Commit Graph

163 Commits

Author SHA1 Message Date
teastep
b66929a65e Large merge of function from EXPERIMENTAL to HEAD.
1) Elimination of the "shorewall monitor" command.

2) The /etc/shorewall/ipsec and /etc/shorewall/zones file are combined into
a single /etc/shorewall/zones file. This is done in an upwardly-compatible
way so that current users can continue to use their existing files.

3) Support has been added for the arp_ignore interface option.

4) DROPINVALID has been removed from shorewall.conf. Behavior is as if
DROPINVALID=No was specified.

5) The 'nobogons' option and BOGON_LOG_LEVEL are removed.

6) Error and warning messages have been made easier to spot by using
capitalization (e.g., ERROR: and WARNING:).

7) The /etc/shorewall/policy file now contains a new connection policy and a
policy for ESTABLISHED packets. Useful for users of snort-inline who want to
pass all packets to the QUEUE target.

8) A new 'critical' option has been added to /etc/shorewall/routestopped.
Shorewall insures communication between the firewall and 'critical' hosts
throughout start, restart, stop and clear. Useful for diskless firewall's
with NFS-mounted file systems, LDAP servers, Crossbow, etc.

9) Macros. Macros are very similar to actions but are easier to use, allow
parameter substitution and are more efficient. Almost all of the standard
actions have been converted to macros in the EXPERIMENTAL branch.

10) The default value of ADD_IP_ALIASES in shorewall.conf is changed to No.

11) If you have 'make' installed on your firewall, then when you use
the '-f' option to 'shorewall start' (as happens when you reboot),
if your /etc/shorewall/ directory contains files that were modified
after Shorewall was last restarted then Shorewall is started using
the config files rather than using the saved configuration.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2409 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-25 23:08:09 +00:00
paulgear
2a19eb8a5a Copy latest 2.4 version from Shorewall2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2264 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 05:55:29 +00:00
paulgear
90dd62e89e Copy latest 2.2 version from STABLE2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2263 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 05:45:05 +00:00
paulgear
921a7223d4 Copy latest 2.0 code from STABLE2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2262 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 04:45:32 +00:00
teastep
ccd528ec8c Shorewall 1.4.10d +
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1216 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-03-20 15:40:06 +00:00
teastep
d711731678 Fix multiple excluded zone handling in DNAT/REDIRECT
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1181 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-03-04 15:24:59 +00:00
teastep
7f19ec0c73 Fix another masq file bug
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1131 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-02-09 20:46:22 +00:00
teastep
76c135e123 Shorewall-1.4.10a
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1129 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-02-08 20:36:46 +00:00
teastep
97ea8c60d7 Fix problem in masq file parsing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1123 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-02-05 20:13:24 +00:00
teastep
76b5918a13 Fix handling of 'all' or '-' in the PROTO column of an action file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1096 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-29 19:11:51 +00:00
teastep
d116d04fb8 Don't add broadcasts to /0 groups
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1095 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-28 00:52:03 +00:00
teastep
b4d0cbd1b1 Don't feed the smurfs
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1093 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-27 22:33:32 +00:00
teastep
2e80e459bb RC1 and 'detectnets' option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1089 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-23 23:48:30 +00:00
teastep
22df211052 Applied Fr�d�ric LESPEZ's patch for packet marking by user/group id
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1088 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-22 20:24:56 +00:00
teastep
d362f734d9 Destination exclude list in masq file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1085 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-22 02:06:56 +00:00
teastep
5338cb48b0 Minor updates for 1.4.9
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1070 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-09 20:18:40 +00:00
teastep
0c6299465d Fix SNAT handling in DNAT rules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@869 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-16 21:52:37 +00:00
teastep
90263f43af Add user-defined Actions
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@801 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-04 02:01:08 +00:00
teastep
380b8e2ce8 Add MODULE_SUFFIX option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@797 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-01 16:10:08 +00:00
teastep
f9c596a465 Reword desciption of NEWNOTSYN
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@793 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-11-28 17:39:53 +00:00
teastep
9fde389c31 Log 'norfc1918'
packets out of 'rfc1918' chains


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@792 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-11-27 18:39:11 +00:00
teastep
a3eaa7f9af Rework ip_forward handling; update release file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@791 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-11-27 18:24:57 +00:00
teastep
64bd2c9035 One-to-one NAT and updated common.def
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@790 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-11-24 19:08:43 +00:00
teastep
80981e802e Fix NONE policy validation and 'routeback' for wildcard interfaces
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@786 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-11-08 02:38:30 +00:00
teastep
c334e92103 Shorewall 1.4.8-RC1
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@783 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-31 15:29:30 +00:00
teastep
f046ea3ab1 Fix route filtering
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@782 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-30 15:42:45 +00:00
teastep
ee51d49233 Correct Debian lockfile usage comment in shorewall.conf
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@781 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-27 22:36:22 +00:00
teastep
0f72f92c48 Another fix for <zone>_frwd chains
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@780 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-26 16:22:01 +00:00
teastep
e46c76253c Expand chain naming
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@778 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-25 00:55:58 +00:00
teastep
5448a9cc38 Expand chain naming
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@777 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-25 00:54:01 +00:00
teastep
1fd0345510 Re-add optimization for complex zones
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@769 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-15 18:34:05 +00:00
teastep
ff2b9ce193 Remove 'complex zone' optimization
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@768 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-15 18:17:23 +00:00
teastep
67ad01a56f Added BLACKLISTNEWONLY
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@765 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-11 16:06:00 +00:00
teastep
55ddfb8c78 Fix error handling after 'Unable to determine the routes...'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@764 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-10 03:00:26 +00:00
teastep
c80dacd86a p2pwall integration
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@762 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-09 21:26:08 +00:00
teastep
5b54d21d07 Don't use multiport match on ICMP
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@760 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-08 15:07:18 +00:00
teastep
9a51cb0b60 Merge Tuomo Soini's fix for /bin/ash
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@758 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-08 14:53:26 +00:00
teastep
8c4ccaed9a RC3
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@754 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-06 21:11:34 +00:00
teastep
1003cd5590 Update RFC1918 to reflect recent IANA allocations
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@751 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-02 15:07:35 +00:00
teastep
5d489f01f9 Change 'logunclean' messages to reflect LOG disposition
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@750 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-02 04:48:30 +00:00
teastep
45e63c15ac Blacklist before DHCP
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@749 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-01 00:07:14 +00:00
teastep
2e4f97175d Correct handling of missing common.def file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@748 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-09-27 14:54:16 +00:00
teastep
f88241a6f1 Fix rules file processing with missing policy
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@747 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-09-26 21:34:16 +00:00
teastep
ddb925c133 Reword error message
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@745 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-09-22 21:44:22 +00:00
teastep
9f14855704 Allow user:group in USER SET column of rules file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@744 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-09-19 19:42:05 +00:00
teastep
6074472053 Correct Comment in rules file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@743 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-09-18 22:49:34 +00:00
teastep
169f057d91 Updates to rfc1918
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@740 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-09-17 02:22:47 +00:00
teastep
a18c573868 Beta 2 plus fix proxy ARP routes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@738 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-09-16 19:44:49 +00:00
teastep
b119a35e81 Fix for IPV6 addresses and the 'ip' utility
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@737 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-28 21:32:40 +00:00
teastep
afbe79977e Fix adding range of aliases
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@732 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-27 15:13:03 +00:00