Tom Eastep
|
47e0ef4816
|
Avoid multiple policy matches with OPTIMIZE=7 and not KLUDGEFREE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-03-01 08:33:30 -08:00 |
|
Tom Eastep
|
db39402e75
|
Correct handling of NFQUEUE(queue-num) in a policy
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-25 08:46:20 -08:00 |
|
Tom Eastep
|
422dbaa902
|
Bump the version to 4.4.7.6.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-20 08:19:21 -08:00 |
|
Tom Eastep
|
8eb3de7db2
|
Don't apply rate limiting twice in ACCEPT+ rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-19 13:57:45 -08:00 |
|
Tom Eastep
|
5b77f378e5
|
Use Hex representation of device numbers > 9 in simple TC.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-18 12:50:56 -08:00 |
|
Tom Eastep
|
579f4d4698
|
Create a unique hashtable for each instance of a per-IP rate limit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-17 15:34:14 -08:00 |
|
Tom Eastep
|
b8fc1a9b22
|
Fix Typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-17 09:23:11 -08:00 |
|
Tom Eastep
|
f5c954295d
|
Final (hopefully) fix for SFQ handle assignment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-17 09:20:33 -08:00 |
|
Tom Eastep
|
4299e6db3b
|
Another tweak to SFQ handle assignment.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-17 08:01:24 -08:00 |
|
Tom Eastep
|
37720d7f25
|
Improve assignment of class ID for SFQ classses
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-17 07:46:43 -08:00 |
|
Tom Eastep
|
9d7bd3f651
|
Avoid duplicate SFQ class numbers
|
2010-02-17 06:38:06 -08:00 |
|
Tom Eastep
|
af2fb42cf8
|
Add --hashlimit-htable-expire if the units are minutes or larger
|
2010-02-16 22:54:59 -08:00 |
|
Tom Eastep
|
c3842aeeab
|
Prepare for 4.4.7.5.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-15 14:48:40 -08:00 |
|
Tom Eastep
|
e8807f3e7e
|
Correction to logging rule fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-15 14:41:01 -08:00 |
|
Tom Eastep
|
eb8d96135e
|
Don't create log chain for 'RETURN' rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-15 14:25:40 -08:00 |
|
Tom Eastep
|
16bf45fce4
|
Add $remote_fs to Required-start and Required-stop for Debian
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-15 07:05:47 -08:00 |
|
Tom Eastep
|
d72855e8f9
|
Prepare 4.4.7.3
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-14 12:11:11 -08:00 |
|
Tom Eastep
|
a6ba499cca
|
Fix FLOW_FILTER detection with LOAD_HELPERS_ONLY=Yes
|
2010-02-14 12:03:54 -08:00 |
|
Tom Eastep
|
11b86e99e6
|
Fix detection of FLOW_FILTER when LOAD_HELPERS_ONLY=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-14 07:55:41 -08:00 |
|
Tom Eastep
|
09f8011a49
|
Create 4.4.7.2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-14 07:28:52 -08:00 |
|
Tom Eastep
|
602dcd1bab
|
Set version to 4.4.7.1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-13 07:28:22 -08:00 |
|
Tom Eastep
|
53069ebf27
|
Don't apply rate limiting twice in NAT rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-13 07:22:06 -08:00 |
|
Tom Eastep
|
b35f20b403
|
Avoid CAPVERSION bump to implement FLOW_FILTER detection
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-11 07:29:41 -08:00 |
|
Tom Eastep
|
b8c195f570
|
Accurately detect 'flow' availability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-10 14:50:26 -08:00 |
|
Tom Eastep
|
433fc385bc
|
'bridge' implies 'routeback'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-09 14:04:36 -08:00 |
|
Tom Eastep
|
46e2afcf16
|
Ignore TYPE if old distro
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-08 07:13:20 -08:00 |
|
Tom Eastep
|
b45a70f98a
|
Make 'nosmurfs' work correctly on IPv6 with Address Type Match
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-08 07:12:58 -08:00 |
|
Tom Eastep
|
18d03a61f5
|
Make 'nosmurfs' work with Address Type Match on IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-07 08:43:31 -08:00 |
|
Tom Eastep
|
11a2ec9f7c
|
Update version to 4.4.7
|
2010-02-05 16:40:48 -08:00 |
|
Tom Eastep
|
e64af57cae
|
Give smurf logging chain a fixed name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-03 16:04:59 -08:00 |
|
Tom Eastep
|
f4e175f149
|
Fix IPv6 'nosmurfs'. Make 'nosmurfs' logging more efficient.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-03 15:03:15 -08:00 |
|
Tom Eastep
|
52880a8822
|
Clean up generate_matrix() fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-03 06:57:51 -08:00 |
|
Tom Eastep
|
9d288241da
|
Fix issues in generate_matrix().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-02 19:42:54 -08:00 |
|
Tom Eastep
|
1d8a7ad09f
|
Clear DEBUG and PURGE shell variables
Delete a blank line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-02 13:55:29 -08:00 |
|
Tom Eastep
|
753eb97667
|
Update version to 4.4.7 RC2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-02 10:30:53 -08:00 |
|
Tom Eastep
|
dd60f04a9f
|
Work around lack of MARK Target support
|
2010-02-01 16:22:57 -08:00 |
|
Tom Eastep
|
d354560863
|
Finish last change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-01 14:25:51 -08:00 |
|
Tom Eastep
|
f0d101605b
|
Don't try to combine nat chains that include '-s'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-01 14:24:07 -08:00 |
|
Tom Eastep
|
1981372c94
|
Make search for "-j ACCEPT" a little tighter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-31 08:27:30 -08:00 |
|
Tom Eastep
|
3d39a47582
|
Set $have_ipsec after completing parse of the hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-30 07:26:35 -08:00 |
|
Tom Eastep
|
659f774451
|
Sort %detect_capability for easier verification.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-29 13:09:53 -08:00 |
|
Tom Eastep
|
9d2decd26d
|
Modify determine_capabilities to use detect_capability()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-29 10:38:22 -08:00 |
|
Tom Eastep
|
b8ec2be516
|
Clean up handling of %detect_capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-28 16:39:45 -08:00 |
|
Tom Eastep
|
ecc7861115
|
Validate LOAD_HELPERS_ONLY before detecting capabilities.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-28 08:05:24 -08:00 |
|
Tom Eastep
|
ebd847ef70
|
Don't display capabilties if they have not been determined
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-28 08:04:54 -08:00 |
|
Tom Eastep
|
05f2bb4b3a
|
Correction to last patch.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-27 17:52:27 -08:00 |
|
Tom Eastep
|
9d25318d80
|
Fix detection of HASHLIMIT_MATCH on old kernels.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-27 12:53:31 -08:00 |
|
Tom Eastep
|
54456de888
|
Update module versions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-27 09:01:00 -08:00 |
|
Tom Eastep
|
c05c1a6f50
|
Update version to 4.4.7 RC1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-27 06:58:44 -08:00 |
|
Tom Eastep
|
1556002b54
|
A couple of tweaks to the LOAD_HELPERS_ONLY optimization change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-25 15:59:31 -08:00 |
|