23 08:14:24 -08:00
Tom Eastep
30de211bda
Implement format-3 conntrack files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 20:56:56 -08:00
Tom Eastep
3f7425b6a0
Purge %renamed before each table is processed.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 17:27:09 -08:00
Tom Eastep
8a744de906
Document semantic change to 'all' handling in the conntrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 09:10:07 -08:00
Tom Eastep
26dee73895
Support the audited targets on IPv6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 08:24:51 -08:00
Tom Eastep
df7ce1a7d1
Add the AUDIT built-in and delete the Audit action.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 08:24:33 -08:00
Tom Eastep
4a05571e7e
Add forward prototype for process_macro()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 08:00:15 -08:00
Tom Eastep
b89e05740d
Insure that nested zone exclusions go in the proper place in raw PREROUTING
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 14:49:21 -08:00
Tom Eastep
3040156981
Add SWITCH column to the conntrack file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 14:20:56 -08:00
Tom Eastep
54dadcc546
Ensure that zone-specific rules come before 'all' rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 14:20:30 -08:00
Tom Eastep
952aed225d
Improve handling of 'all' in the conntrack file.
...
- Also added 'all-' to represent all off-firewall zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 13:07:01 -08:00
Tom Eastep
7bfbf522bc
Document that parameters are allowed in default actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 11:12:55 -08:00