shorewall_code

mirror of https://gitlab.com/shorewall/code.git synced 2024-11-23 08:03:11 +01:00

Author	SHA1	Message	Date
Tom Eastep	39a3c72057	Warn when RESTORE_DEFAULT_ROUTE=Yes and a persistent provider is defined Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-10-11 10:58:09 -07:00
Tom Eastep	b47e633c38	Use 'route replace' rather than 'route add' to avoid persistence issues Previous failure case was: - disable interface - reload - enable interface Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-10-09 08:58:10 -07:00
Tom Eastep	1b55a37a28	Ensure that 'rule add' commands don't fail with persistent interfaces Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-10-08 08:53:53 -07:00
Tom Eastep	a97dcd23d0	Allow merging of rules that specify an IPSEC policy Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-10-07 13:17:43 -07:00
Tom Eastep	108b169d8d	Treat LOG_TARGET like all other capabilities - Previous implementation could generate unworkable script when LOAD_HELPERS_ONLY=Yes Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-10-06 08:01:52 -07:00
Tom Eastep	8469f983d8	Merge branch '5.1.7' # Conflicts: # Shorewall/Perl/prog.footer	2017-09-29 15:25:37 -07:00
Tom Eastep	f54acb665a	Correct handling of mark range in MARK target. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-29 14:44:33 -07:00
Tom Eastep	3d2e9eb93e	Improve the fix for SELinux "getattr" denials Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-28 15:16:50 -07:00
Tom Eastep	c6a939301f	Improve the fix for SELinux "getattr" denials Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-28 15:16:00 -07:00
Tom Eastep	1cb98254cc	Handle SELinux getattr denials in open() processing Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-26 16:42:54 -07:00
Tom Eastep	baa791a1e3	Handle SELinux getattr denials in open() processing Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-26 16:41:50 -07:00
Tom Eastep	8b4b965f63	Remove unnecessary disable/enable of script generation Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-21 14:36:30 -07:00
Tom Eastep	8ee2d6246c	Update a comment in the compiler - get_configuration() also processes the shorewallrc file(s) Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-21 12:32:34 -07:00
Tom Eastep	a7be3dfece	Align progress messages produced by 'reenable' Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-19 13:29:13 -07:00
Tom Eastep	846e8c4ece	Correct reenable logic Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-19 13:29:08 -07:00
Tom Eastep	e2bf7e6584	Align progress messages produced by 'reenable' Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-19 13:28:09 -07:00
Tom Eastep	ff3994f6a1	Correct reenable logic Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-19 13:17:50 -07:00
Tom Eastep	494ec9c59c	Avoid extra comparison in reload_command() Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-19 10:49:11 -07:00
Tom Eastep	1cde92e8f3	Initialize g_dockeringress Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-19 10:43:44 -07:00
Tom Eastep	721a1e3b33	Initialize g_dockeringress Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-19 10:39:52 -07:00
Tom Eastep	84fa774cb7	Change copyright dates in lib.runtime Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-19 09:03:00 -07:00
Tom Eastep	91e59c2ed4	Remove the Lite Makefiles Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-18 11:56:04 -07:00
Tom Eastep	be5aabcbfb	Correct typo in Chains.pm &g_dockeringress -> $g_dockeringress Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-18 10:14:22 -07:00
Tom Eastep	a8937e6bc8	Correct harmless typo Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-18 10:06:41 -07:00
Tom Eastep	5e1cf17ebc	DOCKER-INGRESS support Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-17 10:57:29 -07:00
Tom Eastep	85a7ec6fe5	Correct module loading in the compiler Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-14 15:08:38 -07:00
Tom Eastep	2ed11c7e15	Default ADD_IP_ALIASES to 'No' in Shorewall6 Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-12 11:55:53 -07:00
Tom Eastep	4f79d2e82b	Move and simplify handling of nat columns Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-12 10:53:04 -07:00
Tom Eastep	e6a2ba78a4	Correct handling of DEST column during action invocation Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-08 10:05:37 -07:00
Tom Eastep	41ea3bdeda	Modify the Event actions to handle NAT rules - Separate DNAT and REDIRECT into DNAT- and REDIRECT- plus ACCEPT Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-08 09:47:12 -07:00
Tom Eastep	1065c2951b	Allow NAT targets to be passed to the Event actions Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-08 09:46:03 -07:00
Tom Eastep	3b373f3f21	Correct handling of ipsets in the DEST column of the snat file - Also corrected handling of exclusion Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-06 11:30:42 -07:00
Tom Eastep	0c05ab3bff	Correct typo in shorewall-snat(5) - missing ':' in IPv4 Example 4. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-09-05 10:29:19 -07:00
Tom Eastep	b54a691110	Improve dynamic gateway detection - Use provider's routing table, if any Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-23 15:04:47 -07:00
Tom Eastep	90f33dd436	Eliminate MODULE_SUFFIX Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-23 12:48:14 -07:00
Tom Eastep	3d322d31b7	Add UDP rule to macro.RDP Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-22 08:07:32 -07:00
Tom Eastep	34e4fffd7d	Module suffix changes - Re-order default list in the compiler to match lib.common - MODULE_SUFFIX="ko ko.xz" in standard .conf files. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-21 12:44:23 -07:00
Tom Eastep	419ff8903b	Invert logic in Shorewall::Chains::delete_reference() - better readability - similar change in Shorewall::Chains::adjust_reference_counts() Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-19 12:25:27 -07:00
Tom Eastep	390ac30be8	Remove a superfluous line of code from Shorewall::Chains::format_rule() Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-19 12:12:54 -07:00
Tom Eastep	8cb98f16ea	Add a comment in Shorewall::Chains::optimize_level8() Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-19 08:08:24 -07:00
Tom Eastep	5a9f179e25	Allow port variables as the server port in DNAT rules Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-16 15:36:18 -07:00
Tom Eastep	8641d53bd1	Use MUTEX_TIMEOUT for ip[6]tables --wait interval Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-15 14:02:08 -07:00
Tom Eastep	7e3521e221	RESTORE_WAIT_OPTION Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-13 18:56:40 -07:00
Tom Eastep	ddefde2d10	Correct handling of address variables in DNAT rule. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-13 08:30:11 -07:00
Tom Eastep	2beeedd8fe	Remove incorrect '+' info from shorewall-interfaces(5) Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-12 12:19:00 -07:00
Tom Eastep	1a2647618e	Allow runtime address variables as the server IP in DNAT rules Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-12 12:18:16 -07:00
Tom Eastep	72293883dd	Tabify the Zones module Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-12 11:28:14 -07:00
Tom Eastep	c31397532c	Verify that parent and child zones have a common interface Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-12 09:24:05 -07:00
Tom Eastep	d0861e813b	Make Shorewall's handling of '+' consistent with that of iptables Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-12 08:22:57 -07:00
Tom Eastep	da62bd2b32	Use a hash slice in recently-added code Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-11 13:38:34 -07:00
Tom Eastep	a83c19cc33	Adjust some default values in shorewall.conf(5) Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-10 15:48:16 -07:00
Tom Eastep	a504820d19	Correct optimize level 8 handling of policy and policychain Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-07 16:56:30 -07:00
Tom Eastep	4c2c1bcdf1	Export CONFDIR and SHAREDIR to the generated script. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-06 13:42:01 -07:00
Tom Eastep	f2ee8013fc	Update the providers manpage re balanced IPv6 routes Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-05 10:12:42 -07:00
Tom Eastep	657215f9b5	Add sample enabled and disabled scripts Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-03 12:50:49 -07:00
Tom Eastep	5589ab76d9	Add arguments to the enabled and disabled user exits Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-03 12:44:15 -07:00
Tom Eastep	6425e5ae5d	Remove superfluous white space in the generated script Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-08-02 14:09:05 -07:00
Tom Eastep	8521c6f750	Merge branch '5.1.5'	2017-08-02 14:02:03 -07:00
Tom Eastep	80e6cd8a2f	Add enabled and disabled user exits Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-07-29 15:15:57 -07:00
Tom Eastep	69a0061d0f	Correct handling of MAC addresses in the accounting file. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-07-27 14:55:19 -07:00
Tom Eastep	5a24953e6c	Merge branch '5.1.5'	2017-07-27 09:14:50 -07:00
Tom Eastep	eea3cca90c	Correct handling of USER/GROUP in the OUTPUT accounting section Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-07-27 09:01:46 -07:00
Tom Eastep	a420ef04d9	Correct tcfilter source port handling when BASIC_FILTERS=Yes Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-07-26 16:48:53 -07:00
Tom Eastep	e573436b12	Correct tcfilter source port handling when BASIC_FILTERS=Yes Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-07-23 12:14:57 -07:00
Tom Eastep	b9b7baf98d	Merge branch '5.1.5'	2017-07-20 10:37:53 -07:00
Tom Eastep	922bd9eeca	Implement SPARSE=Very - Only installs the .conf file. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-07-09 16:18:09 -07:00
Tom Eastep	2d0cb5c2d8	Process the snat file if the masq file is empty Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-07-06 09:09:52 -07:00
Tom Eastep	9d160d4342	Add RESTORE_DEFAULT_ROUTE to shorewall6.conf samples Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-27 15:50:56 -07:00
Tom Eastep	1301848315	Change .conf files to specify USE_NFLOG_SIZE=No Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-26 10:46:16 -07:00
Tom Eastep	f050fc6e05	Avoid issues with Perl 5.30 Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-25 20:57:48 -07:00
Tom Eastep	61b6898782	Add dropBcasts action Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-25 18:36:54 -07:00
Tom Eastep	aee8c14ea6	Correct update setting of USE_NFLOG_SIZE Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-25 17:10:44 -07:00
Tom Eastep	ff2323b249	Add the USE_NFLOG_SIZE option Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-25 16:54:14 -07:00
Tom Eastep	b4a06e9656	NFLOG_SIZE capability Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-25 13:44:26 -07:00
Tom Eastep	4122021344	Improve editing of port numbers/service names Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-25 07:44:23 -07:00
Tom Eastep	71d50e0217	Use --nflog-size rather than --nflog-range Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-25 07:43:39 -07:00
Tom Eastep	1b6f15d577	Correct multiple fallback providers Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-23 07:41:23 -07:00
Tom Eastep	7515520b46	Don't use symlinks for shorewall6 manpages Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-22 13:57:00 -07:00
Tom Eastep	2f5687c65a	Don't generate multihop routes unnecessarily Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-18 09:37:41 -07:00
Tom Eastep	66d1fbd3aa	Clean up shorewall[6].conf(5) Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-17 10:39:46 -07:00
Tom Eastep	c410459e27	Correct install of section 5 manpages Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-17 10:30:49 -07:00
Tom Eastep	987e54cd54	Move shorewall6-proxyndp.xml to Shorewall/manpages/shorewall-proxyndp.xml Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-17 09:07:28 -07:00
Tom Eastep	42a46d42b6	Centralize the complete list of manpages in shorewall(8) Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-16 17:11:43 -07:00
Tom Eastep	d8ef934f24	Consolidate manpages between Shorewall and Shorewall6 Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-16 15:01:41 -07:00
Tom Eastep	62a60ad995	Add comments around functions moved from IPAddrs.pm to Chains.pm. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-14 12:26:22 -07:00
Tom Eastep	b1ba05db2b	Correct handling of port ranges and port variables Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-12 17:07:55 -07:00
Tom Eastep	57f7cb4f3c	Runtime Port Variables Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-12 11:55:56 -07:00
Tom Eastep	4cf60258af	Correct a runtime error with NFQUEUE. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-12 11:07:54 -07:00
Tom Eastep	1061644ac7	Clean up links in the manpages Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-06-08 15:43:59 -07:00
Tom Eastep	4a262c0e1b	Add FIN action Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-05-31 08:28:27 -07:00
Tom Eastep	29ffb7eb4b	Merge branch '5.1.4'	2017-05-31 08:23:07 -07:00
Tom Eastep	a775fdcb7c	Remove stutter from the .conf manpages Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-05-31 08:21:45 -07:00
Tom Eastep	12a32d3a6b	Update LOGFORMAT documentation Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-05-26 07:33:34 -07:00
Tom Eastep	45d96a5d64	Clean up the introductory part of shorewall-rules.xml Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-05-19 08:02:42 -07:00
Tom Eastep	f21d6de4d6	Clean up the introductory part of shorewall-rules.xml Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-05-17 15:28:51 -07:00
Tom Eastep	965a8e8f68	Minor cleanup of the Config module Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-05-15 09:29:12 -07:00
Tom Eastep	eb26a467e9	Add snat and mangle to %config_files - Tabify initialization of %config_files Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-05-12 08:37:54 -07:00
Tom Eastep	bb70a3637b	Add PERL_HASH_SEED option Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-05-02 07:51:37 -07:00
Tom Eastep	6c20cc7c4f	Inline the start_command::do_it() function in lib.cli-std Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-05-01 13:51:53 -07:00
Tom Eastep	d4e05f6163	Correct handling of IPv6 tunnel-src and tunnel-dst Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-04-23 08:36:22 -07:00
Tom Eastep	6201f37913	Clarify <filename> in the generated script's header Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-04-18 16:45:17 -07:00
Tom Eastep	7ee44d6b4b	Correct a typo in the generated script's header syntax description Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-04-18 16:31:51 -07:00
Tom Eastep	363b8f9802	Correct validation of string interface options. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-04-13 06:48:14 -07:00
Tom Eastep	00d4724fd8	Some cleanup of the Chains module Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-04-05 20:14:13 -07:00
Tom Eastep	a46f19899b	Correct typo in links to the logging article. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-27 16:12:56 -07:00
Tom Eastep	d2392c3a9b	Add IPv6 UPnP Support Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-24 09:54:36 -07:00
Tom Eastep	0763b27b0b	Correct a comment Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-22 15:59:55 -07:00
Tom Eastep	8b90827611	Minor cleanup of split_columns() Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-22 10:18:07 -07:00
Tom Eastep	8507c97b5a	Clean up column/value pair editing. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-22 09:46:52 -07:00
Tom Eastep	a6306f2c08	?reset action param now sets parmsmodified. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-18 12:53:05 -07:00
Tom Eastep	a79dc194a4	Re-factor the directive message change - results in much more compact code - Document change in the config basics doc Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-18 11:42:53 -07:00
Tom Eastep	bdcf93f92c	Report the call site when issuing messages from an action. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-17 17:08:19 -07:00
Tom Eastep	6b84727886	Delete useless blank line Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-17 13:26:07 -07:00
Tom Eastep	5f445d9c2b	Merge branch '5.1.3'	2017-03-16 14:14:20 -07:00
Tom Eastep	31bd10ffdd	Correct two-interface sample snat file - s/92/192/ Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-15 21:18:23 -07:00
Tom Eastep	c3303067fc	Correct all+ handling in the policy file Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-15 11:20:37 -07:00
Tom Eastep	55cf06d0a8	Correct all+ handling in the policy file Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-15 10:09:53 -07:00
Tom Eastep	158f6305b1	Correct install fix - Also remove extra logic from action.Broadcast Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-14 14:39:25 -07:00
Tom Eastep	6407520a35	Add warning messages to the deprecated actions Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-14 14:32:28 -07:00
Tom Eastep	54336eaa80	Delete IPv6 actions that are now handled by their IPv4 counterparts Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-14 14:24:17 -07:00
Tom Eastep	5b85627fb8	Merge branch '5.1.3' Conflicts: Shorewall/Perl/Shorewall/Config.pm Shorewall6/Actions/action.Multicast	2017-03-14 14:16:47 -07:00
Tom Eastep	a00d7217e3	Correct last commit Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-14 13:58:59 -07:00
Tom Eastep	54ef4e4ced	Delete deprecated actions during install Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-14 13:46:24 -07:00
Tom Eastep	a447d726fa	Revert change which screwed up ?begin perl ... ?end perl line numbering Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-14 12:44:33 -07:00
Tom Eastep	fe29adbd66	Correct use of $family in combined actions Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-13 16:52:16 -07:00
Tom Eastep	4dc6be6b3b	Deprecate A_AllowICMPs Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-13 15:09:07 -07:00
Tom Eastep	6ebc8f4266	Merge branch '5.1.3'	2017-03-13 14:55:23 -07:00
Tom Eastep	c5c4211081	Unify actions Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-13 14:54:25 -07:00
Tom Eastep	4010f9bce4	Add multicast to the Deprecated A_Drop and A_Reject actions - Move A_Drop to deprecated/ directory Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-13 14:18:23 -07:00
Tom Eastep	02bb717d7d	Quote SMURF_LOG_LEVEL setting Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-13 11:21:13 -07:00
Tom Eastep	046998ed84	Tabification of new actions Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-13 11:19:35 -07:00
Tom Eastep	24a014655b	Quote all _DEFAULT settings in the sample .conf files Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-13 11:00:29 -07:00
Tom Eastep	0b8945da8e	Correctly handle expansion of option names Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-13 10:20:15 -07:00
Tom Eastep	da363880a9	Always quote the LEVEL and DEFAULT settings when updating Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-13 09:51:58 -07:00
Tom Eastep	037fe490f3	Process config options in file order during update. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-12 17:09:41 -07:00
Tom Eastep	b13014c9ab	Expand variables in .conf except when upgrading Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-11 11:21:07 -08:00
Tom Eastep	76aef6cb04	Correct generation of '! --syn' Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-11 08:43:04 -08:00
Tom Eastep	4c72b3ee58	Make sure that $LOG_LEVEL is defined Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-10 11:06:23 -08:00
Tom Eastep	d9071c5308	Correct $LOG_LEVEL expansion Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-10 10:24:24 -08:00
Tom Eastep	3d8d5aa469	quote $LOG_LEVEL in shorewall[6].conf files - Delete AllowICMPs from IPv4 policy action settings Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-08 14:16:24 -08:00
Tom Eastep	49811d24fa	Correct convertion of tcrules->mangle when a writable mangle exists Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-07 15:21:45 -08:00
Tom Eastep	fe4aaee1b4	Fix typos in action.dropNotSyn Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-07 14:37:08 -08:00
Tom Eastep	0ec7bc846e	Correct logging in inline policy actions Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-07 13:58:14 -08:00
Tom Eastep	dbcd4d9d16	Correct typo in action.AllowICMPs Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-07 13:57:05 -08:00
Tom Eastep	5a996cbda7	Change AllowICMPs to an inline action Signed-off-by: Tom Eastep <teastep@shorewall.net> Conflicts: Shorewall/actions.std	2017-03-07 13:56:44 -08:00
Tom Eastep	6019adaae5	Change macro.ICMPs to an inline action Signed-off-by: Tom Eastep <teastep@shorewall.net> Conflicts: Shorewall/actions.std	2017-03-07 13:54:52 -08:00
Tom Eastep	4f869c3506	More manpage updates for tcp:!syn Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-07 11:13:58 -08:00
Tom Eastep	e3c2874b21	Modify dropNotSyn to use {proto=6:!syn} - also make the same change in the rejNotSyn audited case	2017-03-07 11:00:39 -08:00
Tom Eastep	e8a0142480	Document tcp:!syn support Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-07 10:48:24 -08:00
Tom Eastep	a4768776f7	Modify rejNotSyn to use new/corrected features Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-07 10:34:15 -08:00
Tom Eastep	8e000b158e	Correct the handling of tcp-reset Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-07 10:33:51 -08:00
Tom Eastep	f1d1ab6411	Implement tcp:!syn in PROTO column Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-07 10:33:20 -08:00
Tom Eastep	cd103bb715	Correct rejNotSyn Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-06 16:01:31 -08:00
Tom Eastep	5f1370f1b4	Clear the firewall on Debian systemd 'stop' command Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-06 11:22:55 -08:00
Tom Eastep	dc53fa2665	Correct file/line from ?error Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-06 11:02:06 -08:00
Tom Eastep	71d9a03697	Update shorewall[6]-rules. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-05 14:29:57 -08:00
Tom Eastep	137d4bcc90	Alter logging behavior of Limit Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-05 13:03:57 -08:00
Tom Eastep	356d3fa2dd	Correct new directives with respect to omitting Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-05 12:09:54 -08:00
Tom Eastep	80d93235b5	Eliminate builtin actions Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-05 12:09:33 -08:00
Tom Eastep	c1e7fce1c5	Report the file/line where action invoked Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-05 09:29:00 -08:00
Tom Eastep	63ec936f21	Remove determinism sorts	2017-03-04 19:05:33 -08:00
Tom Eastep	dabe0bd205	Set PERL_HASH_SEED to make compilation deterministic. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-04 18:48:48 -08:00
Tom Eastep	63cf7dd699	Revert "Move $test to the config module." This reverts commit `876d76b294`.	2017-03-04 18:45:40 -08:00
Matt Darfeuille	0b3a32b365	Change the preferred way to remove sysvinit script - Correct typo in command - Correct spacing Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-04 09:03:59 -08:00
Tom Eastep	a7d45e9566	Restore logging to the BLACKLIST action Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-03 10:14:30 -08:00
Tom Eastep	876d76b294	Move $test to the config module. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-02 11:42:07 -08:00
Tom Eastep	9075a6dd7a	Copy libs and footer when compiling for test Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-02 10:49:49 -08:00
Tom Eastep	61f5e3531c	Rename action.allowUPnP to action.allowinUPnP - Allows 'show action allowinUPnP' to work correctly. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-03-02 10:05:31 -08:00
Matt Darfeuille	7ffe8e4e4b	shorewall: Document the -p option in installer Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-23 09:33:35 -08:00
Matt Darfeuille	06c6a017d5	Use a specific parameter file for systemd script Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-22 17:56:25 -08:00
Matt Darfeuille	75fd8ccb37	Use a specific parameter file for sysvinit script Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-22 17:56:21 -08:00
Matt Darfeuille	8c7e6fddfd	Use a common uninstaller for Sw and Sw6 Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-22 17:56:11 -08:00
Matt Darfeuille	783e438b4a	Be more verbose while uninstalling Shorewall - Remove version file as a file and not as a directory. Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-22 17:56:00 -08:00
Matt Darfeuille	27a620347a	shorewall: Fail if Shorewall-core is not installed Shorewall-core's version file resides in ${SHAREDIR}/shorewall. Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-22 17:55:56 -08:00
Matt Darfeuille	a496edef54	Use a function to fail on fatal error Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-22 17:55:50 -08:00
Matt Darfeuille	22b044f350	shorewall: Use a function to install file Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-22 17:55:41 -08:00
Matt Darfeuille	c58efe7698	Unify the uninstallers - Clean up code - Use the .service suffix Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-22 17:55:36 -08:00
Matt Darfeuille	f48b2e715f	Unify the installers - Clean up code Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-22 17:55:31 -08:00
Matt Darfeuille	f6f7e691d0	Fail if the rc file can not be loaded Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-22 17:54:40 -08:00
Matt Darfeuille	a9048b63f2	Correct typos Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-22 17:54:36 -08:00
Matt Darfeuille	bc1df90829	Group comment lines with corresponding command Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-22 17:54:33 -08:00
Matt Darfeuille	09462cf92b	Use 4 octal digits as numeric mode in installers Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-22 17:54:29 -08:00
Matt Darfeuille	315d4c39b8	Create and set directory mode using a function Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-22 17:54:04 -08:00
Matt Darfeuille	42554f8f31	Add cant_autostart() to the installers's library Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-22 17:53:59 -08:00
Matt Darfeuille	f0debcb6fb	Copy only required libraries to run Shorewall Copy only libraries that are required by Shorewall to operate properly. Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-22 17:53:54 -08:00
Matt Darfeuille	20cc56f2f1	Load uninstallers's common functions Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-22 17:53:39 -08:00
Matt Darfeuille	4e771083c7	Load installers's common functions Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-22 16:42:38 -08:00
Matt Darfeuille	a6eebc8ecf	Replace product names by product vars Signed-off-by: Matt Darfeuille <matdarf@gmail.com> Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-22 16:40:41 -08:00
Tom Eastep	6966270822	Allow 'show action' on buitin actions Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-19 13:43:23 -08:00
Tom Eastep	118e4f73c9	Correct validation of LOG_LEVEL Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-19 10:25:44 -08:00
Tom Eastep	10b39f3855	Correct typo (allowMast -> allowMcast) Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-19 10:25:27 -08:00
Tom Eastep	a71b61c238	Delete the deprecated macros and actions during install Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-15 10:16:53 -08:00
Tom Eastep	944888c04f	Handle broadcast and muticast separately Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-15 10:16:20 -08:00
Tom Eastep	48d301b2cf	Rename the policy LIMIT column to RATE Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-12 10:17:43 -08:00
Tom Eastep	735919d8d3	Add LOG_LEVEL option Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-12 09:52:55 -08:00
Tom Eastep	b4561e97c8	Deprecate Drop and Reject in actions.std Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-12 09:28:38 -08:00
Tom Eastep	66a63a4da5	Fix instances of $LOGrmation Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-12 08:33:56 -08:00
Tom Eastep	8c9fb501fd	Adjust .conf files Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-11 13:41:28 -08:00
Tom Eastep	977fa81d46	Make 'none' case-insensitive in policy action specifications Signed-off-by: Tom Eastep <teastep@shorewall.net>	2017-02-10 11:43:51 -08:00
Tom Eastep	09fda9eb6c	Manpage updates: - interfaces: Clarify the 'bridge' option - rtrules: Warn about similar rules with same priority	2017-02-10 11:43:04 -08:00

... 2 3 4 5 6 ...

7680 Commits