Commit Graph

1575 Commits

Author SHA1 Message Date
Tom Eastep
704f3fdd55 Document audited default actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 07:24:15 -07:00
Tom Eastep
5d04c93a16 Implement LEGACY_FASTSTART option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-22 15:36:29 -07:00
Tom Eastep
e511c5a8d5 Corrections to Audit documents 2011-05-22 10:25:43 -07:00
Tom Eastep
a8fd3281d9 Add CONFIG_PATH section
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-22 08:59:05 -07:00
Tom Eastep
57d276f0b3 Add default action example 2011-05-22 08:02:23 -07:00
Tom Eastep
b844fc3107 Correct typo in Audit doc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-22 06:10:58 -07:00
Tom Eastep
ad050763cc Documentation update 2 for AUDIT support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-21 17:22:19 -07:00
Tom Eastep
e940f5018e Implement whitelisting.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-18 08:30:01 -07:00
Tom Eastep
8ec33cd6dd Update accounting documentation 2011-05-17 18:35:28 -07:00
Tom Eastep
fd70e73d34 Add ACCOUNTING_TABLE option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-17 12:51:33 -07:00
Tom Eastep
43a21e122a Update Install doc with absolute path name info
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-14 07:20:38 -07:00
Tom Eastep
02baf94246 Fix typo in starting/stopping doc 2011-05-08 05:44:24 -07:00
Tom Eastep
68fe7c733e Correct ipset allowed characters 2011-04-11 10:02:18 -07:00
Tom Eastep
c902045348 Document method of turning off TSO/GSO 2011-04-11 09:49:48 -07:00
Tom Eastep
5734c84499 Documentation updates 2011-04-11 09:37:50 -07:00
Tom Eastep
f2d5e79684 Add link to 2011 Linuxfest Doc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-10 15:25:52 -07:00
Tom Eastep
6e7a7b7f39 Clarify what Shorewall UPnP does and does not do 2011-04-10 10:29:10 -07:00
Tom Eastep
81437b2bb1 Don't mention downloads in the complex TC doc 2011-04-04 19:01:06 -07:00
Tom Eastep
6b93ff3a91 Clarify Debian file location 2011-04-03 19:32:39 -07:00
Tom Eastep
a47357a6e8 Re-add LXC doc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-03 10:27:52 -07:00
Tom Eastep
cc633c5bd9 Shorewall 4.4.19 Changes 2011-04-03 09:56:30 -07:00
Tom Eastep
d7fb4e8ed9 More corrections to Tuomo's Example 2011-03-02 07:13:14 -08:00
Tom Eastep
e2c8d7b3e1 Correct Tuomo's workaround description 2011-03-01 14:04:06 -08:00
Tom Eastep
b7b1d5a7ab Link Proxy NDP section to the Vserver example of same 2011-02-28 13:40:20 -08:00
Tom Eastep
323fef9b51 Add additional info to the Vserver NDP section 2011-02-28 13:38:03 -08:00
Tom Eastep
cb94ca821e Correct typo 2011-02-28 13:08:28 -08:00
Tom Eastep
e9a3dc85fc Add proxy NDP example to the Vserver article 2011-02-28 13:05:04 -08:00
Tom Eastep
ac45a9b392 Fix typo in the Lenny->Squeeze doc 2011-02-19 09:28:09 -08:00
Tom Eastep
e47cb61c33 Introduce 'accountfwd' chain for forwarded accounting in sectioned configuration 2011-02-18 15:44:55 -08:00
Tom Eastep
da1ae7d301 Add bleve's tip to the MultiISP doc 2011-02-18 09:02:56 -08:00
Tom Eastep
e5fb8b0a35 Add Simple TC warning to the Lenny->Squeeze article 2011-02-12 20:02:54 -08:00
Tom Eastep
5c0b592934 Section the accounting file 2011-02-12 12:47:15 -08:00
Tom Eastep
27add33ff3 Add 'show ipa' to Accounting doc 2011-02-10 13:54:51 -08:00
Tom Eastep
f5a39a4aa8 Updates for new release model 2011-02-07 16:32:51 -08:00
Tom Eastep
b4b59119ef Don't allow non-accounting chain in the CHAIN accounting column 2011-02-07 16:32:38 -08:00
Tom Eastep
2c2fdab0fe Rename USE_LOCAL_MODULES to EXPORTMODULES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-02-06 08:42:35 -08:00
Tom Eastep
98e3827246 Remove rant in getting started doc 2011-02-04 06:45:53 -08:00
Tom Eastep
ea2c72d1b1 Prepare for 4.4.17 2011-02-04 06:44:02 -08:00
Tom Eastep
b61ad28897 Add threat to GettingStarted doc 2011-02-03 20:38:41 -08:00
Tom Eastep
ac13be4ed4 Add rate-limiting example to rules manpages 2011-02-03 13:26:41 -08:00
Tom Eastep
ae4d675d0d Document chain name length restriction 2011-01-31 07:07:10 -08:00
Tom Eastep
a9f5721851 Add OpenSuSE 11.3 to distros tested with per-IP accounting 2011-01-31 06:55:59 -08:00
Tom Eastep
a026ffabe1 Add iptaccount -l example with output 2011-01-30 14:04:26 -08:00
Tom Eastep
2cf3d15d45 Mention the iptaccount --help command 2011-01-30 10:46:35 -08:00
Tom Eastep
303afe8c7e Some accounting fixes (code and docs) 2011-01-30 09:39:14 -08:00
Tom Eastep
26cea4336e Document per-IP accounting 2011-01-30 08:33:06 -08:00
Tom Eastep
156b04c380 Implement Run-time Address Variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-01-26 09:08:48 -08:00
Tom Eastep
4098535a43 Revise info about mis-using Vserver zones 2011-01-23 12:47:13 -08:00
Tom Eastep
d5b0a39b45 Add some info about mis-using Vserver zones 2011-01-23 09:45:06 -08:00
Tom Eastep
a7dd95d394 Add some info about mis-using Vserver zones 2011-01-23 09:43:35 -08:00
Tom Eastep
228eeabb7d More explainations in the Simple TC doc 2011-01-23 08:36:45 -08:00
Tom Eastep
7b73323301 Add more introductory material to the Simple TC document 2011-01-23 07:53:56 -08:00
Tom Eastep
a2b440b093 Add USE_LOCAL_MODULES option 2011-01-22 08:13:17 -08:00
Tom Eastep
985fd990c6 Update Shorewall-4 with info about shorewall-init 2011-01-22 07:30:40 -08:00
Tom Eastep
d0858f6034 Add module-loading section to Shorewall-lite doc 2011-01-21 15:49:28 -08:00
Tom Eastep
3a2da73808 Document INCLUDE changes in the basics doc 2011-01-15 15:56:20 -08:00
Tom Eastep
265ca85d02 Allow INCLUDE in extension scripts 2011-01-15 15:43:45 -08:00
Tom Eastep
4a69ad35ee Resolve conflicts -- take 2 2011-01-13 19:24:15 -08:00
Tom Eastep
edde07fd85 Resolve conflects 2011-01-13 19:01:44 -08:00
Tom Eastep
fce558d97e Correct 'shorewall-common' references in the quickstart guides 2011-01-13 18:53:03 -08:00
Roberto C. Sanchez
28682a2428 eliminate obsolete references to shorewall-common 2011-01-13 20:02:19 -05:00
Tom Eastep
08f09d7de0 Deprecate EXPORTPARAMS 2011-01-09 10:12:36 -08:00
Tom Eastep
97672455b2 Correct typo in the FAQ 2011-01-09 09:18:21 -08:00
Tom Eastep
3c4336da58 Enhance DNAT documentation again 2011-01-07 10:27:35 -08:00
Tom Eastep
a8084370b6 Correct bridge example in the OPENVPN doc 2011-01-05 06:57:42 -08:00
Tom Eastep
6a7dad5e18 Merge branch 'master' into 4.4.16
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-27 12:32:28 -08:00
Tom Eastep
79cbfd0126 Allow '--' to specify '-' as an action parameter 2010-12-26 17:03:05 -08:00
Tom Eastep
4111432a52 Implement optional action parameters 2010-12-26 16:13:53 -08:00
Tom Eastep
31bd00e42e Document parameterized actions 2010-12-26 08:59:31 -08:00
Tom Eastep
29da130eef Add a note about the SOURCE and DEST columns 2010-12-24 14:03:55 -08:00
Tom Eastep
a51eac91b0 Add documentation for parameterized actions 2010-12-22 15:09:54 -08:00
Tom Eastep
880a94e42f Update documentation regarding Hack removal 2010-12-14 11:19:17 -08:00
Tom Eastep
aba63d5c9b More action/macro documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-13 09:06:29 -08:00
Tom Eastep
e8b26236e2 Shuffle the Compiled Program article 2010-12-12 19:00:15 -08:00
Tom Eastep
b786da4abb Document lack of configfiles/ in Debian
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-12 08:45:54 -08:00
Tom Eastep
48b00d719e Complete Proxy NDP implementation 2010-12-11 10:04:07 -08:00
Tom Eastep
2f70c0b71a Add Optional/Required interface section to the config basics doc 2010-12-09 10:04:52 -08:00
Tom Eastep
627733d925 Mention DHCPfwd in the DHCP doc - TAKE 2 2010-12-01 11:39:48 -08:00
Tom Eastep
b573826226 Mention DHCPfwd in the DHCP doc 2010-12-01 11:37:40 -08:00
Tom Eastep
c0ba395276 Update IPSEC title
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-28 10:00:31 -08:00
Tom Eastep
095345f95c Mention 'weak host model' in the Fool's firewall article 2010-11-27 11:14:51 -08:00
Tom Eastep
681529b664 Clarify 'switch' in the Fool's firewall article 2010-11-27 11:01:20 -08:00
Tom Eastep
2702d7f208 Implement header matching 2010-11-24 10:46:06 -08:00
Tom Eastep
972d00c300 Add another SNAT virtual alias example 2010-11-22 12:04:20 -08:00
Tom Eastep
93f9e8914c Add another SNAT virtual alias example 2010-11-22 11:59:59 -08:00
Tom Eastep
9b31906c6c Update bogus link in the features page 2010-11-21 21:40:56 -08:00
Tom Eastep
6083693181 Tweak FAQ 16c - LOGFILE 2010-11-21 19:37:54 -08:00
Tom Eastep
fdd1500971 Add FAQ 16c - LOGFILE 2010-11-21 12:05:28 -08:00
Tom Eastep
a17c47b017 Add FAQ 16b - dmesg 2010-11-21 10:48:23 -08:00
Tom Eastep
eac128b5e2 Add routes file to manpage indexes; modify links in the features page 2010-11-20 13:51:16 -08:00
Tom Eastep
e052951890 More /etc/shorewall/routes documentation 2010-11-17 17:27:48 -08:00
Tom Eastep
4ca1098e3e Be more explicit about route rules with SOURCE lo 2010-11-15 21:03:53 -08:00
Tom Eastep
17cc0bad45 Mention IPv6 in the tcfilters section 2010-11-15 12:38:28 -08:00
Tom Eastep
c9737930a2 Complete Shared TC documentation 2010-11-14 14:48:16 -08:00
Tom Eastep
a1e3683651 Documentation updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-10 14:38:55 -08:00
Tom Eastep
8c1bdc803b Fix typo in address-type section; add faq 94 2010-11-04 09:57:33 -07:00
Tom Eastep
e9b7b8acad Add address-type info to config file basics doc 2010-11-03 16:31:50 -07:00
Tom Eastep
5b7a2f002a Add helpers file to advice about modifying loaded modules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-03 12:47:50 -07:00
Tom Eastep
d3f729c56e Clarify applications running on the firewall section 2010-10-27 15:51:29 -07:00
Tom Eastep
54fdce9e22 Fix typos in Introduction 2010-10-26 07:32:50 -07:00
Tom Eastep
0f1370f265 Correct typo in upgrade issues 2010-10-21 07:57:39 -07:00
Tom Eastep
959b8f5167 Revise Vserver article 2010-10-10 08:29:19 -07:00
Tom Eastep
aad8a7b213 Clear FORWARD_CLEAR_MARK setting in the remaining config files 2010-10-09 11:31:19 -07:00
Tom Eastep
38851fe446 Delete obsolete options from shorewall.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-04 07:44:28 -07:00
Tom Eastep
ac8c7ed7d4 Updating bridge documents 2010-10-03 14:12:38 -07:00
Tom Eastep
2599e44fca More Tweaks to FAQ 93
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-03 13:03:11 -07:00
Tom Eastep
4c1c63617b Tweak FAQ 93 2010-10-03 12:56:09 -07:00
Tom Eastep
e62033ed13 Add FAQ 93 re bridging.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-03 12:52:46 -07:00
Tom Eastep
cee05d9763 Refine -lite handling of scfilter.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-03 12:52:30 -07:00
Tom Eastep
432534a650 Eliminate need to restart -lite to extract scfilter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-03 10:56:55 -07:00
Tom Eastep
5b86cbdabf Document scfilter in the Extensions Scripts Doc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 12:29:41 -07:00
Tom Eastep
468c918121 Correct grammar in FAQ 92 2010-09-28 08:05:18 -07:00
Tom Eastep
a7be406fb9 Add FAQ 92 2010-09-28 08:04:02 -07:00
Tom Eastep
26ec7cee1d Update ipset doc with multiple match syntax 2010-09-21 06:59:55 -07:00
Tom Eastep
c21a4d786d add ipset manpage to the index 2010-09-20 16:00:19 -07:00
Tom Eastep
1d650b41cd Remove blacklisting by destination IP address support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 15:24:58 -07:00
Tom Eastep
2ff06f5f0a Update simple TC doc 2010-09-14 07:59:01 -07:00
Tom Eastep
9f786b7c59 Delete mention of triggers in ipset doc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-12 08:01:54 -07:00
Tom Eastep
b937290740 Add version cautions to blacklisting doc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-12 07:58:13 -07:00
Tom Eastep
7e8979157c Update Features Page re: Virtualization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-08 15:47:23 -07:00
Tom Eastep
2cb5aaeb07 Correct interface reference 2010-09-08 13:12:19 -07:00
Tom Eastep
a4606bee80 Pretty up Network Diagram -- exchange caption location 2010-09-08 12:57:35 -07:00
Tom Eastep
bbe5dae9b0 Pretty up Network Diagram some more 2010-09-08 12:44:40 -07:00
Tom Eastep
0907a7b6c2 Pretty up Network Diagram 2010-09-08 12:38:14 -07:00
Tom Eastep
7f72d66b90 A couple of documentation updates 2010-09-08 11:55:16 -07:00
Tom Eastep
8853de0c2e Fix links to secmark manpages 2010-09-07 15:03:05 -07:00
Tom Eastep
8d63e04926 Yet more docunentation updates 2010-09-06 20:37:34 -07:00
Tom Eastep
50b4bd8dfe More Blacklist and Secmark documentation updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-06 17:26:49 -07:00
Tom Eastep
c6f58ba924 Enhance SELinux support:
- Add state match
- Add user/group match
- Add examples to the man pages
2010-09-06 09:06:40 -07:00
Tom Eastep
f93413b2a7 Update Multi-ISP doc for variable name change in 4.4.8.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-31 15:33:22 -07:00
Tom Eastep
8077c9e1c3 Add FAQ 91 2010-08-30 11:07:37 -07:00
Tom Eastep
c2558af9c8 Document and correct implementation of EXCLUSION_MASK
1. Require KLUDGEFREE if existing rule uses mark match
2. Pretty up the code
3. Use MASK_BITS rather than TC_BITS when calculating the offset of EXCLUSION_MASK

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-28 08:29:47 -07:00
Tom Eastep
6b0fa8b4e2 Change note about MARK_IN_FORWARD_CHAIN 2010-08-19 15:33:12 -07:00
Tom Eastep
baf8e21a80 Add reference to manual chains article for the compile extension 2010-08-17 09:23:43 -07:00
Tom Eastep
bc19a80ac4 Correct FAQ 2 for Shorewall-lite 2010-08-14 07:14:52 -07:00
Tom Eastep
1510e111c4 Fix typo in conf basics doc 2010-08-13 20:27:14 -07:00
Tom Eastep
000873575e Update Shorewall Lite Doc 2010-08-11 15:59:24 -07:00
Tom Eastep
965ad7ced1 Minor tweaks to the IPAddrs module 2010-08-11 11:46:26 -07:00
Tom Eastep
0234564a1b Add destination IP blacklisting 2010-08-10 17:33:50 -07:00
Tom Eastep
3ce8ff5741 Bump version to Beta 4 2010-08-01 16:10:32 -07:00
Tom Eastep
f75c5809b5 Advocate use of 'ip' to examine routing tables 2010-08-01 11:56:06 -07:00
Tom Eastep
967629569b Taylor Universal config to work with Shorewall-init and streamline ruleset
- Make interface 'all' optional and set REQUIRE_INTERFACE=Yes
- Add COMPLETE option
- Set FASTACCEPT in Universal samples
- Reset SUBSYSLOCK in Universal samples

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-01 08:36:56 -07:00
Tom Eastep
a88e2afa69 Tweak the Universal documentation 2010-07-31 18:43:54 -07:00
Tom Eastep
c6404f1a74 Reword last title in Universal ruleset doc 2010-07-31 14:51:52 -07:00
Tom Eastep
ee5d2a56da Add Universal doc 2010-07-31 13:52:09 -07:00
Tom Eastep
bebeba8cae Document Universal Configuration and allow for empty LOGFILE 2010-07-31 12:45:43 -07:00
Tom Eastep
d483725474 Update Accounting doc 2010-07-29 16:49:40 -07:00
Tom Eastep
6a1fea3a40 Add 'user marks' 2010-07-27 11:02:36 -07:00
Tom Eastep
aac343b476 Document mark geometry capability 2010-07-27 08:05:54 -07:00
Tom Eastep
7f4a7372ef Remove nic registration requirement for IRC channel 2010-07-24 16:04:21 -07:00