extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-07-30 18:27:39 +02:00
Code Issues Packages Projects Releases Wiki Activity
14,687 Commits 104 Branches 736 Tags
5cd2f26b51f821ce8cddea3085fb809d17ce092c
Commit Graph

3774 Commits

Author SHA1 Message Date
Tom Eastep
f9cfde91e5 Correctly handle ipset in tcfilter DEST 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-23 16:43:49 -07:00
Tom Eastep
3df488e710 Correct handling of ipsets in tcfilters 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-23 16:28:36 -07:00
Tom Eastep
0efc7a4899 Correct restriction and chain number handling in the mangle files 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-23 15:36:04 -07:00
Tom Eastep
d241421630 Merge branch '5.0.13' 2016-10-23 08:34:47 -07:00
Tom Eastep
e0203bca87 Correct nill address check in handling of 'origdest=detect' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-23 08:34:24 -07:00
Tom Eastep
3874bb9fa6 Delete duplicate line of code 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-22 15:41:26 -07:00
Tom Eastep
13a321726c Fix typo 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-21 09:22:30 -07:00
Tom Eastep
b160845713 Avoid compiler crash when LOAD_HELPERS_ONLY=Yes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-20 15:22:43 -07:00
Tom Eastep
71566f0ab0 Avoid compiler crash when LOAD_HELPERS_ONLY=Yes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-20 14:54:01 -07:00
Tom Eastep
e4169ede4a Merge branch '5.0.13' 2016-10-20 13:29:05 -07:00
Tom Eastep
b44628ddc8 Only specify 'counters' to ipset of IPSET_MATCH_COUNTERS is present 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-20 09:07:36 -07:00
Tom Eastep
0e7d5f3972 Support '+' in SNAT action invocation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-18 16:00:36 -07:00
Tom Eastep
ab496987e0 Prevent 'nat' and 'mangle' being specified together 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-18 15:32:05 -07:00
Tom Eastep
c92ebc3908 Make merge_inline_source_dest() a little safer 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-18 14:32:56 -07:00
Tom Eastep
bc3573fcbc Correct handling of interface lists in masq->snat conversion 
- Also restore logic for ADD_SNAT_ALIASES
- Correct some interface-list errors in snat processing
- Restore whitespace after '--to-source'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-18 14:19:09 -07:00
Tom Eastep
6b7beaadaf Merge branch '5.0.13' 2016-10-18 10:16:58 -07:00
Tom Eastep
31b6e9e299 Fix another DEST bug in mangle inline action handling :-( 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-18 10:15:43 -07:00
Tom Eastep
d52a4b1c9d Implement SNAT actions and inlines 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-18 10:09:07 -07:00
Tom Eastep
9796af5d80 Merge branch '5.0.13' 2016-10-17 10:16:30 -07:00
Tom Eastep
9fc56bb896 Correct typo in process_mangle_inline() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-17 09:29:32 -07:00
Tom Eastep
4bb942f1f9 Restrict hypen as range separator to use with integers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-16 13:29:00 -07:00
Tom Eastep
05dbfbb988 Restrict hypen as range separator to use with integers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-16 13:26:44 -07:00
Tom Eastep
69a7c78179 Merge branch '5.0.13' 2016-10-16 12:28:01 -07:00
Tom Eastep
04051454bf Reverse bad ECN handling patch 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-16 12:27:45 -07:00
Tom Eastep
2ca86d9abd Merge branch '5.0.13' 2016-10-16 10:22:12 -07:00
Tom Eastep
e6f3d429a1 Renew timeout on matched dbl entries 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-16 09:42:45 -07:00
Tom Eastep
1ca91d7ddc Correct handling of ECN file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-16 08:41:19 -07:00
Tom Eastep
fad9dce3e6 Correct handling of ECN file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-16 08:33:01 -07:00
Tom Eastep
342f4ee0f2 Add the --exits option to ADD with timeout 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-15 16:43:44 -07:00
Tom Eastep
047b5ca6d5 Add the --exits option to ADD with timeout 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-15 16:43:04 -07:00
Tom Eastep
43fdddb438 Add 'snat' config file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-15 11:38:52 -07:00
Tom Eastep
44477d97ac Move Masq file processing to the Rules module 
- This will enable supporting actions in the new snat file

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-14 12:42:58 -07:00
Tom Eastep
b5906812a2 Accept '-' as the separator in a port range. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-14 10:10:03 -07:00
Tom Eastep
b80d4c2320 Don't allow shell meta characters in interface names 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-11 17:01:45 -07:00
Tom Eastep
d5aaa66e0b Detect bad characters in interface names 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-11 10:56:41 -07:00
Tom Eastep
8c522a5c4d Correct typo in lib.private 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-09 10:58:29 -07:00
Tom Eastep
abf57a4d1f Correct indentation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-09 09:29:04 -07:00
Tom Eastep
3058f2fb84 Delete code supporting old kernel/iproute2 IPv6 restrictions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-07 11:02:36 -07:00
Tom Eastep
eb6ae5e186 Correct handling of DYNAMIC_BLACKLIST options 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-05 16:56:29 -07:00
Tom Eastep
941604ad01 Correct issue with updating DBL timeout 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-05 15:41:40 -07:00
Tom Eastep
14e8568d9e Add the FIREWALL .conf option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-05 15:03:54 -07:00
Tom Eastep
ca7ca4bdfe Add a 'timeout' option to DYNAMIC_BLACKLIST 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-05 12:56:47 -07:00
Tom Eastep
8d731c81e4 Add 'disconnect' option to ipset-based dynamic blacklisting 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-10-04 09:09:45 -07:00
Tom Eastep
72dbb4c3c3 Handle persistent provider enable/disable correctly 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-09-30 16:01:04 -07:00
Tom Eastep
bc591ccee4 Don't assume that statistically balanced providers are optional 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-09-30 14:01:16 -07:00
Tom Eastep
156313edd2 Correctly handle down persistent interface during 'disable' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-09-27 11:47:37 -07:00
Tom Eastep
35bd1db7fb Handle Down or missing interfaces in 'delete_gateway()' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-09-27 11:43:26 -07:00
Tom Eastep
792b3b696c Add ZERO_MARKS option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-09-26 16:04:26 -07:00
Tom Eastep
fa9ee6d69e Clear packet marks in PREROUTING and OUTPUT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-09-24 15:46:04 -07:00
Tom Eastep
8065e62f12 Support for the 'contiguous' option in TIME columns 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-09-22 14:22:11 -07:00