Commit Graph

3086 Commits

Author SHA1 Message Date
Tom Eastep
461f7b10ba Detect Arptables JF capability when LOAD_HELPERS_ONLY = No.
- Move detection of Header Match to its proper ordinal.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-20 07:19:02 -07:00
Tom Eastep
2c9eda9cee Add some white space for readability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 18:33:02 -07:00
Tom Eastep
64fc3d2e43 Correct a typo that caused iset couter match to be mis-detected
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 10:27:29 -07:00
Tom Eastep
d0aed87546 Correct IPV6 ipset capabilities checking on 3.14 kernels
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 10:25:46 -07:00
Tom Eastep
56fa6bd78a Revert "Correct ipset detection on later kernels."
This reverts commit b207f64a85.
2014-07-19 10:22:12 -07:00
Tom Eastep
b207f64a85 Correct ipset detection on later kernels.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 08:55:02 -07:00
Tom Eastep
9f381209d5 Detect HEADER_MATCH when LOAD_MODULES_ONLY=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 07:20:28 -07:00
Tom Eastep
6771dc54ad Streamline some code from the last commit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-18 12:58:49 -07:00
Tom Eastep
417bd0138e Correct two problems with tcrules processing:
- SAVE and RESTORE didn't work
- '|' and '&' were ignored


Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-18 08:32:22 -07:00
Tom Eastep
2ed523101c Allow specification of the MAC address of a gateway
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-06 09:54:53 -07:00
Tom Eastep
c663a14c4d Correct TIME column handling in IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-04 08:17:19 -07:00
Tom Eastep
8bfff55ed2 Add a TIME column to the mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-04 08:01:14 -07:00
Tom Eastep
b1a6ec7f03 Merge branch '4.6.1' 2014-07-02 21:41:27 -07:00
Tom Eastep
cad8443e01 Allow SAVE/RESTORE rules in the OUTPUT chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-02 12:38:02 -07:00
Tom Eastep
2ad81f1a81 Apply Thibaut Chèze's patch for DSCP names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-02 12:37:50 -07:00
Tom Eastep
166e1a3df9 Allow SAVE/RESTORE rules in the OUTPUT chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-01 06:54:54 -07:00
Tom Eastep
84437ea689 Apply Thibaut Chèze's patch for DSCP names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-01 06:52:58 -07:00
Tom Eastep
7fdc398a5e Revert "Revert "Revert "Add a TIME column to the mangle file"""
This reverts commit 1165b2689c.
2014-06-27 08:23:04 -07:00
Tom Eastep
1165b2689c Revert "Revert "Add a TIME column to the mangle file""
This reverts commit 9c7fcd09fd.
2014-06-27 08:14:28 -07:00
Tom Eastep
2701b0a756 Correct number of columns in split_line2() calls.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-25 08:22:09 -07:00
Tom Eastep
9c7fcd09fd Revert "Add a TIME column to the mangle file"
This reverts commit 824b14b714.
2014-06-25 07:33:42 -07:00
Tom Eastep
824b14b714 Add a TIME column to the mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-25 07:05:12 -07:00
Tom Eastep
122d58b122 Clear inline matches in perl_action_tcp_helper
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-21 07:58:27 -07:00
Tom Eastep
61bb73fd8c Correct handling of matches in action_tcp_helper()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-20 14:28:17 -07:00
Tom Eastep
36e31ed839 Correct typo in error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-08 09:40:50 -07:00
Tom Eastep
b55b6a913c Insert the server address list into the error message in DNAT/REDIRECT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-08 09:36:18 -07:00
Tom Eastep
9c9ae04c86 Raise an error when a server list is specified in a DNAT or REDIRECT rule
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-08 08:52:41 -07:00
Tom Eastep
c898129ad6 Correct pi-rho's patch to not deal with the loopback interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-06 13:12:02 -07:00
Tom Eastep
2cd5c41ec0 Clean up white space in pi-rho's patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-06 10:44:33 -07:00
Tom Eastep
bea5434de6 Merge branch '4.5.21' 2014-06-06 10:05:02 -07:00
Tom Eastep
8657dd97f7 Apply pi-rho's patch for rpfilter.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-06 10:04:42 -07:00
Tom Eastep
954cddc37a Enable 1:1 NAT in IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-25 12:50:00 -07:00
Tom Eastep
5a22b14947 Enable 1:1 NAT in IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-25 08:57:01 -07:00
Tom Eastep
6d3b1d80d4 Make 'update -A' convert the tcrules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-16 14:46:15 -07:00
Tom Eastep
c6565f051e Clean up checking for chain designators with SOURCE $FW.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-16 07:18:35 -07:00
Tom Eastep
c9b6d4a670 Correct CHECKSUM handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-16 07:18:06 -07:00
Tom Eastep
d15956feea Deprecate FORMAT-1 actions and macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-08 14:30:33 -07:00
Tom Eastep
f717d097d7 Apply Tuomo Soini's Macro format patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-07 12:19:24 -07:00
Tom Eastep
ba3a7d0621 Do not deprecate USE_DEFAULT_RT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-19 07:53:18 -07:00
Tom Eastep
4d4e8b3df4 Do nothing when a rules file section is empty.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-18 14:13:34 -07:00
Tom Eastep
240d3d8cab Improve interface option inheritence
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-18 13:36:06 -07:00
Tom Eastep
acda5482c4 If USE_DEFAULT_RT isn't specified, make it 'No'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-18 13:22:58 -07:00
Tom Eastep
e731ea1ca8 Revert "Always inherit interface options"
This reverts commit 65cde3475f.
2014-04-15 11:54:58 -07:00
Tom Eastep
65cde3475f Always inherit interface options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-15 11:37:51 -07:00
Tom Eastep
b3cd9ab15a Default to LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-12 11:05:28 -07:00
Tom Eastep
58700b2301 Correct the behavior of rpfilter when FASTACCEPT=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-31 07:29:29 -07:00
Tom Eastep
a9ac9c274e Correct the behavior of rpfilter when FASTACCEPT=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-31 07:28:30 -07:00
Tom Eastep
72869adcd6 Correct missing comment in trace entry.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-28 08:55:55 -07:00
Tom Eastep
0c8365001d Avoid spurious comments on jumps to section chains.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-28 08:55:48 -07:00
Tom Eastep
6274f8444f Correct missing comment in trace entry.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-28 08:55:23 -07:00