Commit Graph

443 Commits

Author SHA1 Message Date
Tom Eastep
4eb9e5db3d Correct example in the docs and ensure that future idiots don't place 'default' in the PRIO column of tcclasses 2009-08-24 06:25:26 -07:00
Tom Eastep
679cff2779 Correct example in the docs and ensure that future idiots don't place 'default' in the PRIO column of tcclasses 2009-08-23 20:45:05 -07:00
Tom Eastep
e24dbb9aea Add 'clean' target to Makefiles 2009-08-23 10:43:01 -07:00
Tom Eastep
267bc808f5 Use 'set_command()' in the 'compile' case as well as the 'check' case 2009-08-22 09:39:15 -07:00
Tom Eastep
5ac331a5a0 Rename verbosity-oriented variables/functions 2009-08-22 07:57:55 -07:00
Tom Eastep
5dd41249c6 Remove trailing whitespace 2009-08-20 14:32:15 -07:00
Tom Eastep
8c16ac1d46 Update Module versions 2009-08-20 08:53:57 -07:00
Tom Eastep
ddf8bbe516 Remove some V4/V6 tests 2009-08-18 11:03:17 -07:00
Tom Eastep
1cf22ead7f Correct allip() return value 2009-08-18 07:35:17 -07:00
Tom Eastep
90b0bedc43 More performance tweaks 2009-08-17 16:29:18 -07:00
Tom Eastep
787a1867a0 Another tiny performance enhancement 2009-08-17 12:58:50 -07:00
Tom Eastep
e756689d0c Very minor performance tweak 2009-08-17 11:22:03 -07:00
Tom Eastep
89a6d7e5db Tweak initialization comments 2009-08-17 10:45:46 -07:00
Tom Eastep
d8cc9c5c92 Fix capabilities test for PERSISTENT_SNAT 2009-08-17 08:07:58 -07:00
Tom Eastep
0557148bec Avoid double globals initialization for IPv6 2009-08-16 09:24:51 -07:00
Tom Eastep
c908edab34 Add new capability for persistent SNAT 2009-08-15 08:35:54 -07:00
Tom Eastep
55f75604b3 Add support for 'persistent' 2009-08-15 08:15:38 -07:00
Tom Eastep
f042c641d6 Remove extraneous export 2009-08-15 07:01:06 -07:00
Tom Eastep
9b87812531 update version of Nat module 2009-08-14 15:03:59 -07:00
Tom Eastep
883f415e53 Start 4.4.1 2009-08-14 14:46:31 -07:00
Tom Eastep
2bac824207 Fix provider number in masq entry 2009-08-12 13:52:56 -07:00
Tom Eastep
5cb9ff0009 Fix 'upnpclient' on required interfaces 2009-08-11 08:31:58 -07:00
Tom Eastep
1a5027de9f Restore ipset binding capability 2009-08-08 08:26:22 -07:00
Tom Eastep
70f46c02cc Fix logging NAT rules 2009-08-05 12:48:14 -07:00
Tom Eastep
3efaef813f Update version to 4.4.0 2009-08-03 10:16:37 -07:00
Tom Eastep
489e09a4d7 Propagate super option to parents 2009-07-29 15:33:47 -07:00
Tom Eastep
4af6c7650e Correct handling of nested IPSEC zone 2009-07-29 14:35:27 -07:00
Tom Eastep
8d8920e7ad Disallow ipsec zones nested within an ip zone 2009-07-29 07:49:06 -07:00
Tom Eastep
19736bcdbd Update version to RC2 2009-07-28 13:45:26 -07:00
Tom Eastep
f2f8cab962 Make 'any' a reserved zone name 2009-07-26 12:29:37 -07:00
Tom Eastep
26cb2b1eeb Allow Shorewall6 to recognize TC, IP and IPSET 2009-07-26 12:26:49 -07:00
Tom Eastep
c028fefa30 Fix 'disable_ipv6 -- take 2 2009-07-24 17:27:42 -07:00
Tom Eastep
fde24c16df Fix 'disable_ipv6 2009-07-24 16:58:49 -07:00
Tom Eastep
c77f462d2d Delete prog.functions and prog.functions6 2009-07-24 14:51:24 -07:00
Tom Eastep
45fffc7261 Replace 'edit' by 'validate' in compiler parameter handling logic 2009-07-22 10:43:53 -07:00
Tom Eastep
264126e9f5 Fix syntax error in last change 2009-07-22 10:43:15 -07:00
Tom Eastep
7f790e3aa2 Don't call generate_matrix() during 'check' 2009-07-21 14:13:26 -07:00
Tom Eastep
0204ea46a6 Ensure that move_rules doesn't crash in NONAT case 2009-07-16 15:59:59 -07:00
Tom Eastep
55045ace4b Optimize nonat rules in certain cases 2009-07-16 11:05:37 -07:00
Tom Eastep
f16b2300b6 Remove references to Shorewall-shell, Shorewall-perl and prior Shorewall versions from the manpages 2009-07-15 17:50:55 -07:00
Tom Eastep
9c2966448e Fix NONAT of sub-zone 2009-07-15 15:59:53 -07:00
Tom Eastep
8e9bef0a61 Fix routing with no providers 2009-07-15 13:03:49 -07:00
Tom Eastep
3bd9d31c05 Correct NOROUTE logic when no providers 2009-07-15 12:32:26 -07:00
Tom Eastep
17f61ad1c6 Optimize creation of /etc/iproute2/rt_tables 2009-07-15 12:22:31 -07:00
Tom Eastep
8f57a5d7a2 Some minor tweaks to the Providers module 2009-07-14 16:12:59 -07:00
Tom Eastep
d64b526319 Come cleanup of the Chains module 2009-07-13 16:54:39 -07:00
Tom Eastep
887a643f9e Initiate RC1 2009-07-12 10:06:57 -07:00
Tom Eastep
75861185e0 Minor typo/cosmetic corrections 2009-07-12 09:26:25 -07:00
Tom Eastep
5bd3d710b7 Push version to Beta 4 2009-07-09 16:41:10 -07:00
Tom Eastep
bdd124b504 Derive IP6TABLES from IPTABLES 2009-07-09 10:29:56 -07:00
Tom Eastep
2142e92f8a Remove add_command and replace all calls with calls to add_commands 2009-07-06 18:38:39 -07:00
Tom Eastep
f88048ebe4 More revert conflicts 2009-07-06 18:23:23 -07:00
Tom Eastep
050375b211 Delete DISABLE_IPV6 option 2009-06-29 18:33:13 -07:00
Tom Eastep
9dbafc59d0 Fix 'findgw' 2009-06-29 08:14:53 -07:00
Tom Eastep
25c2403f48 Update version to Beta 3 2009-06-27 08:26:41 -07:00
Tom Eastep
b2b6633ced More on port list split/validation 2009-06-26 15:05:35 -07:00
Tom Eastep
cb681ab5ca Fix for source port counting 2009-06-26 10:31:43 -07:00
Tom Eastep
900cfa0def 1) Cosmetic change to compiler.pl
2) Make 'purge_jump' handle '-g <target>' correctly
3) Minor effeciency changes to Chains.pm
2009-06-26 09:46:15 -07:00
Tom Eastep
40bb8283d2 Verify the availability of the LOG target 2009-06-25 13:50:27 -07:00
Tom Eastep
6eb202666c Fix for mis-configured interfaces 2009-06-24 08:58:37 -07:00
Tom Eastep
bd55a545b5 Rename lib.user to lib.private 2009-06-20 09:35:08 -07:00
Tom Eastep
01d046fac9 Add lib.user extension script 2009-06-19 14:39:45 -07:00
Tom Eastep
117116eb4e Add USER/GROUP column to /etc/shorewall/masq 2009-06-19 08:00:26 -07:00
Tom Eastep
927aa5f0e8 Additional fix up of optional interface handling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2009-06-17 09:39:35 -07:00
Tom Eastep
b99444ab8b Make new optional interface code work with shared providers 2009-06-17 07:30:01 -07:00
Tom Eastep
3483e8052a Small optimization in lookup_provider() 2009-06-16 15:52:38 -07:00
Tom Eastep
64fd1167d1 replace a couple of instances of 'which' with 'mywhich'; relocate some global variable code 2009-06-16 15:39:04 -07:00
Tom Eastep
c00195e62a Replace '_IS_UP' with '_IS_USABLE' 2009-06-16 14:25:13 -07:00
Tom Eastep
2a7491ebf2 More work on optional interfaces 2009-06-16 14:03:15 -07:00
Tom Eastep
58b2488459 Clean up 'upnpclient' implementation 2009-06-16 09:43:22 -07:00
Tom Eastep
abe07c9fae Add 'upnpclient' interface option 2009-06-15 13:34:35 -07:00
Tom Eastep
b6410902a0 Relocate code that sets provider variables 2009-06-15 12:25:20 -07:00
Tom Eastep
8eb6ab7cc9 Set optional interface variables when there are no providers 2009-06-15 12:07:18 -07:00
Tom Eastep
c96db9a01c Set optional provider variables when NOROUTE is true 2009-06-15 11:35:46 -07:00
Tom Eastep
440cc08802 Fix ORIGINAL DEST issue 2009-06-15 08:45:34 -07:00
Tom Eastep
894d4e5aa5 Update version to Beta2 2009-06-15 06:50:21 -07:00
Tom Eastep
a6d2497653 Integerize r2q before using it in a 'qdisc add' command 2009-06-14 14:29:12 -07:00
Tom Eastep
7440cd7d21 Correct 'help' in compiler.pl 2009-06-14 13:39:42 -07:00
Tom Eastep
e2ae6453ac Replace 'Shorewall-perl' with 'Shorewall' 2009-06-13 07:07:55 -07:00
Tom Eastep
265e4fa546 First cut at 4.4 2009-06-12 15:51:43 -07:00
Tom Eastep
1025ca6002 Refine ee0667c9da slightly 2009-06-12 07:34:31 -07:00
Tom Eastep
ee0667c9da Fix mnemonic handling in tcfilters 2009-06-12 07:27:08 -07:00
Tom Eastep
a1330cbfdf Purely cosmetic change in the Actions module 2009-06-10 14:31:22 -07:00
Tom Eastep
91b0e5aaa1 Update version and release docs to start work on 4.3.13 2009-06-07 10:52:53 -07:00
Tom Eastep
cb77458070 Allow INITLOG to be set in /etc/default/shorewall[6]; fix syntax error in Zones module 2009-06-07 08:07:56 -07:00
Tom Eastep
be8b352ee7 Cleanup of STDERR redirection; Update module versions 2009-06-05 15:12:59 -07:00
Tom Eastep
69c78676ad Redirect STDERR to log 2009-06-05 13:49:23 -07:00
Tom Eastep
9ee0d05507 Update version to 4.3.12 2009-06-05 11:53:01 -07:00
Tom Eastep
c370dc650c Remove support for 'norfc1918' and it's associated settings in shorewall.conf 2009-06-05 10:51:30 -07:00
Tom Eastep
7621859e0f Fix 'findgw' 2009-06-04 13:03:56 -07:00
Tom Eastep
93b2227ce6 Add FAQ 36 re: BANDWIDTH_IN 2009-06-03 17:11:14 -07:00
Tom Eastep
7ecd3f0437 Correct previous commit 2009-05-29 07:21:51 -07:00
Tom Eastep
f2cb2cca9e Suppress duplicate progress messages 2009-05-29 07:03:24 -07:00
Tom Eastep
d33532d6cd Add TOS field to tcfilters 2009-05-28 16:41:14 -07:00
Tom Eastep
97fa7a0513 Add LENGTH column to tcfilters file 2009-05-28 14:29:33 -07:00
Tom Eastep
d35274d7d9 Minor cosmetic change to the source 2009-05-28 14:04:42 -07:00
Tom Eastep
7418e27308 Deimplement ipset binding support 2009-05-28 07:22:48 -07:00
Tom Eastep
d0d999488b Fix silly bug in capabilities detection 2009-05-28 06:42:47 -07:00
Tom Eastep
0bd3b0c0af Clarify requirement for RT parameters 2009-05-24 16:58:41 -07:00
Tom Eastep
a0071a21e8 Tweak and document HFSC implementation 2009-05-24 10:06:36 -07:00
Tom Eastep
d97a96b350 First implementation of HFSC queuing discipline 2009-05-23 17:07:57 -07:00
Tom Eastep
787caa7f32 First implementation of HFSC queuing discipline 2009-05-23 17:04:39 -07:00
Tom Eastep
4cf2c1b59f Avoid 'large quantum' warnings during start/restart 2009-05-23 09:04:06 -07:00
Tom Eastep
110b6a613d More code structure cleanup -- Providers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2009-05-22 13:55:39 -07:00
Tom Eastep
d6c8cd5d3e Warn if 'proxyarp' specified on a non-loose provider 2009-05-21 09:39:43 -07:00
Tom Eastep
ad6b47d3bf More code rationalization 2009-05-19 17:11:56 -07:00
Tom Eastep
f75f4158b3 Add 'findgw' user exit 2009-05-11 14:35:20 -07:00
Tom Eastep
3162eff925 Support version 3 of dhclient 2009-05-10 12:22:23 -07:00
Tom Eastep
e97f7a622c Update version to 4.3.11 2009-05-10 07:08:47 -07:00
Tom Eastep
e1771ebead Externalize the 'flow' classifier 2009-05-08 14:05:27 -07:00
Tom Eastep
8f1ea63711 Make traffic shaping work better with IPv6 2009-05-08 13:30:47 -07:00
Tom Eastep
0e94016462 Delete error message -- it's also occurring on 2.6.28 2009-05-08 13:19:48 -07:00
Tom Eastep
7766855e98 More comments about failing 'tc filter add' command 2009-05-08 08:12:54 -07:00
Tom Eastep
d66fc7a7e1 Add warning when successful tc command returns non-zero exit status 2009-05-07 07:19:25 -07:00
Tom Eastep
c9538bbdee Minor code cleanup in Tc 2009-05-06 13:40:18 -07:00
Tom Eastep
71480f38e2 Complete prior commit.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2009-05-06 09:49:06 -07:00
Tom Eastep
202d5f800e 1) Avoid multiple pri 65535 fw filters
2) Fix tcdevices > 9
3) Add some decimal/binary comments

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2009-05-06 09:47:13 -07:00
Tom Eastep
56016ca1bb Improve interface number assignment 2009-05-06 07:07:38 -07:00
Tom Eastep
83bef182b1 Update some module versions 2009-05-05 18:11:49 -07:00
Tom Eastep
2125f3140f Allow upper case A-F in Hex numbers 2009-05-05 16:23:37 -07:00
Tom Eastep
df42a82b01 Minor cosmetic improvements 2009-05-05 16:00:12 -07:00
Tom Eastep
404a7250b0 Some early code cleanup 2009-05-05 15:43:38 -07:00
Tom Eastep
5758ba3f69 Fix SCTP source port filtering 2009-05-05 14:13:05 -07:00
Tom Eastep
94a7df0cd5 Pass many fewer arguments while processing providers file and route_rules file 2009-05-05 11:38:45 -07:00
Tom Eastep
1b380fbbab Pass many fewer arguments while processing masq rules 2009-05-05 11:31:47 -07:00
Tom Eastep
e68b571abe Pass many fewer arguments while processing accounting rules 2009-05-05 11:25:56 -07:00
Tom Eastep
293987a383 Pass many fewer arguments while processing traffic shaping files 2009-05-05 11:23:01 -07:00
Tom Eastep
a23fc3c46c Pass many fewer arguments while processing a record in /etc/shorewall/rules 2009-05-05 11:14:53 -07:00
Tom Eastep
c05071afc4 Another class number decimal/hex fix 2009-05-05 08:24:02 -07:00
Tom Eastep
624c24f2c0 Sequentially assign class numbers when WIDE_TC_MARKS=Yes 2009-05-05 07:50:46 -07:00
Tom Eastep
8f6130cca4 Update to nested classes; document nested classes in the release docs 2009-05-04 16:03:14 -07:00
Tom Eastep
03cd8350dc Initial implementation of nested classes 2009-05-04 14:19:09 -07:00
Tom Eastep
d3cd3ea26c Remove obsolete test 2009-05-04 13:25:21 -07:00
Tom Eastep
2db6130c26 Disallow 'occurs' with 'classify'; allow '<devname>:<classnum>' in tcclasses 2009-05-04 09:48:22 -07:00
Tom Eastep
13d3f86e23 Correct clearing of marks in POSTROUTING so that IPMARK works in the FORWARD table 2009-05-04 08:54:20 -07:00
Tom Eastep
b02dc1692f Clean up latest occurs effort 2009-05-03 17:05:02 -07:00
Tom Eastep
f533468da0 Resolve merge conflicts 2009-05-03 09:56:13 -07:00
Tom Eastep
79adcb964f Cosmetic improvements in tcclasses processing 2009-05-03 09:03:00 -07:00
Tom Eastep
90b07d849d Fix compile for export 2009-05-03 09:01:33 -07:00
Tom Eastep
16826aeb31 Remove IPMARK support 2009-05-03 08:38:27 -07:00
Tom Eastep
626b60ff0e Add error check 2009-05-02 17:28:50 -07:00
Tom Eastep
5e4196dafb Fix occurs suffix handling 2009-05-02 16:19:50 -07:00
Tom Eastep
4a9a8534e3 Finish fast per-IP classifier 2009-05-02 16:01:48 -07:00
Tom Eastep
3e0a55f072 Fix 'all' in the SOURCE of DNAT- rules 2009-05-02 13:23:29 -07:00
Tom Eastep
2aecb9ac12 More tcfilter readability improvements 2009-05-02 10:47:23 -07:00
Tom Eastep
8216a4e721 Simplify tcfilter generation -- take 2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2009-05-02 09:46:54 -07:00
Tom Eastep
ababc533f1 Revert "Vastly simplify generation of tc filters"
This reverts commit 22da513b3a.
2009-05-02 09:33:21 -07:00
Tom Eastep
22da513b3a Vastly simplify generation of tc filters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2009-05-02 09:25:27 -07:00
Tom Eastep
c1cf1695c0 Deprecate interface names in the SOURCE column of /etc/shorewall/masq 2009-04-29 15:13:22 -07:00
Tom Eastep
7cf5c32358 Treat Class IDs as hex rather than as decimal numbers 2009-04-23 12:43:57 -07:00
Tom Eastep
7cd9a2a983 Replace 'pref' by 'prio' in 'tc xxx add' commands 2009-04-21 16:44:41 -07:00
Tom Eastep
b6090948dd Allow compile to STDOUT 2009-04-21 09:41:23 -07:00
Tom Eastep
e465fea86a Better fix for '-0x...' handling 2009-04-21 07:08:47 -07:00
Tom Eastep
846af27ebf Fix Steven's other nit regarding -0x... 2009-04-20 20:39:38 -07:00
Tom Eastep
82bf6eb3f5 Revise WIDE_TC_MARKS classid generation 2009-04-20 17:54:33 -07:00
Tom Eastep
dcee6562a2 Fix another bug reported by Steven Springl 2009-04-20 16:35:48 -07:00
Tom Eastep
34791612b5 Implement WIDE_TC_MARKS. Fix problems reported by Steven Springl. 2009-04-20 13:26:47 -07:00
Tom Eastep
58fa0fe114 Clean up of shared optional provider fix 2009-04-20 10:28:18 -07:00
Tom Eastep
ec04636c86 Correct handling of optional shared providers 2009-04-20 08:30:15 -07:00
Tom Eastep
aa4afa6b66 Prepare 4.3.10 2009-04-19 17:37:36 -07:00
teastep
8d450e673c Change classid generation algorithm
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9939 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-19 19:56:04 +00:00
teastep
0bb8fffcd9 Add support for IPMARK -- Phase II
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9937 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-19 16:47:40 +00:00
teastep
32a1ac87f5 Add IPMARK target support -- first phase
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9936 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-19 15:46:57 +00:00
teastep
3cb7186e90 Modify regression test to ensure that modification timestamp of the output file changes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9935 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-19 14:19:40 +00:00
teastep
322a5de871 Recommit lost commit
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9934 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-18 18:48:28 +00:00
teastep
834064f3af Cosmetic improvement to generated script
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9933 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-18 16:32:45 +00:00
teastep
985c551d26 Add IP, TC and IPSET configuration options
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9932 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-18 16:28:25 +00:00
teastep
b8988a2171 Handle empty setup_common()
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9930 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-18 16:20:06 +00:00
teastep
0cc60ea021 Avoid 'Invalid BROADCAST address' errors
Signed-off-by: Tom Eastep <teastep@shorewall.net>


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9919 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-17 22:57:59 +00:00
teastep
fd7108784f Allow Shorewall6 on kernel 4.2.24
Signed-off-by: Tom Eastep <teastep@shorewall.net>


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9908 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-17 16:04:54 +00:00
teastep
ade958dd51 Add undocumented LOGMARK log level
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9851 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-12 15:22:19 +00:00
teastep
347090da6e Correct netmask generation in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9850 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-12 15:22:00 +00:00
teastep
97e61965c0 Fix another inversion case
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9846 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-11 21:48:34 +00:00
teastep
de037034a5 Bump version to 4.3.9
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9845 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-11 15:31:25 +00:00
teastep
9bfc7b6d99 Tiny optimization.
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9844 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-11 15:28:50 +00:00
teastep
c39fcc4db7 Optimization of log rule code
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9843 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-10 20:36:22 +00:00
teastep
b734d3af31 Fix subtle bug introduced in last commit
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9842 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-10 20:36:09 +00:00
teastep
20cfd0033c Fix a 4.3 bug in expand_rule().
Don't repeat matches on target rule when log chain is used.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9841 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-10 19:47:39 +00:00
teastep
28e84a6aba Break up long port lists in jump to logging chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9840 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-10 16:31:04 +00:00
teastep
e0040f4011 Small optimizations in expand_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9837 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-10 16:16:25 +00:00
teastep
ff014f328b Correct usage text
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9836 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-10 16:15:36 +00:00
teastep
8278203e03 Remove one argument from expand_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9835 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-09 22:21:48 +00:00
teastep
f20013898e Don't use -g when the target might not be terminating
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9834 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-09 20:18:11 +00:00
teastep
ae169f00a7 Implement rules that also log as a separate chain. Preserve original target in logging rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9833 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-09 18:45:21 +00:00
teastep
7d2b410904 Correct rule generation when an interface is specified as the destination of a PREROUTING rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9831 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-08 03:37:15 +00:00
teastep
28b6fd8033 Simplify hashlimit match code
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9830 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-07 18:15:51 +00:00
teastep
36e0c85f5f Require the Hashlimit Match capability for per-IP rate limiting
Use the current key words in the generated hashlimit match

Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9828 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-07 17:36:23 +00:00
teastep
c545e65cea First part of 'hashlimit' implemenation
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9826 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-07 03:23:01 +00:00
teastep
b1e9453c62 The other half of the re-implementation of 'enable/disable_object'
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9825 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-07 03:22:49 +00:00
teastep
0744df13d6 Reimplement object_enable/disable
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9824 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-07 03:22:30 +00:00
teastep
b6053d8577 Fix second bug regarding ADD_IP_ALIASES=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9823 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-07 03:22:16 +00:00
teastep
844bb448c7 Fix inversion rules (omitted hunk)
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9797 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-04 15:09:17 +00:00
teastep
e2c5ad441a Generate inversion that satisfies iptables 1.4.3.
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9796 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-04 15:09:04 +00:00
teastep
77bbd88ab4 Cosmetic improvement in generated code for arp and route filtering.
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9787 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-03 14:36:16 +00:00
teastep
54620a962e Small optimization in "logmartians" fix. Update manpage to reflect new implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9786 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-03 14:31:21 +00:00
teastep
8a9af0acf5 Fix LOG_MARTIANS=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9784 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-02 16:33:56 +00:00
teastep
29c8098d37 Cosmetic improvement in generated script.
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9780 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-01 19:53:38 +00:00
teastep
ef50c0be25 More removal of SAME target
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9775 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-01 01:31:16 +00:00
teastep
dbf23f64e2 Removal of SAME support
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9774 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-01 01:31:04 +00:00
teastep
35790476a3 Fix bug in Shorewall::Rules::process_rule1()
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9773 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-01 00:04:04 +00:00
teastep
d3a54e626c De-implement $Shorewall::Config::object_enabled and associated methods
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9772 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-04-01 00:03:51 +00:00
teastep
d00f52f933 Fix run-time error in Shorewall::process_rules1()
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9771 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-31 22:42:49 +00:00
teastep
39131f3809 Some optimizations in Shorewall::Rules::compile_stop_firewall()
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9770 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-31 22:42:37 +00:00
teastep
6c205d922a Add AUTOMAKE option
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9767 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-31 17:31:23 +00:00
teastep
22526979db Make generation of 'stop' ruleset activation more foolproof.
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9764 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-30 19:58:26 +00:00
teastep
b215f91d4a Pass input directly to iptables[6]-restore during stop
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9763 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-30 18:33:30 +00:00
teastep
715554e579 Cleanup of iptables-restore/stop code. Don't purge ipsets on stop.
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9762 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-30 18:00:23 +00:00
teastep
cddd1b1ae9 Use iptables[6]-restore to instantiate the 'stopped' ruleset
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9761 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-30 00:49:00 +00:00
teastep
7210e8c15e Move generation of stop_firewall() to the end of the compilation sequence
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9760 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-29 17:52:24 +00:00
teastep
adb9830e9e Move 'compile_stop_firewall' to Shorewall::Rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9743 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-28 19:22:15 +00:00
teastep
d9622dabfe Centralize iptables knowledge in the Chains module -- first phase
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9742 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-28 19:21:36 +00:00
teastep
b663644d0d Ignore leading white space on certain continuation lines
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9740 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-27 16:55:51 +00:00
teastep
d67c94de9c Move extension script handling to generate_script_1()
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9739 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-26 18:18:09 +00:00
teastep
9328f0fc4c Detect dhclient dynamic gateway
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9734 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-24 20:58:04 +00:00
teastep
6013e8b53d Improve error message for startup errors. Document in release documents.
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9730 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-23 22:51:05 +00:00
teastep
1545d62ba9 Update version by hand
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9729 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-23 22:50:04 +00:00
teastep
1ff093b1c0 Minor tweak to Shorewall::Zones
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9724 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-21 22:46:16 +00:00
teastep
bb8e562d18 Detect IP configuration early in start/restart so that stopping the fireawall isn't necessary in the case of failure.
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9722 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-21 16:45:27 +00:00
teastep
6dac69554f Apply Tuomo Soini's patch for USE_DEFAULT_RT
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9704 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-19 14:04:57 +00:00
teastep
2734d2b8cb Change 'flow' filter rule (which still doesn't work :-()
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9702 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-18 21:33:28 +00:00
teastep
08cd0684ec Use new syntax in standard actions. Add additional comments in Shorewall::Config
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9695 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-16 16:37:21 +00:00
teastep
fc3a2fc386 Add explanation of maximum zone length
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9690 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-15 15:54:29 +00:00
teastep
229e573c3c Make zone type numeric for faster comparison
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9684 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-13 22:59:49 +00:00
teastep
e75789d894 A few minor changes in Shorewall::Chains.
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9682 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-11 01:16:45 +00:00
teastep
77444634e1 Correct fatal error message generated by assert()
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9675 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-09 21:45:30 +00:00
teastep
ce5efc5dfa Add a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9674 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-09 21:45:18 +00:00
teastep
5a6d66f263 Replace discrete tests with calls to fatal_error() with calls to assert();
second batch

Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9673 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-09 20:57:18 +00:00
teastep
b987ea4940 Replace discrete tests with fatal_error() calls with assert() calls.
Signed-off-by: Tom Eastep <teastep@shorewall.net>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9672 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-09 20:56:53 +00:00
teastep
70570c4a18 Change policy->{is_optional} to policy->{provisional}
Signed-off-by: Tom Eastep <teastep@ursa.(none)>

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9668 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-09 16:28:29 +00:00
teastep
faa8a9ec2d Cosmetic changes to four Perl Modules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9626 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-08 16:51:22 +00:00
teastep
dcee4a3d08 Commit updates from Git
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9625 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-08 01:40:35 +00:00
teastep
94bd270bcd Delete 'routefilter' from valid hosts file options
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9623 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-07 23:30:19 +00:00
teastep
ec52331dfc More port OPTIONS changes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9622 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-07 20:22:20 +00:00
teastep
3d92f7a016 More tweaks to ipset management
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9615 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-07 00:39:04 +00:00
teastep
a7126b6b4c First working dynamic zone implementation
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9612 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-06 17:00:38 +00:00
teastep
f788e4ecb3 Reincarnation of Dynamic Zones -- Phase II
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9611 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-06 04:08:07 +00:00
teastep
3795f02f70 Reincarnation of Dynamic Zones -- Phase I
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9610 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-06 00:14:42 +00:00
teastep
be8e9990bd Back out silly part of last change
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9608 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-05 20:27:22 +00:00
teastep
410e551a69 Re-enable list-valued return from validate_4address()
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9606 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-05 19:56:24 +00:00
teastep
062c7ec822 Change 'Provides' for Shorewall6-lite
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9605 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-05 16:18:58 +00:00
teastep
14673e4ab5 Detect bogus DNAT- rule
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9600 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-05 04:03:05 +00:00
teastep
661029a38e Cosmetic Change
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9599 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-05 04:02:03 +00:00
teastep
36b87dff49 Put all Perl components in a common directory -- Phase I
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9595 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2009-03-04 22:41:56 +00:00