Commit Graph

6820 Commits

Author SHA1 Message Date
Tom Eastep
f999acda63 Eliminate shortlineinfo1()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-27 10:21:08 -08:00
Tom Eastep
b4723da07c Eliminate $globals{TRACK_GLOBALS}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-26 16:45:47 -08:00
Tom Eastep
3860a1dc72 Ensure that %origin is populated
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-26 16:31:04 -08:00
Tom Eastep
e756820ca1 Revert "Unify TRACK_RULES settings implementation"
This reverts commit 866cb04cbb.
2016-01-26 11:49:26 -08:00
Tom Eastep
866cb04cbb Unify TRACK_RULES settings implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-25 18:07:46 -08:00
Tom Eastep
6ef136a546 Add origin information for entries in shorewall[6].conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-25 15:49:18 -08:00
Tom Eastep
9b3b4579a2 Change TRACK_RULES setting from Internal to File
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-24 16:15:36 -08:00
Tom Eastep
3e404b765f Make .ip[6]tables-restore-input comments conditional
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-23 17:04:52 -08:00
Tom Eastep
2235641c9f Add origin to the ip[6]tables input.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-23 15:13:12 -08:00
Tom Eastep
3fe4619f66 Fix origin in interfaces and hosts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-23 13:49:52 -08:00
Tom Eastep
247698a14d Add origin in some rules from the Misc module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-23 12:31:53 -08:00
Tom Eastep
73b20c832c Add 'origin' member to rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-23 10:45:26 -08:00
Tom Eastep
8ac754caed Add 'origin' member to the interface and hosts tables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-21 17:08:19 -08:00
Matt Darfeuille
c85ced09af Corrected sysconfig files
Removed unnecessary lines in sysconfig files

Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-19 09:25:37 -08:00
Tom Eastep
1abb77d66d Remove restrictions on -m geoip
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-18 22:30:15 -08:00
Tom Eastep
a28f3012d5 Correct $VERSION setting in Raw.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-18 09:38:35 -08:00
Tom Eastep
7d443b5e2e Eliminate return value from process_action()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-18 09:08:35 -08:00
Tom Eastep
a945b3e0dd Tweak the process_action() changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 17:03:46 -08:00
Tom Eastep
ec6c233666 Centralize Rules module handling of @CALLER in actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 16:29:35 -08:00
Tom Eastep
4059e9de95 Clean up use_policy_action()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 12:35:12 -08:00
Tom Eastep
1ee645cd79 Another determinism fix -- red and codel options are now sorted
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 09:50:34 -08:00
Tom Eastep
1fedb26f1d Handle @CALLER in policy chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 09:42:01 -08:00
Tom Eastep
031371f259 Improve maintainability of action-tuple code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-16 17:26:16 -08:00
Tom Eastep
742c15b289 Improve @CALLER fix to create unique chains per caller
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-16 17:12:03 -08:00
Tom Eastep
f95c67ec6b Restore unmodified .pm files after installation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-15 13:55:46 -08:00
matt darfeuille
f1ed963077 Shorewall 5.0.4 Beta 2
Hi Tom,

Some unnecessary lines need to be removed from the sysconfig files.
I made some more changes to the init.openwrt.sh scripts(lite and
lite6)

Attached as sysconfig-lite.patch!

In order to be able to use the build50 script I had to make a few
changes(attached as build50.patch):

- Adding a variable BASEDIR (to build shorewall  in a subdirectory)
BASEDIR=$PWD
and doing:
$BASEDIR/annotate.pl
and so on ...

- Adding a variable
CYGWINSTYLESHEET
and modifying the script to use this new variable(added cygwin clause
in case statement)

- Adding a variable GITRELEASEDIR and modifying the lines around
624(to specify an other name for the release repo)
from
../release/
to
../$GITRELEASEDIR/

- Added line to remove unnecessary *.bak files

- Added an if statement if a subdirectory is used when patches are
created

question/request:
Would it be possible to use the build50 script without the '-t'
option?
That way only the packages would be built but the tarballs wouldn't
be created.

-Matt

On 12 Jan 2016 at 7:57, Tom Eastep wrote:

> Shorewall 5.0.4 Beta 2 is now available for download.
>
> New Feature since Beta 1:
>
> 1)  The mangle file now supports an DIVERTHA action that provides
>     support for HAProxy.
>
>     To setup the HAProxy transparent configuration described at
>
> http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x,
>     place this entry in shorewall-providers(5):
>
>
>     #NAME  NUMBER   MARK    DUPLICATE  INTERFACE GATEWAY   OPTIONS
>     TProxy 1        -       -          lo        -         tproxy
>
>     and use this DIVERTHA entry:
>
>     #ACTION         SOURCE          DEST            PROTO  ...
>     DIVERTHA        -               -               tcp
>
> Thank you for testing,
> -Tom
> --
> Tom Eastep        \ When I die, I want to go like my Grandfather who
> Shoreline,         \ died peacefully in his sleep. Not screaming like
> Washington, USA     \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>

-------------- Enclosure number 1 ----------------
>From ca4c854433e1c4c5870ea3e71225e5df8da4e255 Mon Sep 17 00:00:00 2001
From: Matt Darfeuille <matdarf@gmail.com>
Date: Wed, 13 Jan 2016 21:28:47 +0100
Subject: [PATCH 1/2] Modified lite and lite6.init.openwrt.sh

Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-14 16:36:21 -08:00
Tom Eastep
726d1492cd Correct error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-13 17:08:57 -08:00
Tom Eastep
12513e24a3 Revert "Implement dynamic actions"
This reverts commit 8075ba719a.
2016-01-13 11:04:41 -08:00
Tom Eastep
21765d618d Create unique chains when @caller is used
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-13 11:04:23 -08:00
Tom Eastep
de21c59885 Correct hashlimit in logging rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-13 09:49:22 -08:00
Tom Eastep
8075ba719a Implement dynamic actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-13 09:33:38 -08:00
Tom Eastep
3828eb856b Rename HADIVERT to DIVERTHA
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-08 15:36:10 -08:00
Tom Eastep
e29e2d117d Documentation updates
- update LSM section of the Multi-ISP article
- Correct formatting of HAPROXY examples

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-08 08:33:42 -08:00
Tom Eastep
ad2f20b824 Finish HAProxy support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-06 09:12:33 -08:00
Tom Eastep
4c33c2b957 Add support for HAProxy
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-06 08:27:50 -08:00
Tom Eastep
ee6a1dadbb Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2016-01-05 10:48:48 -08:00
Tom Eastep
2f59ea5ca3 Implement the WAIT_OPTION capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-05 09:28:24 -08:00
Tuomo Soini
c447ddd03e systemd service: rename pre214 systemd versions to pre214 and remove separeate 214 variants 2016-01-05 12:01:21 +02:00
Tom Eastep
0c66e5f1b2 More Openwrt support in Shorewall-init from Matt Darfeuille
- Also, various cleanup in install/uninstall scripts

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-04 15:45:21 -08:00
Tom Eastep
e695e08009 A couple of corrections to the IP[6]TABLE transparency change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-04 14:13:58 -08:00
Tom Eastep
c91b78a875 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2016-01-04 13:10:48 -08:00
Tom Eastep
70a9240de6 Make IP[6]TABLES transparent
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-04 13:10:03 -08:00
Tom Eastep
06dd5dc38f Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2016-01-02 12:37:43 -08:00
Tom Eastep
fad41e262a Support the DROP command in the mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-02 12:36:38 -08:00
Tom Eastep
89d91d37a1 Add Shorewall-init installer support for OpenWRT
- Supply sysconfig files for all products

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-27 16:47:31 -08:00
Tom Eastep
c9f57ad9c9 Update manpages for ADD timeout
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-24 09:20:42 -08:00
Tom Eastep
694dc64900 Allow comma in disposition when LOGTAGONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-23 09:06:43 -08:00
Tom Eastep
54b6488113 Allow a timeout to be specified in ADD rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-23 08:24:00 -08:00
Tom Eastep
532d5c7e50 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-12-08 08:06:39 -08:00
Tom Eastep
8429f68897 Handle MAC addresses in IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-07 15:15:28 -08:00
Tom Eastep
3ddc2a8f8b Add parentheses for readability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-07 08:02:35 -08:00
Tom Eastep
1d79cbc54e Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
# Conflicts:
#	Shorewall-init/install.sh
2015-12-06 11:55:03 -08:00
Tom Eastep
4b893b2fd6 Install/uninstall fixes from Matt Darfeuille
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall-init/install.sh
2015-12-05 11:56:16 -08:00
Tom Eastep
8e7f001f7e Update manpages for column renaming
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-04 14:53:26 -08:00
Tom Eastep
98b4ab5ceb Add missing columns in the masq file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-03 19:51:21 -08:00
Tom Eastep
592de3e6fc Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-12-03 15:35:35 -08:00
Tom Eastep
2c1786422e Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-11-28 09:04:46 -08:00
Tom Eastep
b087cee7f0 Redefine MODULESDIR
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-28 08:36:12 -08:00
Tuomo Soini
948175124b accounting: there must be more room for ACTION, SOURCE, and DEST
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-11-27 22:33:03 +02:00
Tom Eastep
178a7f83bc Install/uninstall fixes from Matt Darfeuille
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-21 12:53:24 -08:00
Tuomo Soini
b25a8e4b2d shorewall: use real field names in config file headers
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-11-16 18:16:17 +02:00
Tom Eastep
7b54e5e1a6 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-11-10 07:50:33 -08:00
Tuomo Soini
9460458fd5 Shorewall: reduce number of lines on config headers
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-11-09 23:04:00 +02:00
Tom Eastep
7fb00e0dfe Remove the routestopped files and their manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-09 07:28:46 -08:00
Tuomo Soini
e989fa1d49 configfiles/routestopped: add install path
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-11-09 10:27:07 +02:00
Tuomo Soini
f095e6f31d configfiles: unified configuration file formatting
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-11-09 10:24:20 +02:00
Tom Eastep
e75c88219f Start optional interfaces when there are no providers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-05 18:07:31 -08:00
Tuomo Soini
85df53841b Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-11-02 00:02:56 +02:00
Tom Eastep
1c29240eb9 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-11-01 11:31:53 -08:00
Tom Eastep
2b733b610c Return proper exit status from the remote-* commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-01 07:53:31 -08:00
Tom Eastep
aa680d8472 Avoid double slashes in pathnames within the installers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 12:57:33 -07:00
Tom Eastep
460f4bc5b7 Correct defect in processing the 'persistent' route option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 08:15:10 -07:00
Tom Eastep
f90567abf1 Add support for OpenWRT BB and later
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 08:08:17 -07:00
Tuomo Soini
0c481b4c30 shorewall: use consitent headers on config files
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-10-31 08:18:50 +02:00
Tom Eastep
6209616766 Add lib.cli-user support to the full products
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-30 08:47:16 -07:00
Tom Eastep
5a3589b9a6 Add some comments in get_params()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-30 08:18:45 -07:00
Tom Eastep
3973cdf0da Merge branch '5.0.1' 2015-10-28 14:35:27 -07:00
Tom Eastep
e39d405e86 More tweaks to params processing and exporting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-28 14:33:55 -07:00
Tom Eastep
239560be8d Add Cygwin-specific code in get_params()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-28 13:47:40 -07:00
Tom Eastep
3873ebe06a More param handling fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-28 09:37:52 -07:00
Tuomo Soini
e987a11614 Shorewall/configfiles/stoppedrules: use standard description
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-10-28 10:48:27 +02:00
Tom Eastep
081cf30447 Don't export variables with parentheses in their names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-27 17:45:22 -07:00
Tuomo Soini
d614081d55 Shorewall/configfiles: remove empty lines and fix blrules header to common format
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-10-27 22:03:28 +02:00
Tom Eastep
35b90c2709 Update documentation for 'remote-' vs. 'remote_'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-27 08:16:06 -07:00
Tom Eastep
79a145bf83 Correct "remote-" commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-27 07:18:54 -07:00
Tom Eastep
6535bb94c5 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-10-27 07:18:06 -07:00
Tom Eastep
38049fd0df Correct "remote-" commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-26 20:06:10 -07:00
Tom Eastep
c2768a2d64 Correct error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-26 13:08:09 -07:00
Tom Eastep
4f4358d4db Correct error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-26 13:07:40 -07:00
Tom Eastep
f822afef99 Issue warning if a persistent provider isn't optional
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-26 13:07:28 -07:00
Tom Eastep
514fe76fa5 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-10-26 07:55:30 -07:00
Tom Eastep
56bf8b1572 Don't configure persistence if the interface has no address
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-26 07:42:47 -07:00
Tuomo Soini
2a064c7b7c macro.MSSQL: allow udp/1434
Reference: https://technet.microsoft.com/en-us/library/ms181087%28v=sql.105%29.aspx
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-10-26 10:22:37 +02:00
Tuomo Soini
30682e63d8 Shorewall/Macros: remove version number
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-10-26 10:20:11 +02:00
Tom Eastep
69dd7ce0b9 Add 'persistent' provider option - Phase II
- Also allow the creation of 'persistent' routing rules and routes

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-25 16:45:11 -07:00
Tom Eastep
46c3db4f32 Add 'persistent' provider option - Phase I
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-22 06:58:32 -07:00
Tom Eastep
6e59fd5395 Correct permissions on certain files in $CONFDIR/$PRODUCT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-22 06:58:05 -07:00
Tom Eastep
8dc16268a7 Delete main default routes when there are 'load=' or 'fallback=' interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-13 09:34:58 -07:00
Tom Eastep
a8e4671668 Remove version from config files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-12 15:02:50 -07:00
Tom Eastep
7388ff5154 Fix RESTART
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-12 14:08:24 -07:00
Tom Eastep
0dbe756e93 Manpage and Shorewall-5 changes for RESTART
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-12 13:49:24 -07:00
Tom Eastep
72d4637c22 Replace LEGACY_RESTART with RESTART
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-12 11:45:58 -07:00
Tom Eastep
bb538a7c10 Merge branch 'master' into 5.0.0
Conflicts:
	Shorewall-core/lib.common
	Shorewall-core/shorewallrc.debian.systemd
	Shorewall-lite/shorewall-lite.service.debian
	Shorewall/Perl/Shorewall/Chains.pm
	Shorewall/Perl/Shorewall/Compiler.pm
	Shorewall/Perl/Shorewall/Config.pm
	Shorewall/Perl/Shorewall/Misc.pm
	Shorewall/Perl/Shorewall/Raw.pm
	Shorewall/Perl/Shorewall/Tc.pm
	Shorewall/Perl/compiler.pl
	Shorewall/Perl/prog.footer
	Shorewall/lib.cli-std
	Shorewall/manpages/shorewall-mangle.xml
	Shorewall/manpages/shorewall.conf.xml
	Shorewall/manpages/shorewall.xml
	Shorewall/shorewall.service.debian
	Shorewall6-lite/shorewall6-lite.service.debian
	Shorewall6/manpages/shorewall6-mangle.xml
	Shorewall6/manpages/shorewall6.conf.xml
	Shorewall6/manpages/shorewall6.xml
	Shorewall6/shorewall6.service.debian
	docs/MultiISP.xml
	docs/Shorewall_Squid_Usage.xml
2015-10-12 10:55:36 -07:00
Tom Eastep
1db3bfb53e Manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-10 13:19:41 -07:00
Tom Eastep
97e821d12d Use %e rather than %_d for busybox compatibility
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-08 13:16:32 -07:00
Tom Eastep
af18896851 Remove options from 'update' warning messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-05 08:19:09 -07:00
Tom Eastep
7dd9beeeae Remove FORMAT specifications from macros and actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-22 12:39:22 -07:00
Tom Eastep
dfeeb2d5c3 Add GlusterFS action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-19 12:31:54 -07:00
Tom Eastep
85e44c70eb Add the Meta-connection to Tinc
- Both the macro and the tunnel type are updated

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-17 09:17:35 -07:00
Tom Eastep
888444f210 Add the Meta-connection to Tinc
- Both the macro and the tunnel type are updated

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-17 09:16:33 -07:00
Tom Eastep
1b2a43e5ea Merge branch '5.0.0' of ssh://git.code.sf.net/p/shorewall/code into 5.0.0 2015-09-12 12:31:45 -07:00
Tom Eastep
03d99de8d5 Correct handling of reset
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-11 15:02:32 -07:00
Tom Eastep
1b571f3d86 Correct the reset command
- Also allow chain names to be specified a la the refresh command

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-11 14:16:16 -07:00
Tuomo Soini
53dfe442c1 systemd: add reload to unit files
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-09-10 14:15:16 +03:00
Tom Eastep
7be4190e4c Man page updates for the PROBABILITY column in the masq files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-08 18:00:53 -07:00
Tom Eastep
ddb325a662 Code changes for a PROBABILITY column in the masq file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-08 17:20:46 -07:00
Tom Eastep
e8ebfb5a11 Correct PSH,FIN check
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-07 15:46:14 -07:00
Tom Eastep
242080c59c Rename SMALL_MASK to SMALL_MAX
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-07 13:10:44 -07:00
Tom Eastep
0aa5cb5086 Allow non-experts to use the user bits in the fw mark
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-07 11:35:47 -07:00
Tom Eastep
4b14924b99 Allow non-experts to use the user bits in the fw mark
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-07 11:29:24 -07:00
Tom Eastep
17d1caf8c5 Allow tags in global LOG_LEVELs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-06 16:08:59 -07:00
Tom Eastep
fcd5b30ca8 Add FIN,RST and PSH,FIN to the tcpflags set
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-06 11:49:29 -07:00
Tom Eastep
e6ec52c711 Move a line of code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-06 10:33:36 -07:00
Tom Eastep
eddd58d459 Move a line of code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-06 10:33:09 -07:00
Tom Eastep
1bf13e5fda Provide default for SHOREWALL_SHELL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-06 10:29:36 -07:00
Tom Eastep
dbf2c89083 Provide default for SHOREWALL_SHELL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-06 10:28:44 -07:00
Tom Eastep
6554f7fe28 Disable bare SECTION in the rules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-04 11:16:07 -07:00
Tom Eastep
07976556ed More inline match documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-03 09:45:39 -07:00
Tom Eastep
682a449e7b Correct more Mangle examples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-02 13:08:05 -07:00
Tom Eastep
8f86e2df19 Correct typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-02 13:07:33 -07:00
Tom Eastep
ba3dba78ff Correct more Mangle examples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-02 13:07:20 -07:00
Tom Eastep
59aeafba3a Delimit inline matches by ';;'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-02 10:24:31 -07:00
Tom Eastep
9e98d30c92 Correct handling of log levels with default actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-02 08:55:18 -07:00
Tom Eastep
582755edf4 Unconditionally get inline matches
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-02 08:03:22 -07:00
Tom Eastep
c6ec9990e7 Unconditionally get inline matches
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-02 08:02:02 -07:00
Tom Eastep
dea1f853ea Correct progress messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-01 12:42:01 -07:00
Tom Eastep
a30708519d Correct progress messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-01 11:57:28 -07:00
Tom Eastep
f5d9e87c59 Remove anacronistic logic from the Rules module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 16:02:22 -07:00
Tom Eastep
ed90360b4c Remove all of the update-specific options from the update command
Leave -i and -A

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 14:21:41 -07:00
Tom Eastep
6a374b80e0 Correct INLINE handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 12:36:05 -07:00
Tom Eastep
9638033e24 Cosmetic changes to first_entry() calls
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/Perl/Shorewall/Tc.pm
2015-08-31 11:33:32 -07:00
Tom Eastep
87ef6f730f Correct a typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 11:21:37 -07:00
Tom Eastep
53223e1440 Uniform mechanism for inserting conversion comments
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/Perl/Shorewall/Tc.pm
2015-08-31 11:21:18 -07:00
Tom Eastep
9b886a99af Fix $convert/$tcrules mess
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/Perl/Shorewall/Tc.pm
2015-08-31 11:19:42 -07:00
Tom Eastep
c77d18965a Place a header in a created mangle file during update -t
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/Perl/Shorewall/Tc.pm
2015-08-31 11:16:45 -07:00
Tom Eastep
5a6586e06c Don't enforce FASTACCEPT/BLACKLISTNEWONLY on convert
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 11:14:49 -07:00
Tom Eastep
60e08322c5 Update man pages for 'minute' and 'second' in LOGLIMIT specifications
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 11:14:37 -07:00
Tom Eastep
df73f4b925 Assume EXPORTMODULES=No if it doesn't exist in old file during update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 11:14:26 -07:00
Tom Eastep
be81ace811 Read capabilities file before the .conf file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 11:11:25 -07:00
Tom Eastep
e15a6f452e Cosmetic changes to first_entry() calls
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 10:54:30 -07:00
Tom Eastep
656eaabce9 Correct a typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 09:39:40 -07:00
Tom Eastep
f42dc6def1 Uniform mechanism for inserting conversion comments
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-30 15:35:05 -07:00
Tom Eastep
6e303aef69 Fix $convert/$tcrules mess
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-29 18:52:11 -07:00
Tom Eastep
ab260dc5b1 Place a header in a created mangle file during update -t
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-29 12:52:21 -07:00
Tom Eastep
55ab498291 Don't enforce FASTACCEPT/BLACKLISTNEWONLY on convert
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-29 12:51:52 -07:00
Tom Eastep
10cda4cee7 Update man pages for 'minute' and 'second' in LOGLIMIT specifications
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-27 15:49:59 -07:00
Tom Eastep
de74273dbb Assume EXPORTMODULES=No if it doesn't exist in old file during update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-27 15:15:03 -07:00
Tom Eastep
af1e2f6c8b Read capabilities file before the .conf file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-27 11:26:26 -07:00
Tom Eastep
dc2406d25b update -t also converts the 'tos' file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 13:51:02 -07:00
Tom Eastep
e0734a45ee Allow 'seconds' and 'minutes' in LOGLIMIT specifications
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 12:53:36 -07:00
Tom Eastep
28df894add Improve 'update'
- convert BLACKLISTNEWONLY
- convert LOGRATE and LOGBURST
- default USE_DEFAULT_RT to No

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 12:50:56 -07:00
Tom Eastep
b0bf726c7e Let 'update' default USE_DEFAULT_RT to 'No'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 12:40:16 -07:00
Tom Eastep
ad06ec3eef Correct IPV6 range parsing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 11:52:51 -07:00
Tom Eastep
71611233fb Correct IPV6 range parsing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 11:51:29 -07:00
Tom Eastep
7a98c7b9e5 More 'update' fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-25 15:55:49 -07:00
Tom Eastep
dc73832570 Delete unneeded 'my'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-25 14:36:53 -07:00
Tom Eastep
f5d1ec0243 Delete EXPORTPARAMS from %config
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-25 14:36:14 -07:00
Tom Eastep
f9ae28aeea The -t option also converts the 'tos' file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-24 14:56:24 -07:00
Tom Eastep
eae492cef5 Some rules manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-22 09:24:47 -07:00
Tom Eastep
2451c14d8c Some rules manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-22 08:27:52 -07:00
Tom Eastep
a30fdb356d Update man pages for required '?' in COMMENT, SECTION and FORMAT lines
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-22 08:00:38 -07:00
Tom Eastep
a709395949 Allow 'none' in the log level argument to AutoBL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-21 13:40:12 -07:00
Tom Eastep
98e5d54b92 Allow 'none' in the log level argument to AutoBL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-21 13:39:25 -07:00
Tom Eastep
f4776bf388 Eliminate WIDE_TC_MARKS, HIGH_ROUTE_MARKS and BLACKLISTNEWONLY
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-21 12:42:19 -07:00
Tom Eastep
80acdd2836 Disallow bare COMMENT, SECTION and FORMAT lines
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-21 11:18:40 -07:00
Tom Eastep
40d1d86d2c Drop support for the 'tos' file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 15:35:03 -07:00
Tom Eastep
26fca41e27 Eliminate discontinued files and manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 15:17:48 -07:00
Tom Eastep
5af5c67c75 Update a message to refer to the 'mangle' file rather than 'tcrules'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 14:54:54 -07:00
Tom Eastep
7956c5f6e0 Update a message to refer to the 'mangle' file rather than 'tcrules'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 14:48:29 -07:00
Tom Eastep
5a08f8bf4e Correct shorewall-mangle(5) examples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 11:09:42 -07:00
Tom Eastep
c59cb1351c Update manpages for new update options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 11:08:10 -07:00
Tom Eastep
82330395e9 Correct grammer in an error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 09:25:32 -07:00
Tom Eastep
9a6f16903b Use NYTProf for profiling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 09:21:47 -07:00
Tom Eastep
9f2958fd27 Correct wording of an error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 09:21:20 -07:00
Tom Eastep
4b003163d6 Use NYTProf for profiling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 14:05:15 -07:00
Tom Eastep
39982c20c4 Restore the text of tcrules warning message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 12:34:35 -07:00
Tom Eastep
2b1f33c391 Don't unlink the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 11:48:23 -07:00
Tom Eastep
1c33717cf5 Reverse the change to delete host routes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 11:06:28 -07:00
Tom Eastep
cd8fe38c85 Delete host routes added to the main routing table for providers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 10:44:37 -07:00
Tom Eastep
d525419c65 Correct wording of an error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 10:44:00 -07:00
Tom Eastep
9d3f35a22d Enable new update options in compiler.pl
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-16 11:57:36 -07:00
Tom Eastep
6bdf90631c Fix a couple of bugs in 5.0.0
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-16 10:05:21 -07:00
Tom Eastep
c604823053 Default to FORMAT-2 macros and actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 16:11:41 -07:00
Tom Eastep
12f8cbae29 Correct the test for the existence of the routestopped file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 15:29:52 -07:00
Tom Eastep
4de6638385 Correct handling of termination after .conf file not updated
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 09:32:27 -07:00
Tom Eastep
0cef7fad35 Add conversion version and date to the converted files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 09:32:17 -07:00
Tom Eastep
ea2a35415e Correct convert_blacklist()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 09:32:01 -07:00
Tom Eastep
4cc7a1b87d Correct tcrules update
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/Perl/Shorewall/Tc.pm
2015-08-14 09:31:36 -07:00
Tom Eastep
7c2a969de0 Correct handling of notrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 09:26:45 -07:00
Tom Eastep
8bdea65325 Update manpages for new update options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-13 16:12:28 -07:00