extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 20:24:09 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,340 Commits 104 Branches 736 Tags 55 MiB
578fc6c521
Commit Graph

953 Commits

Author SHA1 Message Date
Tom Eastep
578fc6c521 Correct Chains::promote_blacklist_rules() 
- Interate through chains that jump to 'blacklst' until no rule is promoted
  This is required to promote jumps past exclusion chains
- Correct reference counting; the first cut was horribly wrong

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-18 08:36:35 -07:00
Tom Eastep
fd6ff1849a Promote 'in' blacklist rules to the head of the interface chain 
- Added Chains::promote_blacklist_rules()
- Called the function from Rules::generate_matrix()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-18 07:37:42 -07:00
Tom Eastep
580c561a51 Clear raw table on 'clear' 2010-09-17 17:12:34 -07:00
Tom Eastep
a42576aef8 Fix blacklisting vs vservers 2010-09-17 16:38:34 -07:00
Tom Eastep
79bb47582a Zero out {frozen} in a deleted chain entry 2010-09-17 16:00:36 -07:00
Tom Eastep
596d207dfc Simplify a test 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-17 15:43:56 -07:00
Tom Eastep
8cdbe5f88d Fix an optimization bug with the new blacklisting code 2010-09-17 15:43:47 -07:00
Tom Eastep
402b3b929e Restore trace output in move_rules() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-17 15:43:03 -07:00
Tom Eastep
3d0f8e962e Simplify move_rules() 2010-09-17 13:49:32 -07:00
Tom Eastep
ab78aac3a4 Disallow mss and blacklist on firewall and vserver zones 2010-09-17 12:46:38 -07:00
Tom Eastep
330afe1701 Emit clearer error messages 2010-09-17 12:35:34 -07:00
Tom Eastep
239b4a2356 Be sure that {frozen} is defined 2010-09-17 12:08:48 -07:00
Tom Eastep
07930fc535 Revert versions on Rules and Zones modules 2010-09-17 11:06:32 -07:00
Tom Eastep
5357f4c347 Eliminate a parameter to add_jump() 2010-09-17 11:05:35 -07:00
Tom Eastep
af24baaecd Update version to RC1 (one more time) 2010-09-17 09:14:56 -07:00
Tom Eastep
e61230a3db Update version to Beta 6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-17 08:23:24 -07:00
Tom Eastep
882970a598 Use state match for UNTRACKED 2010-09-17 07:58:21 -07:00
Tom Eastep
2ce3c8aa88 Ensure that blacklist rules are before the other interface-oriented rules 2010-09-16 18:19:16 -07:00
Tom Eastep
27c445381e Treat 'blacklist' uniformly in hosts and zones 2010-09-16 15:48:12 -07:00
Tom Eastep
1c870b532a Preserve dynamic blacklist during stop/clear/restore 2010-09-16 12:17:04 -07:00
Tom Eastep
a8c9fc1859 Implement new Blacklisting Scheme 2010-09-16 09:40:28 -07:00
Tom Eastep
3c1cff0794 First steps toward zone-based blacklisting 2010-09-16 06:55:48 -07:00
Tom Eastep
1d650b41cd Remove blacklisting by destination IP address support 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-15 15:24:58 -07:00
Tom Eastep
3ad3f0d9e0 Allow floating point numbers in tcinterfaces fields other than <rate> 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-15 14:07:21 -07:00
Tom Eastep
ba89ec39b5 Add :<burst> to /etc/shorewall/tcdevices 2010-09-15 11:56:14 -07:00
Tom Eastep
69a2fa1907 Replace to/from with dst/src 2010-09-15 11:25:46 -07:00
Tom Eastep
f925b335ef Ignore the 'blacklist' host option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-15 08:10:57 -07:00
Tom Eastep
373fc87165 More blacklisting wrapup 
- Deprecate 'blacklist' in the hosts file
- Base blacklisting on interfaces alone

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-15 07:38:20 -07:00
Tom Eastep
4d0e8d129b Add dup blacklist message 2010-09-14 18:04:27 -07:00
Tom Eastep
10a9ae496a More manpage updates for 4.4.13 2010-09-14 16:47:45 -07:00
Tom Eastep
94cdc73ec2 Restore setpolicy() to prog.header* 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-14 13:50:22 -07:00
Tom Eastep
c4a40d8c7b Set version to RC1 (again) 2010-09-14 13:09:50 -07:00
Tom Eastep
1f2691b052 Another fix for blacklisting; correct composition of $hosts1 2010-09-14 06:47:29 -07:00
Tom Eastep
0f913fca2f Don't create blackout unnecessarily 2010-09-13 18:15:50 -07:00
Tom Eastep
82bccf16b5 Avoid internal error when there are no 'to' entries 2010-09-13 17:55:20 -07:00
Tom Eastep
b1e9bff382 Create new ipsets on 'start' 2010-09-13 15:46:04 -07:00
Tom Eastep
a6194fabd2 Delete blank line 2010-09-13 14:15:47 -07:00
Tom Eastep
33adbe7a27 Update documentation for net TC features 2010-09-13 13:51:25 -07:00
Tom Eastep
1729da87f1 Allow both 'to' and 'from' in blacklist 2010-09-13 12:51:10 -07:00
Tom Eastep
9b4c3e22dd Allow floating point numbers in TC rates 2010-09-13 12:50:50 -07:00
Tom Eastep
cb1f7adea3 Add :<burst> to IN-BANDWIDTH 2010-09-13 11:23:37 -07:00
Tom Eastep
283eda2fa5 Cosmetic change to OUT-BANDWIDTH code 2010-09-12 16:33:19 -07:00
Tom Eastep
bd9041306c Add undocumented OUT-BANDWIDTH column to tcinterfaces 2010-09-12 16:25:45 -07:00
Tom Eastep
a3b7b9c11b Delete unused functions from prog.header* 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-12 10:07:26 -07:00
Tom Eastep
931c5a8d0a Add an assertion 2010-09-11 16:24:27 -07:00
Tom Eastep
50fc972d2a Fix another SAME defect :-( 2010-09-11 16:15:09 -07:00
Tom Eastep
512cd7b08e Bump version to 4.4.13 RC 1 2010-09-11 15:46:14 -07:00
Tom Eastep
aad7b70e18 Rename constant 2010-09-11 15:31:43 -07:00
Tom Eastep
c6c6503d83 Clean up a remaining issue with SAME 2010-09-11 15:24:01 -07:00
Tom Eastep
f004916055 Disallow a DEST interface in mangle OUTPUT rules 2010-09-11 14:10:05 -07:00