Commit Graph

3716 Commits

Author SHA1 Message Date
Tom Eastep
71566f0ab0
Avoid compiler crash when LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-20 14:54:01 -07:00
Tom Eastep
e4169ede4a
Merge branch '5.0.13' 2016-10-20 13:29:05 -07:00
Tom Eastep
b44628ddc8
Only specify 'counters' to ipset of IPSET_MATCH_COUNTERS is present
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-20 09:07:36 -07:00
Tom Eastep
0e7d5f3972
Support '+' in SNAT action invocation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 16:00:36 -07:00
Tom Eastep
ab496987e0
Prevent 'nat' and 'mangle' being specified together
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 15:32:05 -07:00
Tom Eastep
c92ebc3908
Make merge_inline_source_dest() a little safer
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 14:32:56 -07:00
Tom Eastep
bc3573fcbc
Correct handling of interface lists in masq->snat conversion
- Also restore logic for ADD_SNAT_ALIASES
- Correct some interface-list errors in snat processing
- Restore whitespace after '--to-source'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 14:19:09 -07:00
Tom Eastep
6b7beaadaf
Merge branch '5.0.13' 2016-10-18 10:16:58 -07:00
Tom Eastep
31b6e9e299
Fix another DEST bug in mangle inline action handling :-(
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 10:15:43 -07:00
Tom Eastep
d52a4b1c9d
Implement SNAT actions and inlines
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 10:09:07 -07:00
Tom Eastep
9796af5d80
Merge branch '5.0.13' 2016-10-17 10:16:30 -07:00
Tom Eastep
9fc56bb896
Correct typo in process_mangle_inline()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-17 09:29:32 -07:00
Tom Eastep
4bb942f1f9
Restrict hypen as range separator to use with integers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 13:29:00 -07:00
Tom Eastep
05dbfbb988
Restrict hypen as range separator to use with integers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 13:26:44 -07:00
Tom Eastep
69a7c78179
Merge branch '5.0.13' 2016-10-16 12:28:01 -07:00
Tom Eastep
04051454bf
Reverse bad ECN handling patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 12:27:45 -07:00
Tom Eastep
2ca86d9abd
Merge branch '5.0.13' 2016-10-16 10:22:12 -07:00
Tom Eastep
e6f3d429a1
Renew timeout on matched dbl entries
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 09:42:45 -07:00
Tom Eastep
1ca91d7ddc
Correct handling of ECN file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 08:41:19 -07:00
Tom Eastep
fad9dce3e6
Correct handling of ECN file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 08:33:01 -07:00
Tom Eastep
342f4ee0f2
Add the --exits option to ADD with timeout
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 16:43:44 -07:00
Tom Eastep
047b5ca6d5
Add the --exits option to ADD with timeout
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 16:43:04 -07:00
Tom Eastep
43fdddb438
Add 'snat' config file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 11:38:52 -07:00
Tom Eastep
44477d97ac
Move Masq file processing to the Rules module
- This will enable supporting actions in the new snat file

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-14 12:42:58 -07:00
Tom Eastep
b5906812a2
Accept '-' as the separator in a port range.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-14 10:10:03 -07:00
Tom Eastep
b80d4c2320
Don't allow shell meta characters in interface names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-11 17:01:45 -07:00
Tom Eastep
d5aaa66e0b
Detect bad characters in interface names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-11 10:56:41 -07:00
Tom Eastep
8c522a5c4d
Correct typo in lib.private
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-09 10:58:29 -07:00
Tom Eastep
abf57a4d1f
Correct indentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-09 09:29:04 -07:00
Tom Eastep
3058f2fb84
Delete code supporting old kernel/iproute2 IPv6 restrictions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-07 11:02:36 -07:00
Tom Eastep
eb6ae5e186
Correct handling of DYNAMIC_BLACKLIST options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 16:56:29 -07:00
Tom Eastep
941604ad01
Correct issue with updating DBL timeout
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 15:41:40 -07:00
Tom Eastep
14e8568d9e
Add the FIREWALL .conf option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 15:03:54 -07:00
Tom Eastep
ca7ca4bdfe
Add a 'timeout' option to DYNAMIC_BLACKLIST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 12:56:47 -07:00
Tom Eastep
8d731c81e4
Add 'disconnect' option to ipset-based dynamic blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-04 09:09:45 -07:00
Tom Eastep
72dbb4c3c3
Handle persistent provider enable/disable correctly
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-30 16:01:04 -07:00
Tom Eastep
bc591ccee4
Don't assume that statistically balanced providers are optional
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-30 14:01:16 -07:00
Tom Eastep
156313edd2
Correctly handle down persistent interface during 'disable'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-27 11:47:37 -07:00
Tom Eastep
35bd1db7fb
Handle Down or missing interfaces in 'delete_gateway()'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-27 11:43:26 -07:00
Tom Eastep
792b3b696c
Add ZERO_MARKS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-26 16:04:26 -07:00
Tom Eastep
fa9ee6d69e
Clear packet marks in PREROUTING and OUTPUT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-24 15:46:04 -07:00
Tom Eastep
8065e62f12
Support for the 'contiguous' option in TIME columns
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-22 14:22:11 -07:00
Tom Eastep
e81a4788c6
Implement DEFAULT_PAGER in shorewallrc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-21 10:20:48 -07:00
Tom Eastep
afc212495f
Make POSTROUTING the default chain for CHECKSUM
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-18 08:57:49 -07:00
Tom Eastep
059b1c6c8c
Remove superfluous logic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-13 11:13:19 -07:00
Tom Eastep
2f75901068
Restore 'use Shorewall::Config(shorewall)' in embedded Perl handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-13 09:29:51 -07:00
Tom Eastep
8bb7c2363b
Support '+' after a zone list in the policy files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-10 10:06:38 -07:00
Tom Eastep
2c90a8bfb5
Allow zone lists in the SOURCE and DEST columns of the policy files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-10 08:47:48 -07:00
Tom Eastep
bb8af36d3f
Minor cleanup in the Rules module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-31 13:01:49 -07:00
Tom Eastep
4ec2c2087d
Delete obsolete comments
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-29 12:40:28 -07:00
Tom Eastep
31d35e0cbd
Minor cleanup of the Chains module
- Correct typos
- Correct 'P' trace entries
- Add parens and comments to calls

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-15 09:22:11 -07:00
Tom Eastep
bcacce7ed0
Rename a variable to avoid confusion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-14 15:45:24 -07:00
Tom Eastep
646c20491a
Fix indentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-14 15:45:00 -07:00
Tom Eastep
fa1173baaa
Correct typo in a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-14 10:24:29 -07:00
Tom Eastep
72e21be89d
Add a handle back to the flow classifier
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-04 11:03:36 -07:00
Tom Eastep
1b1e2c58f9
Allow optional provider interfaces to match a wildcard
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-02 15:44:19 -07:00
Tom Eastep
decf9d3b3e
Correct comment formatting in 'trace' output
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-30 09:03:19 -07:00
Tom Eastep
a05623f49e
Don't delete duplicate COUNT rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-30 08:24:53 -07:00
Tom Eastep
0b9cd93769
Default DSCP rules to the POSTROUTING chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-27 13:59:15 -07:00
Tom Eastep
372359839b
Add 'comment' to alternative input
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-24 15:08:55 -07:00
Tom Eastep
a02c745a83
Avoid silly duplicate rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-30 17:49:43 -07:00
Tom Eastep
47557aa4f7
Correct additional issues with 'update'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-18 10:24:52 -07:00
Tom Eastep
93ee4432de
Allow <user>: in USER columns
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-18 09:44:35 -07:00
Tom Eastep
8c543ca6f8
Transfer permissions during file updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-16 16:04:32 -07:00
Tom Eastep
e71fb3249a
Add 'dbl' interface option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-15 16:35:41 -07:00
Tom Eastep
ea56d4ed19
Make ipset-based dynamic blacklisting work in the FORWARD chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-13 15:02:12 -07:00
Tom Eastep
c65721a139
Correct a warning message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-13 12:21:16 -07:00
Tom Eastep
cd0837beb5
Avoid run-time Perl diagnostic when validating a null log level
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-09 09:00:12 -07:00
Tom Eastep
cd01df4200
Allow more than 9 interfaces with Simple TC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-07 14:43:37 -07:00
Tom Eastep
7798c52a19
Fix DOCKER=Yes when docker0 is defined and Docker isn't started.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-22 17:50:51 -07:00
Tom Eastep
82169a0bfd
Use 'date' format for compiletime rather than localtime format
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-07 13:48:16 -07:00
Tom Eastep
64fb662bb1 Verify Shorewall6 version when compiling for IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-05 15:22:47 -07:00
Tom Eastep
ce20e5592b Cross-check core and standard versions during compilation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-05 13:53:26 -07:00
Tom Eastep
590243a787 Add NFLOG as a supported mangle action
- Also document nflog-parameters
- Correct range of nflog groups

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-03 11:27:34 -07:00
Tom Eastep
9dd0346987 Apply Paul Gear's patch for Ubuntu 16.04
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-02 07:25:37 -07:00
Tom Eastep
ccfa181a6d Tweak compile_info_command()
- Fix comment
- use $globals{VERSION} for the version number

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-30 14:12:34 -07:00
Tom Eastep
24d40f4cc2 Add VERBOSE_MESSAGES option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-30 08:00:56 -07:00
Tom Eastep
244f2cefe5 Update comment describing info_command()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-29 15:42:48 -07:00
Tom Eastep
41923cb80e Improve compile time/date implementation
- Rename the command from 'date' to 'info'
- Return the complete date/time/version string in the command

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-29 12:31:17 -07:00
Tom Eastep
2a40012fc4 Include compile time and date in the output of 'shorewall status'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-27 16:25:21 -07:00
Tom Eastep
a92d10f19c Merge branch '5.0.8' 2016-04-27 10:23:51 -07:00
Tom Eastep
f6b7eb4ea0 Correct handling of persistent provider with no IP address
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-25 12:27:00 -07:00
Tom Eastep
800c06e8c9 Rename lib.core to lib.runtime
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-21 08:12:41 -07:00
Tom Eastep
f16e3f1fbe Issue warning when enable/disable won't work correctly
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-19 10:42:50 -07:00
Tom Eastep
0faf3b6db1 Send INFO messages to STDERR rather than STDOUT 2016-04-18 13:59:29 -07:00
Tom Eastep
3253c882e9 Merge branch '5.0.8' 2016-04-18 12:36:28 -07:00
Tom Eastep
5212dba7cb Add an ESTABLISHED,RELATED rule for docker0
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-18 10:13:05 -07:00
Tom Eastep
35a22eedac Reword error message when tcclass MARK is too large
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-18 10:06:04 -07:00
Tom Eastep
b53de922d1 Catch 0 in the MARK column of the tcclasses file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-18 08:50:10 -07:00
Tom Eastep
ae852b513d Correct indentation issue
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-17 10:23:18 -07:00
Tom Eastep
9611b588e3 Use a uniform format for log timestamps
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-16 09:52:35 -07:00
Tom Eastep
fb8dbcf44b Use a uniform format for log timestamps
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-16 09:49:38 -07:00
Tom Eastep
335f2968f8 Implement ?INFO and ?WARNING
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-16 09:20:09 -07:00
Tom Eastep
c725372639 Correct logging of 'reloaded' message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-15 14:46:21 -07:00
Tom Eastep
524838ae47 Implement $SW_LOGGERTAG
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-15 14:29:51 -07:00
Tom Eastep
6aa0ecae4f Re-factor the code for saving/loading ipsets
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 15:15:47 -07:00
Tom Eastep
434e042494 Add the deprecated/ directories to the CONFIG_PATH
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 14:17:06 -07:00
Tom Eastep
9fa0df2fd1 Move the code that generates zap_ipsets() to after save_ipsets() generation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 09:56:48 -07:00
Tom Eastep
216bc715e8 Clean up V4/V5 ipset enforcement
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 09:00:38 -07:00
Tom Eastep
dbd42e1d5d More ipset fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-12 16:29:13 -07:00