Tom Eastep
499b0cddaa
Log the text from startup errors.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-17 07:02:30 -07:00
Tom Eastep
a534bca914
Fix an existing bug in Shorewall6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-16 19:28:49 -07:00
Tom Eastep
a501222194
Fix some bugs in the Shorewall-init implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-16 17:41:09 -07:00
Tom Eastep
4f428d8135
De-implement 'close'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-16 15:31:41 -07:00
Tom Eastep
749d6be64e
Add 'optional' interfaces to updown processing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 17:06:00 -07:00
Tom Eastep
a3589dc6e9
Implement the 'up' and 'down' script commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 12:48:04 -07:00
Tom Eastep
ff388ca5c4
Detect the 'closed' state in the status command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 12:46:47 -07:00
Tom Eastep
88188202cc
Add 'wait' interface option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 09:52:46 -07:00
Tom Eastep
16e451a7d8
Add 'required' interface option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 09:04:32 -07:00
Tom Eastep
a2758421ed
Bump version to 4.4.10-Beta1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-13 17:03:14 -07:00
Tom Eastep
529f9a07b4
Update Rules.pm version to 4.4.10
2010-05-13 16:39:52 -07:00
Tom Eastep
a04d8126e1
Finish implementing 'close'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-13 16:39:01 -07:00
Tom Eastep
1d0b8b1cec
Correct syntax error in generated code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-13 16:32:42 -07:00
Tom Eastep
449ca038ba
Implement 'close' command
2010-05-13 16:29:25 -07:00
Tom Eastep
74c515016e
Add back stuff merged earlier:
2010-05-08 16:32:03 -07:00
Tom Eastep
679ad6cf04
Allow OS X to be an Administrative System
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-06 09:07:16 -07:00
Tom Eastep
65a5d34276
Update Module Versions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 12:46:29 -07:00
Tom Eastep
96bef5bd49
Assume 'routeback' in routestopped based on interface config.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 12:31:11 -07:00
Tom Eastep
fca404eeaf
Update version to 4.4.9
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 10:02:02 -07:00
Tom Eastep
c7848be266
Back out the rest of the original change for dup / -[psiod]
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 09:59:25 -07:00
Tom Eastep
70c6a2cdf3
Update version to 4.4.9-RC2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-02 07:25:50 -07:00
Tom Eastep
7d2df848c9
Tighten up the new mDNS rule
2010-05-01 12:13:02 -07:00
Tom Eastep
9bcd9fd12b
Allow for mDNS multicast responses
2010-05-01 12:01:58 -07:00
Tom Eastep
639b3ea57d
Simplify checking for /! -[piosd] /
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 09:13:16 -07:00
Tom Eastep
311372013d
More fixes to optimization
...
Only disallow / ! -[piosd] / if the target is a chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 08:58:41 -07:00
Tom Eastep
518416ec2e
Add a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 08:08:39 -07:00
Tom Eastep
94c6b37e8e
Avoid leaving an orphan '!' behind.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 07:51:24 -07:00
Tom Eastep
219b2e0761
A more comprehensive solution to multiple -[piosd] matches.
...
- eliminate duplicate -[piosd] matches in merged rules
- avoid tracing !* unconditionally
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 07:26:25 -07:00
Tom Eastep
16161d9cfc
Add new trace types.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 06:43:09 -07:00
Tom Eastep
1173518d78
More minor cleanup of first code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-30 07:22:09 -07:00
Tom Eastep
2864841a9e
Correct release notes
...
update version to RC1
correct typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-29 11:21:31 -07:00
Tom Eastep
076da4bd5c
Couple of tweaks to my earliest code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-29 11:19:50 -07:00
Tom Eastep
a997d6507d
Update release notes with more common example of failure.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-28 08:09:10 -07:00
Tom Eastep
039668b333
Update release notes to reflect reality.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-28 06:57:45 -07:00
Tom Eastep
2c1cede54e
Revise addressless bridge change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 15:23:38 -07:00
Tom Eastep
d8b0f496df
Allow simple configuration of a bridge with no IP address
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 12:26:58 -07:00
Tom Eastep
988f7c4d7e
More fixes for bad NAT optimization
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:50:18 -07:00
Tom Eastep
f49848bd5b
Document rare optimization fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:32:53 -07:00
Tom Eastep
0e4698d57c
Fix rare optimization bug
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:19:58 -07:00
Tom Eastep
6d61e962eb
Use -m conntrack if available in place of -m state
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-25 13:35:41 -07:00
Tom Eastep
21e0c68ef2
Bump version to 4.4.9 RC1
2010-04-25 09:37:17 -07:00
Tom Eastep
fb2ddcee7b
Bump Version to 4.4.9 Beta 5
2010-04-24 21:53:12 -07:00
Tom Eastep
6053352f8c
A better fix for find_first_interface_address()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-23 20:06:45 -07:00
Tom Eastep
2cb3bac946
Document fix for find_first_interface_address()
2010-04-23 12:18:51 -07:00
Tom Eastep
232fc21fe2
Allow find_first_interface_address[_if_any] to work properly in the params file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-23 11:54:36 -07:00
Tom Eastep
b821bdcdfd
One more pass at improving regex's for target isolation and matching
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 14:45:34 -07:00
Tom Eastep
64bf772594
Set OUTPUT policy to ACCEPT when optimize_chain deletes all of its rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 13:38:38 -07:00
Tom Eastep
b0b39cfc39
Document optimization level 2 fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 11:55:13 -07:00
Tom Eastep
fb754b3a2e
Don't remove a lone ACCEPT rule from the OUTPUT chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 11:35:14 -07:00
Tom Eastep
0dde75d345
Fix install scripts (again)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-19 13:08:03 -07:00
Tom Eastep
a0abb11f67
Extend 'show log <ipaddr>' to search for a regular expression.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-19 13:02:21 -07:00
Tom Eastep
8c09f21e5d
Implement 'show log <token>'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-19 10:20:28 -07:00
Tom Eastep
a1a78cf09b
Abandon the fantesy that multiple optimize 8 passes will achieve anything.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 17:12:08 -07:00
Tom Eastep
938cfd7ba4
Don't create fw-><bport> chains and rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 12:29:51 -07:00
Tom Eastep
c52a3dcd14
Don't generate policy chains for fw to bridgeport zones.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:56:11 -07:00
Tom Eastep
1030c852f9
Simplify a test
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:21:30 -07:00
Tom Eastep
e7a4aaafc1
Modify optimization 8 loop to continue until no chains are combined.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:17:57 -07:00
Tom Eastep
8e1284f74c
Document OPTIMIZE=15
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:17:12 -07:00
Tom Eastep
4f00de0c57
Make additional optimize 8 passes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 08:42:25 -07:00
Tom Eastep
21b44ac42b
Change version to 4.4.9-Beta4
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 07:25:53 -07:00
Tom Eastep
82d6ba511f
Unify the REs that look for '-[jg] <chain>'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 18:02:31 -07:00
Tom Eastep
cec59360f6
Use '-j' rather than '-g' when jumping to tcpre, just to be safe
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 14:14:13 -07:00
Tom Eastep
46d207a86f
Restore original amount of whitespace in maclist rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 14:13:37 -07:00
Tom Eastep
e9a94b0cfb
Unify reference count adjustment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 14:12:48 -07:00
Tom Eastep
cf59d9ec68
Fix an optimize 8 bug.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 12:45:00 -07:00
Tom Eastep
dde540c42d
Update release notes for optimize 4 problems.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 12:44:37 -07:00
Tom Eastep
c1bcf360ee
Fix another 'add_rule' that should have been an 'add_jump'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 09:59:57 -07:00
Tom Eastep
f7e48a94da
Fix install scripts.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 09:39:21 -07:00
Tom Eastep
96d69bd8c3
Centralize message generation; optimize optimization-8 loop
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 09:29:37 -07:00
Tom Eastep
9ad5ee1818
Add correct release id.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 07:25:35 -07:00
Tom Eastep
aeb90969f7
Optimize 8 Documentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-14 17:12:25 -07:00
Tom Eastep
cff6f0010f
Remove chain name after '-A' (again).
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-14 17:05:03 -07:00
Tom Eastep
f8bacb54ef
Optimize 8
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-14 13:21:10 -07:00
Tom Eastep
4137961169
Speed up the replace_references* functions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-11 09:00:24 -07:00
Tom Eastep
715ea9ef32
Speed up delete_jumps()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-11 08:38:14 -07:00
Tom Eastep
91a711b34f
Document startup log fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 11:54:54 -07:00
Tom Eastep
4365b83b15
Rationalize init logs
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 11:46:50 -07:00
Tom Eastep
76b9ef7005
Use unshift rather than splice for readability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 09:25:29 -07:00
Tom Eastep
2e443df8e3
Adjust references in move_rules()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 09:09:46 -07:00
Tom Eastep
ff73d802da
More cleanup of rule and chain deletion:
...
- Rename purge_jumps() to delete_jumps()
- Add delete_chain() function
- Remove an unnecessary assertion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 08:37:17 -07:00
Tom Eastep
1de304bfd9
Relocate purge_jumps() and change the loop exit condition to be a bit safer.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 13:51:44 -07:00
Tom Eastep
14477d61fe
Verify that purge_jumps() reset the 'to' chain's referenced flag.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 12:28:01 -07:00
Tom Eastep
2ff1df53da
Unify chain deletion.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 11:38:18 -07:00
Tom Eastep
7a831107c7
Replace the complex rule deletion loops with C-stype for loops.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 09:58:32 -07:00
Tom Eastep
9dc8267888
Don't apply RE to rules that we've already checked.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 09:46:07 -07:00
Tom Eastep
1e078b8c8d
Use splice() to delete rules from chains
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 09:38:03 -07:00
Tom Eastep
2f3f591af1
Document removal of fallback scripts.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 07:43:36 -07:00
Tom Eastep
56bc28a182
Prepare 4.4.9 Beta 3
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 07:32:21 -07:00
Tom Eastep
c2c0fb0dd2
Fix deletion of only rule in a chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 17:20:11 -07:00
Tom Eastep
ab1a27ca2a
Update version to 4.4.9 Beta 2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 13:14:51 -07:00
Tom Eastep
9a00191c88
Remove a 'defined' test that is no longer needed.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 13:12:17 -07:00
Tom Eastep
359c221783
Keep rules arrays compressed throughout the compilation process
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 12:53:30 -07:00
Tom Eastep
3937c10251
Keep rule arrays compressed during optimization
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 11:35:15 -07:00
Tom Eastep
9126cc63d9
Delete unused rules arrays
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 10:55:31 -07:00
Tom Eastep
c668707aac
Update release docs with optimize 4 fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 20:18:56 -07:00
Tom Eastep
cca2c18370
Another case where reference counts are wrong
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 20:07:03 -07:00
Tom Eastep
aeb3b277b0
Fix reference count issue
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 19:47:49 -07:00
Tom Eastep
9d7d7e06d8
Update release documents
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 14:43:50 -07:00
Tom Eastep
3711e64d71
Fix for 0 values propagated to the script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 14:38:29 -07:00
Tom Eastep
3092a85999
SWAG regarding LOG_VERBOSITY issue
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 13:43:57 -07:00
Tom Eastep
c49e3076ec
Recode fix for find_first_interface_address()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 13:28:07 -07:00
Tom Eastep
62c9cb7b36
Change 'first_install' tests
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 13:16:16 -07:00
Tom Eastep
f17365cf6d
Fix find_first_interface_address()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 13:05:42 -07:00
Tom Eastep
3b317afb2f
Add mDNS macro from Vincent Smeets.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-03 15:57:50 -07:00
Tom Eastep
427b14b21d
Clean up file headers in the .conf files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 11:53:36 -07:00
Tom Eastep
af893b6296
Add 'N' trace records for chain creation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 07:32:38 -07:00
Tom Eastep
c57ee7d68d
Update release notes with additional trace information.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 07:23:17 -07:00
Tom Eastep
b2d8039ff6
Remove unnecessary text and 'before' images from trace entries
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 07:12:22 -07:00
Tom Eastep
7e97e9519d
Conditionally trace writes by copy2().
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 11:56:26 -07:00
Tom Eastep
51d4bf19b5
Conditionally trace writes by copy2().
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 11:56:06 -07:00
Tom Eastep
dc7d4bdb09
Document CS->GS trace change.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 09:50:42 -07:00
Tom Eastep
350a89e449
More complete generated script trace
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 09:48:23 -07:00
Tom Eastep
5c91fb40e2
Remove unneeded test; correct typo
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 09:04:45 -07:00
Tom Eastep
db2bed06d8
Add 'T' to the documented netfilter trace types.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 08:31:12 -07:00
Tom Eastep
b261a5b2ec
Document netfilter trace types.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 07:23:17 -07:00
Tom Eastep
6d7226ae93
Remove special trace entries
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 16:31:03 -07:00
Tom Eastep
1fd656b8c9
Tweak trace facility
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 15:31:05 -07:00
Tom Eastep
3b07053d3b
Document new 'trace' facility
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 14:37:22 -07:00
Tom Eastep
b0733d93ee
Implement a more robust trace
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 13:09:04 -07:00
Tom Eastep
ef4237f5a0
Avoid verbosity overflow/underflow
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 07:27:27 -07:00
Tom Eastep
3e215d0482
Minor cleanup in the Chains module.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-27 08:18:41 -07:00
Tom Eastep
1153ff0c75
Avoid a shell warning when brctl is not installed.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-27 07:33:40 -07:00
Tom Eastep
f30cd7e287
Clarify provisional policy handling.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-26 08:02:49 -07:00
Tom Eastep
5a36606167
Document fix of EXTERNAL handling in proxyarp.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-25 12:13:52 -07:00
Tom Eastep
6cdc1ab7a2
Allow a logical interface name in the EXTERNAL column of the proxyarp file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-25 11:41:06 -07:00
Tom Eastep
a0a5c55a63
Add omitted defect to 4.4.8 problems corrected
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-25 10:14:39 -07:00
Tom Eastep
7d91edc6ec
Remove redundant line of code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-23 12:49:06 -07:00
Tom Eastep
626b28fcd0
Auto-detect bridge when no options specified. Remove extra logic.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-23 09:28:11 -07:00
Tom Eastep
05752dcf0b
Auto-detection of bridges -- release documents.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-23 08:58:44 -07:00
Tom Eastep
5e9aceae68
Detect bridges
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-23 08:38:54 -07:00
Tom Eastep
914d829a49
Don't optimize the 'blacklst' chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-22 06:47:39 -07:00
Tom Eastep
6ac549ef4e
Add a comment explaining why avoiding creation of the blacklst chain
...
and branching to it is a bad idea.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-21 07:24:29 -07:00
Tom Eastep
6fc347b9be
Prepare 4.4.9-Beta1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-20 07:06:47 -07:00
Tom Eastep
9a88156769
Back off on not jumping to the blacklist chain when there are no blacklist entries.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 11:32:22 -07:00
Tom Eastep
fae29bcf6f
Change version to 4.4.8
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 10:17:32 -07:00
Tom Eastep
508475d80b
Avoid panic among the user base by suppressing missing table error messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 10:10:20 -07:00
Tom Eastep
b22b279bd1
Some additional idiot-proofing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 10:01:02 -07:00
Tom Eastep
a71f5df64f
Fix indentation and quoting in TC progress messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 06:59:58 -07:00
Tom Eastep
f44dbcf20b
More copyright updates
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-18 11:13:51 -07:00
Tom Eastep
91bc3b3293
Mark a restored configuration as 'Restored' rather than 'Started'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-17 10:10:56 -07:00
Tom Eastep
1177540fd8
Update version to RC2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 12:39:35 -07:00
Tom Eastep
66c883de2c
Fix UDPLITE handling of source port when no dest port given.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 10:45:31 -07:00
Tom Eastep
b2a56cd542
Copyright update
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 09:53:51 -07:00
Tom Eastep
a01fa345b7
Add support for UDP Lite
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 09:42:50 -07:00
Tom Eastep
5ac2b16936
Correct typo in comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 08:49:17 -07:00
Tom Eastep
16bbe780c7
Try to avoid printing import banners unnecessarily
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 07:23:02 -07:00
Tom Eastep
787cec4fe7
Fix 'uninitialized variable' bug in Config::copy2
...
Bug reported by Tuomo Soini
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 07:12:39 -07:00
Tom Eastep
a2ac726ce9
Add changelog entry
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-11 18:16:31 -08:00
Tom Eastep
196cd5417f
Allow 'default' optimizations to be disabled by specifying optimization 4096.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-11 17:15:44 -08:00
Tom Eastep
57dc5731b2
Add change log entry
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-10 17:31:35 -08:00
Tom Eastep
249f9412f6
Add undocumented OPTIMIZE=-1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-10 17:31:08 -08:00
Tom Eastep
4f32be03d7
Fix typo in comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-08 15:34:38 -08:00
Tom Eastep
93494c6ae3
Eliminate nested function declarations in generate_matrix()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-08 13:11:10 -08:00
Tom Eastep
fb4f7ebd67
Update release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-08 08:18:10 -08:00
Tom Eastep
07cba9e066
Bump version to RC1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-08 08:11:00 -08:00
Tom Eastep
efed2286b0
Move qt1() to lib.common
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-07 11:50:54 -08:00
Tom Eastep
ce8d1cbc59
Change port range in release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-07 08:39:09 -08:00
Tom Eastep
f246f728e7
Flag '-' used as a port range separator
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-07 08:36:26 -08:00
Tom Eastep
4e18414fd7
Uninstall the logrotate scripts
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 09:24:51 -08:00
Tom Eastep
5671a7ae2f
Add new options to online usage info.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 08:45:43 -08:00
Tom Eastep
88447bfc7d
Avoid dropping first line of library source text
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 08:45:21 -08:00
Tom Eastep
2d458b46b4
Update help text in prog.header*
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 08:13:33 -08:00
Tom Eastep
928b162d3c
Fix bug in handling of -p option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 08:12:04 -08:00
Tom Eastep
7557b4b5fb
Update version to 4.4.8 Beta 3
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 07:41:29 -08:00
Tom Eastep
fe089ddc36
Don't copy headers in imported libraries
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 07:40:43 -08:00
Tom Eastep
c8d8d75cae
Cosmetic change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-05 10:40:18 -08:00
Tom Eastep
35974535b2
More removal/relocation of functions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-05 07:29:27 -08:00
Tom Eastep
f8c7a284a5
Remove duplicate/unneeded functions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-05 07:02:00 -08:00
Tom Eastep
8e5114859c
Only load lib.base and lib.cli (lib.base loads lib.common)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-05 06:51:13 -08:00
Tom Eastep
b4d4cedef9
Fix silly bug in 'show dynamic <zone>'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 19:05:47 -08:00
Tom Eastep
abb943bfb7
Do library consolidation on IPv6 and load lib.cli into shorecap.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 13:11:33 -08:00
Tom Eastep
50330f71f6
Move many routines into lib.common.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 12:38:02 -08:00
Tom Eastep
3e4d9b3118
Rename lib.run -> lib.common
2010-03-04 12:13:41 -08:00
Tom Eastep
7757c0bc20
Rename lib.run to lib.common
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:54:56 -08:00
Tom Eastep
41d709b043
Allow 'get_script_version' to correctly handle point releases
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:40:48 -08:00
Tom Eastep
7b52d812ae
Generate correct library path name
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:40:18 -08:00
Tom Eastep
24432a5f76
Back out dumb change to install.sh
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:17:57 -08:00
Tom Eastep
4c081e5998
Add lib.run
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:12:48 -08:00
Tom Eastep
5d87983803
Update change log. Remove anacronistic comment.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 16:14:15 -08:00
Tom Eastep
1d52683af8
Don't display 'Old' capabilities that are not enabled.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 15:28:49 -08:00
Tom Eastep
a963c8f955
Don't export CONFDIR or SHAREDIR
...
Document CONFDIR, SHAREDIR and VARDIR
Add FILEMODE to the old reserved variable names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 11:46:23 -08:00
Tom Eastep
a4414a9695
Delete references to unimplemented functions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 10:53:40 -08:00
Tom Eastep
3f73b3c408
Export *DIR variables
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 10:39:18 -08:00
Tom Eastep
49c1350aa0
Documentation for final cleanup of variable names
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 10:28:09 -08:00
Tom Eastep
c6981de0e5
Complete elimination of globals that are not .conf options
...
Documentation to follow
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 09:50:07 -08:00
Tom Eastep
ee74696747
IPv6 work to only export when necessary
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 08:59:58 -08:00
Tom Eastep
234e4fa754
Update module versions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 08:51:55 -08:00
Tom Eastep
7457f643ee
Don't export globals when the script is 4.4.8 or later
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 08:51:40 -08:00
Tom Eastep
70296b4bd6
Some fixes for -lite changes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 17:16:11 -08:00
Tom Eastep
78a39ccad5
Centralize exporting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 16:03:44 -08:00
Tom Eastep
cce4bf277a
Reduce export usage; Allow PURGE and RESTOREFILE to be specified on the run-line
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 14:49:31 -08:00
Tom Eastep
2656a9b0c7
Eliminate use of PRODUCT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 12:34:36 -08:00
Tom Eastep
5613d0105a
Remove all reliance on HOSTNAME
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 11:59:38 -08:00
Tom Eastep
68f5215f07
Remove Reliance on HOSTNAME in generated programs
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 11:45:35 -08:00
Tom Eastep
3ea6f6792f
Eliminate VERSION reserved variable name
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 08:02:10 -08:00
Tom Eastep
5fc6d58e19
Eliminate STOPPING variable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 07:37:30 -08:00
Tom Eastep
d4936f4bad
Tweak to an RE used in optimization
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 06:58:09 -08:00
Tom Eastep
169f97d76b
Fix typo
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 11:28:54 -08:00
Tom Eastep
8cfcacc862
Update release document with fix for multiple policy matches
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 08:40:20 -08:00
Tom Eastep
f11bfd3890
Eliminate redundate setting of PRODUCT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 08:32:59 -08:00
Tom Eastep
cfa09dce22
Avoid multiple policy matches with OPTIMIZE=7 and not KLUDGEFREE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 08:32:37 -08:00
Tom Eastep
3ba797cb14
Correct several bugs in the VERBOSITY overhaul
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 06:57:04 -08:00
Tom Eastep
53c73bc8e9
Eliminate VERBOSE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 17:58:01 -08:00
Tom Eastep
14f83759ae
Propagate VERBOSITY even though we don't use it yet
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 17:39:35 -08:00
Tom Eastep
546a48543d
Propagate LOG_VERBOSITY
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 17:30:11 -08:00
Tom Eastep
39883aa690
Eliminate LOG_VERBOSE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 16:58:30 -08:00
Tom Eastep
fb55d63eaf
Allow verbosity to be separate from -V
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 16:42:50 -08:00
Tom Eastep
333ac21c2f
Prepare the footers for 4.6.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 15:25:25 -08:00
Tom Eastep
83ed0a401b
I'll eventually get it the way I like it
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 13:45:33 -08:00
Tom Eastep
585711caa8
Even simpler RE for detecting builtins
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 13:29:26 -08:00
Tom Eastep
693d0e5d4c
Make new test in add_jump() a bit safer.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 12:44:29 -08:00
Tom Eastep
91a14b4e82
Make -s the default on Debian; Issue message when installing in a distro-specific way
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 09:15:11 -08:00
Tom Eastep
d2992c21f4
Update version to Beta 2
2010-02-28 09:04:37 -08:00
Tom Eastep
c9c957c5b8
HKP Macro
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 07:37:16 -08:00
Tom Eastep
3c4b41fbe0
Implement -s option in the major installers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-27 11:48:39 -08:00
Tom Eastep
643d4831ab
More all-caps variable elimination
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-26 17:05:35 -08:00
Tom Eastep
061d850c16
Rename RESTOREPATH to g_restorepath
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-26 08:35:50 -08:00
Tom Eastep
c1ac19a81e
Correct a couple of typos
2010-02-25 16:35:19 -08:00
Tom Eastep
8aaddf368b
More reserved variable names documented
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 12:37:22 -08:00
Tom Eastep
e66b8759d6
Document variable name changes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 12:18:41 -08:00
Tom Eastep
7fe7ebc891
Fix Handling of NFQUEUE(queue-num) in policies
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 08:44:28 -08:00
Tom Eastep
4059fe6956
Belatedly update some version numbers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 08:43:32 -08:00
Tom Eastep
4415050fd2
Eliminate another reserved variable name
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-23 17:00:26 -08:00
Tom Eastep
bffb1793d7
More global variable renaming
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-23 07:52:35 -08:00
Tom Eastep
70a246501e
Update version of Tc.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-23 07:08:48 -08:00
Tom Eastep
b2350829b9
Rename 'debugging' to 'g_debugging'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 16:43:38 -08:00
Tom Eastep
3fc10cd94b
Prepend 'SW_' to constructed shell variable names.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 10:27:59 -08:00
Tom Eastep
88d29d2e35
Eliminate a couple of more all-caps variable name restrictions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 08:24:29 -08:00
Tom Eastep
55c9cf3e99
Eliminate some of the reserved all-caps variable names
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 08:05:23 -08:00
Tom Eastep
2a965d42b9
Add a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-21 07:57:34 -08:00
Tom Eastep
e690303937
Modify Roberto's patch for 'show <chain>' error reporting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 19:09:54 -08:00
Tom Eastep
8baa4e60c9
Merge branch 'master' of ssh://teastep@shorewall.git.sourceforge.net/gitroot/shorewall/shorewall
2010-02-20 18:59:17 -08:00
Roberto C. Sanchez
6a3b2b0dee
Clarify error message when user asks shorewall to show a non-existent chain
2010-02-20 21:57:45 -05:00
Tom Eastep
6307653a01
Pick up one fix from 4.4.7.4 regarding CONTINUE rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 09:42:58 -08:00
Tom Eastep
5696742ef3
Update release Document with 4.4.7.5 changes and Debian Init Script Fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 08:34:47 -08:00
Tom Eastep
a83663bf25
Return failure status when a supported command fails.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 08:20:42 -08:00
Tom Eastep
edaf541850
Don't apply rate limiting twice in ACCEPT+ rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-19 14:01:45 -08:00
Tom Eastep
ceff8adc78
Restore duplicate interface detection in tcinterfaces.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 16:11:30 -08:00
Tom Eastep
3a2173ddb4
Some code cleanup in Tc.pm.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 15:56:59 -08:00
Tom Eastep
ea8be87720
Use Hex representation of device numbers > 9 in simple TC.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 12:53:01 -08:00
Tom Eastep
4e0225a4c3
Update Documentation for per-IP rate limiting fixes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 07:12:36 -08:00
Tom Eastep
ea8a6c837f
Document per-IP rate change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 15:41:12 -08:00
Tom Eastep
00b0490cd7
Create a unique hashtable for each instance of a per-IP rate limit
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 15:39:21 -08:00
Tom Eastep
625963a4f0
Final (hopefully) fix for SFQ handle assignment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 09:02:18 -08:00
Tom Eastep
41bb0782a3
Another tweak to SFQ handle assignment.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 08:06:27 -08:00
Tom Eastep
5649dbf9a8
Improve assignment of class ID for SFQ classses
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 07:41:30 -08:00
Tom Eastep
115ce7b87d
Update release documents for bug fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 06:49:13 -08:00
Tom Eastep
eaafeb8c2b
Add --hashlimit-htable-expire if the units are minutes or larger
2010-02-17 06:43:52 -08:00
Tom Eastep
375160d733
Avoid duplicate SFQ class numbers
2010-02-17 06:43:16 -08:00
Tom Eastep
167b29c2c5
Bump module version in Compiler.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 14:24:52 -08:00