Commit Graph

555 Commits

Author SHA1 Message Date
Tom Eastep
47e0ef4816 Avoid multiple policy matches with OPTIMIZE=7 and not KLUDGEFREE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 08:33:30 -08:00
Tom Eastep
db39402e75 Correct handling of NFQUEUE(queue-num) in a policy
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 08:46:20 -08:00
Tom Eastep
422dbaa902 Bump the version to 4.4.7.6.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 08:19:21 -08:00
Tom Eastep
8eb3de7db2 Don't apply rate limiting twice in ACCEPT+ rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-19 13:57:45 -08:00
Tom Eastep
5b77f378e5 Use Hex representation of device numbers > 9 in simple TC.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 12:50:56 -08:00
Tom Eastep
579f4d4698 Create a unique hashtable for each instance of a per-IP rate limit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 15:34:14 -08:00
Tom Eastep
b8fc1a9b22 Fix Typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 09:23:11 -08:00
Tom Eastep
f5c954295d Final (hopefully) fix for SFQ handle assignment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 09:20:33 -08:00
Tom Eastep
4299e6db3b Another tweak to SFQ handle assignment.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 08:01:24 -08:00
Tom Eastep
37720d7f25 Improve assignment of class ID for SFQ classses
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 07:46:43 -08:00
Tom Eastep
9d7bd3f651 Avoid duplicate SFQ class numbers 2010-02-17 06:38:06 -08:00
Tom Eastep
af2fb42cf8 Add --hashlimit-htable-expire if the units are minutes or larger 2010-02-16 22:54:59 -08:00
Tom Eastep
c3842aeeab Prepare for 4.4.7.5.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 14:48:40 -08:00
Tom Eastep
e8807f3e7e Correction to logging rule fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 14:41:01 -08:00
Tom Eastep
eb8d96135e Don't create log chain for 'RETURN' rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 14:25:40 -08:00
Tom Eastep
16bf45fce4 Add $remote_fs to Required-start and Required-stop for Debian
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 07:05:47 -08:00
Tom Eastep
d72855e8f9 Prepare 4.4.7.3
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-14 12:11:11 -08:00
Tom Eastep
a6ba499cca Fix FLOW_FILTER detection with LOAD_HELPERS_ONLY=Yes 2010-02-14 12:03:54 -08:00
Tom Eastep
11b86e99e6 Fix detection of FLOW_FILTER when LOAD_HELPERS_ONLY=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-14 07:55:41 -08:00
Tom Eastep
09f8011a49 Create 4.4.7.2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-14 07:28:52 -08:00
Tom Eastep
602dcd1bab Set version to 4.4.7.1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-13 07:28:22 -08:00
Tom Eastep
53069ebf27 Don't apply rate limiting twice in NAT rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-13 07:22:06 -08:00
Tom Eastep
b35f20b403 Avoid CAPVERSION bump to implement FLOW_FILTER detection
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-11 07:29:41 -08:00
Tom Eastep
b8c195f570 Accurately detect 'flow' availability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-10 14:50:26 -08:00
Tom Eastep
433fc385bc 'bridge' implies 'routeback'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-09 14:04:36 -08:00
Tom Eastep
46e2afcf16 Ignore TYPE if old distro
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-08 07:13:20 -08:00
Tom Eastep
b45a70f98a Make 'nosmurfs' work correctly on IPv6 with Address Type Match
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-08 07:12:58 -08:00
Tom Eastep
18d03a61f5 Make 'nosmurfs' work with Address Type Match on IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-07 08:43:31 -08:00
Tom Eastep
11a2ec9f7c Update version to 4.4.7 2010-02-05 16:40:48 -08:00
Tom Eastep
e64af57cae Give smurf logging chain a fixed name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-03 16:04:59 -08:00
Tom Eastep
f4e175f149 Fix IPv6 'nosmurfs'. Make 'nosmurfs' logging more efficient.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-03 15:03:15 -08:00
Tom Eastep
52880a8822 Clean up generate_matrix() fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-03 06:57:51 -08:00
Tom Eastep
9d288241da Fix issues in generate_matrix().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 19:42:54 -08:00
Tom Eastep
1d8a7ad09f Clear DEBUG and PURGE shell variables
Delete a blank line

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 13:55:29 -08:00
Tom Eastep
753eb97667 Update version to 4.4.7 RC2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 10:30:53 -08:00
Tom Eastep
dd60f04a9f Work around lack of MARK Target support 2010-02-01 16:22:57 -08:00
Tom Eastep
d354560863 Finish last change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-01 14:25:51 -08:00
Tom Eastep
f0d101605b Don't try to combine nat chains that include '-s'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-01 14:24:07 -08:00
Tom Eastep
1981372c94 Make search for "-j ACCEPT" a little tighter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-31 08:27:30 -08:00
Tom Eastep
3d39a47582 Set $have_ipsec after completing parse of the hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-30 07:26:35 -08:00
Tom Eastep
659f774451 Sort %detect_capability for easier verification.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-29 13:09:53 -08:00
Tom Eastep
9d2decd26d Modify determine_capabilities to use detect_capability()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-29 10:38:22 -08:00
Tom Eastep
b8ec2be516 Clean up handling of %detect_capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-28 16:39:45 -08:00
Tom Eastep
ecc7861115 Validate LOAD_HELPERS_ONLY before detecting capabilities.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-28 08:05:24 -08:00
Tom Eastep
ebd847ef70 Don't display capabilties if they have not been determined
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-28 08:04:54 -08:00
Tom Eastep
05f2bb4b3a Correction to last patch.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 17:52:27 -08:00
Tom Eastep
9d25318d80 Fix detection of HASHLIMIT_MATCH on old kernels.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 12:53:31 -08:00
Tom Eastep
54456de888 Update module versions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 09:01:00 -08:00
Tom Eastep
c05c1a6f50 Update version to 4.4.7 RC1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 06:58:44 -08:00
Tom Eastep
1556002b54 A couple of tweaks to the LOAD_HELPERS_ONLY optimization change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-25 15:59:31 -08:00