Commit Graph

1312 Commits

Author SHA1 Message Date
Tom Eastep
037e92a60e Eliminate some config options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 14:28:12 -07:00
Tom Eastep
2165f746e6 Update .conf documents for 'reload'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 12:58:08 -07:00
Tom Eastep
ef9e75753a Restore .214 files
- Also merge Debian changes from 4.6.12

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 11:23:35 -07:00
Tom Eastep
85648bded1 Deimplement several .conf options
- LOGRATE/LOGBURST
- EXPORTPARAMS
- LEGACY_FASTSTART
2015-08-01 11:11:35 -07:00
Tom Eastep
67589cab69 More version changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-28 10:59:11 -07:00
Tom Eastep
f40373d60c Update config file version and copyrights
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-28 10:50:19 -07:00
Tom Eastep
fa7248c58c Add the LEGACY_RESTART option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-27 09:19:52 -07:00
Tom Eastep
0a7c65ae0d Allow connlimit by destination
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 14:26:58 -07:00
Tom Eastep
34f58bd6ac Correct formatting in the rules file man pages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 11:36:14 -07:00
Tom Eastep
cecc81ce82 Update .service files
- make the .214 versions the default and remove the ones name *.214
- Add 'ExecReload' to all but Shorewall-init
- Create Debian-specific versions with /etc/default rather than /etc/sysconfig
2015-07-26 10:58:03 -07:00
Tom Eastep
f9ec0c6930 New 'reload' and 'restart' semantics
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 09:59:49 -07:00
Tom Eastep
df817b6d2c Correct formatting in the interfaces man pages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-13 13:06:53 -07:00
Tom Eastep
3d325431ff Change Default IPv6 .conf to specify INLINE_MATCHES=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-06 14:49:20 -07:00
Tom Eastep
0414166d6d 'show connections' enhancement
- Allow tayloring of the entries displayed by specifying conntrack
  -L options.
2015-06-29 14:55:47 -07:00
Tom Eastep
7153146759 Don't ask for script version when WORKAROUNDS=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-28 09:18:47 -07:00
Tom Eastep
7c9155a6e8 Update man pages and .conf files for WORKAROUNDS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-06 07:56:14 -07:00
Tom Eastep
f227250959 Fix NFQUEUE parsing and documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-29 18:19:35 -07:00
Tom Eastep
f629d574e6 Add ipv6 'findgw' file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-28 07:20:26 -07:00
Tom Eastep
425094de18 Mention load= warning (sum not 1.000000)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-25 10:31:08 -07:00
Tom Eastep
bbdbdf7c47 Clean up 'call' description in the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-25 07:06:17 -07:00
Tom Eastep
df4d6f1f92 Document load= in the providers manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-22 16:31:21 -07:00
Tom Eastep
ba7afcaeae Make 'call' a supported command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-21 10:38:35 -07:00
Tom Eastep
267637f139 NFQUEUE enhancements
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-20 10:55:21 -07:00
Tom Eastep
acd921cd08 Don't require a helper for ctevents and expevents
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-16 13:40:40 -07:00
Tom Eastep
9329e7c36c Don't require a helper in the CT action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-16 09:08:32 -07:00
Tom Eastep
2cea78e6df Add the 'reenable' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 13:02:12 -07:00
Tom Eastep
6cb3004a39 Clarify helper module loading
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-17 09:51:25 -07:00
Tom Eastep
f5aa0373cb Correct interfaces example 4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-12 08:38:55 -07:00
Tom Eastep
057ad45fd9 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-04-12 07:52:34 -07:00
Tuomo Soini
ade24e6299 shorewall6.service: wants before after to be consistent
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-04-12 11:31:39 +03:00
Tom Eastep
b128c30813 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
Get Tuomo Soini's fix for serviced startup
2015-04-11 07:33:15 -07:00
Tuomo Soini
194252afd3 systemd: fix shorewall startup by adding Wants=network-online.target
Before shorewall failed to load if there were interfaces which were required
but there wasn't any other service which wanted network-online.target.
By adding Wants=network-online.target we make sure shorewall[6]* startup
won't fail if there are required interfaces

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-04-11 10:50:54 +03:00
Tom Eastep
16e3cb1b43 More manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-07 10:14:42 -07:00
Tom Eastep
27c1ffc5fb Include full syntax in lists of CLI commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-07 09:23:58 -07:00
Tom Eastep
0e54a86e82 Add descriptions of 'list' and 'ls' to the CLI manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-06 09:39:41 -07:00
Tom Eastep
eb3a162560 Apply Matt Darfeuille's fix for fatal_error()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-02 13:26:51 -07:00
Tom Eastep
a8026999a5 Another fix for the Shorewall6 uninstaller
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-02 07:47:53 -07:00
Tom Eastep
44142ed457 Apply Matt Darfeuille's uninstall fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-02 07:28:21 -07:00
Tom Eastep
b00a7af619 Allow a comma-separated list in the rtrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-18 15:16:25 -07:00
Tom Eastep
0c11870e46 Implement the 'savesets' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-17 10:03:12 -07:00
Tom Eastep
c5ef3fd905 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-14 08:55:40 -07:00
Tom Eastep
86d6d6900e Improve 'close' and 'show opens' commands
- close accepts a rule number
- list opens displays rule numbers

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-14 08:54:30 -07:00
Tom Eastep
9a5cc5e51c Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-07 07:57:26 -08:00
Tom Eastep
d7a1ca41f9 Another attempt to correct the formatting of the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-07 07:56:34 -08:00
Tom Eastep
d3552346b0 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-06 15:38:48 -08:00
Tom Eastep
1e6c266b51 Formatting fix (I hope)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 15:37:56 -08:00
Tom Eastep
d6f8cda2d5 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-06 14:10:13 -08:00
Tom Eastep
4cc866cd81 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-06 14:09:11 -08:00
Tom Eastep
095e523c9f Add 'show opens' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 13:10:23 -08:00
Tom Eastep
2817060edb Improvements to the 'open' and 'close' commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 08:13:44 -08:00
Tom Eastep
a85fdc45ac Implement 'open' and 'close' commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-05 16:20:54 -08:00
Roberto C. Sánchez
5f2a8dd9cb Fix typo 2015-03-02 10:12:36 -05:00
Roberto C. Sánchez
a28cd7371c Fix typo 2015-03-02 10:10:52 -05:00
Roberto C. Sánchez
e9bb447537 Fix typo 2015-03-02 09:58:09 -05:00
Tom Eastep
cdc2d52208 Implement ADD and DEL in the mangle file.
- Also document the parameter to SAME

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-18 12:04:01 -08:00
Tom Eastep
b14e7c54f9 Merge branch '4.6.6' 2015-02-07 08:29:44 -08:00
Tom Eastep
30a5f508be Change samples to specify MODULE_SUFFIX="ko ko.xz"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-06 12:56:35 -08:00
Orion Poplawski
9ad0b297e2 Supporting xz compressed kernel modules
- I've attached a patch that adds xz support to the default MODULE_SUFFIX.
- I'm wondering it wouldn't be better to not have MODULE_SUFFX=ko in various
sample configs so that the default value is used instead:

./Shorewall/configfiles/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/Universal/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/three-interfaces/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/two-interfaces/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/one-interface/shorewall.conf:MODULE_SUFFIX=ko
./docs/MultiISP.xml:MODULE_SUFFIX=ko
./docs/MyNetwork.xml:MODULE_SUFFIX=ko
./Shorewall6/configfiles/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/Universal/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/three-interfaces/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/two-interfaces/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/one-interface/shorewall6.conf:MODULE_SUFFIX=ko

- Is:

MODULE_SUFFIX=

sufficient to use the default value or does it need to be commented out?

Thanks,

  Orion

--
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion@nwra.com
Boulder, CO 80301                   http://www.nwra.com

>From f13edf8fc07c7b62825408b8665b10d6014d368d Mon Sep 17 00:00:00 2001
From: Orion Poplawski <orion@cora.nwra.com>
Date: Mon, 26 Jan 2015 09:48:48 -0700
Subject: [PATCH] Support xz compressed modules

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-06 12:51:00 -08:00
Tom Eastep
5d110616a5 Merge branch '4.6.6' 2015-01-24 18:16:47 -08:00
Tom Eastep
a2b8069ee3 Clarify Zone exclusion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-24 18:15:10 -08:00
Tom Eastep
50a0103e89 Merge branch '4.6.6' 2015-01-20 08:11:07 -08:00
Tom Eastep
6f2308e0fa Correct syntax of the SAVE and RESTORE actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-20 08:09:55 -08:00
Tom Eastep
28ac76bde4 Add tinc tunnel support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-13 13:28:37 -08:00
Tom Eastep
07c21b8968 Add 'primary' provider option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-06 09:06:27 -08:00
Tom Eastep
7dd9ccd06b Add the 'loopback' interface option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-03 09:22:40 -08:00
Tom Eastep
551a16d18f Document TARPIT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-01 09:14:00 -08:00
Tom Eastep
93285e2798 Cleanup of preceding fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 14:05:43 -08:00
Tom Eastep
2430796495 Document the -c option of 'show routing'
Correct choice in show commands to 'req'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 12:15:28 -08:00
Tom Eastep
06ef7596cd Document the -c 'dump' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 11:57:24 -08:00
Tom Eastep
227db0cfa7 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2014-12-23 15:37:38 -08:00
Tom Eastep
c0f7d0e65d Start firewall after the network-online target has been reached
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-23 15:37:22 -08:00
Tom Eastep
fdf513fba6 Correct font in mangle manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-19 14:26:20 -08:00
Tom Eastep
7100af5380 Correct .service files
- Make them match earlier versions

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-11 18:05:04 -08:00
Tom Eastep
22ac37b51e Patches for Shorewall6 manpage from Thomas D
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-10 07:50:28 -08:00
Tom Eastep
6f5de7ef3f Add now logging modules to the modules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-05 16:19:30 -08:00
Tom Eastep
2f545012a6 More documentation updates for -C
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 09:25:58 -08:00
Tom Eastep
4493b2ab6b Correct typo in 'rules' manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 06:50:40 -08:00
Tom Eastep
8fb73026c8 Replace SAVE_COUNTERS with the -C command option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-01 09:37:57 -07:00
Tom Eastep
a83c146636 Cleanup
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 20:27:06 -07:00
Tom Eastep
113f95c11e Provide STARTOPTIONS and RESTARTOPTIONS in all cases
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 10:22:39 -07:00
Tom Eastep
3454e10525 Add SAVE_COUNTERS option.
- Also implement recover command

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 08:57:56 -07:00
Tom Eastep
055fceb82f Update policy manpages for duel limits
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-22 12:27:27 -07:00
Tom Eastep
f5bdc9e7f4 Allow two limits in the RATE LIMIT columns
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-22 11:21:43 -07:00
Tom Eastep
b60d6dd6e5 Avoid duplicate module loads
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-20 10:42:53 -07:00
Tom Eastep
2784e93307 Load xt_LOG in both helpers files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-19 08:28:36 -07:00
Tom Eastep
20c8bf02b1 Correct Shorewall6 helpers file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-19 08:28:19 -07:00
Tom Eastep
38d4b1c5a9 Revert "Correct last patch"
This reverts commit b528625329.
2014-10-19 08:28:11 -07:00
Tom Eastep
e3a332ec27 Correct last patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-19 08:28:00 -07:00
Tom Eastep
49218a4d28 ipt_LOG in helpers file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-15 18:07:09 -07:00
Tom Eastep
3236cd2660 Reinstate IPv6 DropSmurfs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-13 12:34:25 -07:00
Tom Eastep
42363da458 Add new .service files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-09 10:00:53 -07:00
Tom Eastep
c5074bddb2 Rename the .service files to .service.214
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-09 09:45:52 -07:00
Tom Eastep
12458d111a Adjust the .service files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-08 17:28:22 -07:00
Tuomo Soini
a31fd20f22 Shorewall6/nat: clearly make it ipv6 specific 2014-10-07 12:42:57 +03:00
Tom Eastep
2c7ffb525d Updagte Shorewall6-nat manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-05 20:09:18 -07:00
Tom Eastep
316866482b Add ipv6 nat file and manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-05 19:54:19 -07:00
Tom Eastep
3206021278 Another round of uninstall fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 13:50:39 -07:00
Tom Eastep
9dc2bba025 More uninstall corrections.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 09:39:03 -07:00
Tom Eastep
770a505cd2 Delete DropSmurfs from IPv6 actions.std
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-30 16:16:53 -07:00
Tom Eastep
3e2c903a41 Revert "Only save ipsets of the proper family"
This reverts commit b053cab630.
2014-09-28 13:32:32 -07:00
Tom Eastep
b053cab630 Only save ipsets of the proper family
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 12:58:52 -07:00
Tom Eastep
cbcb1ff7e1 Add SAVE_IPSETS to shorewall6.conf.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 11:37:24 -07:00
Tom Eastep
3858683e94 Allow saving a specified list of ipsets
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 11:19:41 -07:00
Tom Eastep
10df9d31c4 Correct typo in the actions manpages (4.6.5 s/b 4.6.4).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-25 14:47:27 -07:00
Tom Eastep
976a1f3deb Merge branch '4.6.3'
Conflicts:
	Shorewall/Perl/Shorewall/Misc.pm
2014-09-25 08:06:16 -07:00
Tom Eastep
ea40068c10 Fix ADMINISABSENTMINDED=No used with stoppedrules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-25 08:03:35 -07:00
Tom Eastep
580e00dabd Implement LOG_BACKEND option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 15:26:13 -07:00
Tom Eastep
a7b57ad32c Clarify iptrace logging.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 09:14:38 -07:00
Tom Eastep
ba7f88c912 Re-apply 'terminating' changes to the actions manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-23 09:33:57 -07:00
Tom Eastep
7481514a97 Implement the 'terminating' action option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-23 09:29:13 -07:00
Tom Eastep
1f5439257a Revert "Implement the 'terminating' action option"
This reverts commit 6851744cb7.
2014-09-23 07:39:25 -07:00
Tom Eastep
4495ed687b Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2014-09-23 07:10:46 -07:00
Tuomo Soini
a03f00bf0f systemd services: multi-user is not same as old runlevel 3 so use basic
add conflicts to obviously conflicting services
remove old version number from init files
remove legacy syslog.target which is not needed on modern systems
fix formatting of email address onold Copyright text

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2014-09-23 16:44:03 +03:00
Tom Eastep
771e487b02 Merge branch '4.6.3' 2014-09-01 09:10:55 -07:00
Tom Eastep
0b66c475a7 Make <command> replacable in the run synopsis
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 09:10:03 -07:00
Tom Eastep
8727a6f1d8 Correct 'run' command synopsis in the shorewall[6] manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:52:09 -07:00
Tom Eastep
f9a62e1650 Correct builtin example in the actions manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:29:29 -07:00
Tom Eastep
6851744cb7 Implement the 'terminating' action option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:16:42 -07:00
Tom Eastep
4bacfced82 Another attempt to fix formatting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 11:59:51 -07:00
Tom Eastep
7c1bbd4dc7 Fix formatting in shorewall[6]-rules(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 11:29:44 -07:00
Tom Eastep
4347190f82 Clarify REJECT handling in IP[6]TABLE rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 09:10:10 -07:00
Tom Eastep
e49832f4b5 Run the 'init' script in the 'run' command.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-30 10:25:00 -07:00
Tom Eastep
31e5aeeaea Refine the 'run' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-29 10:30:07 -07:00
Tom Eastep
a7b18ca875 Implement 'run' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-28 07:04:56 -07:00
Tom Eastep
848078873d Update tcfilters manpages to mention BASIC_FILTERS=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-22 07:19:10 -07:00
Tom Eastep
a97e2fd3d9 Update manpages regarding 'status -i'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-12 19:37:05 -07:00
Tom Eastep
4a4cea46c0 Update copyrights in the Sample files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-06 13:44:34 -07:00
Tom Eastep
8bfff55ed2 Add a TIME column to the mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-04 08:01:14 -07:00
Tom Eastep
b1a6ec7f03 Merge branch '4.6.1' 2014-07-02 21:41:27 -07:00
Tom Eastep
7fdc398a5e Revert "Revert "Revert "Add a TIME column to the mangle file"""
This reverts commit 1165b2689c.
2014-06-27 08:23:04 -07:00
Tom Eastep
1165b2689c Revert "Revert "Add a TIME column to the mangle file""
This reverts commit 9c7fcd09fd.
2014-06-27 08:14:28 -07:00
Tom Eastep
9c7fcd09fd Revert "Add a TIME column to the mangle file"
This reverts commit 824b14b714.
2014-06-25 07:33:42 -07:00
Tom Eastep
80c09c4747 Merge branch '4.6.1' 2014-06-25 07:31:36 -07:00
Tom Eastep
824b14b714 Add a TIME column to the mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-25 07:05:12 -07:00
Tom Eastep
6ad9b95351 Implement 'show bl'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 13:27:25 -07:00
Tom Eastep
ac4bf15606 Implement 'status -i'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 11:07:37 -07:00
Tom Eastep
4e5d24fd9b Currect masq manpages
Describe the SOURCE column as optional

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-16 07:27:05 -07:00
Tom Eastep
89c5d5080b A couple more tweaks to the masq manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-22 11:14:46 -07:00
Tom Eastep
dcc2fb27c5 Apply Tuomo Soini's whitespace patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-19 14:18:48 -07:00
Tom Eastep
7835feb45e Apply Simon Mater's cosmetic fix to the 'mangle' files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-16 07:31:44 -07:00
Tom Eastep
ffc564bdf9 Add ?format 2 to several Shorewall6 actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-10 08:19:03 -07:00
Tom Eastep
f717d097d7 Apply Tuomo Soini's Macro format patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-07 12:19:24 -07:00
Tom Eastep
2b43c28e98 Add tabs to mangle files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-20 07:56:43 -07:00
Tom Eastep
c663f91ec7 Add HEADERS to shorewall6-mangle(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-19 08:01:21 -07:00
Tom Eastep
15507aa265 Update sample rules files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-19 07:48:42 -07:00
Tom Eastep
4d4e8b3df4 Do nothing when a rules file section is empty.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-18 14:13:34 -07:00
Tom Eastep
b3cd9ab15a Default to LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-12 11:05:28 -07:00
Tom Eastep
fdc391cf49 Change all *.conf files to reflect ZONE2ZONE=-
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-11 20:44:15 -07:00
Tom Eastep
eb70234c52 Correct some typos in the .conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-12 14:50:15 -07:00
Tom Eastep
20b10582b4 Moew deprecation of USE_DEFAULT_RT=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-10 08:24:12 -07:00
Tom Eastep
cea237620a Change USE_DEFAULT_RT default to 'Yes'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-09 07:42:22 -07:00
Tom Eastep
c9d7370fb4 Merge branch '4.5.21'
Conflicts:
	Shorewall/manpages/shorewall.conf.xml
	Shorewall6/manpages/shorewall6.conf.xml

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-05 09:00:34 -08:00
Tom Eastep
8b4d8bfa16 Finish ADMINISABSENDMINDED change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-05 08:57:03 -08:00
Tom Eastep
caa72fb7d2 Correct routestopped files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-02 10:39:12 -08:00
Tom Eastep
3e87efc82b Document -t option
- Also copy compiler directives to the mangle file.
2014-02-17 12:50:59 -08:00
Tom Eastep
69fe94ef08 Document the -t option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-16 09:25:58 -08:00
Tom Eastep
16b80c3e45 Add default value for BASIC_FILTERS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 20:45:51 -08:00
Tom Eastep
2dbcd36a9c Implement BASIC_FILTERS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 16:34:03 -08:00
Tom Eastep
7ddc65133e Support ipset lists in the tcfilters file.
- Also document the fact that ipset match options are not available in
  the tcfilters file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 12:16:35 -08:00
Tom Eastep
c08655e0bc Document ipset use in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-01 09:40:39 -08:00
Tom Eastep
44e0d48fc5 Add <refmiscinfo>...</refmiscinfo> to remaining manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-16 08:32:57 -08:00
Tom Eastep
89fd5ced15 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2014-01-12 14:05:48 -08:00
Roberto C. Sanchez
b1a490b50a Cleanup links in manpages so that hrefs in generated HTML don't take the user to a different server 2014-01-12 16:40:03 -05:00
Tom Eastep
a35b7821bf Correct stoppedrules manpages re DROP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:30:09 -08:00
Tom Eastep
fd28a12653 Allow DROP in the stoppedrules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:19:49 -08:00
Tom Eastep
42dd8dfee9 Change license to GPLv2+ and update copyrights
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-04 09:48:27 -08:00
Tom Eastep
78ecf9bdc8 Finish up ipset extensions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-03 09:23:14 -08:00
Tom Eastep
1771bb75cf Finish ipset match option implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-02 14:43:55 -08:00
Tom Eastep
48ceed9ecb Make tcpflags the default.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 15:10:38 -08:00
Tom Eastep
623bdd2ff1 Manpage corrections.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:41:28 -08:00
Tom Eastep
b61ee2d75e Manpage updates for IP[6]TABLES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:18:54 -08:00
Tom Eastep
ac6a506e35 Allow logging from the RAW table
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-31 11:04:43 -08:00
Tom Eastep
4cc5ee6b73 Document IP[6]TABLES in the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 10:13:38 -08:00
Tom Eastep
8f6f0c94a4 Replace tcrules with mangle in the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 15:35:08 -08:00
Tom Eastep
6fe06c82c8 More switch from tcrules to mangle
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 15:24:05 -08:00
Tom Eastep
a1222d10cb change 'marks' file to 'mangle'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 10:03:23 -08:00
Tom Eastep
4c840a05a0 Fix issue in the shorewall-tcrules and shorewall6-tcrules manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-19 16:24:50 -08:00
Tom Eastep
6323372ebd Fix issue in the shorewall-tcrules and shorewall6-tcrules manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-19 16:23:32 -08:00
Tom Eastep
4e4e7cac1d Redefine the -i option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-15 11:23:20 -08:00
Tom Eastep
cb74b2d706 Document the -i update option in the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 20:54:56 -08:00
Tom Eastep
33c5893bdb Implement INLINE_MATCHES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 13:35:01 -08:00
Tom Eastep
2bc329aa1d Add INLINE support to the masq file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-13 15:44:16 -08:00
Tom Eastep
f22dfcaa75 Merge branch '4.5.21' 2013-12-08 09:02:44 -08:00
Tom Eastep
d71c2688dc Clarify the need to quote/escaape settings with parentheses.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-08 09:02:25 -08:00
Tom Eastep
95abeaea24 Finish INLINE in the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-01 09:25:32 -08:00
Tom Eastep
d63262a0cb change ZONE2ZONE default to '-'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-24 08:16:28 -08:00
Tom Eastep
3870157898 Issue warning on bare SECTION headings.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-24 07:58:02 -08:00
Tom Eastep
ea21d61f39 Correct Broadcast Actions
- Delete --dst-type BROADCAST from IPv6
- Suppress superfluous multicast rule

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-12 08:41:58 -08:00
Tom Eastep
3b5c1ad601 Remove anachronistic text from the tcinterfaces manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-10 08:19:16 -08:00
Tom Eastep
e14d92c5ac Add DROP support in tcrules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-04 10:50:11 -08:00
Tom Eastep
6eb2c0cb5f Add link to the logging page from the policy manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-24 08:01:18 -07:00
Roberto C. Sanchez
12563c55a8 Add '. /lib/lsb/init-functions' to the Debian-specific init scripts, as recommended by lintian 2013-10-05 16:31:45 -04:00
Tom Eastep
e570d91ab1 Document 'hostroute' and 'nohostroute'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-18 17:58:28 -07:00
Tom Eastep
159d677acb Update manpages to indicate that 'inline' is assumed for REJECT_ACTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-10 08:08:06 -07:00
Tom Eastep
ae63a0ab77 Correct description of how REJECT is handled:
- Add UDP

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-02 17:07:58 -07:00
Tom Eastep
67603c5eb3 Implement REJECT_ACTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-01 09:14:10 -07:00
Tom Eastep
32763e998b Make -v work with the status command
- Also document exit status

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-13 06:52:46 -07:00
Tom Eastep
a10aea280b Add some abbreviations for common commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-06 07:05:47 -07:00
Tom Eastep
83d1aa6682 Allow OPTIMIZE=All
- Remove use of literal 4096 from OPTIMIZATION checks.
- Moved constant declarations to the Config module.
- Documented that level 1 is ignored when level 4 is specified.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-29 10:08:35 -07:00
Tom Eastep
aabb22a50f Add the TRACK_RULES option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-24 07:22:51 -07:00
Tom Eastep
765b748283 Documentation updates
- Add meaningful IDs to some sections in Events.xml
- Correct typos in the accounting manpages

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-22 07:54:45 -07:00
Tom Eastep
7aa33c140d Add an AutoBL action with helper AutoBLL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-17 10:19:18 -07:00
Tom Eastep
d6d0cad2f9 Add 'show event[s]' to manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 10:37:27 -07:00
Tom Eastep
282bf0a78c Allow Events with Shorewall6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 09:45:41 -07:00
Tom Eastep
71bcd11ab6 Make ?...shell/perl directives case insensitive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-20 10:39:39 -07:00
Tom Eastep
4bd35a0b93 Allow 'routeback=0'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-16 08:37:53 -07:00
Tom Eastep
53f1cd40df Add 'unmanaged' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-10 12:36:18 -07:00
Tom Eastep
a48a4b7a2e Don't allow fowarding between local zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-28 06:14:44 -07:00
Tom Eastep
2de0fbf7d0 Change 'local' to 'loopback' and add 'local' zones that match non-loopback interfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-26 14:06:51 -07:00
Tom Eastep
fd11eb7d82 Omit fw->fw jumps when there is a local zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-22 09:19:34 -07:00
Tom Eastep
ac02c484f5 Change 'local' interface option to a zone type.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-19 15:35:20 -07:00
Tom Eastep
b38f1416aa Mention "all+' in the "Important" notes at the top
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-13 13:41:12 -07:00
Tom Eastep
c8133145e6 Add support for "all+" in the policy file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-13 09:01:12 -07:00
Tom Eastep
e3d9b2762d Add 'destonly' and 'local' to the interface manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-12 12:48:58 -07:00
Tom Eastep
7215b61aa4 Document changes introduced by Mr-4.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-07 10:16:38 -07:00
Tom Eastep
577db69719 Support conditional compilation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-07 09:36:02 -07:00
Roberto C. Sanchez
a0228e9d3b Fix typos in manpages 2013-05-03 12:19:45 -04:00
Tom Eastep
8bb03a741d Update blrules manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-24 08:17:10 -07:00
Tom Eastep
f543c3bd1e Finish Mr-4's NFACCT patch
- Correct indentation
- Remove '$type' argument to split_nfacct_list
- Update manpages.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-23 06:55:30 -07:00
Tom Eastep
5ad69aa650 Add CHAIN_SCRIPTS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-21 07:30:31 -07:00
Tom Eastep
a56dcc745d Clarify <chain>:COUNT in the accounting files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-20 17:11:46 -07:00
Tom Eastep
1b9fd642bb Add INLINE to the accounting file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-20 08:02:02 -07:00
Tom Eastep
1fd62e1612 Restore order in the NFACCT target.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 11:11:37 -07:00
Tom Eastep
6c2679ce75 Allow incrementing an nfacct object when an ipset matches.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 10:44:57 -07:00
Tom Eastep
91c4dd2e56 Document multiple nfacct objects in one rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 06:38:02 -07:00
Tom Eastep
8ef11a376b Document 'HELPERS=none'.
- Also make 'check -u' work correctly regarding HELPERS=

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-18 11:30:47 -07:00
Tom Eastep
ef01748dc9 Update manpages for INLINE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-17 07:34:00 -07:00
Tom Eastep
beec4a188f Implement INLINE action (again).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 09:15:59 -07:00
Tom Eastep
50494f667c Implement INLINE action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-08 17:30:00 -07:00
Tom Eastep
efebda76d2 Improve the description of 'accept_ra' in shorewall6-interfaces(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-01 14:25:49 -07:00
Tom Eastep
d415de1883 Add the accept_ra Shorewall6 interface option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-30 16:44:18 -07:00
Tom Eastep
b5ea4067e4 Implement USE_RT_NAMES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-24 10:56:38 -07:00
Tom Eastep
1e866eac28 Implement the other forms of NULL routing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-16 08:20:52 -07:00
Tom Eastep
fe6533943c Correct 'routes' manpages.
- change 4.5.15 with 4.5.14 for the availability of blackhole routes
- Add 'main' to the legal providers.
2013-03-08 08:26:08 -08:00
Tom Eastep
06e7f297f7 Allow addition of blackhole routes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 11:48:09 -08:00
Tom Eastep
631c1ac843 Mention the multiport match requirement for '='
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-04 12:53:00 -08:00
Tom Eastep
49918b654e Support '=' in SOURCE PORT(S) columns
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-04 09:56:10 -08:00
Tom Eastep
8960f72532 Handle DNAT with no port correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-01 07:58:58 -08:00
Tom Eastep
252dd9b676 Correct SUBSYSLOCK setting in shorewall6.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-28 07:45:17 -08:00
Tom Eastep
418034579f Support IPv6 Masquerade
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-27 09:25:26 -08:00
Tom Eastep
7006c62892 Correct port pair handling in the snat ADDRESS column.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-25 15:31:36 -08:00
Tom Eastep
0349a9a88c Rename the IPv6 masq file 'snat'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-19 13:05:24 -08:00
Tom Eastep
524d6242b0 More SNAT/DNAT manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-19 12:42:09 -08:00
Tom Eastep
b562f7f311 Allow specification of destination addresses in Shorewall6 masq.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-19 08:34:03 -08:00
Tom Eastep
ce28c70c60 SNAT and DNAT support for IPv6.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-19 07:08:08 -08:00
Tom Eastep
010c44d07a Correct description of the 'sourceroute' interface option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-18 11:33:19 -08:00
Tom Eastep
e486c16513 Correct all configpath files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-14 15:10:21 -08:00
Tom Eastep
f44becdee1 Rename BLACKLIST_LOGLEVEL to BLACKLIST_LOG_LEVEL for consistent naming.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-12 07:47:02 -08:00
Tom Eastep
aae6e001fe Convert dropInvalid and allowInvalid to inline actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-07 11:21:13 -08:00
Tom Eastep
aa528dd075 Revert "Convert allowInvalid and dropInvalid into macros"
This reverts commit 272e1d330c.
2013-02-07 09:09:56 -08:00
Tom Eastep
272e1d330c Convert allowInvalid and dropInvalid into macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-06 09:54:12 -08:00
Tom Eastep
61c219ed3a Clarify the CHAIN column in the accounting manpage. Also mention ipset support.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 08:00:24 -08:00
Tom Eastep
0616dd9fcb Add 'New' action for conntrack state NEW
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 09:33:24 -08:00
Tom Eastep
c68d4c6e27 Simplify Perl from actions even further.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 15:55:39 -08:00
Tom Eastep
9f82d82a92 Update Shorewall6 actions.std
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 12:59:24 -08:00
Evangelos Foutras
c9247c8074 Remove Arch Linux init file
Arch Linux only supports systemd now.

Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 10:13:54 -08:00
Tom Eastep
f407068d20 Update shorewall[6]-actions(5) regarding inline for some standard actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 08:27:30 -08:00
Tom Eastep
fc73c3934b Replace BLACKLISTNEWONLY with BLACKLIST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 08:00:47 -08:00
Tom Eastep
6b889e537f Correct typo in the actions.std files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 12:07:04 -08:00
Tom Eastep
519861d7b2 Add CONTINUE as a possible setting for RELATED_DISPOSITION.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:58:03 -08:00
Tom Eastep
f7bdb71aad Add an Established action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 15:40:53 -08:00
Tom Eastep
69b660ba56 Add Related and Untracked actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-26 09:45:16 -08:00
Tom Eastep
c958329d14 More manpage updates for RELATED and UNTRACKED rules sections.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 19:24:01 -08:00
Tom Eastep
575673a8f5 Correct broken links in the .conf manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 15:42:20 -08:00
Tom Eastep
6403f4959d Implement UNTRACKED SECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 15:42:01 -08:00
Tom Eastep
c2bc74cdfe Add INVALID section to the rules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 08:33:59 -08:00
Tom Eastep
a03e793907 Added OUT-BANDWIDTH to the tcinterfaces column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-22 16:33:57 -08:00
Tom Eastep
17eae4adee Update the description of BLACKLISTNEWONLY to match the implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-22 09:11:15 -08:00
Tom Eastep
b5cb27e84e Correct .service files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-20 15:15:46 -08:00
Tom Eastep
89a09f0256 Implement DEFER_DNS_RESOLUTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-13 17:00:14 -08:00
Tom Eastep
f41b2fbffc Clarify the LENGTH column of the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-09 16:22:38 -08:00
Tom Eastep
414a74d23c Support protocol lists in most files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 16:06:54 -08:00
Tom Eastep
d4c9885c09 Change interpretation of the log tag when LOGTAGONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-06 13:10:18 -08:00
Tom Eastep
f955abe18b Unify IPv4 and IPv6 modules.xtables files
- only difference now is xt_ipp2p

Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-01 08:44:36 -08:00
Tom Eastep
25b2341ecf Add sch_fq_codel to modules.tc
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-01 08:29:41 -08:00
Tom Eastep
4590e25052 Correct modules.xtables
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2012-12-31 08:54:32 -08:00
Tom Eastep
115081dda5 Tweak fq_codel documentation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 11:20:16 -08:00
Tom Eastep
6d9cca1cff fq_codel
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 10:58:11 -08:00
Tom Eastep
ebe4267c49 Rename IGNOREOLDCAPVERSIONS to WARNOLDCAPVERSION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:58:45 -08:00
Tom Eastep
f96bc7cc2d Cosmetic cleanup of the .conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:01:37 -08:00
Tom Eastep
8bb6f81dc5 Rename IGNOREOLDCAPS to IGNOREOLDCAPVERSIONS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 08:54:22 -08:00
Tom Eastep
01a8ff20d4 Add the xtables modules to modules.xtables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 16:06:54 -08:00
Tom Eastep
ef0102e9f1 Add the 'IGNOREOLDCAPS' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 15:48:08 -08:00
Tom Eastep
4d2379f542 Implement update -D
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-23 10:50:31 -08:00
Tom Eastep
c9eccaf3b8 Implement ?COMMENT directive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-23 10:49:32 -08:00
Tom Eastep
96b61ea05c Update documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-21 16:13:23 -08:00
Tom Eastep
dbd55acba2 Update samples, standard Actions and Macros to use ?FORMAT 2012-12-21 15:51:14 -08:00
Tom Eastep
1cbeaa6a9f Apply Tuomo Soini's tabs patches for the rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-13 09:26:09 -08:00
Tom Eastep
8a0abab4cc Rename 'ALLOWUNKNOWNVARIABLES' to 'IGNOREUNKNOWNVARIABLES'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-12 11:51:31 -08:00
Tom Eastep
88d4814209 Merge branch '4.5.10'
Conflicts:
	Shorewall/Perl/Shorewall/Config.pm
2012-12-08 20:54:33 -08:00
Tom Eastep
4d064d6713 Replace spaces with tabs in rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-07 16:48:55 -08:00
Tom Eastep
56d7b6248b Begin Action Documentaiton Update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-05 19:07:42 -08:00
Tom Eastep
02cbd72a91 Merge branch '4.5.10' 2012-12-04 10:56:09 -08:00
Tom Eastep
60012d1208 Add additional space for the OPTIONS column
- actions and actions.std problem

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 10:54:32 -08:00
Tom Eastep
903e25a91a Add ALLOWUNKNOWNVARIABLES to the sample configurations.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 09:04:34 -08:00
Tom Eastep
8f1e8bf475 Add 'ALLOWUNKNOWNVARIABLES' to the manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 08:50:23 -08:00
Tom Eastep
cd5e9be467 Carefully suppress duplicate rules in all tables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-02 12:20:24 -08:00
Tom Eastep
cc657e571d Update action templates with new columns.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 10:25:10 -08:00
Tom Eastep
f358a78eca Revise the description of 'noinline' to match the changed implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 09:33:38 -08:00
Tom Eastep
8cbe26e32c Ignore 'inline' for certain actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 07:54:42 -08:00