Commit Graph

742 Commits

Author SHA1 Message Date
Tom Eastep
8e5bd3637d Implement stoppedrules file (less manpages)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 08:44:03 -07:00
Tom Eastep
34ee00a986 Document the <directory> argument to the 'try' command.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 10:53:35 -07:00
Tom Eastep
303dc65d13 Merge branch '4.5.7' 2012-08-28 11:46:04 -07:00
Tom Eastep
d838cf41bf Allow TTL and HL in the PREROUTING chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-28 11:45:32 -07:00
Togan Muftuoglu
1a324fa37f Suse specific patches
Hi Tom,

I have been patching shorewall packages for the opensuse releases, but I
guess it is better to send them to you . the upstream so it gets
incorporated into shorewall itself and I do not have to patch it ;)

I believe I have incorparted most of my patches in to this one. If you
can review them and if appropriate apply them that would be great

Thanks

Togan

>From 6072c08de753e7d1cc31bb758295dee198197e41 Mon Sep 17 00:00:00 2001
From: Togan Muftuoglu <toganm@opensuse.org>
Date: Fri, 24 Aug 2012 13:17:12 +0200
Subject: [PATCH] suse-specific

Signed-off-by: Togan Muftuoglu <toganm@opensuse.org>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-25 08:45:57 -07:00
Tom Eastep
b45d15eec6 Revert "Apply Togan Muftuoglu's SuSE-specific init patches"
This reverts commit 2412998b57.
2012-08-25 08:45:18 -07:00
Togan Muftuoglu
906795a4d7 Suse specific patches
Hi Tom,

I have been patching shorewall packages for the opensuse releases, but I
guess it is better to send them to you . the upstream so it gets
incorporated into shorewall itself and I do not have to patch it ;)

I believe I have incorparted most of my patches in to this one. If you
can review them and if appropriate apply them that would be great

Thanks

Togan

>From 6072c08de753e7d1cc31bb758295dee198197e41 Mon Sep 17 00:00:00 2001
From: Togan Muftuoglu <toganm@opensuse.org>
Date: Fri, 24 Aug 2012 13:17:12 +0200
Subject: [PATCH] suse-specific

Signed-off-by: Togan Muftuoglu <toganm@opensuse.org>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-25 08:41:28 -07:00
Tom Eastep
519e799ef1 Unify the mode of init files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-24 06:59:11 -07:00
Tom Eastep
2412998b57 Apply Togan Muftuoglu's SuSE-specific init patches
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-24 06:32:30 -07:00
Tom Eastep
64edd30a76 Correct link in shorewall[6].conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-21 07:54:51 -07:00
Tom Eastep
99efb518bd Add the HELPER column to the rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-18 12:05:42 -07:00
Tom Eastep
1f59e4f449 Update case in conditionals.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-14 11:42:46 -07:00
Tom Eastep
fdc45a990d Arrange for HELPER to match in the RELATED section.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-13 15:44:19 -07:00
Tom Eastep
44a550870c Add HELPER action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-13 13:23:38 -07:00
Tom Eastep
f1fbb95d48 Update documentation for content merged from the 4.5.8 (master) path
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-13 08:16:36 -07:00
Tom Eastep
50bd1d6398 Add AUTOHELPER option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-12 07:25:11 -07:00
Tom Eastep
e00616a1fe Don't release blacklist files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-07 07:56:16 -07:00
Tom Eastep
56caf3687f Factor out the ?IF __CT_TARGET tests in the conntrack files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-06 09:26:14 -07:00
Tom Eastep
b4c812b676 Correct helper parsing in the Raw module.
- Require (...) around multiple ctevents
- Detect invalid options

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-05 08:09:17 -07:00
Tom Eastep
093985dd93 Use HELPERS to enable/disable helper association.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-03 19:26:02 -07:00
Tom Eastep
72307df6d2 Replace the AUTOHELPERS option with the HELPERS option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-03 10:53:20 -07:00
Tom Eastep
7689b1e84b Remove the 'zone' helper option for now.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-03 06:39:58 -07:00
Tom Eastep
21770a89d6 Detect which matches are available.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 15:38:23 -07:00
Tom Eastep
223ed5b3a3 More additions to the helper table and to the conntrack files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 13:25:44 -07:00
Tom Eastep
2ae59bb3cd Add COMMENT directives to conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:58:00 -07:00
Tom Eastep
07e56d129a Add AUTOHELPERS option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:09:18 -07:00
Tom Eastep
62d6d2558e Rename AUTO_COMMENT to AUTOCOMMENT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:06:41 -07:00
Tom Eastep
833e54c9c3 Rename the notrack file to conntrack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:02:17 -07:00
Tom Eastep
ac6e67e371 Correct typo in rules manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-30 07:23:40 -07:00
Tom Eastep
735b7c2cf5 Add support for nfacct
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-28 11:21:16 -07:00
Tom Eastep
c0e4d4093c Clarify TOS value
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-16 15:53:22 -07:00
Tom Eastep
1db79a91eb 'rpfilter' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-15 10:05:32 -07:00
Tom Eastep
41c7c8f923 Make the Invalid Drop rules uniform across sample files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-27 15:16:16 -07:00
Tom Eastep
17d22fb5b8 Prevent multiple 'tproxy' providers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-23 17:26:18 -07:00
Tom Eastep
b9d59bc60c Document that 'classify' with marks is now allowed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-22 10:17:26 -07:00
Tom Eastep
1b7601cb19 Update all samples to specify OPTIMIZE=31
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-21 11:48:48 -07:00
Tom Eastep
7b6f329830 Document UID/GID ranges
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-19 14:05:38 -07:00
Tom Eastep
4a55705b9a Update tcclasses manpages titles to include HFSC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-18 07:54:25 -07:00
Tom Eastep
0a928cb034 Add tc-red(8) as reference to the tcclasses manpages. 2012-06-17 10:03:19 -07:00
Tom Eastep
2807502836 More tcclasses manpage cleanup.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-16 06:50:23 -07:00
Tom Eastep
780e7014d4 Cleanup of tcclasses manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-15 10:34:09 -07:00
Tom Eastep
9159372897 Fix a typo in the tcfilters manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-14 13:08:37 -07:00
Tom Eastep
6c47349689 Support 'red' queuing discipline
- Also added 'ls' support for HFSC

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-13 14:29:13 -07:00
Tom Eastep
cbba5741ce Correct typos in tcdevices manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-12 09:40:15 -07:00
Tom Eastep
844f6c63e4 Add support for TC size tables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-11 15:45:47 -07:00
Tom Eastep
8a9427ebff Merge branch '4.5.4' 2012-06-07 14:12:48 -07:00
Tom Eastep
38adf3d186 Set 'sourceroute=0' on all sample net interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-06 14:30:00 -07:00
Tom Eastep
ee467a4877 Allow embedded shell/Perl directives to have leading '?'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-05 07:32:43 -07:00
Tom Eastep
170875c7dd Convert the 'ignore' interface to be multi-valued
-Allows 'ignore=1' to only exempt interface from updown processing

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-05 07:23:23 -07:00
Tom Eastep
69badac72f Merge branch '4.5.4'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-30 14:43:05 -07:00
Tom Eastep
de184b32bc Fix sectioned IPSEC accounting.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-30 14:37:29 -07:00
Tom Eastep
ea173ab628 Correct IPSEC accounting manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-30 14:09:41 -07:00
Tom Eastep
5211b32aa6 Remove quotes from GEOIPDIR setting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-25 07:09:07 -07:00
Tom Eastep
5b891f1072 Remove quotes from GEOIPDIR setting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-25 07:05:38 -07:00
Tom Eastep
fc97f6d00e Implement LOG target option control.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-24 13:54:59 -07:00
Tom Eastep
92ce190bf0 Remove Geoip from Shorewall6/actions.std.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-21 12:31:01 -07:00
Tom Eastep
ab2376d61d Document 15-cc limit.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-21 07:03:53 -07:00
Tom Eastep
d8ec051114 Load the geoip cc's dynamically.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 08:59:59 -07:00
Tom Eastep
f0a3e1652a Bracket non-trivial cc lists with [...]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 09:39:49 -07:00
Tom Eastep
f15e6d3995 Additional optimization in level 4.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-18 16:50:08 -07:00
Tom Eastep
55c88e8e81 Replace curly brace enclosure with a preceding caret to avoid ambiguity.
- {...} is used to enclose a set of column/value pairs and it is certain
  that the two will become confused.
2012-05-17 15:26:16 -07:00
Tom Eastep
3436fbd6ad Don't use ?INCLUDE in modules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-17 10:45:12 -07:00
Tom Eastep
d220d3d9d5 Abandon action.GeoIP in favor of extended syntax in the SOURCE and DEST columns.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-17 10:44:02 -07:00
Tom Eastep
17e25932f0 Fixes for GeoIP
- Correct check for valid ACTION
- Add to Shorewall6/actions.std
- Only use geoip once per invocation

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-15 11:14:28 -07:00
Tom Eastep
3d541f50c8 Use "(S)" consistently in column headings.
- add synonyms so both the singular and plural forms are accepted.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 12:42:04 -07:00
Tom Eastep
9e743451f6 Add FORMAT 2 to tcrules files. Initialize $format in Tc.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 07:08:06 -07:00
Tom Eastep
cb7fc31f0b Restore 4.5.3 compatibility
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-10 14:23:33 -07:00
Tom Eastep
69d735ea0a Make TPROXY actually work!
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-10 11:19:23 -07:00
Tom Eastep
605ef6ef86 Tweak to DIVERT plus correct TPROXY in man pages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-09 13:10:51 -07:00
Tom Eastep
582d025f58 Add DIVERT action to tcrules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-09 09:41:58 -07:00
Tom Eastep
cd35b6a13f Modify macro.BLACKLIST to use blacklog when appropriate
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-05 08:56:55 -07:00
Tom Eastep
097ab853db Apply Tuomo Soini's tunnels patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-04 06:18:22 -07:00
Tom Eastep
bd30d59f3d Fix annotated interfaces files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-03 14:09:49 -07:00
Tom Eastep
e4c4900b32 Add recent changes to a couple of config files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-03 12:32:47 -07:00
Tom Eastep
4d23ec2c48 Belatedly document FORMAT-2 interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-03 10:07:36 -07:00
Tom Eastep
15aa1dae62 Enhancements to the 'refresh' command.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-02 13:48:18 -07:00
Tom Eastep
2dd82a9898 Update Multi-ISP documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-01 10:28:12 -07:00
Tom Eastep
dc63efdbfd Use ?INCLUDE in modules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-25 07:33:40 -07:00
Tom Eastep
d904a2de86 Search and destroy trailing whitespace
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-24 14:52:57 -07:00
Tom Eastep
0f53c3cc7d Convert all interfaces files to format-2 only
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-24 10:53:09 -07:00
Tom Eastep
f40144f6af Corret tcrules manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-21 09:53:00 -07:00
Tom Eastep
34f5838365 Allow multiple GATEWAYS to be listed in the tunnels file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-18 09:28:37 -07:00
Tom Eastep
52ebca3fe1 Merge branch '4.5.2'
Conflicts:
	Shorewall-core/lib.cli
	Shorewall/Perl/Shorewall/Config.pm

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-16 13:47:05 -07:00
Tom Eastep
5a350d1899 More variable synchronization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-16 11:40:49 -07:00
Tom Eastep
805166a354 Ressurect LOCKFILE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-16 07:21:06 -07:00
Tom Eastep
eb7a21030d Correct Makefiles
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-14 12:03:51 -07:00
Tom Eastep
a32ce5c34a Correct Makefiles
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-14 12:01:37 -07:00
Tom Eastep
59d1a57f06 Add the -T option to the load, reload, restart and start commands.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-11 14:28:44 -07:00
Tom Eastep
74fdd97b14 Warn about not using sections in the accounting file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-09 16:47:56 -07:00
Tom Eastep
a2abad3f68 Modify getparams to use the installed shorewallrc file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-07 09:07:07 -07:00
Tom Eastep
41266627cd Fix secondary CLIs
- construct the correct pathname for lib.cli
2012-04-03 08:09:18 -07:00
Tom Eastep
abd864eecb Update copyrights in init scripts that have them
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-03 07:52:39 -07:00
Tom Eastep
fb428bf564 Don't modify CONFDIR and SHAREDIR in the shell code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-02 12:39:49 -07:00
Tom Eastep
a11e2dd452 Correct uninstall scripts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-02 06:48:23 -07:00
Tom Eastep
bb6e17fd3e Many changes involved in getting a relocated installations to work
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-01 10:47:24 -07:00
Tom Eastep
e48e13012c Fix up lib.base during installation
- Shorewall-core installer creates all necessary directories.
2012-04-01 08:16:07 -07:00
Tom Eastep
fead683f18 Modify init scripts if ${SHAREDIR} is non-standard
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-30 16:21:37 -07:00
Tom Eastep
0d19c99699 Correct default setting of CONFDIR when .shorewallrc is not found
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-28 06:28:53 -07:00
Tom Eastep
b31f656d63 Update uninstall scripts for multiple .shorewallrc locations.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-26 16:19:40 -07:00
Tom Eastep
fd82877312 Another fix for init.sh
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-26 07:49:49 -07:00