Commit Graph

7414 Commits

Author SHA1 Message Date
Tom Eastep
55cf06d0a8
Correct all+ handling in the policy file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-15 10:09:53 -07:00
Tom Eastep
158f6305b1
Correct install fix
- Also remove extra logic from action.Broadcast

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-14 14:39:25 -07:00
Tom Eastep
6407520a35
Add warning messages to the deprecated actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-14 14:32:28 -07:00
Tom Eastep
54336eaa80
Delete IPv6 actions that are now handled by their IPv4 counterparts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-14 14:24:17 -07:00
Tom Eastep
5b85627fb8
Merge branch '5.1.3'
Conflicts:
	Shorewall/Perl/Shorewall/Config.pm
	Shorewall6/Actions/action.Multicast
2017-03-14 14:16:47 -07:00
Tom Eastep
a00d7217e3
Correct last commit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-14 13:58:59 -07:00
Tom Eastep
54ef4e4ced
Delete deprecated actions during install
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-14 13:46:24 -07:00
Tom Eastep
a447d726fa
Revert change which screwed up ?begin perl ... ?end perl line numbering
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-14 12:44:33 -07:00
Tom Eastep
fe29adbd66
Correct use of $family in combined actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-13 16:52:16 -07:00
Tom Eastep
4dc6be6b3b
Deprecate A_AllowICMPs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-13 15:09:07 -07:00
Tom Eastep
6ebc8f4266
Merge branch '5.1.3' 2017-03-13 14:55:23 -07:00
Tom Eastep
c5c4211081
Unify actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-13 14:54:25 -07:00
Tom Eastep
4010f9bce4
Add multicast to the Deprecated A_Drop and A_Reject actions
- Move A_Drop to deprecated/ directory

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-13 14:18:23 -07:00
Tom Eastep
02bb717d7d
Quote SMURF_LOG_LEVEL setting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-13 11:21:13 -07:00
Tom Eastep
046998ed84
Tabification of new actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-13 11:19:35 -07:00
Tom Eastep
24a014655b
Quote all _DEFAULT settings in the sample .conf files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-13 11:00:29 -07:00
Tom Eastep
0b8945da8e
Correctly handle expansion of option names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-13 10:20:15 -07:00
Tom Eastep
da363880a9
Always quote the LEVEL and DEFAULT settings when updating
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-13 09:51:58 -07:00
Tom Eastep
037fe490f3
Process config options in file order during update.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-12 17:09:41 -07:00
Tom Eastep
b13014c9ab
Expand variables in .conf except when upgrading
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-11 11:21:07 -08:00
Tom Eastep
76aef6cb04
Correct generation of '! --syn'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-11 08:43:04 -08:00
Tom Eastep
4c72b3ee58
Make sure that $LOG_LEVEL is defined
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-10 11:06:23 -08:00
Tom Eastep
d9071c5308
Correct $LOG_LEVEL expansion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-10 10:24:24 -08:00
Tom Eastep
3d8d5aa469
quote $LOG_LEVEL in shorewall[6].conf files
- Delete AllowICMPs from IPv4 policy action settings

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-08 14:16:24 -08:00
Tom Eastep
49811d24fa
Correct convertion of tcrules->mangle when a writable mangle exists
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-07 15:21:45 -08:00
Tom Eastep
fe4aaee1b4
Fix typos in action.dropNotSyn
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-07 14:37:08 -08:00
Tom Eastep
0ec7bc846e
Correct logging in inline policy actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-07 13:58:14 -08:00
Tom Eastep
dbcd4d9d16
Correct typo in action.AllowICMPs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-07 13:57:05 -08:00
Tom Eastep
5a996cbda7
Change AllowICMPs to an inline action
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/actions.std
2017-03-07 13:56:44 -08:00
Tom Eastep
6019adaae5
Change macro.ICMPs to an inline action
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/actions.std
2017-03-07 13:54:52 -08:00
Tom Eastep
4f869c3506
More manpage updates for tcp:!syn
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-07 11:13:58 -08:00
Tom Eastep
e3c2874b21
Modify dropNotSyn to use {proto=6:!syn}
- also make the same change in the rejNotSyn audited case
2017-03-07 11:00:39 -08:00
Tom Eastep
e8a0142480
Document tcp:!syn support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-07 10:48:24 -08:00
Tom Eastep
a4768776f7
Modify rejNotSyn to use new/corrected features
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-07 10:34:15 -08:00
Tom Eastep
8e000b158e
Correct the handling of tcp-reset
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-07 10:33:51 -08:00
Tom Eastep
f1d1ab6411
Implement tcp:!syn in PROTO column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-07 10:33:20 -08:00
Tom Eastep
cd103bb715
Correct rejNotSyn
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-06 16:01:31 -08:00
Tom Eastep
5f1370f1b4
Clear the firewall on Debian systemd 'stop' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-06 11:22:55 -08:00
Tom Eastep
dc53fa2665
Correct file/line from ?error
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-06 11:02:06 -08:00
Tom Eastep
71d9a03697
Update shorewall[6]-rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-05 14:29:57 -08:00
Tom Eastep
137d4bcc90
Alter logging behavior of Limit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-05 13:03:57 -08:00
Tom Eastep
356d3fa2dd
Correct new directives with respect to omitting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-05 12:09:54 -08:00
Tom Eastep
80d93235b5
Eliminate builtin actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-05 12:09:33 -08:00
Tom Eastep
c1e7fce1c5
Report the file/line where action invoked
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-05 09:29:00 -08:00
Tom Eastep
63ec936f21
Remove determinism sorts 2017-03-04 19:05:33 -08:00
Tom Eastep
dabe0bd205
Set PERL_HASH_SEED to make compilation deterministic.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-04 18:48:48 -08:00
Tom Eastep
63cf7dd699
Revert "Move $test to the config module."
This reverts commit 876d76b294.
2017-03-04 18:45:40 -08:00
Matt Darfeuille
0b3a32b365
Change the preferred way to remove sysvinit script
- Correct typo in command
 - Correct spacing

Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-04 09:03:59 -08:00
Tom Eastep
a7d45e9566
Restore logging to the BLACKLIST action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-03 10:14:30 -08:00
Tom Eastep
876d76b294
Move $test to the config module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-02 11:42:07 -08:00