Commit Graph

297 Commits

Author SHA1 Message Date
Tom Eastep
44599530ea Remove warnings about duplicate zone/interface dynamic hosts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 18:27:18 -07:00
Tom Eastep
ec28bdb5a0 Document Shorewall6 support for dynamic zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 14:33:49 -07:00
Tom Eastep
c112f2381e Document IPv6 Dynamic Zones
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 10:59:14 -07:00
Tom Eastep
4916610033 Rename upgrade => update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 07:14:27 -07:00
Tom Eastep
df2f7ec6a5 Implement 'upgrade' and delete the '-u' and '-a' options of 'check'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 17:39:44 -07:00
Tom Eastep
d66c7d478e Eliminate expansion of shell variables in the upgraded config file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 16:33:41 -07:00
Tom Eastep
e8e7215f4b Add a warning about shell variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 16:00:29 -07:00
Tom Eastep
6f2cc31dde Implement .conf file upgrade
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 13:03:55 -07:00
Tom Eastep
89529df71f Odd capitalization to make annotate.pl work correctly
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 06:10:32 -07:00
Tom Eastep
e7cdf75463 Correct version when :<burst> was added 2011-06-17 17:19:37 -07:00
Tom Eastep
dfcd29d930 Correct spelling error in shorewall6-interfaces(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-15 14:00:30 -07:00
Tom Eastep
10ae91b600 Delete deprecated options from the .conf files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-12 13:46:26 -07:00
Tom Eastep
acefd0a75b Improvements to interfaces manpages
- Indicate when 'routefilter' cannot be used.
- Clarify use of 'sfilter'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 06:44:07 -07:00
Tom Eastep
79348d2b55 Correct manpages: filter->sfilter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-10 06:04:45 -07:00
Tom Eastep
d6ebdd3cb7 Fix tcrules manapges WRT source/dest ports
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-08 09:03:08 -07:00
Tom Eastep
254e1ed784 Add 'I' STATE to secmarks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-02 11:43:55 -07:00
Tom Eastep
561d461a25 Add 'NI' STATE setting in secmarks.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-02 10:06:27 -07:00
Tom Eastep
a71136fd5a Rework configuration files for Shorewall and Shorewall6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-29 14:34:18 -07:00
Tom Eastep
3dcc90e4de Delete IPSET_SAVE from shorewall6.conf manpage 2011-05-28 19:58:57 -07:00
Tom Eastep
b05ed0a67d Add MACLIST_* to shorewall6.conf manpage 2011-05-28 19:56:09 -07:00
Tom Eastep
6d3640dafc Alphabetize config files and sync files and manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 10:34:54 -07:00
Tom Eastep
dbc21b87fe Correct wording in release notes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 05:52:49 -07:00
Tom Eastep
0287d96aa2 Finish filtering implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-26 13:38:44 -07:00
Tom Eastep
2f288a83c8 Document -T
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 11:39:52 -07:00
Tom Eastep
ee98772349 Add -c to the start command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 09:13:02 -07:00
Tom Eastep
485a7fb29d Implement 'restart -c'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 06:39:26 -07:00
Tom Eastep
5d04c93a16 Implement LEGACY_FASTSTART option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-22 15:36:29 -07:00
Tom Eastep
99cb09bd84 Documentation update 1 for AUDIT supportttt
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-21 16:25:38 -07:00
Tom Eastep
d15475efae Cleanup of AUDIT before Beta 3
- Correct merge snafus
- Rename the new actions (e.g., ADROP->A_DROP)
- Correct MACLIST_DISPOSITION logic
2011-05-20 07:47:35 -07:00
Tom Eastep
e940f5018e Implement whitelisting.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-18 08:30:01 -07:00
Tom Eastep
8ec33cd6dd Update accounting documentation 2011-05-17 18:35:28 -07:00
Tom Eastep
495aa9b9ac Implement NFLOG accounting action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-17 13:42:13 -07:00
Tom Eastep
8904e772df Mention exclusion in the blacklist manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-15 10:57:11 -07:00
Tom Eastep
48eeab0b2a Mark many tcrules columns as optional 2011-05-05 10:12:06 -07:00
Tom Eastep
5ce6d7d988 Back out 0x documentation part of change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-05 10:09:56 -07:00
Tom Eastep
45b83658cd Another tcclasses manpage update 2011-05-01 06:40:28 -07:00
Tom Eastep
61c654634b Correct some TC issues 2011-05-01 06:40:14 -07:00
Tom Eastep
5ff1aca52a Augment documentation of the :I and :CI modifiers 2011-04-30 21:52:32 -07:00
Tom Eastep
2a445aca2a Remove DNAT examples from shorewall6-rules(5) 2011-04-10 11:38:10 -07:00
Tom Eastep
e653a34865 Fix man page typo (CLEAR_FORWARD_MARK -> FORWARD_CLEAR_MARK) 2011-04-06 10:46:47 -07:00
Tom Eastep
3730283b64 Move and correct EXPORTMODULES in shorewall6.conf manpage 2011-04-04 08:32:18 -07:00
Tom Eastep
cc633c5bd9 Shorewall 4.4.19 Changes 2011-04-03 09:56:30 -07:00
Tom Eastep
f88d5f13e0 Restore <burst> functionality in tcdevices 2011-03-02 07:42:24 -08:00
Tom Eastep
17a7ab40a9 Remove <burst> reference form tcdevices IN-BANDWIDH description 2011-03-01 14:18:43 -08:00
Tom Eastep
dcdfb60483 Document the <burst> option in the manpages 2011-02-24 15:49:35 -08:00
Tom Eastep
b90ea8a9e0 Change default for MODULE_PREFIX 2011-02-20 08:52:07 -08:00
Tom Eastep
3ea333c915 Fix broken link in the shorewall[6] manpages 2011-02-09 20:53:22 -08:00
Tom Eastep
2c2fdab0fe Rename USE_LOCAL_MODULES to EXPORTMODULES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-02-06 08:42:35 -08:00
Tom Eastep
fb0a90e463 Update manpages for USE_LOCAL_MODULES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-02-06 08:28:19 -08:00
Tom Eastep
748e7f3a19 Correct typos 2011-02-03 13:28:50 -08:00
Tom Eastep
ac13be4ed4 Add rate-limiting example to rules manpages 2011-02-03 13:26:41 -08:00
Tom Eastep
2ef674dc40 Add 'show iptaccount' command 2011-02-01 16:47:20 -08:00
Tom Eastep
207db033b8 Disallow '.' in accounting and manual chain names 2011-02-01 12:58:05 -08:00
Tom Eastep
ae4d675d0d Document chain name length restriction 2011-01-31 07:07:10 -08:00
Tom Eastep
2af846ef9e A couple of fixes for the accounting manpages 2011-01-30 08:55:43 -08:00
Tom Eastep
156b04c380 Implement Run-time Address Variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-01-26 09:08:48 -08:00
Tom Eastep
17a1cd3c57 Add 'dhcp' option to interfaces6 manpage 2011-01-24 08:22:04 -08:00
Tom Eastep
a2b440b093 Add USE_LOCAL_MODULES option 2011-01-22 08:13:17 -08:00
Tom Eastep
08f09d7de0 Deprecate EXPORTPARAMS 2011-01-09 10:12:36 -08:00
Tom Eastep
308831b3ff Clarify '+' in wildcard interfaces 2010-12-19 10:02:02 -08:00
Tom Eastep
48b00d719e Complete Proxy NDP implementation 2010-12-11 10:04:07 -08:00
Tom Eastep
c2d2a4ab65 Rename proxyndp manpage source 2010-12-11 08:22:08 -08:00
Tom Eastep
293e79f00b Add proxyndp manpage 2010-12-11 08:20:53 -08:00
Tom Eastep
81622fe63b Add new Macros 2010-11-26 08:32:54 -08:00
Tom Eastep
2702d7f208 Implement header matching 2010-11-24 10:46:06 -08:00
Tom Eastep
5e48faad9e Update manpages 2010-11-23 15:03:39 -08:00
Tom Eastep
e052951890 More /etc/shorewall/routes documentation 2010-11-17 17:27:48 -08:00
Tom Eastep
5e1c8f8d2a Add DEVICE column to routes file 2010-11-17 08:35:20 -08:00
Tom Eastep
f523113ca7 Add manpages for the routes files 2010-11-16 20:51:11 -08:00
Tom Eastep
c9737930a2 Complete Shared TC documentation 2010-11-14 14:48:16 -08:00
Tom Eastep
a4bff9a2fa Update manpages for IPv6 tcfilters 2010-11-14 13:50:18 -08:00
Tom Eastep
a1e3683651 Documentation updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-10 14:38:55 -08:00
Tom Eastep
489364a1a0 Correct zone manpages re: blacklist vs zone type
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 13:57:03 -07:00
Tom Eastep
611c33e052 Add rule order warning to secmark manpages 2010-09-23 11:31:56 -07:00
Tom Eastep
b3d6ae78ba Add redundancy warning re 'blacklst' 2010-09-19 07:57:36 -07:00
Tom Eastep
c7373ada46 Add advice about SAVE/RESTORE 2010-09-17 09:22:48 -07:00
Tom Eastep
44665775b2 Documentation corrections to the blacklist files 2010-09-16 09:46:46 -07:00
Tom Eastep
a8c9fc1859 Implement new Blacklisting Scheme 2010-09-16 09:40:28 -07:00
Tom Eastep
1d650b41cd Remove blacklisting by destination IP address support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 15:24:58 -07:00
Tom Eastep
bea4ce4ca6 Add tc-tbf link to tcinterfaces manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 14:07:42 -07:00
Tom Eastep
8147671eb2 Document JUMP 2010-09-15 09:49:37 -07:00
Tom Eastep
f925b335ef Ignore the 'blacklist' host option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 08:10:57 -07:00
Tom Eastep
373fc87165 More blacklisting wrapup
- Deprecate 'blacklist' in the hosts file
- Base blacklisting on interfaces alone

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 07:38:20 -07:00
Tom Eastep
10a9ae496a More manpage updates for 4.4.13 2010-09-14 16:47:45 -07:00
Tom Eastep
33adbe7a27 Update documentation for net TC features 2010-09-13 13:51:25 -07:00
Tom Eastep
3f93ebdda8 Update blacklist manpages 2010-09-13 13:23:32 -07:00
Tom Eastep
37a5a01185 Correct INPUT marking documentation 2010-09-11 12:47:32 -07:00
Tom Eastep
828d190436 Change example 2010-09-07 19:14:43 -07:00
Tom Eastep
46bbb26b6b Tweak secmarks example to use ESTABLISHED,RELATED 2010-09-07 13:59:33 -07:00
Tom Eastep
ee83b7f022 Add link to James Morris blog re SECMARK 2010-09-07 13:52:43 -07:00
Tom Eastep
ab87d8800a List secmarks as SEE ALSO 2010-09-07 12:27:39 -07:00
Tom Eastep
8d63e04926 Yet more docunentation updates 2010-09-06 20:37:34 -07:00
Tom Eastep
50b4bd8dfe More Blacklist and Secmark documentation updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-06 17:26:49 -07:00
Tom Eastep
f3255cd83a Rework blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-06 15:29:20 -07:00
Tom Eastep
c6f58ba924 Enhance SELinux support:
- Add state match
- Add user/group match
- Add examples to the man pages
2010-09-06 09:06:40 -07:00
Tom Eastep
b139ff7e90 Update docs and implementation of SECMARK 2010-09-04 16:08:29 -07:00
Tom Eastep
15d8d6d8b7 Add SECMARK and CONNSECMARK support 2010-09-04 15:12:08 -07:00
Tom Eastep
5aceddbf37 Update Accounting Documents 2010-08-22 16:40:04 -07:00
Tom Eastep
e70d9c82d8 Revise and document IPSEC Accounting
- Place accounting rules in accipsecin and accipsecout
- Add warning when rule inserted into unreferenced accounting chain
- Add warning when an accounting chain has no references

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-20 08:24:45 -07:00
Tom Eastep
33ee9b1481 Add IPSEC Accounting (again) 2010-08-20 06:53:31 -07:00