Tom Eastep
71566f0ab0
Avoid compiler crash when LOAD_HELPERS_ONLY=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-20 14:54:01 -07:00
Tom Eastep
e4169ede4a
Merge branch '5.0.13'
2016-10-20 13:29:05 -07:00
Tom Eastep
b44628ddc8
Only specify 'counters' to ipset of IPSET_MATCH_COUNTERS is present
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-20 09:07:36 -07:00
Tom Eastep
0e7d5f3972
Support '+' in SNAT action invocation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 16:00:36 -07:00
Tom Eastep
ab496987e0
Prevent 'nat' and 'mangle' being specified together
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 15:32:05 -07:00
Tom Eastep
c92ebc3908
Make merge_inline_source_dest() a little safer
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 14:32:56 -07:00
Tom Eastep
bc3573fcbc
Correct handling of interface lists in masq->snat conversion
...
- Also restore logic for ADD_SNAT_ALIASES
- Correct some interface-list errors in snat processing
- Restore whitespace after '--to-source'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 14:19:09 -07:00
Tom Eastep
6b7beaadaf
Merge branch '5.0.13'
2016-10-18 10:16:58 -07:00
Tom Eastep
31b6e9e299
Fix another DEST bug in mangle inline action handling :-(
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 10:15:43 -07:00
Tom Eastep
d52a4b1c9d
Implement SNAT actions and inlines
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 10:09:07 -07:00
Tom Eastep
9796af5d80
Merge branch '5.0.13'
2016-10-17 10:16:30 -07:00
Tom Eastep
9fc56bb896
Correct typo in process_mangle_inline()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-17 09:29:32 -07:00
Tom Eastep
4bb942f1f9
Restrict hypen as range separator to use with integers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 13:29:00 -07:00
Tom Eastep
05dbfbb988
Restrict hypen as range separator to use with integers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 13:26:44 -07:00
Tom Eastep
69a7c78179
Merge branch '5.0.13'
2016-10-16 12:28:01 -07:00
Tom Eastep
04051454bf
Reverse bad ECN handling patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 12:27:45 -07:00
Tom Eastep
2ca86d9abd
Merge branch '5.0.13'
2016-10-16 10:22:12 -07:00
Tom Eastep
e6f3d429a1
Renew timeout on matched dbl entries
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 09:42:45 -07:00
Tom Eastep
1ca91d7ddc
Correct handling of ECN file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 08:41:19 -07:00
Tom Eastep
fad9dce3e6
Correct handling of ECN file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 08:33:01 -07:00
Tom Eastep
342f4ee0f2
Add the --exits option to ADD with timeout
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 16:43:44 -07:00
Tom Eastep
047b5ca6d5
Add the --exits option to ADD with timeout
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 16:43:04 -07:00
Tom Eastep
43fdddb438
Add 'snat' config file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 11:38:52 -07:00
Tom Eastep
44477d97ac
Move Masq file processing to the Rules module
...
- This will enable supporting actions in the new snat file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-14 12:42:58 -07:00
Tom Eastep
b5906812a2
Accept '-' as the separator in a port range.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-14 10:10:03 -07:00
Tom Eastep
b80d4c2320
Don't allow shell meta characters in interface names
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-11 17:01:45 -07:00
Tom Eastep
d5aaa66e0b
Detect bad characters in interface names
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-11 10:56:41 -07:00
Tom Eastep
8c522a5c4d
Correct typo in lib.private
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-09 10:58:29 -07:00
Tom Eastep
abf57a4d1f
Correct indentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-09 09:29:04 -07:00
Tom Eastep
3058f2fb84
Delete code supporting old kernel/iproute2 IPv6 restrictions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-07 11:02:36 -07:00
Tom Eastep
eb6ae5e186
Correct handling of DYNAMIC_BLACKLIST options
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 16:56:29 -07:00
Tom Eastep
941604ad01
Correct issue with updating DBL timeout
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 15:41:40 -07:00
Tom Eastep
14e8568d9e
Add the FIREWALL .conf option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 15:03:54 -07:00
Tom Eastep
ca7ca4bdfe
Add a 'timeout' option to DYNAMIC_BLACKLIST
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 12:56:47 -07:00
Tom Eastep
8d731c81e4
Add 'disconnect' option to ipset-based dynamic blacklisting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-04 09:09:45 -07:00
Tom Eastep
72dbb4c3c3
Handle persistent provider enable/disable correctly
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-30 16:01:04 -07:00
Tom Eastep
bc591ccee4
Don't assume that statistically balanced providers are optional
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-30 14:01:16 -07:00
Tom Eastep
156313edd2
Correctly handle down persistent interface during 'disable'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-27 11:47:37 -07:00
Tom Eastep
35bd1db7fb
Handle Down or missing interfaces in 'delete_gateway()'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-27 11:43:26 -07:00
Tom Eastep
792b3b696c
Add ZERO_MARKS option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-26 16:04:26 -07:00
Tom Eastep
fa9ee6d69e
Clear packet marks in PREROUTING and OUTPUT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-24 15:46:04 -07:00
Tom Eastep
8065e62f12
Support for the 'contiguous' option in TIME columns
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-22 14:22:11 -07:00
Tom Eastep
e81a4788c6
Implement DEFAULT_PAGER in shorewallrc
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-21 10:20:48 -07:00
Tom Eastep
afc212495f
Make POSTROUTING the default chain for CHECKSUM
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-18 08:57:49 -07:00
Tom Eastep
059b1c6c8c
Remove superfluous logic
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-13 11:13:19 -07:00
Tom Eastep
2f75901068
Restore 'use Shorewall::Config(shorewall)' in embedded Perl handling
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-13 09:29:51 -07:00
Tom Eastep
8bb7c2363b
Support '+' after a zone list in the policy files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-10 10:06:38 -07:00
Tom Eastep
2c90a8bfb5
Allow zone lists in the SOURCE and DEST columns of the policy files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-10 08:47:48 -07:00
Tom Eastep
bb8af36d3f
Minor cleanup in the Rules module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-31 13:01:49 -07:00
Tom Eastep
4ec2c2087d
Delete obsolete comments
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-29 12:40:28 -07:00
Tom Eastep
31d35e0cbd
Minor cleanup of the Chains module
...
- Correct typos
- Correct 'P' trace entries
- Add parens and comments to calls
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-15 09:22:11 -07:00
Tom Eastep
bcacce7ed0
Rename a variable to avoid confusion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-14 15:45:24 -07:00
Tom Eastep
646c20491a
Fix indentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-14 15:45:00 -07:00
Tom Eastep
fa1173baaa
Correct typo in a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-14 10:24:29 -07:00
Tom Eastep
72e21be89d
Add a handle back to the flow classifier
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-04 11:03:36 -07:00
Tom Eastep
1b1e2c58f9
Allow optional provider interfaces to match a wildcard
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-02 15:44:19 -07:00
Tom Eastep
decf9d3b3e
Correct comment formatting in 'trace' output
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-30 09:03:19 -07:00
Tom Eastep
a05623f49e
Don't delete duplicate COUNT rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-30 08:24:53 -07:00
Tom Eastep
0b9cd93769
Default DSCP rules to the POSTROUTING chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-27 13:59:15 -07:00
Tom Eastep
372359839b
Add 'comment' to alternative input
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-24 15:08:55 -07:00
Tom Eastep
a02c745a83
Avoid silly duplicate rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-30 17:49:43 -07:00
Tom Eastep
47557aa4f7
Correct additional issues with 'update'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-18 10:24:52 -07:00
Tom Eastep
93ee4432de
Allow <user>: in USER columns
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-18 09:44:35 -07:00
Tom Eastep
8c543ca6f8
Transfer permissions during file updates
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-16 16:04:32 -07:00
Tom Eastep
e71fb3249a
Add 'dbl' interface option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-15 16:35:41 -07:00
Tom Eastep
ea56d4ed19
Make ipset-based dynamic blacklisting work in the FORWARD chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-13 15:02:12 -07:00
Tom Eastep
c65721a139
Correct a warning message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-13 12:21:16 -07:00
Tom Eastep
cd0837beb5
Avoid run-time Perl diagnostic when validating a null log level
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-09 09:00:12 -07:00
Tom Eastep
cd01df4200
Allow more than 9 interfaces with Simple TC
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-07 14:43:37 -07:00
Tom Eastep
7798c52a19
Fix DOCKER=Yes when docker0 is defined and Docker isn't started.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-22 17:50:51 -07:00
Tom Eastep
82169a0bfd
Use 'date' format for compiletime rather than localtime format
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-07 13:48:16 -07:00
Tom Eastep
64fb662bb1
Verify Shorewall6 version when compiling for IPv6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-05 15:22:47 -07:00
Tom Eastep
ce20e5592b
Cross-check core and standard versions during compilation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-05 13:53:26 -07:00
Tom Eastep
590243a787
Add NFLOG as a supported mangle action
...
- Also document nflog-parameters
- Correct range of nflog groups
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-03 11:27:34 -07:00
Tom Eastep
9dd0346987
Apply Paul Gear's patch for Ubuntu 16.04
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-02 07:25:37 -07:00
Tom Eastep
ccfa181a6d
Tweak compile_info_command()
...
- Fix comment
- use $globals{VERSION} for the version number
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-30 14:12:34 -07:00
Tom Eastep
24d40f4cc2
Add VERBOSE_MESSAGES option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-30 08:00:56 -07:00
Tom Eastep
244f2cefe5
Update comment describing info_command()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-29 15:42:48 -07:00
Tom Eastep
41923cb80e
Improve compile time/date implementation
...
- Rename the command from 'date' to 'info'
- Return the complete date/time/version string in the command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-29 12:31:17 -07:00
Tom Eastep
2a40012fc4
Include compile time and date in the output of 'shorewall status'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-27 16:25:21 -07:00
Tom Eastep
a92d10f19c
Merge branch '5.0.8'
2016-04-27 10:23:51 -07:00
Tom Eastep
f6b7eb4ea0
Correct handling of persistent provider with no IP address
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-25 12:27:00 -07:00
Tom Eastep
800c06e8c9
Rename lib.core to lib.runtime
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-21 08:12:41 -07:00
Tom Eastep
f16e3f1fbe
Issue warning when enable/disable won't work correctly
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-19 10:42:50 -07:00
Tom Eastep
0faf3b6db1
Send INFO messages to STDERR rather than STDOUT
2016-04-18 13:59:29 -07:00
Tom Eastep
3253c882e9
Merge branch '5.0.8'
2016-04-18 12:36:28 -07:00
Tom Eastep
5212dba7cb
Add an ESTABLISHED,RELATED rule for docker0
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-18 10:13:05 -07:00
Tom Eastep
35a22eedac
Reword error message when tcclass MARK is too large
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-18 10:06:04 -07:00
Tom Eastep
b53de922d1
Catch 0 in the MARK column of the tcclasses file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-18 08:50:10 -07:00
Tom Eastep
ae852b513d
Correct indentation issue
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-17 10:23:18 -07:00
Tom Eastep
9611b588e3
Use a uniform format for log timestamps
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-16 09:52:35 -07:00
Tom Eastep
fb8dbcf44b
Use a uniform format for log timestamps
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-16 09:49:38 -07:00
Tom Eastep
335f2968f8
Implement ?INFO and ?WARNING
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-16 09:20:09 -07:00
Tom Eastep
c725372639
Correct logging of 'reloaded' message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-15 14:46:21 -07:00
Tom Eastep
524838ae47
Implement $SW_LOGGERTAG
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-15 14:29:51 -07:00
Tom Eastep
6aa0ecae4f
Re-factor the code for saving/loading ipsets
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 15:15:47 -07:00
Tom Eastep
434e042494
Add the deprecated/ directories to the CONFIG_PATH
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 14:17:06 -07:00
Tom Eastep
9fa0df2fd1
Move the code that generates zap_ipsets() to after save_ipsets() generation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 09:56:48 -07:00
Tom Eastep
216bc715e8
Clean up V4/V5 ipset enforcement
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 09:00:38 -07:00
Tom Eastep
dbd42e1d5d
More ipset fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-12 16:29:13 -07:00