Commit Graph

624 Commits

Author SHA1 Message Date
teastep
28e3a4a7ed Fix security hole in bridge handling; fix bug in NONE intra-zone policy handling
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3182 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-12-19 23:37:40 +00:00
teastep
e99e0bd05b Correct IPv6 fix
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3180 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-12-19 20:52:08 +00:00
teastep
0273709c6f Enable loopback traffic under DISABLE_IPV6
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3172 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-12-17 01:55:02 +00:00
teastep
6f4dfe64db Fix stupid typo that produced a bug in tcrules processing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3153 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-12-12 18:52:40 +00:00
teastep
7f39d760b7 Add 'ipdecimal' command
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3114 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-12-02 23:58:57 +00:00
teastep
25480f2187 Allow '-' in the ADDRESS/SUBNET column of the blacklist file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3099 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-12-01 18:05:13 +00:00
teastep
06dc3cf91e Make Shorewall tolerate prehistoric kernels
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3046 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-11-22 02:27:00 +00:00
teastep
8bdf97d821 Fix typo in 'firewall' script
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3025 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-11-18 17:25:09 +00:00
teastep
fd834a4f64 Clean up policy setup for nat, mangle and raw tables -- Take 2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3023 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-11-18 17:02:12 +00:00
teastep
e34d046490 Clean up policy setup for nat, mangle and raw tables
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3022 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-11-18 16:56:38 +00:00
teastep
86a7be6c24 Fix inadvertent change to firewall script
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3018 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-11-17 19:10:13 +00:00
teastep
0fcc67230c Correct interaction between FASTACCEPT and CLAMPMSS
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3013 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-11-17 18:23:19 +00:00
teastep
1f0165e8bc Remove flyspeck from firewall file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3001 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-11-15 18:48:30 +00:00
teastep
93210fa3a5 Fix Makefile and make macro substitution smarter
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3000 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-11-15 18:44:02 +00:00
teastep
2fc06059db Restore ACCEPT policies to nat, mangle and raw tables during start/stop
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2996 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-11-13 16:00:17 +00:00
teastep
d678421c08 Fix MACLIST_TABLE=mangle and DHCP
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2947 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-11-02 17:44:10 +00:00
teastep
981323b7d6 Fix MACLIST_TABLE=mangle and DHCP
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2946 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-11-02 15:32:33 +00:00
teastep
53ae3fc6e0 Suppress 'ambiguous redirect' errors
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2934 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-28 03:18:49 +00:00
teastep
4b97c4584c Add samples to base package
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2907 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-20 22:10:10 +00:00
teastep
629d7c87d2 Fix cut-and-paste error in arp_ignore processing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2906 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-19 14:30:13 +00:00
teastep
cf7e66aab4 Make Openvpn TCP support a little more robust
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2904 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-18 17:05:12 +00:00
teastep
b20a7b3067 Fix tcp openvpn support
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2901 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-18 15:20:12 +00:00
teastep
057e4aeb71 Add TC_ENABLED=Internal -- Take 2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2837 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-09 16:21:15 +00:00
teastep
1af4d541a0 Add TC_ENABLED=Internal
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2836 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-09 15:47:47 +00:00
teastep
41178852fb Avoid extra $COMMAND tests
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2835 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-09 02:36:30 +00:00
teastep
1a8f760491 Fix default tc class bug
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2834 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-08 14:57:10 +00:00
teastep
d680528283 Replace TC_ENABLED with TC_SCRIPT
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2829 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-07 22:16:03 +00:00
teastep
2b6d22c40d Suppress 'save' operations during refresh
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2823 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-07 15:46:38 +00:00
teastep
b403a8c200 Remove some incompatibilities
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2822 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-07 15:30:33 +00:00
teastep
cc6caadf41 Make tc class IDs unique across devices
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2819 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-06 22:46:17 +00:00
teastep
748375d12d Finish MACLIST_TABLE implementation
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2816 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-06 20:10:40 +00:00
teastep
a510a70124 Incomplete implementation of MACLIST_TABLE
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2815 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-06 20:01:51 +00:00
teastep
1f23f6a9a4 Introduce 'classid' into discussion of classification in tcrules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2814 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-06 16:35:20 +00:00
teastep
26628652cd More cleanup of traffic shaping integration
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2813 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-06 14:21:04 +00:00
teastep
51d44fcb40 clean up tc4shorewall progress message
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2810 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-06 00:41:24 +00:00
teastep
21a6f90554 Use CLASSIFY target when it is available
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2809 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-06 00:07:06 +00:00
teastep
3a775a1316 Bring tc4shorewall code into the firewall script -- Take 2 (fix syntax error and verify tc config in 'check')
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2807 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-05 22:59:38 +00:00
teastep
7870f16cb7 Bring tc4shorewall code into the firewall script
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2806 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-05 22:51:29 +00:00
teastep
a66d94d609 Fixes for IPP2P -- fix 'shorewall flush' and multi-ISP
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2801 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-05 16:45:50 +00:00
teastep
79fead0fae Add IPP2P UDP support -- Take 3
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2795 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-04 18:46:35 +00:00
teastep
8fe0a32fd3 Add IPP2P UDP support -- Take 2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2794 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-04 18:20:28 +00:00
teastep
7277150a46 Add IPP2P UDP support
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2793 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-04 18:00:55 +00:00
teastep
340053a6bc Require MARK_IN_FORWARD_CHAIN=Yes for multi-ISP
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2792 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-04 17:40:09 +00:00
teastep
116f96b47e Flush all mangle chains in refresh
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2788 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-04 17:04:19 +00:00
teastep
400088ff09 Better diagnostics when IPP2P match is missing - Take 2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2785 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-04 16:32:27 +00:00
teastep
47a34926f4 Better diagnostics when IPP2P match is missing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2784 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-04 16:20:30 +00:00
teastep
d8e1cfb689 Add zone type to 'shorewall show zones' display
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2782 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-04 14:54:56 +00:00
teastep
8153df9547 Ensure that is set with old-format zone file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2777 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-03 17:59:19 +00:00
teastep
bb8a928f9b Detect multiple firewall zones; fix inappropriate call to fatal_error; Display the firewall zone name
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2776 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-03 17:39:36 +00:00
teastep
f156a9a626 Correct ipp2p logging
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2772 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-02 16:22:52 +00:00
teastep
2b6a9bb843 Deimplement original 'netnotsyn' handling
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2766 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-01 15:55:41 +00:00
teastep
3e301ffbf4 Replace 'plain' with 'ipv4' in zones file -- Take 3
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2763 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-30 19:20:27 +00:00
teastep
3087be1d83 Rename 'plain' to 'ipv4' in zones file -- Take 2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2762 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-30 18:22:57 +00:00
teastep
a7258ce1ff Rename 'plain' to 'ipv4' in zones file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2759 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-30 17:16:22 +00:00
teastep
84af786df4 Add capabilities report to 'shorewall dump' output
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2758 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-30 16:54:24 +00:00
teastep
11e3a37bea Show off a new trick
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2742 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-28 20:28:01 +00:00
teastep
e75bac46a1 Fix 'refresh' traffic control treatment -- Take 3
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2740 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-28 19:39:47 +00:00
teastep
68390ca9d6 Fix 'refresh' traffic control treatment
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2738 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-28 18:29:11 +00:00
teastep
6c76f878a8 Update example in the providers file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2737 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-27 14:30:11 +00:00
teastep
fbb94c61f6 Correct odd whitespace problem -- take 3
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2723 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-21 19:10:01 +00:00
teastep
9bcf80f818 Correct odd whitespace problem -- take 2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2722 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-21 19:05:01 +00:00
teastep
0b896f8c65 Correct odd whitespace problem
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2721 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-21 19:01:18 +00:00
teastep
1a5852b7c9 Allow icmp-type in tcrules and more whitespace
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2711 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-19 14:43:22 +00:00
teastep
09773c6c65 Yes more whitespace
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2710 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-19 14:17:29 +00:00
teastep
504728a079 More whitespace elimination; avoid stale lock file in some error cases
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2702 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-17 22:37:32 +00:00
teastep
17d1469c7b Remove some superfluous whitespace -- take 2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2697 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-17 04:05:57 +00:00
teastep
efd7c44bb6 Remove some superfluous whitespace
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2696 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-17 03:49:24 +00:00
teastep
09541c7260 Add output rules for routestopped hosts during 'start' and 'restart'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2690 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-15 16:11:54 +00:00
teastep
66e9add7f0 Add -n option to suppress routing table changes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2686 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-14 23:01:13 +00:00
teastep
e178cab644 Fix startup error
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2685 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-14 21:04:07 +00:00
teastep
1d763c84df Fix param handling in restore-base
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2654 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-09 16:52:10 +00:00
teastep
6d310db4e5 Fix error handling
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2648 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-08 20:57:29 +00:00
teastep
b663bdf559 More cleanup from the cheif Alchemist
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2627 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-03 00:48:37 +00:00
teastep
d6cf893327 Fix stupid bug in zones file alchemy -- take 3
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2626 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-02 22:56:35 +00:00
teastep
1905664bca Fix stupid bug in zones file alchemy -- take 2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2625 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-02 22:54:27 +00:00
teastep
731c7d121d Fix stupid bug in zones file alchemy
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2624 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-02 22:49:21 +00:00
teastep
f6875e9da7 Alchemy -- zone file style
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2623 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-02 20:46:53 +00:00
teastep
611e987cfc Finish integrating tc4shorewall with save/restore/refresh
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2620 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-01 23:00:30 +00:00
teastep
757ebcd164 Make tc4shorewall play nice with save/restore
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2619 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-01 15:16:11 +00:00
teastep
cba33dd4e1 Import tc4shorewall into project
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2611 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-31 21:31:23 +00:00
teastep
73fa097121 Merge tc4shorewall into Shorewall
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2610 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-31 20:48:22 +00:00
teastep
738b45ad9e Update the version number to 3.0 in all files
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2606 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-31 15:27:22 +00:00
teastep
988afa6bf5 Fix another Macro bug
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2597 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-30 22:35:19 +00:00
teastep
6a47756293 'shorewall check' now checks the nat and providers files
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2594 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-30 20:29:42 +00:00
teastep
e949e18749 'shorewall check' now checks the proxyarp file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2593 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-30 17:42:21 +00:00
teastep
124af9a046 'shorewall check' now checks the masq file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2592 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-30 15:54:29 +00:00
teastep
e783315471 Fix some ghastly bugs in Macros -- take 2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2591 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-29 22:59:01 +00:00
teastep
2448315290 Fix horrible typo in rules file sectioning
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2590 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-29 22:55:12 +00:00
teastep
fe6cd6d349 Fix some ghastly bugs in Macros
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2589 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-29 22:51:49 +00:00
teastep
a6c792c731 Remove nonsensical comment
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2588 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-29 22:17:00 +00:00
teastep
934a6e852f Allow the log tag to act as a generalized parameter to an action extension script -- take 3
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2587 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-29 21:58:24 +00:00
teastep
6e667fa0c0 Allow the log tag to act as a generalized parameter to an action extension script -- take 2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2584 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-29 20:51:48 +00:00
teastep
b258f29d56 Allow the log tag to act as a generalized parameter to an action extension script
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2583 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-29 20:32:16 +00:00
teastep
6251280295 Add mention of macros in the rules file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2579 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-28 21:44:09 +00:00
teastep
c457976d17 Fix typo in openvpnclient handling
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2573 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-27 19:11:46 +00:00
teastep
739db31efb Slightly less horrible Hack to make the Tunnels file still work with the sectioned Rules file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2569 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-27 14:50:33 +00:00
teastep
2a55b70b32 Horrible Hack to make the Tunnels file still work with the sectioned Rules file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2568 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-27 14:39:43 +00:00
teastep
86c837bf48 Clean up rules file sectioning
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2565 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-26 22:23:56 +00:00
teastep
0ae1bdfbc1 Restore 'ipp2p' support to the rules file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2564 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-26 20:11:27 +00:00
teastep
07c152ab35 Section the rules file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2563 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-26 19:55:05 +00:00
teastep
b800346eea Remove ESTABLISHED policy stuff in preparation for sectioned rules file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2562 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-26 17:16:09 +00:00
teastep
36590a52ab Clarify intra-zone changes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2559 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-24 22:39:19 +00:00
teastep
58e00883c1 More capitalizing global variable names -- take 3
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2541 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-23 21:35:56 +00:00
teastep
edb36a83b0 More capitalizing global variable names -- take 2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2540 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-23 20:50:48 +00:00
teastep
9b91bafe9f More capitalizing global variable names
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2539 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-23 20:41:18 +00:00
teastep
e130bc9f60 Make intra-zone policies more rational
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2522 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-18 21:39:30 +00:00
teastep
e4433f4b8f Remove documentation for find_interface_by_mac()
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2521 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-18 20:18:08 +00:00
teastep
a77c49a02e Capitalize global variable ALL_POLICY_CHAINS
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2519 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-17 21:54:57 +00:00
teastep
c88858382c Allow exclusion lists in Actions
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2518 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-17 21:00:33 +00:00
teastep
d871e1f163 Set COMMAND=restore in restore-base
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2514 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-17 17:52:32 +00:00
teastep
af28486e63 Improve wording of OPENVPN server progress message
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2512 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-16 22:59:47 +00:00
teastep
80dd73b9e5 Add openvpnclient and openvpnserver tunnel types
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2511 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-16 21:57:43 +00:00
teastep
6a087fd50e Add support for exclusion lists in /etc/shorewall/tcrules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2509 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-16 18:54:11 +00:00
teastep
85bf4377c5 Update release documentation for Shorewall 2.5.2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2505 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-16 16:54:03 +00:00
teastep
b4067e7534 Restore ability to exclude a source sub-zone from DNAT, SAME and REDIRECT rules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2504 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-16 16:31:55 +00:00
teastep
1beb8c15aa Generalize the notion of 'exclude list' in the rules file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2503 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-16 00:11:08 +00:00
teastep
dee6d1ad0e Rework fix for bug in exclusion list processing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2499 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-15 20:49:06 +00:00
teastep
a2dca45579 Fix bug in exclusion list processing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2498 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-15 20:25:49 +00:00
teastep
fb9292eb71 Yet another improvement to rules generated for exclusion lists
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2497 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-15 20:21:52 +00:00
teastep
f6565e19a0 More improvements to rules generated for exclusion lists
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2496 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-15 20:16:34 +00:00
teastep
0f7def6c67 Improve rules generated for exclusion lists
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2495 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-15 18:33:51 +00:00
teastep
42ee8d0c19 Finally implement exclude lists in rules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2493 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-15 17:35:45 +00:00
teastep
5df7bc0538 Remove sub-zone exclusion feature in preparation for implementing true exclude lists
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2492 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-15 16:04:39 +00:00
teastep
e075e8c3e2 Fix 'Packet type match' availability reporting with PKTTYPE=No
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2491 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-14 19:26:17 +00:00
teastep
999c74bf03 Generate an error when 'norfc1918' is specified for an interface with an RFC 1918 IP address
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2489 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-14 16:45:48 +00:00
teastep
ea1bf1a7c8 Make the calling sequence of 'build_exclusion_chain' more rational
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2488 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-13 21:39:34 +00:00
teastep
daef55a295 Back out ill-advised tcrules portlist patch
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2486 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-12 23:57:35 +00:00
teastep
1625a7c4f3 Allow port lists in tcrules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2484 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-12 22:11:30 +00:00
teastep
370d61970a Add FASTACCEPT option to accept ESTABLISHED/RELATED packets early
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2474 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-11 19:53:07 +00:00
teastep
ed2076a0fc Fix problem with exclusion lists
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2469 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-11 01:40:50 +00:00
teastep
24dc05e6b7 Fix a couple of bugs
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2459 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-07 00:17:29 +00:00
teastep
e2253d6092 Install the Makefile -- Patch by Cristian Rodriquez
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2458 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-06 16:58:18 +00:00
teastep
39ca0828db Infrastructure for Unified Handling of Exclude Lists
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2457 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-05 15:52:03 +00:00
teastep
bba152b119 Don't generate redundant ACCEPT rules for DNAT/REDIRECT/SAME
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2456 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-05 14:13:45 +00:00
teastep
f56e907907 Correct typo in /etc/shorewall/policy; Allow "all+" in SOURCE/DEST in /etc/shorewall/rules to enable intra-zone traffic
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2454 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-04 20:24:23 +00:00
teastep
1b1af2fc65 Remove some dead code and reduce confusion amoung those who read the code (including me)
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2450 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-02 21:06:05 +00:00
teastep
ac1983a5da Large cleanup patch from Tuomo Soini
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2449 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-02 16:46:30 +00:00
teastep
3f748212d6 Globalize shorewall_is_started()
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2443 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-01 20:35:28 +00:00
teastep
c66159abee capitalize 'terminator' variable; duplicate PREROUTING connmark logic in OUTPUT
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2441 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-01 17:17:24 +00:00
teastep
9feb547b6e /sbin/shorewall status rework -- take 2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2430 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-29 18:32:50 +00:00
teastep
48502e75bb Fix 'status' command in /usr/share/shorewall/firewall; try to make release notes clearer
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2429 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-28 20:22:25 +00:00
teastep
5f37ce46bf Fix typo which broke use of arping
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2426 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-27 22:41:52 +00:00
teastep
5f58eac0f7 Optimize use of 'arping'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2423 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-27 22:13:25 +00:00
teastep
6c8b63bfe0 Remove dependence on 'which'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2421 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-27 20:30:16 +00:00
teastep
9a42f57a6a Allow 'ipsec' in /etc/shorewall/hosts to work in the presence of dynamic zones
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2419 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-27 17:29:20 +00:00
teastep
b66929a65e Large merge of function from EXPERIMENTAL to HEAD.
1) Elimination of the "shorewall monitor" command.

2) The /etc/shorewall/ipsec and /etc/shorewall/zones file are combined into
a single /etc/shorewall/zones file. This is done in an upwardly-compatible
way so that current users can continue to use their existing files.

3) Support has been added for the arp_ignore interface option.

4) DROPINVALID has been removed from shorewall.conf. Behavior is as if
DROPINVALID=No was specified.

5) The 'nobogons' option and BOGON_LOG_LEVEL are removed.

6) Error and warning messages have been made easier to spot by using
capitalization (e.g., ERROR: and WARNING:).

7) The /etc/shorewall/policy file now contains a new connection policy and a
policy for ESTABLISHED packets. Useful for users of snort-inline who want to
pass all packets to the QUEUE target.

8) A new 'critical' option has been added to /etc/shorewall/routestopped.
Shorewall insures communication between the firewall and 'critical' hosts
throughout start, restart, stop and clear. Useful for diskless firewall's
with NFS-mounted file systems, LDAP servers, Crossbow, etc.

9) Macros. Macros are very similar to actions but are easier to use, allow
parameter substitution and are more efficient. Almost all of the standard
actions have been converted to macros in the EXPERIMENTAL branch.

10) The default value of ADD_IP_ALIASES in shorewall.conf is changed to No.

11) If you have 'make' installed on your firewall, then when you use
the '-f' option to 'shorewall start' (as happens when you reboot),
if your /etc/shorewall/ directory contains files that were modified
after Shorewall was last restarted then Shorewall is started using
the config files rather than using the saved configuration.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2409 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-25 23:08:09 +00:00
teastep
89eaf99906 Pretty up the output of 'show actions'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2403 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-24 16:49:02 +00:00
teastep
aaecd53a29 Add 'shorewall show actions command'
Make it possible for the 'stopped' extension script to save commands in
the 'restore-tail' file by calling 'run_and_save_command' and
'save_command'


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2401 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-24 16:27:21 +00:00
teastep
f3ea3c7edb Avoid annoying 'ipset:not found' message
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2392 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-22 22:24:28 +00:00
teastep
fbabd7d6ef Obviate the need for 'loose'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2389 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-21 19:48:33 +00:00