Tom Eastep
|
c5d4a63afe
|
Describe a more complex dmz squid solution
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-19 14:15:40 -07:00 |
|
Tom Eastep
|
a9ce4c20f0
|
Add routefilter=0,logmartians=0 to Squid routing solution
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-19 13:52:01 -07:00 |
|
Tom Eastep
|
1fd62e1612
|
Restore order in the NFACCT target.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-19 11:11:37 -07:00 |
|
Tom Eastep
|
6c2679ce75
|
Allow incrementing an nfacct object when an ipset matches.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-19 10:44:57 -07:00 |
|
Tom Eastep
|
610bdf1aac
|
Correct merge_rules() for LAST matches.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-19 08:40:01 -07:00 |
|
Tom Eastep
|
91c4dd2e56
|
Document multiple nfacct objects in one rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-19 06:38:02 -07:00 |
|
Tom Eastep
|
cbdca08fea
|
Fix for multiple nfacct patch.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-18 16:37:54 -07:00 |
|
Tom Eastep
|
b87b4b61d8
|
Allow multiple nfacct matches in one accounting rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-18 16:14:57 -07:00 |
|
Tom Eastep
|
9c010691a3
|
Always place 'nfacct' last
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-18 15:26:34 -07:00 |
|
Tom Eastep
|
d3e9a2f7e8
|
Remove wrong entries from the helpers file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-18 15:25:18 -07:00 |
|
Tom Eastep
|
8ef11a376b
|
Document 'HELPERS=none'.
- Also make 'check -u' work correctly regarding HELPERS=
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-18 11:30:47 -07:00 |
|
Tom Eastep
|
4d686e873b
|
Implement 'HELPERS=none'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-18 10:30:56 -07:00 |
|
Tom Eastep
|
f55e34dd8b
|
Don't allow options on targets that don't accept them.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-17 17:18:01 -07:00 |
|
Tom Eastep
|
668bd4a1a4
|
Accept complex log levels with INLINE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-17 16:59:14 -07:00 |
|
Tom Eastep
|
5d5f168f25
|
Don't clone rule unconditionally in format_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-17 13:35:32 -07:00 |
|
Tom Eastep
|
938bd72844
|
Better handling of the matches rule member.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-17 10:39:32 -07:00 |
|
Tom Eastep
|
ef01748dc9
|
Update manpages for INLINE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-17 07:34:00 -07:00 |
|
Tom Eastep
|
8b91575c9e
|
Maintain order when multiple instances of a match are separated.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-17 06:52:32 -07:00 |
|
Tom Eastep
|
0da38cc38e
|
Order matches in rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-12 11:37:29 -07:00 |
|
Tom Eastep
|
6950cd2576
|
Allow '-' in a match name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-11 18:30:02 -07:00 |
|
Tom Eastep
|
ff4fb21044
|
Require that the '-j' part of a free-form rule be known.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-11 18:29:45 -07:00 |
|
Tom Eastep
|
614c5e6155
|
Assume LOG if a level is specified with INLINE.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-11 14:16:34 -07:00 |
|
Tom Eastep
|
35b0b4a4f9
|
Support A_ACCEPT!
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-11 13:37:49 -07:00 |
|
Tom Eastep
|
c34cf333ba
|
Allow both {...} and ';' with INLINE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-11 12:57:59 -07:00 |
|
Tom Eastep
|
b33bdeaa02
|
Allow a parameter to INLINE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-11 11:54:58 -07:00 |
|
Tom Eastep
|
38f3ae0934
|
Handle 'NONE' policy correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-11 09:35:27 -07:00 |
|
Tom Eastep
|
beec4a188f
|
Implement INLINE action (again).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-11 09:15:59 -07:00 |
|
Tom Eastep
|
f85d548d40
|
Correct handling of MACLIST_DISPOSITION with MACLIST_TABLE=mangle
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-11 06:23:22 -07:00 |
|
Tom Eastep
|
ee2e85c0fb
|
Correct generation of the blacklog chain when disposition is audited
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-10 16:43:38 -07:00 |
|
Tom Eastep
|
186f71fa96
|
Add NEW_TOS_MATCH capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-09 14:04:16 -07:00 |
|
Tom Eastep
|
477e2bc455
|
Additional corrections to INLINE action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-09 09:41:43 -07:00 |
|
Tom Eastep
|
273f109daf
|
Correct handling of MACLIST_DISPOSITION=A_xxx when MACLIST_TABLE=mangle
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-09 09:37:12 -07:00 |
|
Tom Eastep
|
50494f667c
|
Implement INLINE action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-08 17:30:00 -07:00 |
|
Tom Eastep
|
183a0a75a1
|
Implement 'builtin' actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-08 16:14:26 -07:00 |
|
James Shubin
|
f176f91b7e
|
Added VRRP macro.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-05 12:37:46 -07:00 |
|
Tom Eastep
|
a56f485797
|
Add Xymon macro.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-05 08:49:33 -07:00 |
|
Tom Eastep
|
9e10c38e26
|
Don't emit 'quantum' calculation unless the qdisc is 'htb'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-03 08:39:18 -07:00 |
|
Tom Eastep
|
64e7675f45
|
Add note about rate-estimators in FAQ 97a
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-03 07:28:23 -07:00 |
|
Tom Eastep
|
ee66a45e2e
|
Correct comments in the Chains module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-02 12:52:10 -07:00 |
|
Tom Eastep
|
190e43ff51
|
Correct typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-02 10:55:09 -07:00 |
|
Tom Eastep
|
c200efa6d7
|
Revert "Disable script generation while processing TC"
This reverts commit 5b18ff91ca .
|
2013-04-01 15:23:16 -07:00 |
|
Tom Eastep
|
efebda76d2
|
Improve the description of 'accept_ra' in shorewall6-interfaces(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-01 14:25:49 -07:00 |
|
Tom Eastep
|
5b18ff91ca
|
Disable script generation while processing TC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-01 09:05:12 -07:00 |
|
Tom Eastep
|
ef5818ce7e
|
Merge branch '4.5.15'
|
2013-03-31 07:08:49 -07:00 |
|
Tom Eastep
|
58ef8e0ec3
|
Correct bounds check in do_dscp()
- "< 0x2f" s/b "< 0x3f"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-03-31 07:07:21 -07:00 |
|
Tom Eastep
|
8a84c1c371
|
Avoid 'echo' failure during 'enable'.
- in the case where the kernel doesn't know about
/proc/sys/net/ipv6/conf/x/accept_ra
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-03-31 07:02:11 -07:00 |
|
Tom Eastep
|
1db5741edd
|
Merge branch '4.5.15'
Conflicts:
Shorewall/Perl/Shorewall/Proc.pm
|
2013-03-30 18:08:17 -07:00 |
|
Tom Eastep
|
1139e1a09c
|
Establish /proc/sys/net/ipv6/conf/X/forwarding during 'enable'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-03-30 17:26:50 -07:00 |
|
Tom Eastep
|
d415de1883
|
Add the accept_ra Shorewall6 interface option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-03-30 16:44:18 -07:00 |
|
Tom Eastep
|
2381b0fd8f
|
Correct typo in FAQ 97a
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-03-30 08:41:57 -07:00 |
|