Commit Graph

348 Commits

Author SHA1 Message Date
Tom Eastep
073b2992cc Require the 'install' utility in the installers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 12:43:01 -07:00
Tom Eastep
27d94c8921 Improve check for circular log buffer
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 08:31:46 -07:00
Tom Eastep
f90567abf1 Add support for OpenWRT BB and later
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 08:08:17 -07:00
Tom Eastep
c83536767e Move get_config() into the overloadable part of the file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-30 08:54:07 -07:00
Tom Eastep
1848c3fa45 Add lib.cli-user support to the -lite products
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-30 08:47:01 -07:00
Tom Eastep
38049fd0df Correct "remote-" commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-26 20:06:10 -07:00
Tom Eastep
1e2cfcd9a3 Deal with missing 'hostname' utility
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-21 17:41:01 -07:00
Tom Eastep
1b571f3d86 Correct the reset command
- Also allow chain names to be specified a la the refresh command

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-11 14:16:16 -07:00
Tom Eastep
ed90360b4c Remove all of the update-specific options from the update command
Leave -i and -A

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 14:21:41 -07:00
Tom Eastep
5ead22aa48 Move fatal_error() to lib.base
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-21 14:19:20 -07:00
Tom Eastep
0d635632e3 Add conversion of notrack to conntrack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-08 16:46:58 -07:00
Tom Eastep
73c8b563a1 Add -s option to update to convert the routestopped file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-07 13:46:16 -07:00
Tom Eastep
4bf714aca0 Correct debian systemd shorewallrc file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 14:53:05 -07:00
Tom Eastep
2eb1cb5e6e More debian changes from 4.6.12
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 14:35:03 -07:00
Tom Eastep
ef9e75753a Restore .214 files
- Also merge Debian changes from 4.6.12

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 11:23:35 -07:00
Tom Eastep
67589cab69 More version changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-28 10:59:11 -07:00
Tom Eastep
f233031b08 Update shorewallrc files' versions
- Correct the SERVICEDIR setting for debian

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-28 10:33:22 -07:00
Tom Eastep
b1d75e53a1 Correct syntax error in lib.cli
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-27 07:23:39 -07:00
Tom Eastep
cecc81ce82 Update .service files
- make the .214 versions the default and remove the ones name *.214
- Add 'ExecReload' to all but Shorewall-init
- Create Debian-specific versions with /etc/default rather than /etc/sysconfig
2015-07-26 10:58:03 -07:00
Tom Eastep
a00bf196a3 Remove all workarounds
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 10:27:30 -07:00
Tom Eastep
f9ec0c6930 New 'reload' and 'restart' semantics
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 09:59:49 -07:00
Tom Eastep
3959feebe0 Remove extraneous line that causes a "not found" shell diagnostic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-10 09:35:43 -07:00
Tom Eastep
0414166d6d 'show connections' enhancement
- Allow tayloring of the entries displayed by specifying conntrack
  -L options.
2015-06-29 14:55:47 -07:00
Tom Eastep
7153146759 Don't ask for script version when WORKAROUNDS=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-28 09:18:47 -07:00
Tom Eastep
a911ec318e Add a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-27 09:19:14 -07:00
Tom Eastep
5ca68477d5 Corrections to last commit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 15:18:07 -07:00
Tom Eastep
9f08726794 Eliminate running the script twice is some cases
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 14:32:43 -07:00
Tom Eastep
846d629c47 Eliminate the usage() function in lib.cli-std
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 12:55:34 -07:00
Tom Eastep
5003e826b9 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-06-09 10:58:58 -07:00
Tuomo Soini
f8d95d1ee9 rename not_configured() to not_configured_error()
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-06-09 20:29:45 +03:00
Tom Eastep
7f50557250 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-06-08 13:50:47 -07:00
Tuomo Soini
5221c92d7f Add to lib.common a new function not_configured()
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-06-08 22:18:01 +03:00
Tom Eastep
2956698298 Corrections to WORKAROUNDS implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-06 12:15:03 -07:00
Tom Eastep
019e49b481 Implement WORKAROUNDS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-01 12:59:25 -07:00
Tom Eastep
93c7e2c2f7 Change the way in which a warning message is suppressed
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-26 15:54:41 -07:00
Tom Eastep
ba7afcaeae Make 'call' a supported command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-21 10:38:35 -07:00
Tom Eastep
4b27c72c79 Set exit code to 6 when startup is disabled
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-07 14:12:41 -07:00
Tom Eastep
fe37844455 Correct CLI helper capability detection
- Previously, the HELPERS setting was ignored

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-02 07:54:01 -07:00
Tom Eastep
2cea78e6df Add the 'reenable' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 13:02:12 -07:00
Tom Eastep
3cb45f234e Delete questionable logic in lib.cli
- It hasn't worked since there was a typo in it that prevented it from
  doing the correct thing.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-07 12:12:59 -07:00
Tom Eastep
23137e5e8a Correct typo in lib.cli
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-07 09:23:35 -07:00
Tom Eastep
77165326f2 Merge branch '4.6.8'
Conflicts:
	Shorewall6/uninstall.sh
2015-04-03 14:02:21 -07:00
Tom Eastep
eb3a162560 Apply Matt Darfeuille's fix for fatal_error()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-02 13:26:51 -07:00
Tom Eastep
7442c2189d Implement TCPMSS_TARGET capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-31 15:53:05 -07:00
Tom Eastep
0c11870e46 Implement the 'savesets' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-17 10:03:12 -07:00
Tom Eastep
fdc36747ad Allow the 'open' and 'close' commands to handle icmp
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-16 16:25:32 -07:00
Tom Eastep
ecaae1f644 Improve editing of open numbers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-15 10:15:39 -07:00
Tom Eastep
52e7efc666 Move open_close_setup() inside open_close_command()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-14 09:42:43 -07:00
Tom Eastep
86d6d6900e Improve 'close' and 'show opens' commands
- close accepts a rule number
- list opens displays rule numbers

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-14 08:54:30 -07:00
Tom Eastep
095e523c9f Add 'show opens' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 13:10:23 -08:00
Tom Eastep
2817060edb Improvements to the 'open' and 'close' commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 08:13:44 -08:00
Tom Eastep
a85fdc45ac Implement 'open' and 'close' commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-05 16:20:54 -08:00
Orion Poplawski
9ad0b297e2 Supporting xz compressed kernel modules
- I've attached a patch that adds xz support to the default MODULE_SUFFIX.
- I'm wondering it wouldn't be better to not have MODULE_SUFFX=ko in various
sample configs so that the default value is used instead:

./Shorewall/configfiles/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/Universal/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/three-interfaces/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/two-interfaces/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/one-interface/shorewall.conf:MODULE_SUFFIX=ko
./docs/MultiISP.xml:MODULE_SUFFIX=ko
./docs/MyNetwork.xml:MODULE_SUFFIX=ko
./Shorewall6/configfiles/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/Universal/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/three-interfaces/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/two-interfaces/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/one-interface/shorewall6.conf:MODULE_SUFFIX=ko

- Is:

MODULE_SUFFIX=

sufficient to use the default value or does it need to be commented out?

Thanks,

  Orion

--
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion@nwra.com
Boulder, CO 80301                   http://www.nwra.com

>From f13edf8fc07c7b62825408b8665b10d6014d368d Mon Sep 17 00:00:00 2001
From: Orion Poplawski <orion@cora.nwra.com>
Date: Mon, 26 Jan 2015 09:48:48 -0700
Subject: [PATCH] Support xz compressed modules

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-06 12:51:00 -08:00
Tom Eastep
740e19968b Don't complain if the 'ip' executable doesn't exist.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-09 12:20:51 -08:00
Tom Eastep
33e2e19193 Always set IP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 09:28:50 -08:00
Tom Eastep
4a4bfe77ce Implement IFACE_MATCH capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 09:05:06 -08:00
Tom Eastep
3890b8a884 Infrastructure for detecting loopback interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 08:49:38 -08:00
Tom Eastep
15a2fd14f9 Implement TARPIT target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-28 15:23:30 -08:00
Tom Eastep
685825a336 Correct Handling of Dynamic Zones
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-13 13:48:36 -08:00
Evangelos Foutras
3a64ef7d3a Set SBINDIR to /usr/bin in shorewallrc.archlinux
/usr/bin is the directory used for all binaries that were previously
installed to /bin, /sbin or /usr/sbin. This unification occurred in
Arch Linux in mid-2013, so might as well change it in Shorewall too.

Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 07:55:08 -08:00
Evangelos Foutras
b746c9319f Rename SYSTEMDDIR to SERVICEDIR in shorewallrc.*
This was omitted from commit e3b1034 (Change SYSTEMDDIR to SERVICEDIR).

Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 07:55:04 -08:00
Evangelos Foutras
6f81bb5c8e Fix setting of options[SERVICEDIR] in configure
The previous syntax resulted in:

  ./configure: line 199: [SERVICEDIR]=: command not found

Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 07:55:00 -08:00
Tom Eastep
9598ac6fad Correct a couple of problems with -C
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-01 10:09:04 -07:00
Tom Eastep
8fb73026c8 Replace SAVE_COUNTERS with the -C command option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-01 09:37:57 -07:00
Tom Eastep
b7ab82dba4 Implement -f option in the -lite products' start command
- Remove 'recover' command

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 10:42:39 -07:00
Tom Eastep
3454e10525 Add SAVE_COUNTERS option.
- Also implement recover command

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 08:57:56 -07:00
Tom Eastep
54461a9a90 Correct indentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-20 12:29:45 -07:00
Tom Eastep
e3b10343a5 Change SYSTEMDDIR to SERVICEDIR
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-13 11:56:26 -07:00
Tom Eastep
a5086f785f Avoid confusing output when 4.6.4 CLI executes a 'save'
- If a down-rev firewall is running, the savesets command produces
  confusing usage output

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-10 18:40:55 -07:00
Tom Eastep
815e93e80c Rename SYSTEMD to SYSTEMDDIR
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-07 16:46:16 -07:00
Tom Eastep
4071b9d337 Update SuSE shorewallrc for SBINDIR
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-30 16:16:33 -07:00
Tom Eastep
3858683e94 Allow saving a specified list of ipsets
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 11:19:41 -07:00
Tom Eastep
4495ed687b Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2014-09-23 07:10:46 -07:00
Tuomo Soini
8f05d0f16d install.sh: support install on centos7 and foobar7
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2014-09-23 13:19:09 +03:00
Tom Eastep
f9d98b74a2 Merge branch '4.6.2' into 4.6.3
Conflicts:
	Shorewall/Perl/Shorewall/Providers.pm

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-16 08:09:20 -07:00
Tom Eastep
fc58dab66d Remove redundant 'run' command from help output
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-02 12:57:04 -07:00
Tom Eastep
bf5be7198b Make dump work correctly on RHEL5
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-12 16:18:42 -07:00
Tom Eastep
0bf80c15d8 Detect missing <commmand> in the generated scrip
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-29 11:35:32 -07:00
Tom Eastep
4e9a0b989d Update 'run' help text
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-29 10:46:28 -07:00
Tom Eastep
31e5aeeaea Refine the 'run' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-29 10:30:07 -07:00
Tom Eastep
a7b18ca875 Implement 'run' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-28 07:04:56 -07:00
Tom Eastep
cc935009ce Correct install problems under Cygwin
- configure.pl doesn't understand CYGWIN return from uname
- shorewall-core install.sh doesn't understand CYGWIN return from uname
- shorewall install.sh generates 'mkdir -p //etc/shorewall' which is
  broken under Cygwin

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-09 10:48:03 -07:00
Tom Eastep
50736fb8ae Correct last patch (s/-i/-x/)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 15:38:11 -07:00
Tom Eastep
a2e514c0ab Add the -i option to the 'show bl' help text
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 15:35:49 -07:00
Tom Eastep
6ad9b95351 Implement 'show bl'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 13:27:25 -07:00
Tom Eastep
ac4bf15606 Implement 'status -i'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 11:07:37 -07:00
Tom Eastep
e64a7feda2 Make 'show filters' work with Simple TC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-25 12:30:12 -07:00
Tom Eastep
d49d352d77 Improve the output of 'shorewall[6] show filters'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-23 09:26:12 -07:00
Tom Eastep
966926fac5 RHE7 support -- first cut
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-19 15:15:52 -07:00
Tom Eastep
3311bbd73a Merge branch '4.5.21' 2014-03-27 10:53:16 -07:00
Tom Eastep
9107259a56 Correct reporting of the REAP_OPTION capability.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-27 10:52:40 -07:00
Tom Eastep
8f36c080d0 Streamline the output of the status comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-27 10:44:08 -07:00
Tom Eastep
669d15e2cf Implement the -t update option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-15 09:36:13 -08:00
Tom Eastep
f140a8e7e2 Detect EMATCH in the CLI
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-03 12:03:22 -08:00
Tom Eastep
4daee95902 Merge branch '4.5.21' 2014-01-30 13:19:26 -08:00
Tom Eastep
245c64478c Correct 'add/delete' with a VLAN interface.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-30 13:18:05 -08:00
Tom Eastep
d44bc12df3 Merge branch '4.5.21' 2014-01-15 19:25:23 -08:00
Tom Eastep
6223bdd8e1 Add -m to the dump options in help output
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-15 19:25:07 -08:00
Tom Eastep
dec088566b Merge branch '4.5.21' 2014-01-15 17:39:03 -08:00
Tom Eastep
6d8cadd152 Correct issues in the 'dump' command.
- the -x and -l options do nothing
- output of 'help' doesn't describe those options

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-15 17:38:39 -08:00