Commit Graph

6710 Commits

Author SHA1 Message Date
Tom Eastep
1b2a43e5ea Merge branch '5.0.0' of ssh://git.code.sf.net/p/shorewall/code into 5.0.0 2015-09-12 12:31:45 -07:00
Tom Eastep
03d99de8d5 Correct handling of reset
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-11 15:02:32 -07:00
Tom Eastep
1b571f3d86 Correct the reset command
- Also allow chain names to be specified a la the refresh command

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-11 14:16:16 -07:00
Tuomo Soini
53dfe442c1 systemd: add reload to unit files
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-09-10 14:15:16 +03:00
Tom Eastep
7be4190e4c Man page updates for the PROBABILITY column in the masq files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-08 18:00:53 -07:00
Tom Eastep
ddb325a662 Code changes for a PROBABILITY column in the masq file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-08 17:20:46 -07:00
Tom Eastep
e8ebfb5a11 Correct PSH,FIN check
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-07 15:46:14 -07:00
Tom Eastep
242080c59c Rename SMALL_MASK to SMALL_MAX
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-07 13:10:44 -07:00
Tom Eastep
0aa5cb5086 Allow non-experts to use the user bits in the fw mark
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-07 11:35:47 -07:00
Tom Eastep
4b14924b99 Allow non-experts to use the user bits in the fw mark
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-07 11:29:24 -07:00
Tom Eastep
17d1caf8c5 Allow tags in global LOG_LEVELs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-06 16:08:59 -07:00
Tom Eastep
fcd5b30ca8 Add FIN,RST and PSH,FIN to the tcpflags set
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-06 11:49:29 -07:00
Tom Eastep
e6ec52c711 Move a line of code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-06 10:33:36 -07:00
Tom Eastep
eddd58d459 Move a line of code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-06 10:33:09 -07:00
Tom Eastep
1bf13e5fda Provide default for SHOREWALL_SHELL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-06 10:29:36 -07:00
Tom Eastep
dbf2c89083 Provide default for SHOREWALL_SHELL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-06 10:28:44 -07:00
Tom Eastep
6554f7fe28 Disable bare SECTION in the rules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-04 11:16:07 -07:00
Tom Eastep
07976556ed More inline match documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-03 09:45:39 -07:00
Tom Eastep
682a449e7b Correct more Mangle examples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-02 13:08:05 -07:00
Tom Eastep
8f86e2df19 Correct typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-02 13:07:33 -07:00
Tom Eastep
ba3dba78ff Correct more Mangle examples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-02 13:07:20 -07:00
Tom Eastep
59aeafba3a Delimit inline matches by ';;'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-02 10:24:31 -07:00
Tom Eastep
9e98d30c92 Correct handling of log levels with default actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-02 08:55:18 -07:00
Tom Eastep
582755edf4 Unconditionally get inline matches
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-02 08:03:22 -07:00
Tom Eastep
c6ec9990e7 Unconditionally get inline matches
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-02 08:02:02 -07:00
Tom Eastep
dea1f853ea Correct progress messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-01 12:42:01 -07:00
Tom Eastep
a30708519d Correct progress messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-01 11:57:28 -07:00
Tom Eastep
f5d9e87c59 Remove anacronistic logic from the Rules module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 16:02:22 -07:00
Tom Eastep
ed90360b4c Remove all of the update-specific options from the update command
Leave -i and -A

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 14:21:41 -07:00
Tom Eastep
6a374b80e0 Correct INLINE handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 12:36:05 -07:00
Tom Eastep
9638033e24 Cosmetic changes to first_entry() calls
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/Perl/Shorewall/Tc.pm
2015-08-31 11:33:32 -07:00
Tom Eastep
87ef6f730f Correct a typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 11:21:37 -07:00
Tom Eastep
53223e1440 Uniform mechanism for inserting conversion comments
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/Perl/Shorewall/Tc.pm
2015-08-31 11:21:18 -07:00
Tom Eastep
9b886a99af Fix $convert/$tcrules mess
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/Perl/Shorewall/Tc.pm
2015-08-31 11:19:42 -07:00
Tom Eastep
c77d18965a Place a header in a created mangle file during update -t
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/Perl/Shorewall/Tc.pm
2015-08-31 11:16:45 -07:00
Tom Eastep
5a6586e06c Don't enforce FASTACCEPT/BLACKLISTNEWONLY on convert
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 11:14:49 -07:00
Tom Eastep
60e08322c5 Update man pages for 'minute' and 'second' in LOGLIMIT specifications
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 11:14:37 -07:00
Tom Eastep
df73f4b925 Assume EXPORTMODULES=No if it doesn't exist in old file during update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 11:14:26 -07:00
Tom Eastep
be81ace811 Read capabilities file before the .conf file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 11:11:25 -07:00
Tom Eastep
e15a6f452e Cosmetic changes to first_entry() calls
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 10:54:30 -07:00
Tom Eastep
656eaabce9 Correct a typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 09:39:40 -07:00
Tom Eastep
f42dc6def1 Uniform mechanism for inserting conversion comments
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-30 15:35:05 -07:00
Tom Eastep
6e303aef69 Fix $convert/$tcrules mess
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-29 18:52:11 -07:00
Tom Eastep
ab260dc5b1 Place a header in a created mangle file during update -t
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-29 12:52:21 -07:00
Tom Eastep
55ab498291 Don't enforce FASTACCEPT/BLACKLISTNEWONLY on convert
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-29 12:51:52 -07:00
Tom Eastep
10cda4cee7 Update man pages for 'minute' and 'second' in LOGLIMIT specifications
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-27 15:49:59 -07:00
Tom Eastep
de74273dbb Assume EXPORTMODULES=No if it doesn't exist in old file during update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-27 15:15:03 -07:00
Tom Eastep
af1e2f6c8b Read capabilities file before the .conf file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-27 11:26:26 -07:00
Tom Eastep
dc2406d25b update -t also converts the 'tos' file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 13:51:02 -07:00
Tom Eastep
e0734a45ee Allow 'seconds' and 'minutes' in LOGLIMIT specifications
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 12:53:36 -07:00
Tom Eastep
28df894add Improve 'update'
- convert BLACKLISTNEWONLY
- convert LOGRATE and LOGBURST
- default USE_DEFAULT_RT to No

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 12:50:56 -07:00
Tom Eastep
b0bf726c7e Let 'update' default USE_DEFAULT_RT to 'No'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 12:40:16 -07:00
Tom Eastep
ad06ec3eef Correct IPV6 range parsing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 11:52:51 -07:00
Tom Eastep
71611233fb Correct IPV6 range parsing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 11:51:29 -07:00
Tom Eastep
7a98c7b9e5 More 'update' fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-25 15:55:49 -07:00
Tom Eastep
dc73832570 Delete unneeded 'my'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-25 14:36:53 -07:00
Tom Eastep
f5d1ec0243 Delete EXPORTPARAMS from %config
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-25 14:36:14 -07:00
Tom Eastep
f9ae28aeea The -t option also converts the 'tos' file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-24 14:56:24 -07:00
Tom Eastep
eae492cef5 Some rules manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-22 09:24:47 -07:00
Tom Eastep
2451c14d8c Some rules manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-22 08:27:52 -07:00
Tom Eastep
a30fdb356d Update man pages for required '?' in COMMENT, SECTION and FORMAT lines
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-22 08:00:38 -07:00
Tom Eastep
a709395949 Allow 'none' in the log level argument to AutoBL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-21 13:40:12 -07:00
Tom Eastep
98e5d54b92 Allow 'none' in the log level argument to AutoBL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-21 13:39:25 -07:00
Tom Eastep
f4776bf388 Eliminate WIDE_TC_MARKS, HIGH_ROUTE_MARKS and BLACKLISTNEWONLY
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-21 12:42:19 -07:00
Tom Eastep
80acdd2836 Disallow bare COMMENT, SECTION and FORMAT lines
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-21 11:18:40 -07:00
Tom Eastep
40d1d86d2c Drop support for the 'tos' file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 15:35:03 -07:00
Tom Eastep
26fca41e27 Eliminate discontinued files and manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 15:17:48 -07:00
Tom Eastep
5af5c67c75 Update a message to refer to the 'mangle' file rather than 'tcrules'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 14:54:54 -07:00
Tom Eastep
7956c5f6e0 Update a message to refer to the 'mangle' file rather than 'tcrules'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 14:48:29 -07:00
Tom Eastep
5a08f8bf4e Correct shorewall-mangle(5) examples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 11:09:42 -07:00
Tom Eastep
c59cb1351c Update manpages for new update options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 11:08:10 -07:00
Tom Eastep
82330395e9 Correct grammer in an error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 09:25:32 -07:00
Tom Eastep
9a6f16903b Use NYTProf for profiling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 09:21:47 -07:00
Tom Eastep
9f2958fd27 Correct wording of an error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 09:21:20 -07:00
Tom Eastep
4b003163d6 Use NYTProf for profiling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 14:05:15 -07:00
Tom Eastep
39982c20c4 Restore the text of tcrules warning message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 12:34:35 -07:00
Tom Eastep
2b1f33c391 Don't unlink the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 11:48:23 -07:00
Tom Eastep
1c33717cf5 Reverse the change to delete host routes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 11:06:28 -07:00
Tom Eastep
cd8fe38c85 Delete host routes added to the main routing table for providers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 10:44:37 -07:00
Tom Eastep
d525419c65 Correct wording of an error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 10:44:00 -07:00
Tom Eastep
9d3f35a22d Enable new update options in compiler.pl
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-16 11:57:36 -07:00
Tom Eastep
6bdf90631c Fix a couple of bugs in 5.0.0
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-16 10:05:21 -07:00
Tom Eastep
c604823053 Default to FORMAT-2 macros and actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 16:11:41 -07:00
Tom Eastep
12f8cbae29 Correct the test for the existence of the routestopped file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 15:29:52 -07:00
Tom Eastep
4de6638385 Correct handling of termination after .conf file not updated
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 09:32:27 -07:00
Tom Eastep
0cef7fad35 Add conversion version and date to the converted files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 09:32:17 -07:00
Tom Eastep
ea2a35415e Correct convert_blacklist()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 09:32:01 -07:00
Tom Eastep
4cc7a1b87d Correct tcrules update
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/Perl/Shorewall/Tc.pm
2015-08-14 09:31:36 -07:00
Tom Eastep
7c2a969de0 Correct handling of notrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 09:26:45 -07:00
Tom Eastep
8bdea65325 Update manpages for new update options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-13 16:12:28 -07:00
Tom Eastep
fd46c0ffed Correct handling of termination after .conf file not updated
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-13 15:42:38 -07:00
Tom Eastep
60acddbb37 Add conversion version and date to the converted files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-13 14:37:13 -07:00
Tom Eastep
306dc34b31 Correct convert_blacklist()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-13 13:22:14 -07:00
Tom Eastep
f5c6a6fe82 Correct tcrules update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-13 13:21:51 -07:00
Tom Eastep
af2b7910bd Port update changes from 5.0.0
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-12 12:33:09 -07:00
Tom Eastep
3b59e46799 Restore Debian-specific service files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-12 10:19:07 -07:00
Tom Eastep
2ab8bd3040 More update fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-09 14:31:47 -07:00
Tom Eastep
0d635632e3 Add conversion of notrack to conntrack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-08 16:46:58 -07:00
Tom Eastep
fb2d261cdb More Fixes for update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-08 12:42:32 -07:00
Tom Eastep
88f9a3e255 Allow zero-valued options on multi-zoned interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-07 14:30:21 -07:00
Tom Eastep
4c4c5a436a Allow zero-valued options on multi-zoned interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-07 14:09:08 -07:00
Tom Eastep
73c8b563a1 Add -s option to update to convert the routestopped file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-07 13:46:16 -07:00
Tom Eastep
d949824f94 Correct shorewall-mangle(5) examples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-06 10:15:57 -07:00
Tom Eastep
2162d79b5f Manual Page Uptates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 15:09:16 -07:00
Tom Eastep
0f61bd34e6 Drop support for the 'blacklist' zone option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 14:45:52 -07:00
Tom Eastep
d8d1e96e0d Delete manpages for files no longer supported
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 14:37:15 -07:00
Tom Eastep
f4620606b3 Drop support for the 'blacklist' file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 14:35:51 -07:00
Tom Eastep
65baa7e3b8 Drop support for the tcrules file
- The upgrade -t option is still available

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 12:34:22 -07:00
Tom Eastep
e5c7ded951 Drop support for the 'notrack' file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 11:36:54 -07:00
Tom Eastep
8bed5c9d65 Drop support for the IPSECFILE option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 10:11:52 -07:00
Tom Eastep
037e92a60e Eliminate some config options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 14:28:12 -07:00
Tom Eastep
2165f746e6 Update .conf documents for 'reload'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 12:58:08 -07:00
Tom Eastep
ef9e75753a Restore .214 files
- Also merge Debian changes from 4.6.12

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 11:23:35 -07:00
Tom Eastep
85648bded1 Deimplement several .conf options
- LOGRATE/LOGBURST
- EXPORTPARAMS
- LEGACY_FASTSTART
2015-08-01 11:11:35 -07:00
Tom Eastep
67589cab69 More version changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-28 10:59:11 -07:00
Tom Eastep
f40373d60c Update config file version and copyrights
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-28 10:50:19 -07:00
Tom Eastep
fa7248c58c Add the LEGACY_RESTART option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-27 09:19:52 -07:00
Tom Eastep
0a7c65ae0d Allow connlimit by destination
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 14:26:58 -07:00
Tom Eastep
6e0fb1ab88 Correct syntax error
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 14:16:12 -07:00
Tom Eastep
34f58bd6ac Correct formatting in the rules file man pages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 11:36:14 -07:00
Tom Eastep
cecc81ce82 Update .service files
- make the .214 versions the default and remove the ones name *.214
- Add 'ExecReload' to all but Shorewall-init
- Create Debian-specific versions with /etc/default rather than /etc/sysconfig
2015-07-26 10:58:03 -07:00
Tom Eastep
a00bf196a3 Remove all workarounds
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 10:27:30 -07:00
Tom Eastep
f9ec0c6930 New 'reload' and 'restart' semantics
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 09:59:49 -07:00
Tom Eastep
df817b6d2c Correct formatting in the interfaces man pages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-13 13:06:53 -07:00
Tom Eastep
d0fc7f6547 Add some comments to the Zones module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-13 12:57:00 -07:00
Tom Eastep
5704438a44 Second Wave of changes to make script output reproducable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-12 15:00:41 -07:00
Tom Eastep
014ec1af1d First phase of producing consistent scripts with Perl >= 5.18.0
Beginning with Perl 5.18.0, the order of elements returned by the 'keys'
and 'each' iterators is no longer deterministic. This is the first wave
of Shorewall changes to compensate for this irrational behavior.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-12 10:54:48 -07:00
Tom Eastep
bc8156b503 Include Compiler version in the compiler progress commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-08 12:53:42 -07:00
Tom Eastep
4995456563 Clean up compiler PATH fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 14:33:20 -07:00
Tom Eastep
c6f48a77e0 Only add dhcp rule if one rpfilter interface has the 'dhcp' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 12:21:04 -07:00
Tom Eastep
e7792fc868 Exempt IPv4 DHCP broadcasts from rpfilter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 10:03:03 -07:00
Tom Eastep
c47abe416a Add default PATH to current PATH in the compiler
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 09:38:06 -07:00
Tom Eastep
0414166d6d 'show connections' enhancement
- Allow tayloring of the entries displayed by specifying conntrack
  -L options.
2015-06-29 14:55:47 -07:00
Tom Eastep
7153146759 Don't ask for script version when WORKAROUNDS=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-28 09:18:47 -07:00
Tom Eastep
5ca68477d5 Corrections to last commit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 15:18:07 -07:00
Tom Eastep
9f08726794 Eliminate running the script twice is some cases
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 14:32:43 -07:00
Tom Eastep
846d629c47 Eliminate the usage() function in lib.cli-std
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 12:55:34 -07:00
Tom Eastep
273a42b068 Correct the check for ordinary user attempting to access the default config
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 11:35:11 -07:00
Tom Eastep
9bf65ab9ab Don't run the postcompile script when compilation is bypassed
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-22 16:41:21 -07:00
Tom Eastep
b35c214c70 Defer 'Compiling...' message until after AUTOMAKE is checked
- Avoid an export statement in compiler()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-22 10:56:17 -07:00
Tom Eastep
5003e826b9 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-06-09 10:58:58 -07:00
Tuomo Soini
f8d95d1ee9 rename not_configured() to not_configured_error()
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-06-09 20:29:45 +03:00
Tom Eastep
7f50557250 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-06-08 13:50:47 -07:00
Tuomo Soini
15276b1f89 Set exit code to 6 when startup is disabled
Handles cases missed by 4b27c72c79

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-06-08 22:23:38 +03:00
Tom Eastep
116e85e040 Cosmetic cleanup of the Compiler module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-08 11:27:37 -07:00
Tom Eastep
2956698298 Corrections to WORKAROUNDS implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-06 12:15:03 -07:00
Tom Eastep
7c9155a6e8 Update man pages and .conf files for WORKAROUNDS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-06 07:56:14 -07:00
Tom Eastep
eb6be0e84d Remove old comment that now makes no sense
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-01 15:55:06 -07:00
Tom Eastep
019e49b481 Implement WORKAROUNDS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-01 12:59:25 -07:00
Tom Eastep
9a3c43b6d3 Make NFQUEUE parsing more robust
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-30 07:01:30 -07:00
Tom Eastep
0a45c7a646 Another Tweak to the NFQUEUE parser
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-30 06:38:21 -07:00
Tom Eastep
f227250959 Fix NFQUEUE parsing and documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-29 18:19:35 -07:00
Tom Eastep
29a0c92918 Fix ancient bug in old parameter syntax
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-29 14:39:48 -07:00
Tuomo Soini
4edd6026f0 prog.footer: disabling already disabled inteface is not an error.
Neither is enabling already enabled interface

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-05-29 22:15:55 +03:00
Tom Eastep
18348ef6f1 Clean up distribute_load()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-27 06:58:10 -07:00
Tom Eastep
93c7e2c2f7 Change the way in which a warning message is suppressed
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-26 15:54:41 -07:00
Tom Eastep
602315938c Correct the load distribution algorithm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-26 14:59:20 -07:00
Tom Eastep
425094de18 Mention load= warning (sum not 1.000000)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-25 10:31:08 -07:00
Tom Eastep
ca35f565e0 Return success exit status when no ipsets are saved by the script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-25 07:36:00 -07:00
Tom Eastep
bbdbdf7c47 Clean up 'call' description in the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-25 07:06:17 -07:00
Tom Eastep
631ebdecb8 load= enhancements
- Normalize loads to 0.nnnnnnnn
- Issue warning if the loads don't sum to 1.000000

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-23 08:05:58 -07:00
Tom Eastep
c851e03313 Don't try to use a probibility >= 1.00000000
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-23 07:06:31 -07:00
Tom Eastep
df4d6f1f92 Document load= in the providers manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-22 16:31:21 -07:00
Tom Eastep
c7ca3119ef Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-05-22 07:20:51 -07:00
Tom Eastep
ba7afcaeae Make 'call' a supported command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-21 10:38:35 -07:00
Tom Eastep
809e56cef6 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-05-21 09:04:35 -07:00
Tom Eastep
e3805b0ada Implement 'call' in the compiled script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-21 09:00:11 -07:00
Tom Eastep
f1b6e71e56 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-05-20 10:59:06 -07:00
Tom Eastep
f77d649ac7 Make policy descriptions match what the user entered rather than what was generated by the compiler
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-20 10:58:57 -07:00
Tom Eastep
267637f139 NFQUEUE enhancements
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-20 10:55:21 -07:00
Tom Eastep
acd921cd08 Don't require a helper for ctevents and expevents
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-16 13:40:40 -07:00
Tom Eastep
9329e7c36c Don't require a helper in the CT action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-16 09:08:32 -07:00
Tom Eastep
7195ee708e Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-05-08 09:49:42 -07:00
Tom Eastep
50d1a719f9 Delete superfluous test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-08 09:48:58 -07:00
Tom Eastep
4b27c72c79 Set exit code to 6 when startup is disabled
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-07 14:12:41 -07:00
Tom Eastep
3bb1f74283 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code into 4.6.9 2015-05-05 11:28:13 -07:00
Tuomo Soini
87eca92b10 lib.core: use consisten indenting 2015-05-05 20:40:17 +03:00
Tom Eastep
b58aadad01 Correct Syntax error in the generated code.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-04 08:23:42 -07:00
Tom Eastep
6dcd8174ee Don't require interfaces on stop, clear, etc.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-04 08:23:10 -07:00
Tom Eastep
e248c0a3d7 Update Shorewall/Shorewall6 help text for 'reenable'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 13:29:42 -07:00
Tom Eastep
3f17a8cf24 Update the program header information in lib.core
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 13:13:06 -07:00
Tom Eastep
2cea78e6df Add the 'reenable' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 13:02:12 -07:00
Tom Eastep
0abd51c796 Fix module versioning
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 11:59:01 -07:00
Tom Eastep
86e053be7a More optimization of detect_configuration()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 11:32:45 -07:00
Tom Eastep
75d18139f7 Optimize detect_configuration() for enable/disable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-25 15:46:19 -07:00
Tom Eastep
bebb41674a Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-04-25 12:57:04 -07:00
Tom Eastep
42f75f7ba2 Correct SetEvent and ResetEvent
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-25 12:56:36 -07:00
Tuomo Soini
2c9b7fbb07 macro.JabberSecure: use of Jabber SSL is deprecated. Note user. 2015-04-23 10:03:07 +03:00
Tuomo Soini
119299421f macro.JabberPlain: deprecate the macro in favor of macro.Jabber 2015-04-23 09:39:23 +03:00
Tuomo Soini
aef019e16d macro.Jabber: use of jabber has changed from Plain+SSL to STARTTLS 2015-04-23 09:38:40 +03:00
Tom Eastep
3ae243b882 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-04-22 20:34:03 -07:00
Tuomo Soini
0fc58f81cc macro.QUIC: added support for QUIC
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-04-22 16:29:17 +03:00
Tom Eastep
0e8b427778 Remove false comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-18 14:31:07 -07:00
Tom Eastep
6cb3004a39 Clarify helper module loading
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-17 09:51:25 -07:00
Tom Eastep
f5aa0373cb Correct interfaces example 4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-12 08:38:55 -07:00
Tom Eastep
b128c30813 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
Get Tuomo Soini's fix for serviced startup
2015-04-11 07:33:15 -07:00
Tuomo Soini
194252afd3 systemd: fix shorewall startup by adding Wants=network-online.target
Before shorewall failed to load if there were interfaces which were required
but there wasn't any other service which wanted network-online.target.
By adding Wants=network-online.target we make sure shorewall[6]* startup
won't fail if there are required interfaces

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-04-11 10:50:54 +03:00
Tom Eastep
16e3cb1b43 More manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-07 10:14:42 -07:00
Tom Eastep
27c1ffc5fb Include full syntax in lists of CLI commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-07 09:23:58 -07:00
Tom Eastep
0e54a86e82 Add descriptions of 'list' and 'ls' to the CLI manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-06 09:39:41 -07:00