extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 20:24:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,279 Commits 104 Branches 736 Tags 55 MiB
50fc972d2a
Commit Graph

908 Commits

Author SHA1 Message Date
Tom Eastep
50fc972d2a Fix another SAME defect :-( 2010-09-11 16:15:09 -07:00
Tom Eastep
512cd7b08e Bump version to 4.4.13 RC 1 2010-09-11 15:46:14 -07:00
Tom Eastep
aad7b70e18 Rename constant 2010-09-11 15:31:43 -07:00
Tom Eastep
c6c6503d83 Clean up a remaining issue with SAME 2010-09-11 15:24:01 -07:00
Tom Eastep
f004916055 Disallow a DEST interface in mangle OUTPUT rules 2010-09-11 14:10:05 -07:00
Tom Eastep
3ea7808b38 Disallow a DEST interface in mangle PREROUTING rules 2010-09-11 14:02:09 -07:00
Tom Eastep
e93a7fe9df Avoid recent problems by not padding $target in process_tc_rule() 2010-09-11 11:03:28 -07:00
Tom Eastep
d9ced1051a One more fix for SAME 2010-09-11 10:35:45 -07:00
Tom Eastep
367fc041b8 Correct handling of SAME -- Take 2 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-11 09:36:19 -07:00
Tom Eastep
dbc9f6ac8f Correct handling of SAME 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-11 08:56:22 -07:00
Tom Eastep
8dd42c9e19 Correct handling of dst/src list in ipset invocation 2010-09-11 07:41:01 -07:00
Tom Eastep
99f8f84024 Fix name of F chain in secmarks 2010-09-10 16:45:22 -07:00
Tom Eastep
69817007bf Some more fixes for blacklisting 2010-09-09 14:53:12 -07:00
Tom Eastep
50300a60b7 A number of corrections to split blacklisting. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-09 11:20:49 -07:00
Tom Eastep
64544f4ab5 Correct comparison in 'blacklist' handling 2010-09-09 10:22:48 -07:00
Tom Eastep
cd4b5d80ed Reduce patch footprint by two lines 2010-09-09 09:00:28 -07:00
Tom Eastep
df1e17eaa8 Re-enable 'blacklist' on bridge ports 2010-09-09 07:09:08 -07:00
Tom Eastep
50b4bd8dfe More Blacklist and Secmark documentation updates 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-06 17:26:49 -07:00
Tom Eastep
f3255cd83a Rework blacklisting 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-06 15:29:20 -07:00
Tom Eastep
c6f58ba924 Enhance SELinux support: 
- Add state match
- Add user/group match
- Add examples to the man pages
 2010-09-06 09:06:40 -07:00
Tom Eastep
33dc8de8fb Allow dash's in ipset names 2010-09-05 11:41:35 -07:00
Tom Eastep
23e94e136c Allow COMMENT, SAVE and RESTORE to work correctly in secmarks 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-05 08:17:58 -07:00
Tom Eastep
629290259d Allow secmarks without TC_ENABLED 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-05 07:49:03 -07:00
Tom Eastep
b139ff7e90 Update docs and implementation of SECMARK 2010-09-04 16:08:29 -07:00
Tom Eastep
28ff3548ff Bump version to 4.4.13-Beta4 2010-09-04 15:30:02 -07:00
Tom Eastep
15d8d6d8b7 Add SECMARK and CONNSECMARK support 2010-09-04 15:12:08 -07:00
Tom Eastep
6caff51c98 Modify a comment are delete a silly identity assignment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-01 11:24:19 -07:00
Tom Eastep
62fcf1ae8b Adjust version of Raw.pm 2010-08-31 16:52:48 -07:00
Tom Eastep
dfebe5a35e Correct error message 2010-08-31 16:33:15 -07:00
Tom Eastep
8f94137007 Fix last change 2010-08-30 16:47:45 -07:00
Tom Eastep
1da6d51d1a Reduce the Beta3 patch footprint by making the second arg to known_interface() optional 2010-08-30 16:43:30 -07:00
Tom Eastep
add76ed14e Bump version to 4.4.13 Beta 3 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-08-30 12:33:10 -07:00
Tom Eastep
7f0f4516d7 Rework handle_optional_interfaces() somewhat 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-08-30 12:29:39 -07:00
Tom Eastep
c18d206726 Use a function to generate the list of interfaces with an L3 address 2010-08-29 20:13:56 -07:00
Tom Eastep
57c54af6ed Re-implement optional interface handling 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-08-29 12:32:44 -07:00
Tom Eastep
d94f2cc86d Insure that the mapping to base names is deterministic 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-08-29 07:28:06 -07:00
Tom Eastep
be0231578f Insure uniqueness of chain_base mapping 2010-08-28 20:47:39 -07:00
Tom Eastep
95a09b996f Fix test for KLUDGEFREE 2010-08-28 20:47:15 -07:00
Tom Eastep
1531ad3bcd Re-implement interface->shell-variable mapping 2010-08-28 15:15:41 -07:00
Tom Eastep
3a36a9de4b Fix shell-variable creation 2010-08-28 14:48:47 -07:00
Tom Eastep
d8846b92d8 Fix optional 'upnpclient' interfaces - take 2 2010-08-28 14:46:29 -07:00
Tom Eastep
a440e7023e Fix optional 'upnpclient' interfaces 2010-08-28 14:18:48 -07:00
Tom Eastep
f45879c4f4 split_list1 removes () -- take 2 2010-08-28 13:40:44 -07:00
Tom Eastep
2a54e8cd24 split_list1 removes () 2010-08-28 13:37:19 -07:00
Tom Eastep
c2558af9c8 Document and correct implementation of EXCLUSION_MASK 
1. Require KLUDGEFREE if existing rule uses mark match
2. Pretty up the code
3. Use MASK_BITS rather than TC_BITS when calculating the offset of EXCLUSION_MASK

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-08-28 08:29:47 -07:00
Tom Eastep
c98cf8aea6 Re-implement exclusion in CONTINUE/NONAT/ACCEPT+ rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-08-27 10:09:42 -07:00
Tom Eastep
57bcfee559 Add 'Mark in any table' capability 2010-08-27 08:35:33 -07:00
Tom Eastep
a1cd2ba0f3 Bring 'multiple space before comment' fix forward to master 
Probably unneeded but better be safe

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-08-27 06:59:52 -07:00
Tom Eastep
12f48e1b97 Don't pass '-j' in target arg to expand_rule() 
- use the target to locate chain for reference tracking

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-08-26 10:37:07 -07:00
Tom Eastep
15fbbdaac7 Fix exclusion in blacklist 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-08-26 10:33:57 -07:00