extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-04 13:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
13,072 Commits 104 Branches 736 Tags 55 MiB
5ef5aa8cdb
Commit Graph

3088 Commits

Author SHA1 Message Date
Tom Eastep
f59612671b Don't optimize chains with '-m ipsec' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-16 07:33:01 -07:00
Tom Eastep
da4f7ee524 Handle ppp devices correctly in the 'enable' command. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-16 06:59:35 -07:00
Tom Eastep
b132176dae Correct reference adjustment in new opt4 code 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-14 13:36:39 -07:00
Tom Eastep
8487c78a0a Adjust reference counts when splicing in short chain 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-14 08:34:51 -07:00
Tom Eastep
fdc45a990d Arrange for HELPER to match in the RELATED section. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-13 15:44:19 -07:00
Tom Eastep
44a550870c Add HELPER action. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-13 13:23:38 -07:00
Tom Eastep
bd3295b0e3 Remove temporary hack 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-13 08:55:43 -07:00
Tom Eastep
45288f5927 Revise notrack/conntrack handling: 
- Purge empty notrack files.
- Process both files.
 2012-08-13 07:28:07 -07:00
Tom Eastep
75b830b10e Merge branch 'master' into 4.5.7 2012-08-13 06:57:54 -07:00
Tom Eastep
4b2d48d621 Hardwire AUTOHELPERS until 4.5.8. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-13 06:48:19 -07:00
Tom Eastep
50362040d7 Enable automatic helper association during 'stop'. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-12 08:46:06 -07:00
Tom Eastep
2f1d59366c Unconditionally disable kernel automatic helper association during start. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-12 08:43:28 -07:00
Tom Eastep
b372163122 Enable automatic helper association during 'stop'. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-12 08:42:53 -07:00
Tom Eastep
50bd1d6398 Add AUTOHELPER option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-12 07:25:11 -07:00
Tom Eastep
e6ef32ebc2 Make conditional directives case insensitive 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-11 08:48:35 -07:00
Tom Eastep
a5824dc2d4 Optimize extension 
- Eliminate short chains with a single reference.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-11 08:47:10 -07:00
Tom Eastep
b5af6f03fb Create better rules when a HELPER appears in an action 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-11 07:48:03 -07:00
Tom Eastep
50dfffec94 Eliminate duplicate rules in raw-table chains when optimize level 16. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-10 07:09:01 -07:00
Tom Eastep
ad818c071a Generate omnibus tracking rules when NAT/ACCEPT with helper appears in an action. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-10 06:55:18 -07:00
Tom Eastep
2ab50e65d7 Make conditional directives case insensitive 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-09 10:30:02 -07:00
Tom Eastep
4d3fbd1dfa Allow '?IF 0' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-08 07:24:17 -07:00
Tom Eastep
e8a4728981 Allow '?IF 0' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-08 07:23:43 -07:00
Tom Eastep
ee28638604 Add HELPERS to rules file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-08 07:23:20 -07:00
Tom Eastep
a8495626b0 Merge branch '4.5.6' into 4.5.7 2012-08-07 15:10:15 -07:00
Tom Eastep
c6186571e5 Handle raw table zones from VSERVERS 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-07 15:09:40 -07:00
Tom Eastep
ccf517307e Handle raw table zones from VSERVERS 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-07 14:51:58 -07:00
Tom Eastep
c007f847a0 Handle disabled helpers in pre-3.5 kernels. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-06 15:54:45 -07:00
Tom Eastep
b4c812b676 Correct helper parsing in the Raw module. 
- Require (...) around multiple ctevents
- Detect invalid options

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-05 08:09:17 -07:00
Tom Eastep
9a0d53194a Correct Helper detection in the compiler. 
Use CT_MATCH when available.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-05 08:08:20 -07:00
Tom Eastep
093985dd93 Use HELPERS to enable/disable helper association. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-03 19:26:02 -07:00
Tom Eastep
72307df6d2 Replace the AUTOHELPERS option with the HELPERS option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-03 10:53:20 -07:00
Tom Eastep
7689b1e84b Remove the 'zone' helper option for now. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-03 06:39:58 -07:00
Tom Eastep
82c057d1ed Fix *VERSION handling. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 16:44:02 -07:00
Tom Eastep
21770a89d6 Detect which matches are available. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 15:38:23 -07:00
Tom Eastep
223ed5b3a3 More additions to the helper table and to the conntrack files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 13:25:44 -07:00
Tom Eastep
9ba0c07956 Redesign the CT:helper feature. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 11:10:08 -07:00
Tom Eastep
7d32258e6e Correct Helpers Module 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 11:09:34 -07:00
Tom Eastep
07e56d129a Add AUTOHELPERS option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 11:09:18 -07:00
Tom Eastep
62d6d2558e Rename AUTO_COMMENT to AUTOCOMMENT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 11:06:41 -07:00
Tom Eastep
833e54c9c3 Rename the notrack file to conntrack 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 11:02:17 -07:00
Tom Eastep
f2dd43855e Correct typo in warning message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-01 13:13:18 -07:00
Tom Eastep
eaf238fa66 Merge branch '4.5.6' 2012-08-01 10:37:45 -07:00
Tom Eastep
542f279544 Don't allow a source interface in a DNAT/REDIRECT rule with source == firewall 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-01 10:01:08 -07:00
Tom Eastep
735b7c2cf5 Add support for nfacct 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-28 11:21:16 -07:00
Tom Eastep
87c0f934aa Add NFacct Match capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-28 08:19:05 -07:00
Tom Eastep
55b527d065 Eliminate a local variable. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-15 20:22:19 -07:00
Tom Eastep
e1e7ab42c1 Make 'routefilter' and 'sfilter' mutually exclusive 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-15 10:37:56 -07:00
Tom Eastep
65b16a1acf Compensate for bugs in the latest CPerl emacs extension 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-15 10:07:06 -07:00
Tom Eastep
1db79a91eb 'rpfilter' option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-15 10:05:32 -07:00
Tom Eastep
e7cd84a72c Implement rpfilter match capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-15 07:54:46 -07:00
Tom Eastep
2cce81cfc1 Revert 83a8c7eda3 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-09 10:58:15 -07:00
Tom Eastep
9f4ca3ebc5 Additional simplification of evaluate_expression() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-08 07:48:27 -07:00
Tom Eastep
3c2385de06 Merge branch '4.5.6' 2012-07-08 07:36:15 -07:00
Tom Eastep
6ce3d0180e Ensure a defined value for __IPV[46] 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-07 09:47:10 -07:00
Tom Eastep
83a8c7eda3 When TC_ENABLED=No, require providers to process tcrules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-07 08:02:57 -07:00
Tom Eastep
83df8a4e39 Avoid a call to eval() for simple expressions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-06 07:26:54 -07:00
Tom Eastep
e9d8228b6f Simplify handling of __IPVn in conditional directives. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-06 06:43:15 -07:00
Tom Eastep
65d8341c6c Correct a comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-05 15:43:20 -07:00
Tom Eastep
61a9584433 Only require MANGLE_ENABLED to process the tcrules file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-04 14:45:24 -07:00
Tom Eastep
000cc6978a Add missing 'sleep' when waiting for wildcard interface to come up 
- Also reverse the order of test and sleep when waiting for a regular
  interface to come up.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-03 08:06:30 -07:00
Tom Eastep
e4d66fb5fc Back out redundant part of recent patch 
- setup_traffic_shaping is only called when there are tc devices so the
  test of @tcdevices in that function is redundant.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-03 06:33:46 -07:00
Tom Eastep
537f6c157c Allow the compiler version to be tested in ?IF/?ELSIF 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-02 11:53:32 -07:00
Tom Eastep
a5b637b2a7 Use the correct filename in ?IF/?ELSIF exec call. 
- Also extend a comment in the TC module

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-02 11:53:01 -07:00
Tom Eastep
09c00cf425 Don't print phoney progress message 
- The 'Setting up Traffic Shaping' progress message was being issued when
  traffic shaping was not enabled.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-01 08:27:07 -07:00
Tom Eastep
6ddaa0190e Improve USER/GROUP validation. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-30 14:46:50 -07:00
Tom Eastep
5c176c64b7 Add an ORIGINAL DEST column to /etc/shorewall/masq 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-29 15:32:01 -07:00
Tom Eastep
b195884b1f Insure that the correct filename/linenumber are printed in error messages out of process_conditional() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-29 09:01:26 -07:00
Tom Eastep
56d5ae2d41 Ensure that exclusion chains have DONT_MOVE 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-27 18:06:38 -07:00
Tom Eastep
0bf2753472 Re-implement conditional inclusion 
- Correct defects
- Add ?ELSIF support
- Allow Perl-compatible expressions in ?IF
 2012-06-27 15:15:44 -07:00
Tom Eastep
c90006ecf8 Correct another logical name bug -- this time in TC 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-27 11:34:19 -07:00
Tom Eastep
af302900c6 Prevent multiple 'tproxy' providers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-23 17:09:46 -07:00
Tom Eastep
9aa78656ec Add TPROXY_MARK to the output of 'shorewall show marks' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-23 07:57:39 -07:00
Tom Eastep
9d3766b77f Allow fwmarks with 'classify' interfaces 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-20 14:04:48 -07:00
Tom Eastep
24ddae6ede Don't use '--ctmark' when saving marks 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-20 13:30:27 -07:00
Tom Eastep
4d336ed8d6 Rewrite handling of the USER/GROUP column 
- Remove code that handled '+program' as that support was removed from
  the kernel in 2.6.14.
 2012-06-19 08:14:31 -07:00
Tom Eastep
da3e1b720c Apply user/group Id range patch from Gergely Risko 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-19 06:17:13 -07:00
Tom Eastep
7b4e5828e0 Clean up handling of RED options. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-18 12:17:22 -07:00
Tom Eastep
4c10fcd503 Complain if a RED_NONE option has a value specified. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-16 15:51:20 -07:00
Tom Eastep
5fc295e8cc Fix handling of stab 'tsize' option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-14 15:44:15 -07:00
Tom Eastep
c5ba167a3e Make CEIL optional 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-14 13:10:09 -07:00
Tom Eastep
6c47349689 Support 'red' queuing discipline 
- Also added 'ls' support for HFSC

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-13 14:29:13 -07:00
Tom Eastep
d2c415c580 Make IFB work with logical interface names. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-13 13:48:12 -07:00
Tom Eastep
28ab3749ca Allow fractional delays in TC 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-13 13:47:31 -07:00
Tom Eastep
a29dbf4ff8 Fix for linklayer 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-12 11:48:12 -07:00
Tom Eastep
19cace7e8d Merge branch '4.5.5' 
Conflicts:
	Shorewall/Perl/Shorewall/Providers.pm
 2012-06-11 17:02:59 -07:00
Tom Eastep
4791a8ca66 Don't delete default routes when 'fallback' is specified. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-11 16:57:49 -07:00
Tom Eastep
844f6c63e4 Add support for TC size tables. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-11 15:45:47 -07:00
Tom Eastep
08db919479 Merge branch '4.5.5' 2012-06-11 13:55:47 -07:00
Tom Eastep
2dd9e6c91f Don't delete default routes when 'fallback' is specified. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-11 13:53:53 -07:00
Tom Eastep
c57f627a21 Add some comments. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-11 11:25:19 -07:00
Tom Eastep
1d0ab43fbb Change indentation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-10 15:38:09 -07:00
Tom Eastep
1f54d19981 Split add_input_jumps() into two functions 
- Added add_forward_jump()
- Added lots of comments

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-09 17:21:59 -07:00
Tom Eastep
00f7b9d0dd More useful trace of enable/disable optimization 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-09 15:36:29 -07:00
Tom Eastep
a2f32f25c5 Add some comments. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-09 06:20:40 -07:00
Tom Eastep
ae66d7d7a5 Eliminate the hideously complex forwarding code in generate_matrix() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-08 08:29:36 -07:00
Tom Eastep
63eb0bee5b Break up and eliminate handle_pio_jumps() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-08 07:40:26 -07:00
Tom Eastep
8a9427ebff Merge branch '4.5.4' 2012-06-07 14:12:48 -07:00
Tom Eastep
4a383540be Merge branch '4.5.4' into 4.5.5 2012-06-07 14:12:10 -07:00
Tom Eastep
db6a7276ec Don't optimize chains with commands 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-07 14:11:44 -07:00
Tom Eastep
d771c6b2c2 Delete the 'dnat' nat-table chain 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-07 13:44:03 -07:00
Tom Eastep
fe7d0730d5 Break up generate_matrix() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-07 07:47:33 -07:00
Tom Eastep
a2a9ef0958 Rename OPTIMIZE_MASK1 to OPTIMIZE_MASK2n4 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-06 13:08:45 -07:00
Tom Eastep
21eda5daec Fix multiple iprange matches without kludgefree. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-06 11:26:52 -07:00
Tom Eastep
6bd81145e9 Fix single-line embedded Perl 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-06 11:23:33 -07:00
Tom Eastep
49050e61de Fix multiple iprange matches without kludgefree. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-06 10:50:16 -07:00
Tom Eastep
225101b802 Rename OPTIMIZE_MASK1 to OPTIMIZE_MASK2n4 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-05 12:51:52 -07:00
Tom Eastep
fa3164fb1b Re-enable single-line embedded SHELL and PERL 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-05 12:51:16 -07:00
Tom Eastep
3294f7c4c3 Add a comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-05 09:02:29 -07:00
Tom Eastep
654f7dd805 Fix single-line embedded Perl 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-05 09:02:12 -07:00
Tom Eastep
ee467a4877 Allow embedded shell/Perl directives to have leading '?' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-05 07:32:43 -07:00
Tom Eastep
170875c7dd Convert the 'ignore' interface to be multi-valued 
-Allows 'ignore=1' to only exempt interface from updown processing

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-05 07:23:23 -07:00
Tom Eastep
c8156cfdb1 Correct typo 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-04 08:18:57 -07:00
Tom Eastep
57a9feaf2f Correct typo 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-04 08:00:07 -07:00
Tom Eastep
92a13ec87c Merge branch '4.5.4' 
Conflicts:
	Shorewall/Perl/Shorewall/Config.pm
 2012-06-03 18:51:03 -07:00
Tom Eastep
040f693583 Cosmetic changes in code from when I was still learning Perl 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-03 17:50:34 -07:00
Tom Eastep
69387b9099 Make 'check -r' work like 'compile' WRT optimization 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-03 15:43:43 -07:00
Tom Eastep
28f0a066da Make 'check -r' work like 'compile' WRT optimization 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-03 15:15:11 -07:00
Tom Eastep
621aa3fc6a Another approach to reporting errors from process_conditional() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-03 13:47:38 -07:00
Tom Eastep
9869420106 Check for conditional directives prior to continuation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-03 09:05:09 -07:00
Tom Eastep
39b3a0da65 Check for conditional directives prior to continuation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-03 08:43:48 -07:00
Tom Eastep
121d34aed0 Add constant LOG_OPTIONS capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-02 14:06:31 -07:00
Tom Eastep
4b69216c83 Relocate lib.core in the Source Tree 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-02 12:46:35 -07:00
Tom Eastep
7ff15b0625 Merge branch '4.5.4' 
Conflicts:
	Shorewall/Perl/Shorewall/Zones.pm
 2012-06-02 11:41:45 -07:00
Tom Eastep
41dcd5826f Minimize the list of plain interfaces 
Omit bridge ports and interfaces that match a wildcard.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-02 11:39:16 -07:00
Tom Eastep
26502034ec Minimize the list of plain interfaces 
Omit bridge ports and interfaces that match a wildcard.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-02 11:17:10 -07:00
Tom Eastep
baa2c4f5eb Merge branch '4.5.4' 2012-06-02 09:30:47 -07:00
Tom Eastep
9e9c44d4ac Handle Debian pre-down/post-down correctly 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-02 09:26:00 -07:00
Tom Eastep
01eb1a580b Merge branch '4.5.4' 2012-06-02 08:20:40 -07:00
Tom Eastep
b3316d755a Correct silly typo in Providers.pm 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-01 17:14:08 -07:00
Tom Eastep
73274b9b0b Correct progress message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-01 15:55:22 -07:00
Tom Eastep
c823b0e41e More Shorewall-init fixes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-01 14:04:08 -07:00
Tom Eastep
78f9b76dae Move mutex handling to the main program. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-01 14:03:47 -07:00
Tom Eastep
402e155148 More Shorewall-init fixes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-01 14:01:58 -07:00
Tom Eastep
9c4a01bcdd Move mutex handling to the main program. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-01 11:47:58 -07:00
Tom Eastep
21b9a194ca Merge branch '4.5.4' 2012-06-01 11:30:35 -07:00
Tom Eastep
312efe5c7b Use enable/disable for up and down of provider interfaces 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-01 11:27:57 -07:00
Tom Eastep
f25187adb1 Move compile_updown() from the Zones module to the Providers module 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-01 08:12:07 -07:00
Tom Eastep
eb03168685 Cleanup of process_rules1() breakup 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-31 15:32:16 -07:00
Tom Eastep
69badac72f Merge branch '4.5.4' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-30 14:43:05 -07:00
Tom Eastep
de184b32bc Fix sectioned IPSEC accounting. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-30 14:37:29 -07:00
Tom Eastep
303c661409 Eliminate bogus term in an expression. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-30 12:49:18 -07:00
Tom Eastep
e88c2c8cd3 Move rules file nat handling to the Nat module 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-30 09:01:24 -07:00
Tom Eastep
67932f2d42 Break up expand_rule() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-30 06:49:00 -07:00
Tom Eastep
eb63745352 Merge branch '4.5.4' 2012-05-29 06:48:04 -07:00
Tom Eastep
32e0f154b5 Correct pptpserver tunnel configuration. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-29 06:46:40 -07:00
Tom Eastep
db50454afc Complete removal of optimize level 4 when level 4 is set. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-25 15:42:34 -07:00
Tom Eastep
ed352f60b6 Complete removal of optimize level 4 when level 4 is set. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-25 15:41:55 -07:00
Tom Eastep
fc97f6d00e Implement LOG target option control. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-24 13:54:59 -07:00
Tom Eastep
6142d4d535 Fix typo 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-23 07:55:07 -07:00
Tom Eastep
1f2ca30ebd Infrastructure for iRule-based logging. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-22 16:46:11 -07:00
Tom Eastep
f147046288 Change 'cc' to 'country-code' in invalid cc list error message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-21 07:01:07 -07:00
Tom Eastep
daaf3c031f Change the 'no isocodes' error message to include the address family. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-20 09:40:37 -07:00
Tom Eastep
6b23eff650 Add a comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-20 09:05:42 -07:00
Tom Eastep
ef974b5c8d Clear the DEFAULT table if no FALLBACK providers are up. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-20 09:00:22 -07:00
Tom Eastep
d8ec051114 Load the geoip cc's dynamically. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-20 08:59:59 -07:00
Tom Eastep
84f92aa87c Don't capture result of an RE match. Correct a comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-20 07:06:59 -07:00
Tom Eastep
70e4c26df1 Delete a comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-19 16:46:57 -07:00
Tom Eastep
db96f6ead2 Reject long CC lists. 
- include offending CC in 'Invalid or Unknown' error

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-19 12:44:24 -07:00
Tom Eastep
f0a3e1652a Bracket non-trivial cc lists with [...] 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-19 09:39:49 -07:00
Tom Eastep
56b8a9b9fa Some code cleanup: 
- Store config value in a local rather than repeatedly referencing the
  %config hash.
- Centralize generation of the valid table array

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-19 09:02:44 -07:00
Tom Eastep
231c5dbca0 Eliminate need to call optimize_policy_chains() when OPTIMIZE 4 is selected 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-19 08:15:20 -07:00
Tom Eastep
1a9789a3da Optimization tracing 
- Correct tracing in optimize_chain()
- Add tracing to new level 4 optimization

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-19 07:54:50 -07:00
Tom Eastep
f15e6d3995 Additional optimization in level 4. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-18 16:50:08 -07:00
Tom Eastep
3f42350a7b Don't overwrite empty mark geometry settings. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-18 11:37:49 -07:00
Tom Eastep
e8648c993d Use blackhole routes rather than unreachable. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-18 10:50:13 -07:00
Tom Eastep
55c88e8e81 Replace curly brace enclosure with a preceding caret to avoid ambiguity. 
- {...} is used to enclose a set of column/value pairs and it is certain
  that the two will become confused.
 2012-05-17 15:26:16 -07:00
Tom Eastep
f5f80d2ccc Re-arrange enforcement of restrictions on geoip. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-17 13:59:56 -07:00
Tom Eastep
d220d3d9d5 Abandon action.GeoIP in favor of extended syntax in the SOURCE and DEST columns. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-17 10:44:02 -07:00
Tom Eastep
6148c909f2 fix multiple ipsets in an imatch 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-16 19:52:41 -07:00
Tom Eastep
2eb25f3f6a Correct the grammar in an error message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-16 07:52:42 -07:00
Tom Eastep
43d882db2b Cosmetic cleanup 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-15 16:44:35 -07:00
Tom Eastep
78af118b9a Quote original list when a translated list is ill-formed. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-15 16:39:46 -07:00
Tom Eastep
85f58d6906 Avoid funny-looking ERROR: messages out of Embedded Perl. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-15 16:38:56 -07:00
Tom Eastep
ac2ed505bb Add GeoIP support 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-14 17:12:46 -07:00
Tom Eastep
926e589414 Exit the tcpost chain if a connection mark is restored 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-14 10:35:42 -07:00
Tom Eastep
cd150af790 Update .status file on disable 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-12 07:44:46 -07:00
Tom Eastep
cd98266396 Correct add of default IPv6 route when no gateway specified 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-12 07:15:24 -07:00
Tom Eastep
3d541f50c8 Use "(S)" consistently in column headings. 
- add synonyms so both the singular and plural forms are accepted.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-11 12:42:04 -07:00
Tom Eastep
f77b350a7b Clear the 'balance' table if no balanced providers. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-11 11:28:06 -07:00
Tom Eastep
bed4457e0e Delete jump to 'tproxy' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-11 09:00:09 -07:00
Tom Eastep
2d5269be7b Fix another conditional compilation bug. 
?IF $false
   ?IF $false
      ...
   ?ENDIF
   foo <------- This line is not omitted!
?ENDIF

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-11 07:44:46 -07:00
Tom Eastep
a05b3afd7f Eliminate the 'tproxy' chain 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-11 07:42:44 -07:00
Tom Eastep
9e743451f6 Add FORMAT 2 to tcrules files. Initialize $format in Tc.pm 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-11 07:08:06 -07:00
Tom Eastep
cb7fc31f0b Restore 4.5.3 compatibility 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-10 14:23:33 -07:00
Tom Eastep
69d735ea0a Make TPROXY actually work! 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-10 11:19:23 -07:00
Tom Eastep
4d4fc315e0 More TPROXY changes 
- Combine identical DIVERT chains.
- Add --transparent to -m socket
- Reserve a TPROXY bit in the fwmark

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-10 07:25:07 -07:00
Tom Eastep
820c965b72 Allow Shorewall::Config::in_hex() to accept an argument already expressed in hex. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-09 13:51:49 -07:00
Tom Eastep
605ef6ef86 Tweak to DIVERT plus correct TPROXY in man pages. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-09 13:10:51 -07:00
Tom Eastep
2eb7af23dc Merge branch 'master' into 4.5.3 2012-05-09 10:03:43 -07:00
Tom Eastep
582d025f58 Add DIVERT action to tcrules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-09 09:41:58 -07:00
Tom Eastep
b55d8c04e4 Do logical->physical mapping in rtrules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-08 14:52:18 -07:00
Tom Eastep
3b6f5b2d8a Finish alternative balancing 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-08 13:55:13 -07:00
Tom Eastep
6639b3534e Close all input files in Shorewall::Config::cleanup() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-08 08:58:14 -07:00
Tom Eastep
59bf343521 Leave first filename and linenumber on the same line as error text. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-08 08:55:24 -07:00
Tom Eastep
1d6e6b65db Finish a comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-07 17:06:35 -07:00
Tom Eastep
2224fdbc65 Correct help text in compiler.pl 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-07 16:55:51 -07:00
Tom Eastep
fd1d6cf935 Handle default shorewallrc location 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-07 16:55:17 -07:00
Tom Eastep
5d7442e9e9 Correct typo in converted blrules file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-07 12:13:26 -07:00
Tom Eastep
ef90006334 Avoid reference to unitialized variable on bogus FORMAT in interfaces 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-07 12:00:21 -07:00
Tom Eastep
2cbf1e86ad Allow synonyms for column names in alternate specification formats 
- gateway and gateways in the tunnels file
- mark and action in the tcrules file

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-07 11:59:47 -07:00
Tom Eastep
dd8e9ff09d Fix 'COMMENT' along in the tunnels file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-07 11:58:37 -07:00
Tom Eastep
4320150dc4 Add alternate specification in tunnels file ('gateways') 
- Make similar change in tcrules file with 'action'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-07 07:43:11 -07:00
Tom Eastep
003daec41c Remove a couple of hard-coded '/usr/share' in Shorewall::Config 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-06 17:30:17 -07:00
Tom Eastep
aac00c3cc7 Pop open stack in run_user_exit1 and run_user_exit2 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-05 10:31:55 -07:00
Tom Eastep
af228806fc Allow manual changes to be used in macros. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-05 08:56:26 -07:00
Tom Eastep
1d90ee174c Cleanup of ERROR/WARNING message enhancement. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-04 07:01:08 -07:00
Tom Eastep
3e37f47fb5 Print out the include/open stack in WARNING and ERROR messages. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-03 17:17:55 -07:00
Tom Eastep
894931731b Merge branch 'master' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall 2012-05-02 07:04:30 -07:00
Tom Eastep
731b310359 Use --hashlimit-upto when available. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-30 13:45:09 -07:00
Tom Eastep
35c08c109e Fix IPv4 'reset' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-30 07:54:40 -07:00
Tom Eastep
766771d812 Remove absurd test 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-30 07:48:07 -07:00
Tom Eastep
b9e6349994 Add some comments 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-29 09:07:34 -07:00
Tom Eastep
c9b4d3d8c8 Add/improve comments. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-25 09:44:08 -07:00
Tom Eastep
d904a2de86 Search and destroy trailing whitespace 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-24 14:52:57 -07:00
Tom Eastep
f860cd037d Change a comment in generate_matrix() to acknowledge 'KLUDGEFREE' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-24 13:34:56 -07:00
Tom Eastep
3bdf703522 Allow TC experts to SAVE/RESTORE all parts of the packet mark 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-24 09:19:38 -07:00
Tom Eastep
34f5838365 Allow multiple GATEWAYS to be listed in the tunnels file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-18 09:28:37 -07:00
Tom Eastep
2b7e5dd9d8 Suppress duplicate option when not KLUDGEFREE 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-17 07:35:37 -07:00
Tom Eastep
44c8ef2ede Correct ill-advised change to push_matches() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-17 07:30:17 -07:00
Tom Eastep
aaab505006 Improve the debuggability of failed assertions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-14 17:57:49 -07:00
Tom Eastep
63a2a32b4b Suppress trailing whitespace. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-14 13:50:59 -07:00
Tom Eastep
31752d9ee1 Move macro.BLACKLIST to where it belongs 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-14 08:14:45 -07:00
Tom Eastep
24e2fe4a04 Make options argument to read_a_line manditory 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-14 08:04:28 -07:00
Tom Eastep
42950e53cd Use logical add rather than arithmetic add for uniformity 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-11 14:28:09 -07:00
Tom Eastep
ae9f538ef8 Simplify an assertion 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-11 14:27:48 -07:00
Tom Eastep
e880d2fd84 Remove some whitespace 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-11 08:03:02 -07:00
Tom Eastep
e791a63671 Merge branch '4.5.2' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-11 07:13:40 -07:00
Tom Eastep
e263a3c27d Remove redundant logic 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-11 07:11:05 -07:00
Tom Eastep
0b5e30aa7b Fix INCLUDE inside an ?IF ... ?ENDIF 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-10 17:27:47 -07:00
Tom Eastep
07ff3f294d Fix INCLUDE inside an ?IF ... ?ENDIF 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-10 17:27:23 -07:00
Tom Eastep
6ba69c9540 Eliminate read_a_line1() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-10 17:01:38 -07:00
Tom Eastep
5ee554708c Control the proliferation of arguments to read_a_line() by using 
a bit-mapped single argument.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-10 13:51:25 -07:00
Tom Eastep
623e545f09 Don't allow accounting chains to be altered when OPTIMIZE_ACCOUNTING=No 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-09 21:44:44 -07:00
Tom Eastep
2545322163 Cleanup of read_a_line() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-09 16:00:26 -07:00
Tom Eastep
7b511f449f Don't strip comments until after embedded Perl or Shell have been handled. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-09 15:12:13 -07:00
Tom Eastep
94097e2561 Add newlines to embedded multi-line shell and perl 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-08 12:17:00 -07:00
Tom Eastep
50405f57ba Don't suppress whitespace in embedded Perl and Shell 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-08 07:54:03 -07:00
Tom Eastep
860141127a Re-enable '#' in quoted strings within embedded shell and perl 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-08 07:30:46 -07:00
Tom Eastep
a2abad3f68 Modify getparams to use the installed shorewallrc file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-07 09:07:07 -07:00
Tom Eastep
c5f44d8737 Move read_a_line() prototype before first use. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-07 07:42:27 -07:00
Tom Eastep
25bca70ff2 Merge branch 'master' into 4.5.2 2012-04-07 07:39:14 -07:00
Tom Eastep
7204220991 Some more fixes to conditional inclusion. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-07 07:16:17 -07:00
Tom Eastep
97cc4930cf Deimplement option leading ? in embedded directives 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-06 16:26:05 -07:00
Tom Eastep
5688dc77a3 Make ?BEGIN PERL end ?END PERL work. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-06 15:58:21 -07:00
Tom Eastep
9dd6f86c55 Use read_a_line() in the embedded_shell() and embedded_perl() functions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-06 15:46:01 -07:00
Tom Eastep
53395e788d Add a comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-06 11:49:59 -07:00
Tom Eastep
24e115d0f9 Move a comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-06 08:00:20 -07:00
Tom Eastep
24d30275fa Correct syntax errors in the generated script 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-03 17:08:14 -07:00
Tom Eastep
fb428bf564 Don't modify CONFDIR and SHAREDIR in the shell code 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-02 12:39:49 -07:00
Tom Eastep
348c99c7d0 Compiler changes for Shorewall[6]-lite relocation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-02 07:46:38 -07:00
Tom Eastep
85fce606dc Give all config files access to shorewallrc variables. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-01 13:19:38 -07:00
Tom Eastep
bb6e17fd3e Many changes involved in getting a relocated installations to work 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-04-01 10:47:24 -07:00
Tom Eastep
cf176474ac Merge branch '4.5.2' 
Conflicts:
	Shorewall/Perl/Shorewall/Chains.pm
 2012-03-31 09:44:36 -07:00
Tom Eastep
6ed207aba0 Fix 'dhcp' with 'nets' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-31 09:30:29 -07:00
Tom Eastep
924ec49d09 Add OWNER_NAME_MATCH to do_user 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-30 16:58:38 -07:00
Tom Eastep
a4097b7a02 Correct Typo in setup_null_routing() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-30 16:57:26 -07:00
Tom Eastep
e38fcb2bfc Correct ipset creation and add a WARNING when creating an ipset 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-30 16:56:43 -07:00
Tom Eastep
e09457cdf9 Correct Typo in setup_null_routing() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-27 07:46:53 -07:00
Tom Eastep
e641bf7ac2 Correct typo 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-26 16:01:35 -07:00
Tom Eastep
8a164adf98 Export TMPDIR if it exists in the .shorewallrc file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-26 15:43:04 -07:00
Tom Eastep
dee20c8d74 Add OWNER_NAME_MATCH to do_user 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-25 20:18:20 -07:00
Tom Eastep
ee15baf98c Correct typo in Chains.pm 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-25 12:48:57 -07:00
Tom Eastep
25e7555e80 Correct typo in the compiler 2012-03-25 12:36:25 -07:00
Tom Eastep
9dd9ee614b Correct ipset creation and add a WARNING when creating an ipset 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-25 08:27:28 -07:00
Tom Eastep
5aed14ffdc Set PRODUCT before processing rc file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-25 07:25:15 -07:00
Tom Eastep
59aab485c3 Handle 'PRODUCT' more gracefully 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-24 22:21:42 -07:00
Tom Eastep
173d29969d Improve shorewallrc variable expansion 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-24 21:34:24 -07:00
Tom Eastep
7390789b5e Add BLACKLIST Macro 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-24 21:33:57 -07:00
Tom Eastep
fc4aaa97c6 Expand variables in shorewallrc 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-24 21:26:20 -07:00
Tom Eastep
eb118e4443 Add shorewallrc files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-24 13:05:39 -07:00
Tom Eastep
f4ed4109c6 Fix LENGTH handling (again) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-23 15:40:48 -07:00
Tom Eastep
398c843643 Concatenate match options when not KLUDGEFREE 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-23 15:40:25 -07:00
Tom Eastep
01d07f55a9 Only include user exit basename in exported progress messages 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-20 07:33:32 -07:00
Tom Eastep
bdc8cb66bd Correct load_kernel_modules() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-20 07:15:47 -07:00
Tom Eastep
7bc823fb8b Support 'kerneltz' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 15:57:38 -07:00
Tom Eastep
48b7594b64 Delete prog.header* 
- Move functions into lib.core with ?IF ... ?ELSE ... ?END

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 15:56:02 -07:00
Tom Eastep
88b1180817 Support ?IF in copied files 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 13:38:24 -07:00
Tom Eastep
8803cd8d3b ?IF improvements 
- Pass line number to make process_conditional more general
- Add debugging output
- Do first_line processing prior to looking for ?

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 12:51:22 -07:00
Tom Eastep
0063de1564 Add capabilities to conditionals 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 11:57:33 -07:00
Tom Eastep
f104596b39 Merge branch '4.5.1' 2012-03-19 10:13:08 -07:00
Tom Eastep
146d66f0aa Don't complain about SHOREWALL_INIT_SCRIPT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 09:52:55 -07:00
Tom Eastep
0ccb398cec Merge branch '4.5.1' 2012-03-19 09:22:44 -07:00
Tom Eastep
287a44be52 Allow TOS to work on RHEL5 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 09:22:21 -07:00
Tom Eastep
86f3667b82 Correct nested ?IF 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 08:19:32 -07:00
Tom Eastep
962b1cca1f Remove Perl diagnostic 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 07:46:45 -07:00
Tom Eastep
2026fdab6a Correct IPSET_WARNINGS 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 07:44:52 -07:00
Tom Eastep
722e888043 Fix ?IF 
- Allow nested ?IFs to work correctly
- Correct push logic for $ifstack

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 07:38:52 -07:00
Tom Eastep
e3997abfb9 Merge branch '4.5.2' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 07:27:53 -07:00
Tom Eastep
710687bbd6 Revert "Move conditional processing to it's own function" 
This reverts commit 8262cff71a.
 2012-03-19 07:23:57 -07:00
Tom Eastep
d4a1e7dba9 Revert "Allow ?IF, ?ELSE and ?ENDIF in copied files" 
This reverts commit 29dd342118.
 2012-03-19 07:23:24 -07:00
Tom Eastep
c7237e5c8e Revert "Move all functions from prog.header* to lib.core" 
This reverts commit f9f557e1c6.
 2012-03-19 07:22:51 -07:00
Tom Eastep
c299c6d61a Revert "Correct spelling" 
This reverts commit 1d021e3701.
 2012-03-19 07:22:29 -07:00
Tom Eastep
6769acc7a7 Revert "Some corrections to conditional inclusion" 
This reverts commit 164d2f5d1b.
 2012-03-19 07:22:07 -07:00
Tom Eastep
df33587395 Revert "Clean up of conditional inclusion." 
This reverts commit 5f3ba4eb40.
 2012-03-19 07:21:36 -07:00
Tom Eastep
508f33a183 Revert "Eliminate prog.header6" 
This reverts commit 60f1004339.
 2012-03-19 07:21:12 -07:00
Tom Eastep
11f970d1c2 Revert "Eliminate prog.header" 
This reverts commit 13bf383ce8.
 2012-03-19 07:20:57 -07:00
Tom Eastep
72e6330ff4 Revert "Add capabilities to ?IF conditionals" 
This reverts commit 0d71c590e4.
 2012-03-19 07:20:31 -07:00
Tom Eastep
5caf68bc31 Remove .project 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-18 19:31:40 -07:00
Tom Eastep
15ca0fd1f0 Add IPSET_WARNINGS option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-18 19:30:04 -07:00
Tom Eastep
955a9f0051 Correct Steven's issues 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-18 19:10:46 -07:00
Tom Eastep
5bfd2cc2c9 Remove some WARNINGs 
- Mr Dash4 has decided he doesn't want them after all.
 2012-03-18 12:42:32 -07:00
Tom Eastep
56f66bd966 Require the correct PROTO to use a port range in the ADDRESS column of masq 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-18 11:22:37 -07:00
Tom Eastep
6e089fb0e2 Require the correct PROTO to use a port range in the ADDRESS column of masq 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-18 11:21:53 -07:00
Tom Eastep
0d71c590e4 Add capabilities to ?IF conditionals 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-18 08:48:26 -07:00
Tom Eastep
d1661c95d5 Remove .project 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-17 18:29:32 -07:00
Tom Eastep
13bf383ce8 Eliminate prog.header 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-17 18:07:36 -07:00
Tom Eastep
60f1004339 Eliminate prog.header6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-17 17:51:56 -07:00
Tom Eastep
5f3ba4eb40 Clean up of conditional inclusion. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-17 12:12:32 -07:00
Tom Eastep
164d2f5d1b Some corrections to conditional inclusion 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-17 10:26:36 -07:00
Tom Eastep
1d021e3701 Correct spelling 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-17 09:42:15 -07:00
Tom Eastep
f9f557e1c6 Move all functions from prog.header* to lib.core 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-17 09:35:35 -07:00
Tom Eastep
29dd342118 Allow ?IF, ?ELSE and ?ENDIF in copied files 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-17 09:33:40 -07:00
Tom Eastep
8262cff71a Move conditional processing to it's own function 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-17 09:32:56 -07:00
Tom Eastep
ab13fbe95e Allow conditional compilation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-16 08:16:12 -07:00
Tom Eastep
95e4f8dd91 Fix TOS(tos/mask) in tcrules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-14 15:34:11 -07:00
Tom Eastep
8e413a7bf0 Fix TOS(tos/mask) in tcrules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-14 15:33:31 -07:00
Tom Eastep
2a67a202b0 Merge branch '4.5.1' 2012-03-13 20:16:01 -07:00
Tom Eastep
7e14777b8f Fix typo 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-13 19:54:58 -07:00
Tom Eastep
c1d0681e17 Correct LENGTH column validation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-13 17:58:18 -07:00
Tom Eastep
e3f2c49c7e Remove level of indirection for the 'super' property 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-13 12:23:33 -07:00
Tom Eastep
fecd091078 Remove %zones{option}{nested} 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-13 11:31:13 -07:00
Tom Eastep
e0b360513c Remove a level of indirection for 'complex' zone flag. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-13 09:47:31 -07:00
Tom Eastep
01d99d4873 Move zone mss handling to the Rules File 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-12 15:59:35 -07:00
Tom Eastep
acb2e2a8ab Implement mss= in hosts file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-12 15:14:35 -07:00
Tom Eastep
48570227ba Big cleanup of TOS handling 
- Validate settings/matches
- Allow setting in the tcrules file.
- Deprecate /etc/shorewall[6]/tos
 2012-03-09 16:16:25 -08:00
Tom Eastep
c112f20e17 Tighten editing of LENGTH column(s) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-07 14:07:04 -08:00
Tom Eastep
b2842ae8d4 Don't allow reserved variables to be set in params 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-05 15:42:53 -08:00
Tom Eastep
dff5136134 Correct issues with debugging the generated script 
a) Rename DEBUG to g_debug_iptablesb
b) Clear all of the tables prior to handling iptables-restore input.
 2012-03-05 15:21:10 -08:00
Tom Eastep
a84e131115 Fix bug in DSCP implementation. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-05 09:50:15 -08:00
Tom Eastep
aab6e67e70 Omit non-default geometry settings from updated shorewall.conf. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-29 12:34:06 -08:00
Tom Eastep
47453a20f7 Tweak to Run-time gateway variables 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-24 09:02:04 -08:00
Tom Eastep
7273f4d8d4 Implement run-time gateway variables. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-23 13:36:00 -08:00
Tom Eastep
2624005fa8 Fix FORMAT-2 interfaces 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-21 16:41:56 -08:00
Tom Eastep
d5af9c360d Implement FORMAT-2 interfaces file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-21 11:23:58 -08:00
Tom Eastep
2137840fec Fix bug in DSCP support 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-20 16:40:11 -08:00
Tom Eastep
a1ec1dc178 Add DSCP match support 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-20 08:47:48 -08:00
Tom Eastep
e2f4af6e48 Create a Perl-style switch statement to handle irregular entries in 
the tcrules file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-19 17:28:49 -08:00
Tom Eastep
b1272e8835 Add DSCP target support. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-19 17:04:16 -08:00
Tom Eastep
75d5957020 Unify 'dont_' chain flags 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-19 14:20:09 -08:00
Tom Eastep
1896e56894 Rework some newbie code in add_group_to_zone() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-19 08:39:17 -08:00
Tom Eastep
7cd7f1ebbe Make zone-option hashes and constants global 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-19 08:30:39 -08:00
Tom Eastep
7fef97d92d Fix compiler crash from unknown interface 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-18 10:02:39 -08:00
Tom Eastep
cd3a9854f8 Change ipset flags error to a warning 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-18 08:22:16 -08:00
Tom Eastep
59fea1a05d Add a SWITCH column to /etc/shorewall/masq 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-18 08:17:14 -08:00
Tom Eastep
1c7476fe61 Validate SOURCE/DEST fit for ipset flags 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-17 15:46:28 -08:00
Tom Eastep
460efbac77 Merge branch '4.5.0' 2012-02-11 11:36:38 -08:00
Tom Eastep
09078cf6ad Add comments to add_interface_options() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-07 14:20:11 -08:00
Tom Eastep
f5c09a9e2e Restore 'update -b' functionality 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-07 07:40:35 -08:00
Tom Eastep
f4be778b86 Restore 'update -b' functionality 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-07 07:38:07 -08:00
Tom Eastep
bd959884cc Don't require a MARK value on the default class. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-06 14:40:22 -08:00
Tom Eastep
a87a981a2e Merge branch '4.5.0' 2012-02-05 13:19:54 -08:00
Tom Eastep
e8875ae50b Sort emitted param settings in export_params() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-05 10:03:47 -08:00
Tom Eastep
8561bb77ee Delete the BLACKLIST entry in %sections 2012-02-05 09:40:02 -08:00
Tom Eastep
a25075d3c5 Minor cleanup of Rules file 
- Correct comments
- Delete stale comments
- Simplify a statement in process_rules1()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-03 10:34:53 -08:00
Tom Eastep
63aaeb37c4 Remove redundant prototype. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-03 10:34:37 -08:00
Tom Eastep
99e0a340b1 Cosmetic changes to Zones.pm source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-03 10:34:30 -08:00
Tom Eastep
b5e3a41e13 Remove redundant logic 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-03 10:34:20 -08:00
Tom Eastep
5c30c236a3 Minor cleanup of Rules file 
- Correct comments
- Delete stale comments
- Simplify a statement in process_rules1()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-03 09:53:43 -08:00
Tom Eastep
cdf284a4ee Remove redundant prototype. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-03 09:06:20 -08:00
Tom Eastep
57d1b29d1e Cosmetic changes to Zones.pm source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-03 07:29:13 -08:00
Tom Eastep
25031c3a42 Remove redundant logic 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-03 07:21:28 -08:00
Tom Eastep
0c1beb50ae Add 'IMQ Target' capability to tcrules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-02 12:54:00 -08:00
Tom Eastep
ab04a7fb46 Fix comments -- reflect changes done during the irule implementation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-01 13:53:12 -08:00
Tom Eastep
45a1f9df4f Streamline exclusion of the %vserver% pseudo-interface. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-01 10:25:26 -08:00
Tom Eastep
3f42b6d76f Merge branch 'master' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall 2012-01-25 20:41:50 -08:00
Tom Eastep
df3bded324 Simply getparams as a result of the new lib.cli variable-setting 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-25 20:41:08 -08:00
Tom Eastep
7cd05fd874 Correct routing commands in proxy NDP 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-21 19:58:47 -08:00
Tom Eastep
7d1bb30175 Merge branch 'master' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall 2012-01-17 13:12:01 -08:00
Tom Eastep
fc5f439b4b Generate prio 999 rule when USE_DEFAULT_RT=Yes, even when there are no balance providers. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-17 13:00:34 -08:00
Tom Eastep
ed3a623184 Cosmetic and maintainability improvements: 
1. Export optimization masks from Shorewall::Chains for use in
   Shorewall::Compiler.
2. Move capability reporting and checkint from Shorewall::Compiler to
   Shorewall::Config.
3. Eliminate some gratuitous black lines.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-17 07:24:12 -08:00
Tom Eastep
3120bb37d1 Reload load distribution chains during 'refresh' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-16 10:07:18 -08:00
Tom Eastep
58bf562747 Generate load rules at runtime rather than at compile time. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-15 19:23:44 -08:00
Tom Eastep
364420c4eb Don't derive base in load_chain() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-15 07:54:30 -08:00
Tom Eastep
b0f7c08844 Save load and status of each interface. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-14 17:43:25 -08:00
Tom Eastep
7316a2c51a Implement 'load=<load-factor>' in providers file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-13 16:37:05 -08:00
Tom Eastep
3920cef17e Update copyright on Shorewall::Providers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-12 07:14:04 -08:00
Tom Eastep
ec8491caf8 Issue a warning message when both 'route_rules' and 'rtrules' exist. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-12 07:10:16 -08:00
Tom Eastep
057ea718cd Remove 'stat' provider option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-12 07:09:53 -08:00
Tom Eastep
58a0b9b5c1 Rename route_rules to rtrules -- phase 2 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-09 07:19:10 -08:00
Tom Eastep
048d380c28 Issue warning if there is a deprecated option setting in the .conf file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-07 19:58:45 -08:00
Tom Eastep
ce73bb3d22 Unify prog.footer and prog.footer6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-07 13:53:41 -08:00
Tom Eastep
6f5ab698b4 Add a PROBABILITY column to the tcrules file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-06 12:54:37 -08:00
Tom Eastep
c4768d4a4a Allow run-time address variable in the SOURCE column of route_rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-06 11:59:22 -08:00
Tom Eastep
f003c0644b Fix MARK_IN_FORWARD_CHAIN=Yes with fw source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-06 09:26:43 -08:00
Tom Eastep
5ddb197680 Make '0' equivalent to '-' in the IN_BANDWIDTH column 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-06 09:14:07 -08:00
Tom Eastep
cda4c6ed11 Implement 'stat' provider option -- phase 1 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-05 16:49:26 -08:00
Tom Eastep
46d8adcfe9 Add STATISTIC_MATCH capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-04 15:46:01 -08:00
Tom Eastep
84dc26b82c Create lib.core 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-03 13:06:00 -08:00
Tom Eastep
7d756f51ac More unification of prog.header and prog.header6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-03 08:39:18 -08:00
Tom Eastep
4216d80c12 Allow Provider name in 'disable' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-02 15:25:43 -08:00
Tom Eastep
018ba394e3 Move common code from prog.header[6] to lib.common 2012-01-02 14:13:19 -08:00
Tom Eastep
a39f4699dc Update versions and copyrights 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-02 07:43:13 -08:00
Tom Eastep
288c7b06dc Place sfilter jumps in the option chains 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-31 14:47:36 -08:00
Tom Eastep
4b8fb130ba Update copyright dates. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-31 14:15:25 -08:00
Tom Eastep
c2293f3d64 Eliminate the $blrules global in Shorewall::Rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-31 13:16:04 -08:00
Tom Eastep
d6bac484dc Allow the timeout to be specified in that 'safe' commands. 
Also, allow a suffix (s, m or h) in the <timeout> paramater to the 'try' command.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-31 09:40:36 -08:00
Tom Eastep
64d3ac036b Disable BLACKLIST section 2011-12-30 20:25:54 -08:00
Tom Eastep
28f27c65aa Use SHA1 to shorten digests. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-30 14:58:49 -08:00
Tom Eastep
4d9a43a4dd Delete some 'dont_move' flags 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-30 11:31:08 -08:00
Tom Eastep
1d9a4c58e9 Cosmetic change with comments. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-30 10:59:23 -08:00
Tom Eastep
6f61293b08 Reduce the size of many configs by not copying long chains multiple times. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-30 10:27:58 -08:00
Tom Eastep
b63c7e0016 A bit of optimization in add_interface_options() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-30 08:08:28 -08:00
Tom Eastep
6bed5e5e55 Merge branch '4.4.27' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-30 07:28:14 -08:00
Tom Eastep
5b2f960db3 Disallow :P in CLASSIFY rules and complain if :F is used when the SOURCE or DEST is $FW. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-30 07:22:14 -08:00
Tom Eastep
1da7f52ed5 Copy output interface options rather than jump 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 18:49:47 -08:00
Tom Eastep
39f214208a Fix silly bug in the new option chain implementation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 17:57:39 -08:00
Tom Eastep
6926bcdbb9 More refinements of the option chain stuff. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 14:52:07 -08:00
Tom Eastep
f9960a0c94 Restore blacklst and blackout chains 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 13:45:35 -08:00
Tom Eastep
2c441b5393 Copy option rules into interface chains if no blacklist 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 09:32:16 -08:00
Tom Eastep
bddfb4f41c Add output option chains 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 08:22:00 -08:00
Tom Eastep
03610181fd Disallow :P in CLASSIFY rules and complain if :F is used when the SOURCE or DEST is $FW. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 07:49:53 -08:00
Tom Eastep
3ca9577f04 Cruft removal 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-28 16:22:11 -08:00
Tom Eastep
8cdc83638e Don't allow PREROUTING CLASSIFY rules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-28 14:07:12 -08:00
Tom Eastep
a98c85cbc4 Make 'audit' work on a converted blacklist file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-28 10:30:24 -08:00
Tom Eastep
eda918215d Option chain phase II implementation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-28 10:29:15 -08:00
Tom Eastep
0518def9cf Merge branch '4.4.27' 2011-12-28 09:58:19 -08:00
Tom Eastep
09f58512be Make 'audit' work on a converted blacklist file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-28 09:34:34 -08:00
Tom Eastep
eff447ac11 Phase one option chain implementation. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-27 18:12:58 -08:00
Tom Eastep
ea9c59a297 Add an interface filter chain for each interface. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-27 13:52:44 -08:00
Tom Eastep
49eb84b9e2 Remove more helper/proto silliness 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-27 13:06:37 -08:00
Tom Eastep
8a8214704e Centralize checking for required proto with helper 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-27 13:04:19 -08:00
Tom Eastep
aa743f2886 Merge branch '4.4.27' 2011-12-27 13:02:08 -08:00
Tom Eastep
c5868ef6e4 Revert "Remove redundant check." 
This reverts commit 53dd13cf15.
 2011-12-27 13:01:27 -08:00
Tom Eastep
7721644209 Merge branch '4.4.27' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall into 4.4.27 
Conflicts:
	Shorewall/Perl/Shorewall/Chains.pm
	Shorewall/Perl/Shorewall/Raw.pm
 2011-12-27 12:32:13 -08:00
Tom Eastep
1c2ab238a5 Merge branch '4.4.27' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall into 4.4.27 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-26 13:22:30 -08:00
Tom Eastep
3541767881 Don't croak when adding gateway route fails for IPv6. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-26 11:58:06 -08:00
Tom Eastep
53dd13cf15 Remove redundant check. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-26 11:57:34 -08:00
Tom Eastep
5520a6d31d Validate helper<->protocol 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-24 09:24:01 -08:00
Tom Eastep
be4cb9d26a Validate helper<->protocol 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-23 17:55:13 -08:00
Tom Eastep
97354c8ce8 Detect CT_TARGET when LOAD_HELPERS_ONLY=No 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-23 11:59:51 -08:00
Tom Eastep
0e3ad6ff91 Omit the chain designator from an error message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-23 07:51:12 -08:00
Tom Eastep
1c535ee0f9 Correct handling of a chain designator in CLASSIFY rules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-23 07:44:16 -08:00
Tom Eastep
3081ab1da1 Correct RELATED_DISPOSITION error message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-22 15:51:50 -08:00
Tom Eastep
ce735e9415 Allow a chain designator in CLASSIFY rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-22 15:41:16 -08:00
Tom Eastep
e93dbdcb99 Stop generation of superfluous routing rules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-21 08:01:25 -08:00
Tom Eastep
c03fe0a076 Implement USE_LOGICAL_NAMES. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-20 16:03:56 -08:00
Tom Eastep
1c8f6d3856 Eliminate a variable 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-18 15:05:03 -08:00
Tom Eastep
c00068e08d Another correction to the 'CT' target 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-18 07:21:32 -08:00
Tom Eastep
a80b46be81 Allow a port number to be appended to a helper name 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-17 17:08:24 -08:00
Tom Eastep
ec848ebc01 Parenthesize qa/.../ in embedded Perl 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-17 10:09:23 -08:00
Tom Eastep
ba5db8753e Fix CT helpers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-17 08:59:27 -08:00
Tom Eastep
9d66f34932 Allow config options to be used as shell variables 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-15 12:52:22 -08:00
Tom Eastep
10d10b1c16 Remove a redundant capability test 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-15 12:52:06 -08:00
Tom Eastep
6194eceaa4 Restore text of 'Provider "..." compiled' message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-15 12:51:39 -08:00
Tom Eastep
2142baca4f Avoid inappropriate RELATED,ESTABLISHED rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-06 19:04:43 -08:00
Tom Eastep
004d0bcc38 Allow rules in the RELATED section when there are non-default settions of 
the new RELATED_* options.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-06 13:38:11 -08:00
Tom Eastep
d4957696d1 Update man pages and sample files 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-05 17:45:09 -08:00
Tom Eastep
439af55312 Implement RELATED_DISPOSITION and RELATED_LOG_LEVEL 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-05 16:08:17 -08:00
Tom Eastep
febe9e5222 Apply Chris Boot's fix for TC_ENABLED=Shared 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-05 12:22:48 -08:00
Tom Eastep
2cffae738f Initial implementation of CT target support in the 'notrack' file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-04 17:15:58 -08:00
Tom Eastep
a794027f63 Implement CT capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-04 14:35:53 -08:00
Tom Eastep
e7d2b1d4ed Consolidate the lib.common files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-04 09:19:48 -08:00
Tom Eastep
6bb487bb68 Pass $CONFIG_PATH to compiler.pl 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-02 07:36:23 -08:00
Tom Eastep
8c6914d1a2 Don't deprecate 'optional' for shared providers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-01 11:23:22 -08:00
Tom Eastep
a27f5655a7 Merge branch '4.4.26' 2011-12-01 10:41:22 -08:00
Tom Eastep
99bf7fb994 Don't do TC stuff during enable/disable of a shared provider 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-01 10:41:03 -08:00
Tom Eastep
568e3b2e5b Allow a provider name in addition to an interface name in enable/disable 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-01 10:32:54 -08:00
Tom Eastep
8f14485d67 Allow a provider name in addition to an interface name in enable/disable 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-01 10:30:42 -08:00
Tom Eastep
3110f7c74a Add enable/disable commands to the CLIs 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-01 10:25:51 -08:00
Tom Eastep
d8caa6498a Add tracing to Optimize 16. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-30 07:57:19 -08:00
Tom Eastep
9e149ca038 Correct default values during update 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-27 14:12:51 -08:00
Tom Eastep
61d5c6d6da Implement Shorewall::Chains::clone_rule() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-26 09:36:02 -08:00
Tom Eastep
3498076a96 Accurately compare rule key values that are array references. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-26 08:03:02 -08:00
Tom Eastep
15d95b6977 Fix SAME target. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-26 07:48:03 -08:00
Tom Eastep
5cdb74168f Correct port list capture with --multiport. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-25 16:22:23 -08:00
Tom Eastep
613e41c25a Enable OPT 16 in check -r; Suppress duplicate rules 2011-11-25 16:05:07 -08:00
Tom Eastep
90e03e1833 Even more tweaks to optimize 16 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-25 14:46:37 -08:00
Tom Eastep
71bbd7963c Some tweaks to optimize 16 2011-11-25 10:42:10 -08:00
Tom Eastep
f305da9d0d Require extended multi-port match for OPTIMIZE 16. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-24 10:57:09 -08:00
Tom Eastep
8d8a681f40 Implement optimization level 16 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-24 10:22:04 -08:00
Tom Eastep
4559c8b5d0 Tweaks to convert_blacklist() 
- Reword an error message to handle both missing file and zero-sized file.
- Don't rename file that doesn't exist.
 2011-11-21 12:13:39 -08:00
Tom Eastep
dffb79e7bd Handle empty blacklist file in 'update -b' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-20 17:02:01 -08:00
Tom Eastep
bd8ba435cd Avoid uninitialized value in hash element. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-20 16:24:42 -08:00
Tom Eastep
4d30811794 Implement 'show marks' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-20 12:29:17 -08:00
Tom Eastep
e5a6387695 Eliminate use of WIDE_TC_MARKS in the Tc module 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-20 08:45:16 -08:00
Tom Eastep
382309bc53 Derive default values for the mark-layout options 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-20 07:03:33 -08:00
Tom Eastep
83d7cfa76a Update documentation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-19 15:18:43 -08:00
Tom Eastep
ae8aa3a45a More fixes for ZONE_BITS 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-19 08:19:38 -08:00
Tom Eastep
ab1b65d6a8 Fixes for blacklist conversion 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-19 08:18:58 -08:00
Tom Eastep
4f9afc32ec Allow zone names in the MARK column when ZONE_BITS != 0 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-18 07:23:24 -08:00
Tom Eastep
7c0cb69c29 Don't copy limited broadcast routes to provider tables 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-18 07:07:51 -08:00
Tom Eastep
364b30fd9b Fix 'update -b' handling of missing files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-18 06:26:37 -08:00
Tom Eastep
72f75c201c Implement zone automark 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-17 16:07:45 -08:00
Tom Eastep
96f5aec71f Add ZONE_BITS configuration option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-17 10:40:47 -08:00
Tom Eastep
fe09646bed Make zone types a power of 2. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-17 09:23:39 -08:00
Tom Eastep
348c6c8cf7 Correct handling of LOGMARK 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-17 07:22:07 -08:00
Tom Eastep
d096b9399a Fix '\!' handling in validate_level() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-15 16:41:32 -08:00
Tom Eastep
afaf0d9de8 Trivial optimiation in validate_level() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-13 06:19:40 -08:00
Tom Eastep
28a1087cd4 Cleanup of rewritten validate_level() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-13 05:58:59 -08:00
Tom Eastep
73ed66b9b9 Add ULOG and NFLOG capabilities plus LOGMARK for IPv6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-12 14:10:48 -08:00
Tom Eastep
ffec7a4d95 More corrections to wildcard interfaces 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-11 07:29:44 -08:00
Tom Eastep
04dfe26549 Remove two unused variables. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-11 05:23:37 -08:00
Tom Eastep
972721facb Remove some white space 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-10 17:52:25 -08:00
Tom Eastep
6813409c31 Make the previous patch a bit cleaner 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-10 07:19:21 -08:00
Tom Eastep
d85f6970e3 Fix wildcard interfaces 
- Suppress extra jumps to interface chains.
- Insure that the 'lo' ACCEPT rule doesn't get masked by a wildcard interface

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-10 06:53:48 -08:00
Tom Eastep
d053faadde Allow convertion of a legacy blacklist configuration 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-08 12:59:40 -08:00
Tom Eastep
6108a9cad8 Delete BLACKLISTSECTION 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-06 14:46:14 -08:00
Tom Eastep
da7516d401 Update config files and manpages for BLACKLISTSECTION 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-06 12:05:07 -08:00
Tom Eastep
1091c24348 Implement the BLACKLISTSECTION option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-06 08:43:38 -08:00
Tom Eastep
689e9b0fe1 Make replacement of '+' by '*' global in case statements. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-04 13:49:10 -07:00
Tom Eastep
352dba1aac More cleanup of the IN_BANDWIDTH code 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-02 06:34:35 -07:00
Tom Eastep
b9a7374130 Omit estimator when no avrate. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-01 11:16:51 -07:00
Tom Eastep
cfa33e894f Restore IN_BANDWIDTH functionality on moribund distributions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-01 07:02:32 -07:00
Tom Eastep
8b8140cc9f Add 'Basic Filter' capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-01 06:34:57 -07:00
Tom Eastep
f3b5d5585f Correct detection of FLOW_FILTER 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-01 06:21:34 -07:00
Tom Eastep
dc1f815679 Reload blacklistsection chains even when legacy blacklisting is used. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-31 08:04:32 -07:00
Tom Eastep
29f6f6e3f2 Allow 'refresh' to reload chains from the BLACKLIST section. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-30 06:05:24 -07:00
Tom Eastep
16457ce85b Evaluate a variable at compile-time rather than at run-time 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-27 07:07:38 -07:00
Tom Eastep
c319921365 Correct validation of 4in6 addresses 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-25 06:19:34 -07:00
Tom Eastep
3258806f6c Insure that 32767 default rule exists on IPv6. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-24 21:15:09 -07:00
Tom Eastep
ccdda4c73b Tighten the rule compatibility test in sub compatible(). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-24 13:16:17 -07:00
Tom Eastep
3c98094242 Combine all IPV6 filtering in the routing table copy routines 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-24 13:15:36 -07:00
Tom Eastep
14764acd2d Restore a blank line in the generated script 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-24 08:50:15 -07:00
Tom Eastep
ee66be8f32 Place all ip-address rules at priority 20000. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-23 17:11:41 -07:00
Tom Eastep
54ba4ed879 Add MARK column to route_rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-23 07:56:53 -07:00
Tom Eastep
4b419f7497 Cleanup if IPv6 provider work 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-22 12:48:07 -07:00
Tom Eastep
d3d9380df5 Don't combine incompatible chains 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-21 11:55:30 -07:00
Tom Eastep
f31f3dc92a Implement 'fallback' and 'balance' for IPv6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-21 11:55:15 -07:00
Tom Eastep
20cd943a60 Make route-table copying work on IPv6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-20 10:32:09 -07:00
Tom Eastep
a42e2dff7f Allow caps in IPv6 addresses 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-19 07:47:49 -07:00
Tom Eastep
62d43ab6dd Cleanup of new IN-BANDWIDTH handling. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-18 05:53:50 -07:00
Tom Eastep
dbe936c7c9 Cleanup of new IN-BANDWIDTH handling (avoids a syntax error) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-17 06:29:27 -07:00
Tom Eastep
4d83201843 Allow configuraton of a rate estimated policing filter 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-16 14:38:27 -07:00
Tom Eastep
ebc944f027 Add optional MTU parameter in IN_BANDWIDTH 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-16 10:52:45 -07:00
Tom Eastep
a077a9821d Implement rate estimation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-11 15:27:24 -07:00
Tom Eastep
25a6f10025 Fix complex traffic shaping 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-11 10:52:37 -07:00
Tom Eastep
ede17cb771 Restore lost function from merging 4.4.24 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-10 16:51:27 -07:00
Tom Eastep
6d56a8aa45 Merge branch '4.4.24' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-10 06:57:05 -07:00
Tom Eastep
a12a4a5a89 Add '6in4' as a synonym for '6to4' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-10 06:54:31 -07:00
Tom Eastep
99b21fdfc5 Implement HL manipulation for IPv6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-09 14:01:40 -07:00
Tom Eastep
668926c2a6 Add BALANCE_TABLE. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-09 09:00:14 -07:00
Tom Eastep
a5010ec9a6 Correct alternate specification in the tunnels file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-09 08:50:55 -07:00
Tom Eastep
31e0b186bf More fixes for 'fallback' without weight 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-09 07:53:59 -07:00
Tom Eastep
809f27decd More alternate-specification fixes. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-09 07:06:01 -07:00
Tom Eastep
8115934adf More alternate-specification fixes. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-09 07:05:08 -07:00
Tom Eastep
035db174d8 Fix 'fallback' without weight 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-09 06:58:41 -07:00
Tom Eastep
3afd6a3ad3 Correct proto column of the netmap file 2011-10-08 18:20:47 -07:00
Tom Eastep
2d6f5da6bc Correct proto column of the netmap file 2011-10-08 18:19:08 -07:00
Tom Eastep
c304661217 Fix earlier change 2011-10-08 17:10:23 -07:00
Tom Eastep
661606ef95 Merge branch '4.4.24' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-08 17:07:12 -07:00
Tom Eastep
b5963c6783 Fix alternate nat handling 2011-10-08 17:01:18 -07:00
Tom Eastep
e6b120a805 Implement BALANCE table 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-08 13:54:39 -07:00
Tom Eastep
e322e60d73 Fix 'fallback' 2011-10-08 12:32:29 -07:00
Tom Eastep
04c2007d53 Resolve merge conflicts 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-08 07:03:01 -07:00
Tom Eastep
5d4a0172b7 A bit of cleanup 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-05 09:32:26 -07:00
Tom Eastep
835a056eb8 Implement BLACKLIST section in the rules file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-03 16:02:01 -07:00
Tom Eastep
57650e8dd9 Add two new actions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-02 18:41:58 -07:00
Tom Eastep
0a5d5821ec Support additional forms of column/value pair specification 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-02 11:45:55 -07:00
Tom Eastep
e728d663f9 Implement IPTABLES_S capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-01 13:54:52 -07:00
Tom Eastep
2f0829596f Fix format-1 Actions 2011-10-01 12:17:29 -07:00
Tom Eastep
f6092ee52d Eliminate the maxcolumns argument to the split_line functions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-01 11:39:12 -07:00
Tom Eastep
072f4752fc Get rid of minimum column requirement 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-10-01 09:56:25 -07:00
Tom Eastep
c76957cc39 Reword an error message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-26 08:51:05 -07:00
Tom Eastep
4c7f1a03a0 Catch multiple semicolons on a line. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-26 07:42:44 -07:00
Tom Eastep
9a4dfc4394 Implement an alternate way of specifying column contents. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-25 17:08:53 -07:00
Tom Eastep
da5b6b99d4 Implement TTL support in tcrules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-24 16:17:52 -07:00
Tom Eastep
dbf5f17b41 More tweaks to switch implementation. 
1) Switch names may be 30 characters long.
2) Switch settings are retained over restart.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-24 07:34:58 -07:00
Tom Eastep
40bc6df07a Correct handling of SWITCH column 
- Handle exclusion
- Correctly detect CONDITION_MATCH at compile time
- Include condition match in the filter part of a NAT rule

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-23 15:01:40 -07:00
Tom Eastep
caddd65412 Rename condition->switch and add more documentation. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-23 12:33:55 -07:00
Tom Eastep
75b4540d26 Add support for condition match in the rules file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-21 15:20:50 -07:00
Tom Eastep
7978993d2b Validate NET2 in IPv6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-20 16:24:39 -07:00
Tom Eastep
a5e05c9e8e Don't allow long port lists or icmp lists in netmap 2011-09-19 13:27:27 -07:00
Tom Eastep
990d6e504d Correct icmp-type and icmpv6-type 2011-09-19 10:05:58 -07:00
Tom Eastep
fd1e996fb1 Correct call to dest_iexclusion() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-19 08:28:29 -07:00
Tom Eastep
e01276225c Correct port order in the netmap file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-19 06:17:02 -07:00
Tom Eastep
c2bcb08483 Add 'i' versions of exclusion functions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-18 14:12:22 -07:00
Tom Eastep
95a83f7fdf Allow exclusion in the netmap file's NET1 column 2011-09-17 09:20:15 -07:00
Tom Eastep
5aac5870a1 Call setup_netmap if IPv6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-17 07:31:18 -07:00
Tom Eastep
86847957bf Merge branch '4.4.23' 2011-09-16 09:03:43 -07:00
Tom Eastep
76fc55d750 Fix TC_ENABLED=Shared 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-16 06:50:34 -07:00
Tom Eastep
be1765f44d Don't emit 'enable' code for required providers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-15 14:46:29 -07:00
Tom Eastep
fcb8fa79c0 Don't emit 'enable' code for required providers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-14 08:25:47 -07:00
Tom Eastep
e1afc645ba Allow IPv6 stateless NAT (undocumented) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-14 08:24:44 -07:00
Tom Eastep
fe9df4dfd1 Remove interface weight file if not balance or default. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-14 06:24:22 -07:00
Tom Eastep
ab1fac3fc6 Add some comments to getparams 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-11 09:52:12 -07:00
Tom Eastep
d4b37d1c52 Better way of handling environmental variables with embedded quotes. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-10 15:46:26 -07:00
Tom Eastep
fb6d4ffaf9 Merge branch '4.4.23' 2011-09-10 08:34:45 -07:00
Tom Eastep
8ce60ce825 Don't emit dangerous %ENV entries to the generated script 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-10 08:18:46 -07:00
Tom Eastep
7ed52360d5 Set all interfaces's 'routefilter' option if ROUTE_FILTER=on 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-07 12:19:13 -07:00
Tom Eastep
6f2fd75a8c Merge branch '4.4.23' 2011-09-07 11:14:11 -07:00
Tom Eastep
5f85646418 Fix disable of last balanced route 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-07 07:00:18 -07:00
Tom Eastep
b19a6f0bfd Merge branch '4.4.23' 2011-09-05 17:25:03 -07:00
Tom Eastep
77ca62835f Add PROTO and PORTS columns to netmap 2011-09-05 12:33:42 -07:00
Tom Eastep
02009ee060 Set 'use_..._chain' on interfaces with sfilters 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-05 06:23:18 -07:00
Tom Eastep
2285dce4d1 Fix debugging of ipv6 ruleset 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-03 13:58:05 -07:00
Tom Eastep
29e0f57928 Cosmetic/readability changes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-03 08:44:15 -07:00
Tom Eastep
d1fea7c682 Correct 'disable' with dynamic gateway 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-02 11:01:06 -07:00
Tom Eastep
46d9faa63a Correct sed invocation in add_gateway() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-02 10:28:41 -07:00
Tom Eastep
a63d4dad44 More sfilter tweaks 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-02 08:41:42 -07:00
Tom Eastep
6afd18646d Remove backslashes from routes before processing them. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-02 08:41:15 -07:00
Tom Eastep
f5c2e9b211 Make the sfilter logic cleaner and add a comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-01 14:15:15 -07:00
Tom Eastep
a0bbd72a39 Avoid a calculation in a loop in the generated code 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-09-01 06:06:50 -07:00
Tom Eastep
3fa646845f Fix busybox anomaly 2011-08-31 16:38:58 -07:00
Tom Eastep
82a806d788 Merge branch 'master' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-31 07:58:51 -07:00
Tom Eastep
b8951259bd Avoid emitting out-of-function statements. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-30 16:55:44 -07:00
Tom Eastep
78a25bb51b Avoid undefined value error. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-30 16:43:38 -07:00
Tom Eastep
abdd6bec27 More corrections to undo_routing 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-30 09:31:06 -07:00
Tom Eastep
3031c37edd Handle routes and rules for main and default 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-29 10:05:36 -07:00
Tom Eastep
45bc3a7ea0 Split add_a_provider() into two functions. 
- Avoid generating add_xxx_routes() and add_xxx_rules
- Only configure tc during 'enable'
- Fix a bad bug (routes were actually rules)

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-28 08:04:06 -07:00
Tom Eastep
65fe958e8e Split add_a_provider() into two functions. 
- Avoid generating add_xxx_routes() and add_xxx_rules
- Only configure tc during 'enable'
- Fix a bad bug (routes were actually rules)

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-28 07:54:47 -07:00
Tom Eastep
90f83fd9fd Clear device TC on 'disable' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-27 12:33:24 -07:00
Tom Eastep
ed7d70e54b Merge branch 'EdW' 2011-08-27 11:45:37 -07:00
Tom Eastep
0ef8e3b1d6 Give tcpri processing its own function. Add some comments 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-27 11:44:42 -07:00
Tom Eastep
eb9d798ad3 Correct traffic-shaping handling 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-27 11:17:08 -07:00
Tom Eastep
5d21b55ecc Configure /proc during 'enable' processing. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-27 09:21:02 -07:00
Tom Eastep
cedf203c21 Allow tc config during 'enable' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-27 08:29:55 -07:00
Tom Eastep
7d66b3e60f Correct typo in prog.footer 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-26 14:13:34 -07:00
Tom Eastep
a8d0f5f40b Fix the log message when 'enable' fails. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-26 11:02:42 -07:00
Tom Eastep
528f2b0aa2 Implement enable and disable commands for IPv4 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-25 16:00:27 -07:00
Tom Eastep
2ef7dd5201 Re-factor Provider startup 2011-08-24 17:37:39 -07:00
Tom Eastep
8c8326fa58 Correct handling of Wildcard Providers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-20 06:49:02 -07:00
Tom Eastep
8ae9b2948e Make 'start debug' work with the rawpost table. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-16 16:17:02 -07:00
Tom Eastep
ca8e99ed51 Correct implementation of the ALL section. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-16 14:10:21 -07:00
Tom Eastep
e5886abed1 Take care of oversights in the Stateless NAT implementation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-16 14:10:07 -07:00
Tom Eastep
bc706324e9 Add an ALL section to the rules files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-15 15:32:24 -07:00
Tom Eastep
d5290fc881 Correct typo that caused an internal error 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-15 10:11:12 -07:00
Tom Eastep
0b2a8b12c7 Implement Stateless NAT support. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-14 12:01:17 -07:00
Tom Eastep
71480ff647 Validate nets in the netmap file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-13 15:59:42 -07:00
Tom Eastep
97121116a3 Add rawpost table detection 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-13 11:14:29 -07:00
Tom Eastep
37b08dd991 Merge branch '4.4.22' 2011-08-13 10:48:27 -07:00
Tom Eastep
dec4f4f186 Separate target and targetopts in add_ijump calls. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-13 09:56:14 -07:00
Tom Eastep
b1b323191c Merge branch '4.4.22' 2011-08-11 20:19:47 -07:00
Tom Eastep
786455b287 Unlink .bak file if no changes to .conf. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-11 20:19:30 -07:00
Tom Eastep
39c71418da Merge branch '4.4.22' 2011-08-10 09:34:37 -07:00
Tom Eastep
7708c251db Fix ECN when MANGLE_FORWARD is not available. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-10 09:34:15 -07:00
Tom Eastep
8eff66dcfd Fix handling or ORIGINAL DEST when CONNTRACK_MATCH is not available 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-10 07:12:13 -07:00
Tom Eastep
67c1fa1e63 Fix old state match 2011-08-08 20:35:55 -07:00
Tom Eastep
8fe064914b Fix old state match 2011-08-08 20:32:02 -07:00
Tom Eastep
4824c9b8ff Add QUOTA_MATCH capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-08 14:37:47 -07:00
Tom Eastep
b0fe8e1e60 Merge branch '4.4.22' 2011-08-03 07:20:57 -07:00
Tom Eastep
a548bddea8 Remove she-bang from first line of prog.header* 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-03 07:20:34 -07:00
Tom Eastep
679de4ccf6 Apply Orion Poplawski's 'qtnoin' patch 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-02 16:51:49 -07:00
Tom Eastep
50a29f6858 Correct detection of OLD_IPSET_MATCH when LOAD_MODULES_ONLY=No 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-08-02 11:58:54 -07:00
Tom Eastep
ae0cffa588 Fix handling of zone names beginning with 'all' 2011-08-02 09:13:23 -07:00
Tom Eastep
d358285d56 Remove obsolete comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-31 11:34:46 -07:00
Tom Eastep
512273fa91 Avoid undefined reference in Shorewall::rules::save_policies 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-30 07:04:42 -07:00
Tom Eastep
42ae3ba581 Cleaner fix for TCP_FLAGS_DISPOSITION 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-30 06:57:18 -07:00
Tom Eastep
d9fe6e7a42 Handle missing TCP_FLAGS_DISPOSITION setting 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-28 15:56:34 -07:00
Tom Eastep
6c025d20c9 Fix Shorewall6 Kernel Version test 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-28 15:53:35 -07:00
Tom Eastep
a992ec594a Accomodate kernel version 3.0 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-27 17:03:27 -07:00
Tom Eastep
a18c502796 Correct reference counting in one more place in expand_rule() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-25 07:42:01 -07:00
Tom Eastep
ecd2e2276e Add some comments and remove extra whitespace 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-25 06:56:05 -07:00
Tom Eastep
215e923562 A little cleanup 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-24 16:17:22 -07:00
Tom Eastep
703bc88bfd Move merge_rules() back to where it was. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-24 15:06:42 -07:00
Tom Eastep
ac5a6f4471 Cleanup of progress messages 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-24 09:13:46 -07:00
Tom Eastep
f2c9647579 Set empty target in rules created via add_irule() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-24 08:28:43 -07:00
Tom Eastep
e693665be1 Add correct reference counting to merge_rules() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-24 08:03:45 -07:00
Tom Eastep
ea4b8cdb6f Exempt policy chains from optimization level 8. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-23 16:34:01 -07:00
Tom Eastep
b789d825f8 Unify the setting of $targetref and $jump 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-23 14:47:16 -07:00
Tom Eastep
83e6e2f105 Another fix for reference counting. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-23 13:54:56 -07:00
Tom Eastep
028fc20741 Correct reference accounting when long port lists are split 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-23 07:31:58 -07:00
Tom Eastep
3d616980a6 Don't delete the {target} member in clear_rule_target() but instead set it to '' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-23 07:30:56 -07:00
Tom Eastep
567993292f Some efficiency changes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-22 17:48:14 -07:00
Tom Eastep
5764e7899b Rename combined chains created by optimization level 8 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-22 14:12:03 -07:00
Tom Eastep
22463e451d More efficient method of generating rule strings for comparison 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-22 11:06:29 -07:00
Tom Eastep
1d24f28c83 Rename %special -> %opttype 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-22 11:06:03 -07:00
Tom Eastep
bfd63dcace Revert LOGLIMIT conversion change 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-22 07:53:30 -07:00
Tom Eastep
2adf2883d5 Revert addition of do_i functions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-22 07:23:13 -07:00
Tom Eastep
5e190f4e4e Implement '_i' equivalents of all do_ functions. 
Also implements handling of long port lists in new-format rules.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-22 06:22:52 -07:00
Tom Eastep
0791ea6698 Make 'KLUDGEFREE' a global to make it faster to test. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-21 12:57:20 -07:00
Tom Eastep
4eeb233d95 A little reorg to prepare for moving long port list remediation to the new chain structure. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-20 18:52:20 -07:00
Tom Eastep
705ffbca49 Fix for LOGMARK(<list>) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-20 17:33:31 -07:00
Tom Eastep
a7ab53e135 Trap '!' in port columns. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-20 15:55:18 -07:00
Tom Eastep
32a8b254a0 Some optimizations in the new rule infrastructure 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-20 15:53:00 -07:00
Tom Eastep
ca655a6f52 Use add_ijump for all jump 'irules'. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-20 07:30:49 -07:00
Tom Eastep
12b5aa687b More conversion to new rule interface 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-19 11:58:10 -07:00
Tom Eastep
f8be76f471 Make LOGMARK work without a parameter. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-19 11:57:12 -07:00
Tom Eastep
8b56e16bf9 Fix LOGMARK 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-19 06:54:41 -07:00
Tom Eastep
58de3dd3c1 Fix :persistent and :random in /etc/shorewall/masq 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-18 15:35:07 -07:00
Tom Eastep
346df62cc6 Support long-form iptables options. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-18 13:47:52 -07:00
Tom Eastep
796f3b6668 Correct cmdlevel settings in irules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-18 10:05:39 -07:00
Tom Eastep
1e89074bf8 Correct tracing of nested rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-18 09:46:41 -07:00
Tom Eastep
a80b04bd74 Correct formatting of empty arguments to add_commands 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-18 09:45:59 -07:00
Tom Eastep
bfd69c33c7 Correctly format empty arguments to add_commands() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-18 09:19:52 -07:00
Tom Eastep
043fb8757c Convert Rules.pm infrastructure to use the new rule interface 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-18 08:29:42 -07:00
Tom Eastep
7aa7cd54c2 Convert Providers.pm to use the new rules interface. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-18 07:43:25 -07:00
Tom Eastep
3c60f107b7 Convert generate_matrix() to use the new rules interface 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-18 07:24:21 -07:00
Tom Eastep
2efa2796d3 More new rule interface calls in the Misc module 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-17 15:12:58 -07:00
Tom Eastep
b2305ca9cf Convert Tunnels file to use irules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-17 11:33:01 -07:00
Tom Eastep
a211f8fd0f Infrastructure for new rule interface 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-17 10:37:15 -07:00
Tom Eastep
f3f535abac POC of new rule interface 
Also removed FAKE_AUDIT option

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-17 08:35:09 -07:00
Tom Eastep
950c32d46b Convert add_commands() calls to the equivalent add_rule() calls. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-16 16:31:29 -07:00
Tom Eastep
03913019d8 Mark DHCP rules for the convenience of move_rules(). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-16 15:34:57 -07:00
Tom Eastep
27621fa0f9 Impose some structure on setting rule options 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-16 14:46:34 -07:00
Tom Eastep
0f742187ae Implement intermediate rule representation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-16 09:41:53 -07:00
Tom Eastep
d1b8d7b953 Make perl modules version-neutral 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-10 15:10:27 -07:00
Tom Eastep
11c580de54 Fix exclusion in IPv6 hosts file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-09 17:27:09 -07:00
Tom Eastep
e21ff03339 Fix ipsets in IPv6 hosts file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-09 16:17:35 -07:00
Tom Eastep
fbeddca6a4 Another IPv6 ipset issue (z:!+set in the DEST column) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-09 15:40:18 -07:00
Tom Eastep
a998476d00 Correct Accounting module version 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-09 07:08:47 -07:00
Tom Eastep
6c802d3353 Tighten up source and dest checking in expand_rule() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-09 07:08:39 -07:00
Tom Eastep
1f30976790 Correct change that tightened editing of IPv6 addresses 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-08 18:34:33 -07:00
Tom Eastep
22f1d1ba89 Another fix for IPv6 and IPSETs 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-08 16:31:35 -07:00
Tom Eastep
a8daff0008 Correct handling of <interface>:+<ipset> in Shorewall6. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-08 15:57:08 -07:00
Tom Eastep
7fa59706c5 Correct TPROXY/IPv6 address fix 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-07 14:50:44 -07:00
Tom Eastep
3f903fe3f1 Allow IPv6 Address as the third argument to TPROXY 
- also update the manpages to describe TPROXY

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-07 06:43:16 -07:00
Tom Eastep
e1d8d71348 Version to 4.4.22 Beta 1 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-04 09:36:54 -07:00
Tom Eastep
6be8c08673 Create action chain without leading % when possible 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-04 07:48:52 -07:00
Tom Eastep
1536ff4b92 Corrections to dropBcast/allowBcast 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-03 15:58:19 -07:00
Tom Eastep
24deabb03f Merge branch '4.4.21' 2011-07-03 08:48:27 -07:00
Tom Eastep
9691a8ceb3 Don't collapse '-' and '--' in @actparms 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-03 08:47:53 -07:00
Tom Eastep
029ac610fe Merge branch '4.4.21' 2011-07-03 07:23:09 -07:00
Tom Eastep
d31e2d67ba DEFAULTS directive enforces max number of parameters 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-03 07:22:29 -07:00
Tom Eastep
62c62441bb Eliminate duplicate function definitions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-03 07:04:52 -07:00
Tom Eastep
d99090978d Merge branch '4.4.21' 2011-07-03 06:40:08 -07:00
Tom Eastep
5b06e88b3d Push/Pop comment during action processing 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-03 06:37:41 -07:00
Tom Eastep
7e3f97c154 Prepare for more parameterized actions 
- Export add_commands, incr_cmd_level and decr_cmd_level by default
- Move ensure_audit_chain and require_audit from Rules.pm to Chains.pm
- Add get_action_logging() function
- Export require_capability and have_capability by default

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-03 06:22:51 -07:00
Tom Eastep
ad71faacaa Correct push_action_params() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-02 17:02:39 -07:00
Tom Eastep
42aa3724af Trace system calls when debugging 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-02 08:37:57 -07:00
Tom Eastep
4ea8a65cd9 Trace system calls when debugging 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-02 08:27:17 -07:00
Tom Eastep
afa5ea3fd2 Minor tweaks to Config.pm 
- Look for unprintable gunk in lines processed by split_line1()
- Modify a comment
- replace awkward close/assert statement

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-02 08:10:43 -07:00
Tom Eastep
bd9bf3d43a Rename & export get_actionchain() -> get_action_chain() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-02 07:02:18 -07:00
Tom Eastep
c309ca3075 Revert "Simplify push_action_params()" 
This reverts commit 89ee25dde2.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-01 16:23:39 -07:00
Tom Eastep
8ab45b4de3 Save current action chain along with params. Add get_action_chain() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-01 16:21:36 -07:00
Tom Eastep
89ee25dde2 Simplify push_action_params() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-01 15:38:39 -07:00
Tom Eastep
ea22d79aeb Update the version of Providers.pm 2011-06-30 18:40:48 -07:00
Tom Eastep
6ff02dbaa3 Make 'fallback' and 'balance' mutually exclusive 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-30 10:00:01 -07:00
Tom Eastep
f09d286738 Correct script generation problem with TPROXY 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-29 20:05:27 -07:00
Tom Eastep
cbeebb6bf8 Bump version to 4.4.21. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-29 11:36:04 -07:00
Tom Eastep
ea038bcecb Correct regular expression in process_shorewall_conf() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-28 06:42:41 -07:00
Tom Eastep
05103bacd0 Don't expand single-quoted .conf option values 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-26 07:45:09 -07:00
Tom Eastep
0b431aa8c1 Minor tweaks to Config.pm 
- Add/revise comments
- Rename $line -> $lineref in expand_variables()
- Collapse 3 lines into one in process_shorewall_conf()
 2011-06-26 06:50:22 -07:00
Tom Eastep
7507c81882 Remove some whitespace 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-25 21:55:49 -07:00
Tom Eastep
9f37f09b28 Clean up variable expansion: 
1) Centralize code in function expand_variables()
2) Eliminate %rawconfig
3) Correct logic in update_config_file() - the defect was not observable
   but the code was clearly silly
 2011-06-25 21:08:32 -07:00
Tom Eastep
47c759d93c Convert %actparms to an array 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-25 11:39:13 -07:00
Tom Eastep
5740b69dc6 Fix another empty parameter list issue 2011-06-25 09:46:58 -07:00
Tom Eastep
19c1f388a7 Modify Debian test in update 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-24 15:01:25 -07:00
Tom Eastep
fb2085b0c3 Support 'update' on Debian 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-24 13:40:32 -07:00
Tom Eastep
ca9276fd7e Add quotes on deprecated and obsolete options if appropriate 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-24 11:47:34 -07:00
Tom Eastep
129d1739d1 Cosmetic changes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-24 07:58:46 -07:00
Tom Eastep
7583a5c7a3 Use updated values in configuration verification 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-24 07:22:41 -07:00
Tom Eastep
11b847f3a4 Correct spelling in an error message (FOREWARD -> FORWARD) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-24 06:22:16 -07:00
Tom Eastep
6f68ed5508 Initiate 4.4.21 RC 1 2011-06-23 16:23:52 -07:00
Tom Eastep
ba9a0016a8 Move update_config_file() to before process_shorewall_conf() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-23 06:37:21 -07:00
Tom Eastep
de7d95e7ff Rename 'ipset v4' -> 'ipset v5' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-23 06:36:35 -07:00
Tom Eastep
04d551d8ca Detect ipset V4 and use its syntax 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-22 16:43:42 -07:00
Tom Eastep
7ef7490cd6 Change the compiler's default for LEGACY_FASTSTART 
- No visible effect since the compiler doesn't use this option
 2011-06-22 13:56:17 -07:00
Tom Eastep
1b3d7947b8 Update the .conf file before validating ('update' command) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-22 12:31:58 -07:00
Tom Eastep
ba7d5fd720 Avoid two-stage processing of shorewall.conf when not updating. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-22 10:56:25 -07:00
Tom Eastep
106ba52362 Change signature of get_action_params 
- Accepts a number of parameters rather than a list
- Change action.Drop and action.Reject accordingly
- Define correct number of parameter variables in action.Drop and action.Reject

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-22 08:27:01 -07:00
Tom Eastep
62a75cb98d Fix parameterization of standard default actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-22 07:51:42 -07:00
Tom Eastep
b43bee2c62 Streamline PERL in action.Drop and action.Reject 
- Rename read_action_param => get_action_params
- Allow it to accept a list of indexes and to return a list

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-22 06:53:15 -07:00
Tom Eastep
bbf853bd1d Cleaner handling of DEFAULTS in a non-action context 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-22 06:11:20 -07:00
Tom Eastep
ece598288f Disallow DEFAULTS in the rules file 2011-06-21 21:00:08 -07:00
Tom Eastep
d51ca478bd Reverse one hunk from empty-parameter fix 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-21 11:45:32 -07:00
Tom Eastep
063e21e69f Allow an empty parameter list in an action (e.g., "Action()") 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-20 19:45:01 -07:00
Tom Eastep
71d88b93a0 Make IPv6 Dynamic Zone set names unique 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-20 17:22:34 -07:00
Tom Eastep
39e74911d8 Improve generated code 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-20 14:34:26 -07:00
Tom Eastep
44cbfd8f27 Correct defects found while unit testing IPv6 Dynamic Zones 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-20 13:33:25 -07:00
Tom Eastep
119d38c92b Enable dynamic zones for IPv6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-20 10:41:29 -07:00
Tom Eastep
785de281b5 More IPv6 ipset fixes 
- use 'family inet6' rather than 'family ipv6'
- Correct one more case of 'iphash' vs 'hash:ip family inet6'
- Encapsulate ipset -N into an 'ensure_ipset()' function

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-20 07:43:32 -07:00
Tom Eastep
4c2f12e645 Some whitespace changes 2011-06-19 19:08:32 -07:00
Tom Eastep
e4bcc12301 Use 'here documents' rather than single quotes. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-19 18:33:10 -07:00
Tom Eastep
2097d0f4a0 Accomodate new syntax of ipset saved commands 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-19 14:06:42 -07:00
Tom Eastep
46d64e39d1 Use correct syntax to create IPv6 ipsets. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-19 14:04:53 -07:00
Tom Eastep
be6b08f835 Be sure to detect IPSET_MATCH before OLD_IPSET_MATCH. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-19 13:29:10 -07:00
Tom Eastep
7753f798b0 Bump Version to Beta 3 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-19 10:09:53 -07:00
Tom Eastep
c264aaae6b Update module versions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-19 07:41:26 -07:00
Tom Eastep
4916610033 Rename upgrade => update 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-19 07:14:27 -07:00
Tom Eastep
55242d1ed6 Add a few comments 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-18 16:55:00 -07:00
Tom Eastep
d66c7d478e Eliminate expansion of shell variables in the upgraded config file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-18 16:33:41 -07:00
Tom Eastep
380443f26d Eliminate %defaults 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-18 15:44:07 -07:00
Tom Eastep
faeb2da2ba Corrections to Defaults 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-18 15:38:08 -07:00
Tom Eastep
f93ac02bfc Provide default values for added entries 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-18 14:50:07 -07:00
Tom Eastep
96f6dc3558 More defined => supplied changes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-18 13:08:26 -07:00
Tom Eastep
6f2cc31dde Implement .conf file upgrade 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-18 13:03:55 -07:00
Tom Eastep
d23f932ebe Don't generate INPUT hairpin rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-18 06:21:36 -07:00
Tom Eastep
f9ee8c494d Exempt wildcard interfaces from sfilter 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-14 06:45:22 -07:00
Tom Eastep
9aedd407cc Quell compiler warnings from Perl 5.14. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-13 06:40:03 -07:00
Tom Eastep
9ab901927f Use supplied() where appropriate 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-11 16:14:31 -07:00
Tom Eastep
774aac1228 Add a supplied() function 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-11 15:40:55 -07:00
Tom Eastep
a60fe6e665 Allow parameters to be specified to Default Actions in the policy file 
and in shorewall.conf.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-11 14:58:54 -07:00
Tom Eastep
3dd363677c Implement set_action_param 
Export both set_action_params and read_action_param by default

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-11 08:33:21 -07:00
Tom Eastep
8b6a7a7053 Implement read_action_param() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-11 07:49:57 -07:00
Tom Eastep
f278d05637 Rename action param functions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-11 07:46:54 -07:00
Tom Eastep
2549982528 Fix DEFAULTS 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-11 07:23:41 -07:00
Tom Eastep
6e6be468a9 Support for DEFAULT statements in actions 2011-06-10 17:05:09 -07:00
Tom Eastep
32c7d36cd0 Make zones with multiple interfaces complex 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-10 15:37:26 -07:00
Tom Eastep
dbd30f981c Set the interface routeback option if there are any IP host groups with 'routeback' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-10 15:37:09 -07:00
Tom Eastep
8a7ad569e4 Don't leave unused sfilter chains in the config 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-09 17:22:48 -07:00
Tom Eastep
3e9a54d404 Couple of tweaks 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-09 17:22:34 -07:00
Tom Eastep
a0b0c5bdac Jump (don't go) to sfilter1 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-09 14:24:44 -07:00
Tom Eastep
1399a8ffde Don't move rules from a chain with references 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-09 14:24:38 -07:00
Tom Eastep
9555a552c2 Fix FORWARD with ipsec dest 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-09 14:24:08 -07:00
Tom Eastep
71177c3ca3 Exempt ipsec from sfilter 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-09 07:27:06 -07:00
Tom Eastep
fa2746d469 Apply sfilter to INPUT as well as FORWARD 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-08 09:40:28 -07:00
Tom Eastep
35d1586672 Correct sfq handle assignment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-07 13:58:45 -07:00
Tom Eastep
a3968beb7e Add fix inadvertently dropped from 4.4.19.4 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-07 13:57:52 -07:00
Tom Eastep
0e839f3d7b Initiate 4.4.21 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-07 09:54:35 -07:00
Tom Eastep
9c2c562bf5 Correct autorepeat wart 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-07 06:45:50 -07:00
Tom Eastep
cf0275a049 Make FAKE_AUDIT work again 2011-06-06 16:08:29 -07:00
Tom Eastep
642319d706 Change annotated documentation default 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-06 15:40:21 -07:00
Tom Eastep
cfb3d6a801 Merge branch '4.4.20' 2011-06-06 14:09:26 -07:00
Tom Eastep
6136e986cf Update version to 4.4.20.1 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-06 14:08:25 -07:00
Tom Eastep
aabefe91f1 Merge branch '4.4.20' 2011-06-04 08:46:40 -07:00
Tom Eastep
f1cbfab7ac More blacklist/audit fixes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-04 08:45:23 -07:00
Tom Eastep
653a61a04a Merge branch '4.4.20' 2011-06-04 07:44:24 -07:00
Tom Eastep
a9c0824a30 Correct BLACKLIST_DISPOSITION=A_xxx with BLACKLIST_LOG_LEVEL 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-04 07:44:07 -07:00
Tom Eastep
aa86b65ec3 Merge branch '4.4.20' 2011-06-02 11:44:15 -07:00
Tom Eastep
254e1ed784 Add 'I' STATE to secmarks 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-02 11:43:55 -07:00
Tom Eastep
c3b56c1e73 Merge branch '4.4.20' 2011-06-02 10:07:03 -07:00
Tom Eastep
561d461a25 Add 'NI' STATE setting in secmarks. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-02 10:06:27 -07:00
Tom Eastep
1e883c2fdf Merge branch '4.4.20' 2011-06-02 06:47:09 -07:00
Tom Eastep
f9c5b8b0d5 Improve some comments 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-02 06:23:37 -07:00
Tom Eastep
36aee407ef Merge branch '4.4.20' 2011-06-01 13:01:27 -07:00
Tom Eastep
5f08605adc Delete some cruft 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-01 12:26:05 -07:00
Tom Eastep
243a09783c Merge branch '4.4.20' 2011-05-31 15:45:09 -07:00
Tom Eastep
7bf74bb8c9 Add new builtin targets to %builtin_target 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-31 15:43:42 -07:00
Tom Eastep
468ff6efab First cut at IPSET/Dynamic-zone support in Shorewall6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-31 11:23:43 -07:00
Tom Eastep
8df470b5f5 Version to 4.4.20 2011-05-31 09:30:18 -07:00
Tom Eastep
2f6c5fd260 Set 'bridge-nf-call-ip6?tables' if bridges are configured. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-31 06:59:43 -07:00
Tom Eastep
4f296b62ae Another fix for auditone 2011-05-30 16:37:56 -07:00
Tom Eastep
e6275ba31d Fix a bug in auditing 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-30 15:28:00 -07:00
Tom Eastep
d89a915f26 Load IPv6 libraries when processing /etc/shorewall6/params 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-30 13:24:36 -07:00
Tom Eastep
26d08b92c0 Correct use of null value as a hash 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-30 11:38:49 -07:00
Tom Eastep
b0447b8bd3 Remove another MACLIST defect 2011-05-30 08:49:41 -07:00
Tom Eastep
60d33740f6 Fix MACLIST_DISPOSITION defect introduced earlier in this release 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-30 07:59:44 -07:00
Tom Eastep
11c209c55f Restore access to $Shorewall::Rules::family 2011-05-29 17:22:36 -07:00
Tom Eastep
2852cdeb53 Another attempt at the IPMARK fix 2011-05-29 14:42:23 -07:00
Tom Eastep
a71136fd5a Rework configuration files for Shorewall and Shorewall6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-29 14:34:18 -07:00
Tom Eastep
243e8f1dbe Fix check for unreferenced 'sfilter' chain 2011-05-28 08:31:36 -07:00
Tom Eastep
a37dbf76dc Delete 'sfilter' chain if it isn't referenced 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-27 19:56:54 -07:00
Tom Eastep
1a2c9a08e1 Don't include comment in audit chain rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-27 19:56:04 -07:00
Tom Eastep
bac640e731 Get changes from 4.5.0 branch 2011-05-27 19:42:09 -07:00
Tom Eastep
586a3537bf Delete 'sfiter' chain if it doesn't have referenes 2011-05-27 19:38:03 -07:00
Tom Eastep
790c96c90a Version to RC 1 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-27 09:11:47 -07:00
Tom Eastep
c6e9de65f1 Prevent duplicate 'filter' rules when combining two interface chains 
into the same zone forwarding chain.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-27 06:43:47 -07:00
Tom Eastep
fbfe7b9f93 Don't create 'reject' and AUDIT' in the 'stopped' case. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-26 14:11:36 -07:00
Tom Eastep
0287d96aa2 Finish filtering implementation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-26 13:38:44 -07:00
Tom Eastep
6c3163cc27 Routeback corrections 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-25 10:45:57 -07:00
Tom Eastep
e4d667ca6a Add routeback protection 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-24 17:07:31 -07:00
Tom Eastep
bbe165c3cf Bump version to Beta 5 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-24 11:40:11 -07:00
Tom Eastep
84b844ae79 Implement -T option for compile and check 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-24 10:21:49 -07:00
Tom Eastep
ee98772349 Add -c to the start command 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-24 09:13:02 -07:00
Tom Eastep
f464ec5624 Fixes for AUDIT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-23 20:59:33 -07:00
Tom Eastep
c050b29985 Factor some similar code 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-23 14:20:14 -07:00
Tom Eastep
15e9e3182d Update copyrights 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-23 10:06:56 -07:00
Tom Eastep
e95003b82a Add FAKE_AUDIT option 2011-05-22 17:42:50 -07:00
Tom Eastep
5d04c93a16 Implement LEGACY_FASTSTART option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-22 15:36:29 -07:00
Tom Eastep
981b503fa4 Bump version to Beta 4 2011-05-22 11:05:22 -07:00
Tom Eastep
529e256856 Assigned unused dev numbers 2011-05-22 10:18:26 -07:00
Tom Eastep
83cdf78b18 Replace A_* builtin actions with builtin targets 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-21 15:02:04 -07:00
Tom Eastep
71ef1f48e2 Allow auditing of the builtin actions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-21 10:38:25 -07:00
Tom Eastep
82d6a00c9e Implement some extentions to AUDIT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-21 09:25:58 -07:00
Tom Eastep
61b5dbbb95 Eliminate cruft left over from when Action.pm and Policy.pm were folded into Rules.pm - Phase II 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-20 10:48:28 -07:00
Tom Eastep
f64e171c19 Eliminate cruft left over from when Action.pm and Policy.pm were folded into Rules.pm 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-20 10:46:18 -07:00
Tom Eastep
ac2e9cce64 Shrink process_actions2 further. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-20 10:28:30 -07:00
Tom Eastep
676af32ebc Simplify a loop in process_actions2() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-20 10:11:23 -07:00
Tom Eastep
7cbf113ba0 Simplify an RE 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-05-20 08:33:36 -07:00
Tom Eastep
d15475efae Cleanup of AUDIT before Beta 3 
- Correct merge snafus
- Rename the new actions (e.g., ADROP->A_DROP)
- Correct MACLIST_DISPOSITION logic
 2011-05-20 07:47:35 -07:00