Commit Graph

11861 Commits

Author SHA1 Message Date
Tom Eastep
b4c812b676 Correct helper parsing in the Raw module.
- Require (...) around multiple ctevents
- Detect invalid options

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-05 08:09:17 -07:00
Tom Eastep
9a0d53194a Correct Helper detection in the compiler.
Use CT_MATCH when available.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-05 08:08:20 -07:00
Tom Eastep
49fb2799e9 Correct detection of 'netbios-ns' in the CLIs.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-05 08:07:19 -07:00
Tom Eastep
6c97e13107 Use -j CT for helper detection, when available
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-04 11:36:03 -07:00
Tom Eastep
cfe2f36320 Delete duplicate entry in the Shorewall[6] install.sh
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-04 08:23:08 -07:00
Tom Eastep
6fbb578ce6 Add Helpers Document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-04 07:28:13 -07:00
Tom Eastep
093985dd93 Use HELPERS to enable/disable helper association.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-03 19:26:02 -07:00
Tom Eastep
72307df6d2 Replace the AUTOHELPERS option with the HELPERS option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-03 10:53:20 -07:00
Tom Eastep
7689b1e84b Remove the 'zone' helper option for now.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-03 06:39:58 -07:00
Tom Eastep
9ceff3c213 Display KERNELVERSION and CAPVERSION in 'show capabilities'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 17:38:41 -07:00
Tom Eastep
82c057d1ed Fix *VERSION handling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 16:44:02 -07:00
Tom Eastep
21770a89d6 Detect which matches are available.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 15:38:23 -07:00
Tom Eastep
223ed5b3a3 More additions to the helper table and to the conntrack files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 13:25:44 -07:00
Tom Eastep
2ae59bb3cd Add COMMENT directives to conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:58:00 -07:00
Tom Eastep
c2cd031285 Mention the conntrack file in the config basics doc.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:31:25 -07:00
Tom Eastep
9ba0c07956 Redesign the CT:helper feature.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:10:08 -07:00
Tom Eastep
7d32258e6e Correct Helpers Module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:09:34 -07:00
Tom Eastep
07e56d129a Add AUTOHELPERS option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:09:18 -07:00
Tom Eastep
62d6d2558e Rename AUTO_COMMENT to AUTOCOMMENT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:06:41 -07:00
Tom Eastep
833e54c9c3 Rename the notrack file to conntrack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:02:17 -07:00
Tom Eastep
f2dd43855e Correct typo in warning message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-01 13:13:18 -07:00
Tom Eastep
eaf238fa66 Merge branch '4.5.6' 2012-08-01 10:37:45 -07:00
Tom Eastep
542f279544 Don't allow a source interface in a DNAT/REDIRECT rule with source == firewall
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-01 10:01:08 -07:00
Tom Eastep
917e2980a4 Correct error message generation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-30 09:22:43 -07:00
Tom Eastep
c8ea03bf8c Update help text
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-30 07:23:53 -07:00
Tom Eastep
ac6e67e371 Correct typo in rules manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-30 07:23:40 -07:00
Tom Eastep
735b7c2cf5 Add support for nfacct
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-28 11:21:16 -07:00
Tom Eastep
87c0f934aa Add NFacct Match capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-28 08:19:05 -07:00
Tom Eastep
55519bd9ac Revise instructions for disabling iptables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-17 16:48:15 -07:00
Tom Eastep
c0e4d4093c Clarify TOS value
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-16 15:53:22 -07:00
Tom Eastep
55b527d065 Eliminate a local variable.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-15 20:22:19 -07:00
Tom Eastep
620d8f1cd0 Add an Anti-spoofing document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-15 11:26:16 -07:00
Tom Eastep
e1e7ab42c1 Make 'routefilter' and 'sfilter' mutually exclusive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-15 10:37:56 -07:00
Tom Eastep
65b16a1acf Compensate for bugs in the latest CPerl emacs extension
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-15 10:07:06 -07:00
Tom Eastep
1db79a91eb 'rpfilter' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-15 10:05:32 -07:00
Tom Eastep
e7cd84a72c Implement rpfilter match capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-15 07:54:46 -07:00
Tom Eastep
691a9bf793 Correct installation on systems with systemd
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-14 14:38:30 -07:00
Tom Eastep
2cce81cfc1 Revert 83a8c7eda3
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-09 10:58:15 -07:00
Tom Eastep
9f4ca3ebc5 Additional simplification of evaluate_expression()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-08 07:48:27 -07:00
Tom Eastep
3c2385de06 Merge branch '4.5.6' 2012-07-08 07:36:15 -07:00
Tom Eastep
6ce3d0180e Ensure a defined value for __IPV[46]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-07 09:47:10 -07:00
Tom Eastep
83a8c7eda3 When TC_ENABLED=No, require providers to process tcrules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-07 08:02:57 -07:00
Tom Eastep
aa652fda1b Add FAQ 99
- Empty ruleset after boot even though Shorewall runs.
2012-07-07 07:55:17 -07:00
Tom Eastep
66f3df4570 Correct typo in ISO 366O doc.
- changed tcrules to rules

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-07 07:38:27 -07:00
Tom Eastep
5616c96745 Merge branch '4.5.6' 2012-07-06 12:30:52 -07:00
Tom Eastep
18f947eb2f Apply patch from Daniel Meißner
- Corrects STARTUP_ENABLED=No error message

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-06 07:28:29 -07:00
Tom Eastep
83df8a4e39 Avoid a call to eval() for simple expressions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-06 07:26:54 -07:00
Tom Eastep
e9d8228b6f Simplify handling of __IPVn in conditional directives.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-06 06:43:15 -07:00
Tom Eastep
65d8341c6c Correct a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-05 15:43:20 -07:00
Tom Eastep
61a9584433 Only require MANGLE_ENABLED to process the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-04 14:45:24 -07:00