Tom Eastep
1d93a18b8d
IPV6 now working -- BOTH still broken
2010-11-13 18:08:19 -08:00
Tom Eastep
3f6cce10d2
Protect against accidental output from params file
2010-11-13 16:16:58 -08:00
Tom Eastep
19122512d0
Fix new params file processing for INCLUDE
2010-11-13 10:59:09 -08:00
Tom Eastep
b20ed2d4de
Simply another RE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-11 14:03:00 -08:00
Tom Eastep
775bee278a
Fix for unexpected /usr/share/shorewall/init
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-11 13:03:00 -08:00
Tom Eastep
ff61d4dba4
Correct documentation of NULL_ROUTE_RFC1918 fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-10 14:18:33 -08:00
Tom Eastep
0602b619bd
Fix NULL_ROUTE_RFC1918=Yes
2010-11-09 15:20:23 -08:00
Tom Eastep
8a9aaff4e8
Change shell variable resolution order
2010-11-07 13:28:03 -08:00
Tom Eastep
1e6b7c8130
Simplify an RE
2010-11-06 20:25:46 -07:00
Tom Eastep
092f032b8e
Realign precedence of environment inheritance
2010-11-06 19:02:14 -07:00
Tom Eastep
25397e8284
Document params file processing change
2010-11-06 18:33:41 -07:00
Tom Eastep
69c3600107
Modernize processing of params file
2010-11-06 17:12:05 -07:00
Tom Eastep
7c4bc900d6
Belated update to Perl module versions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-30 10:45:14 -07:00
Tom Eastep
dcf2d633b1
Don't save ipsets if there are no dynamic zones or ipset rules
2010-10-30 10:35:52 -07:00
Tom Eastep
d4f857f877
Update version to 4.4.15-Beta1
2010-10-30 07:12:03 -07:00
Tom Eastep
4daf4c372e
Initialize release documents for 4.4.15
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-29 08:28:58 -07:00
Tom Eastep
1db13849ab
Clear VERBOSE and VERBOSITY at CLI startup
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-28 15:17:37 -07:00
Tom Eastep
5cf0cd2c33
Document VERBOSITY fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-28 11:41:38 -07:00
Tom Eastep
8758d3a834
Insure that VERBOSITY=0 when interrogating compiled script version
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-28 11:25:56 -07:00
Tom Eastep
20bb781874
Document fix for 10+ TC interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-28 10:33:17 -07:00
Tom Eastep
bc406b39bc
Fix > 10 TC interfaces
2010-10-28 10:27:55 -07:00
Tom Eastep
6c90046ab5
Document fix for split_list()
2010-10-26 06:55:01 -07:00
Tom Eastep
f2ab068044
Fix split_list()
2010-10-26 06:49:55 -07:00
Tom Eastep
1060b201dd
Update version to 4.4.14
2010-10-23 21:40:22 -07:00
Tom Eastep
ded852e0ee
Fix compilation warning
2010-10-19 08:42:35 -07:00
Tom Eastep
3ec6185f72
Run update-rc.d on Debian
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-13 08:42:35 -07:00
Tom Eastep
28e473d9a1
Document change to FORWARD_CLEAR_MARK default
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-10 07:49:17 -07:00
Tom Eastep
11f2c7772a
Clear FORWARD_CLEAR_MARK setting in the remaining config files
2010-10-09 11:28:13 -07:00
Tom Eastep
17860cacd8
Move dump_command() to a more logical place in the file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-07 14:36:05 -07:00
Tom Eastep
033d43b014
Implement undocumented dumpfilter extension file
2010-10-07 14:35:51 -07:00
Tom Eastep
f0ef27b3e5
Update version to RC1
2010-10-06 16:16:37 -07:00
Tom Eastep
b9602d9a6a
Correct typo in the release notes
2010-10-06 11:24:45 -07:00
Tom Eastep
3d90c63528
Improve validation and reporting in the net list processing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-05 16:20:07 -07:00
Tom Eastep
a10ced2da2
Make exclusion of set lists more consistent
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-05 12:22:27 -07:00
Tom Eastep
7767d30c7c
Improve error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-05 11:25:18 -07:00
Tom Eastep
587dacdae0
Allow set lists with "!"
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-05 08:38:30 -07:00
Tom Eastep
8fd221ef30
Refine source/dest network parsing in expand_rule()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-04 18:57:11 -07:00
Tom Eastep
e74f48410f
Correct handling of exclusion with ipset lists
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-04 14:29:50 -07:00
Tom Eastep
38851fe446
Delete obsolete options from shorewall.conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-04 07:44:28 -07:00
Tom Eastep
cee05d9763
Refine -lite handling of scfilter.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-03 12:52:30 -07:00
Tom Eastep
b3d0447ef2
Reword scfilter -lite explaination
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-03 11:00:51 -07:00
Tom Eastep
432534a650
Eliminate need to restart -lite to extract scfilter
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-03 10:56:55 -07:00
Tom Eastep
994ea3cce6
Document -lite log reading fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-03 08:35:17 -07:00
Tom Eastep
f9af35ffbe
Document -lite fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-02 07:22:37 -07:00
Tom Eastep
b27fd07e9f
Don't indent the embedded scfilter file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 13:20:36 -07:00
Tom Eastep
ac71868cc1
Package the scfilter along with the generated script for -lite
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 10:59:15 -07:00
Tom Eastep
6e9fc12517
Update version to Beta 4
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 09:31:11 -07:00
Tom Eastep
468af44876
Add support for 'scfilter' script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 09:15:58 -07:00
Tom Eastep
2fa7e11976
Add 'scfilter' extension script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 07:38:14 -07:00
Tom Eastep
3898edfddb
Make 'show connections' work on ancient distros
2010-09-30 17:18:58 -07:00
Tom Eastep
077aa18a2d
Update release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-30 15:03:02 -07:00
Tom Eastep
e795a9995b
Update release documents
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-30 14:17:51 -07:00
Tom Eastep
1218ccf0cb
More optimization performance improvements
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-30 14:15:19 -07:00
Tom Eastep
252a9f2205
More speedup of optimization level 8
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-29 13:30:10 -07:00
Tom Eastep
46f1074422
Reduce the cost of optimization substantially.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-29 11:54:39 -07:00
Tom Eastep
8017f603a0
Add progress message for each optimization pass.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 12:20:35 -07:00
Tom Eastep
6171d938f7
Correction to last change -- move two declarations to an outer block.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 12:20:06 -07:00
Tom Eastep
48c3200a5a
Issue error message when required file is missing or has zero size.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 11:22:47 -07:00
Tom Eastep
68f537ac5b
Bypass processing logic when an optional config file is absent.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 10:48:44 -07:00
Tom Eastep
47fbc83419
Don't add trailing whitespace to DNAT/REDIRECT target
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 09:27:42 -07:00
Tom Eastep
91aabfc078
Revise fix for extraneous progress messages
2010-09-27 16:18:11 -07:00
Tom Eastep
0109b8113a
Prevent random progress messages during compilation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 15:56:22 -07:00
Tom Eastep
75d50d126c
Make zones with 'mss' complex.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 13:57:56 -07:00
Tom Eastep
f7eb3c3d8c
Periodic elimination of trailing white space
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 11:16:18 -07:00
Tom Eastep
f33912d5f7
Correct/update release notes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 09:11:17 -07:00
Tom Eastep
ac646930a3
Tighter validation of ipset names in the hosts file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-26 08:36:27 -07:00
Tom Eastep
066c772fcd
Correct minor issue with previous error message improvement change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-26 08:28:25 -07:00
Tom Eastep
0becb39202
Bump version to Beta 3
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-26 08:15:32 -07:00
Tom Eastep
2828b65326
Improve error message generated when a token beginning with '+' reaches validate_net()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-26 07:56:55 -07:00
Tom Eastep
74f1cb2443
Mention maclist file in shorewall-ipsets(5)
2010-09-25 16:07:56 -07:00
Tom Eastep
f07ec1e9d3
Clean up untidiness where Shorewall6 tries to start on a system with an old kernel
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-25 08:46:14 -07:00
Tom Eastep
e018ee6adc
Don't create <zone>_frwd when unnecessary
...
- Set the zone {complex} flag based on ipsec options rather than the presense of any options.
- Generate forwarding blacklist rules in lieu of creating<zone>_frwd
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-24 15:25:57 -07:00
Tom Eastep
b5fdb089bc
Fix syntax error in blacklist fix
2010-09-24 13:42:05 -07:00
Tom Eastep
0768235278
Correct blacklisting in simple configurations
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-24 13:41:54 -07:00
Tom Eastep
03161ed57d
Bump version to 4.4.14 Beta 2
2010-09-23 19:33:37 -07:00
Tom Eastep
0f4d8eb929
Use 'conntrack' for 'show connections'
2010-09-23 19:08:40 -07:00
Tom Eastep
6702fbbd40
Make timestamps in log uniform
2010-09-23 07:40:27 -07:00
Tom Eastep
2c7b1b5d7b
Add more comments
2010-09-22 15:26:01 -07:00
Tom Eastep
9d5642aedd
Update Version to 4.4.14-Beta1
2010-09-21 11:34:26 -07:00
Tom Eastep
dbd7914ee6
More fiddling with move_rules()
...
- Assert that the chain being moved has no blacklist jumps
- delete duplicate rules in case the destination chain has such a jump
2010-09-20 18:00:39 -07:00
Tom Eastep
271154ed60
Rename DESTIFAC_DISALLOW -> DESTIFACE_DISALLOW
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-20 09:45:48 -07:00
Tom Eastep
bde0a297f9
Misc cleanup for 4.4.13
...
1. Replace statement with equivalent function call in promote_blacklist_rules()
2. Bump version of Tunnels.pm
3. Fix typo in comment in Zones.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-20 09:45:38 -07:00
Tom Eastep
7baa1839cf
Tighen up parsing of bracketed lists -- Take 2
2010-09-20 07:24:22 -07:00
Tom Eastep
f64993fe40
Tighen up parsing of bracketed lists
2010-09-20 07:05:23 -07:00
Tom Eastep
0ed33a0552
Document fix for '*' in interface names
2010-09-19 15:55:09 -07:00
Tom Eastep
9335ef5745
Don't allow '*' in interface names
2010-09-19 15:10:21 -07:00
Tom Eastep
25ca73ca54
Support alternative syntax for ipet lists
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-19 13:22:12 -07:00
Tom Eastep
0c6882c3a8
Merge branch '4.4.13'
2010-09-19 12:55:08 -07:00
Tom Eastep
c7fc4ce1f5
Correct order of release note entries
2010-09-19 12:54:54 -07:00
Tom Eastep
9111540a7f
Support ipset lists
2010-09-19 12:36:20 -07:00
Tom Eastep
35a686eaa1
Add delete_reference() function.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-19 08:28:29 -07:00
Tom Eastep
9ba82bec1f
Add warning about redundant 'blacklist' option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-19 08:28:05 -07:00
Tom Eastep
e06ca34298
Add redundancy warning re 'blacklst'
2010-09-19 08:03:01 -07:00
Tom Eastep
b3d6ae78ba
Add redundancy warning re 'blacklst'
2010-09-19 07:57:36 -07:00
Tom Eastep
940ccf2c34
Document for tcfilter port ranges
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 15:11:41 -07:00
Tom Eastep
c0382b8cb9
Adjust reference count in move rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 15:11:17 -07:00
Tom Eastep
ce9b5ee944
Make blacklist rule promotion much more effecient.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 13:35:24 -07:00
Tom Eastep
74abd4ad54
In copy_rules(), handle the unlikely case where both chains have blacklist jumps.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 12:26:07 -07:00
Tom Eastep
f7db24f756
Merge branch '4.4.13'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 09:29:50 -07:00
Tom Eastep
f25b9e1967
Allow :<port> in tcfilters
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 09:26:29 -07:00
Tom Eastep
0e9c704069
Don't scan the filter table for jumps to 'blacklst' if the 'blacklst' chain does not exist
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 08:42:21 -07:00
Tom Eastep
c3299d5f89
Enable blacklist rule promotion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 08:38:22 -07:00
Tom Eastep
6f0893cd7a
Correct Chains::promote_blacklist_rules()
...
- Interate through chains that jump to 'blacklst' until no rule is promoted
This is required to promote jumps past exclusion chains
- Correct reference counting; the first cut was horribly wrong
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 08:38:14 -07:00
Tom Eastep
c040344bc1
Promote 'in' blacklist rules to the head of the interface chain
...
- Added Chains::promote_blacklist_rules()
- Called the function from Rules::generate_matrix()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 08:38:02 -07:00
Tom Eastep
2fa16f6d08
Enable blacklist rule promotion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 08:36:59 -07:00
Tom Eastep
578fc6c521
Correct Chains::promote_blacklist_rules()
...
- Interate through chains that jump to 'blacklst' until no rule is promoted
This is required to promote jumps past exclusion chains
- Correct reference counting; the first cut was horribly wrong
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 08:36:35 -07:00
Tom Eastep
fd6ff1849a
Promote 'in' blacklist rules to the head of the interface chain
...
- Added Chains::promote_blacklist_rules()
- Called the function from Rules::generate_matrix()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 07:37:42 -07:00
Tom Eastep
801c1cb6b3
Update release docs
2010-09-17 17:44:05 -07:00
Tom Eastep
fd568ece47
Clear raw table on 'clear'
2010-09-17 17:43:57 -07:00
Tom Eastep
1588c700c5
Fix blacklisting vs vservers
2010-09-17 17:43:40 -07:00
Tom Eastep
6106dd3ada
Zero out {frozen} in a deleted chain entry
2010-09-17 17:43:04 -07:00
Tom Eastep
9946fbd3b5
Update release docs
2010-09-17 17:37:07 -07:00
Tom Eastep
580c561a51
Clear raw table on 'clear'
2010-09-17 17:12:34 -07:00
Tom Eastep
a42576aef8
Fix blacklisting vs vservers
2010-09-17 16:38:34 -07:00
Tom Eastep
79bb47582a
Zero out {frozen} in a deleted chain entry
2010-09-17 16:00:36 -07:00
Tom Eastep
596d207dfc
Simplify a test
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 15:43:56 -07:00
Tom Eastep
8cdbe5f88d
Fix an optimization bug with the new blacklisting code
2010-09-17 15:43:47 -07:00
Tom Eastep
402b3b929e
Restore trace output in move_rules()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 15:43:03 -07:00
Tom Eastep
c5bb3ecfac
Simplify a test
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 15:42:05 -07:00
Tom Eastep
c9e876fcf5
Fix an optimization bug with the new blacklisting code
2010-09-17 15:10:02 -07:00
Tom Eastep
85430e459c
Restore trace output in move_rules()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 14:35:25 -07:00
Tom Eastep
ad660d7fe5
Simplify move_rules()
2010-09-17 13:53:10 -07:00
Tom Eastep
3d0f8e962e
Simplify move_rules()
2010-09-17 13:49:32 -07:00
Tom Eastep
7a6943fa54
Disallow mss and blacklist on firewall and vserver zones
2010-09-17 12:54:58 -07:00
Tom Eastep
b76ee408a5
Emit clearer error messages
2010-09-17 12:54:54 -07:00
Tom Eastep
2e3635ff50
Be sure that {frozen} is defined
2010-09-17 12:54:44 -07:00
Tom Eastep
28aa7b8267
Re-add OPTIONS column to blacklist templates
2010-09-17 12:54:38 -07:00
Tom Eastep
ab78aac3a4
Disallow mss and blacklist on firewall and vserver zones
2010-09-17 12:46:38 -07:00
Tom Eastep
330afe1701
Emit clearer error messages
2010-09-17 12:35:34 -07:00
Tom Eastep
239b4a2356
Be sure that {frozen} is defined
2010-09-17 12:08:48 -07:00
Tom Eastep
65de1e4e6e
Re-add OPTIONS column to blacklist templates
2010-09-17 11:56:47 -07:00
Tom Eastep
7175f8a63e
Revert versions on Rules and Zones modules
2010-09-17 11:08:45 -07:00
Tom Eastep
d898c87617
Eliminate a parameter to add_jump()
2010-09-17 11:08:12 -07:00
Tom Eastep
07930fc535
Revert versions on Rules and Zones modules
2010-09-17 11:06:32 -07:00
Tom Eastep
5357f4c347
Eliminate a parameter to add_jump()
2010-09-17 11:05:35 -07:00
Tom Eastep
af24baaecd
Update version to RC1 (one more time)
2010-09-17 09:14:56 -07:00
Tom Eastep
e61230a3db
Update version to Beta 6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 08:23:24 -07:00
Tom Eastep
8e2c8e5a8f
Document use of state match for NOTRACK
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 08:21:16 -07:00
Tom Eastep
882970a598
Use state match for UNTRACKED
2010-09-17 07:58:21 -07:00
Tom Eastep
2ce3c8aa88
Ensure that blacklist rules are before the other interface-oriented rules
2010-09-16 18:19:16 -07:00
Tom Eastep
27c445381e
Treat 'blacklist' uniformly in hosts and zones
2010-09-16 15:48:12 -07:00
Tom Eastep
67b9ae0d2c
Update release documents
2010-09-16 15:47:05 -07:00
Tom Eastep
1c870b532a
Preserve dynamic blacklist during stop/clear/restore
2010-09-16 12:17:04 -07:00
Tom Eastep
a8c9fc1859
Implement new Blacklisting Scheme
2010-09-16 09:40:28 -07:00
Tom Eastep
3c1cff0794
First steps toward zone-based blacklisting
2010-09-16 06:55:48 -07:00
Tom Eastep
1d650b41cd
Remove blacklisting by destination IP address support
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 15:24:58 -07:00
Tom Eastep
3ad3f0d9e0
Allow floating point numbers in tcinterfaces fields other than <rate>
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 14:07:21 -07:00
Tom Eastep
ba89ec39b5
Add :<burst> to /etc/shorewall/tcdevices
2010-09-15 11:56:14 -07:00
Tom Eastep
69a2fa1907
Replace to/from with dst/src
2010-09-15 11:25:46 -07:00
Tom Eastep
f925b335ef
Ignore the 'blacklist' host option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 08:10:57 -07:00