Commit Graph

12135 Commits

Author SHA1 Message Date
Tom Eastep
414a74d23c Support protocol lists in most files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 16:06:54 -08:00
Tom Eastep
0526863e66 Make $section numeric
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 13:39:49 -08:00
Tom Eastep
5dbe2aa9ec Optimize a test in finish_chain_section().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 07:00:15 -08:00
Tom Eastep
ca202ca10b Flush the arp cache after applying the arprules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-06 17:46:40 -08:00
Tom Eastep
de4e0898b5 Catch protocol lists in contexts that don't allow them.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-06 17:23:14 -08:00
Tom Eastep
edc0a84e5d Optimize RELATED rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-06 16:48:37 -08:00
Tom Eastep
d4c9885c09 Change interpretation of the log tag when LOGTAGONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-06 13:10:18 -08:00
Tom Eastep
c41b9e596d Don't add --cstate to dropInvalid rule.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-06 09:42:55 -08:00
Tom Eastep
9fd7933b5d Make inline actions work in sections other than NEW.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-06 09:32:50 -08:00
Tom Eastep
f223e3584c Make '+' optional in the ADD and DEL statements.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-06 07:37:11 -08:00
Tom Eastep
3f24416f37 Add a warning for opcode inversion when not arptables_jf.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-05 13:14:32 -08:00
Tom Eastep
38aa7f3857 Correct opcode inversion when not ARPTABLES_JF
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-05 08:26:46 -08:00
Tom Eastep
7f6430a383 Correct address inversion in match_arp_net()
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-05 08:20:51 -08:00
Tom Eastep
4fc0dba26d Correct two-interface check in process_arprule.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-05 08:17:53 -08:00
Tom Eastep
0c7e10dbfa Add a comment to the Zones file
- define the {bridge} member.
2013-01-05 08:15:56 -08:00
Tom Eastep
97009bad79 Correct arptables_jf MAC handling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-04 17:27:16 -08:00
Tom Eastep
af7b7195d2 Fix MAC handling in the ARP module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-04 15:55:52 -08:00
Tom Eastep
a732f6e538 Add some comments to the ARP module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-04 15:07:51 -08:00
Tom Eastep
38657d9f98 Support for arptables.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-04 09:17:57 -08:00
Tom Eastep
90e0c8b717 Don't update mtime on shorewall.conf during update that doesn't change the file
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-02 15:03:07 -08:00
Tom Eastep
f955abe18b Unify IPv4 and IPv6 modules.xtables files
- only difference now is xt_ipp2p

Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-01 08:44:36 -08:00
Tom Eastep
25b2341ecf Add sch_fq_codel to modules.tc
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-01 08:29:41 -08:00
Tom Eastep
aca3ce3c21 Delete blank line
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-01 08:29:02 -08:00
Tom Eastep
34f8125416 Correct a couple of issues with update -D
- shorewall.conf.bak is no longer unlinked
- The mtime of all unaltered files is no longer updated
2012-12-31 12:43:02 -08:00
Tom Eastep
87715e5f0b Correct Typo
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2012-12-31 10:36:27 -08:00
Tom Eastep
4590e25052 Correct modules.xtables
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2012-12-31 08:54:32 -08:00
Tom Eastep
5848d7cab7 Correct helper validation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-30 13:20:56 -08:00
Tom Eastep
769125903d Update Traffic Shaping Doc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 12:17:26 -08:00
Tom Eastep
5dfc27355e Correct a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 11:34:12 -08:00
Tom Eastep
115081dda5 Tweak fq_codel documentation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 11:20:16 -08:00
Tom Eastep
6d9cca1cff fq_codel
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 10:58:11 -08:00
Tom Eastep
51deec115b Correct handling of wildcard interfaces
- chain_base[1] renamed var_base[1]
- $chain replaced by $var in renamed functions
- replace trailing '+' by '_plus' to provide uniqueness
- add sub chain_base() to the Chains module as an identity mapper

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-28 10:39:19 -08:00
Tom Eastep
643f419264 Merge branch '4.5.11'
Conflicts:
	Shorewall/Perl/Shorewall/Rules.pm

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-28 09:02:33 -08:00
Tom Eastep
2009a66bb5 Avoid invalid function name for starting an optional interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-28 08:04:06 -08:00
Tom Eastep
ebe4267c49 Rename IGNOREOLDCAPVERSIONS to WARNOLDCAPVERSION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:58:45 -08:00
Tom Eastep
8b92a59821 Ignore '-m comment' when detecting duplicate rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:51:33 -08:00
Tom Eastep
f96bc7cc2d Cosmetic cleanup of the .conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:01:37 -08:00
Tom Eastep
8bb6f81dc5 Rename IGNOREOLDCAPS to IGNOREOLDCAPVERSIONS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 08:54:22 -08:00
Tom Eastep
01a8ff20d4 Add the xtables modules to modules.xtables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 16:06:54 -08:00
Tom Eastep
ef0102e9f1 Add the 'IGNOREOLDCAPS' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 15:48:08 -08:00
Tom Eastep
14bbda14a2 Add some comments describing Config.pm globals
- Also changed $shell from 'my' to 'our'.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 10:55:13 -08:00
Tom Eastep
62406e261d Correct typo in shorewall-masq(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 07:43:06 -08:00
Tom Eastep
bfeea76cf2 Disallow ?FORMAT when $max_format == 1
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/Perl/Shorewall/Config.pm
2012-12-26 07:37:23 -08:00
Tom Eastep
100e03cf93 Don't set $nocomment in in-line action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 07:06:29 -08:00
Tom Eastep
84cc78c58e Eliminate @comments
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-25 17:00:24 -08:00
Tom Eastep
3f28af80d2 Disallow ?FORMAT when $max_format == 1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-25 08:10:48 -08:00
Tom Eastep
6126ae67e6 Don't apply AUTOCOMMENT or comment continuation to inline actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-24 13:50:26 -08:00
Tom Eastep
575020c851 More comment handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-24 13:35:42 -08:00
Tom Eastep
1c212e878f Restore SECTION handling in Accounting File
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-24 13:33:44 -08:00
Tom Eastep
4393a6c603 Eliminate redundant calls to clear_comment.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-24 12:35:08 -08:00