Commit Graph

9079 Commits

Author SHA1 Message Date
Tom Eastep
c7848be266 Back out the rest of the original change for dup / -[psiod]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 09:59:25 -07:00
Tom Eastep
70c6a2cdf3 Update version to 4.4.9-RC2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-02 07:25:50 -07:00
Tom Eastep
7d2df848c9 Tighten up the new mDNS rule 2010-05-01 12:13:02 -07:00
Tom Eastep
9bcd9fd12b Allow for mDNS multicast responses 2010-05-01 12:01:58 -07:00
Tom Eastep
639b3ea57d Simplify checking for /! -[piosd] /
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 09:13:16 -07:00
Tom Eastep
311372013d More fixes to optimization
Only disallow / ! -[piosd] / if the target is a chain

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 08:58:41 -07:00
Tom Eastep
5456c9fba3 Add instructions for proxying firewall-local connections
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 08:26:22 -07:00
Tom Eastep
518416ec2e Add a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 08:08:39 -07:00
Tom Eastep
94c6b37e8e Avoid leaving an orphan '!' behind.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 07:51:24 -07:00
Tom Eastep
219b2e0761 A more comprehensive solution to multiple -[piosd] matches.
- eliminate duplicate -[piosd] matches in merged rules
- avoid tracing !* unconditionally

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 07:26:25 -07:00
Tom Eastep
16161d9cfc Add new trace types.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 06:43:09 -07:00
Tom Eastep
1173518d78 More minor cleanup of first code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-30 07:22:09 -07:00
Tom Eastep
2864841a9e Correct release notes
update version to RC1
correct typo

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-29 11:21:31 -07:00
Tom Eastep
076da4bd5c Couple of tweaks to my earliest code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-29 11:19:50 -07:00
Tom Eastep
83d8d497d7 Correct typos in IPSEC article.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-28 08:12:41 -07:00
Tom Eastep
a997d6507d Update release notes with more common example of failure.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-28 08:09:10 -07:00
Tom Eastep
039668b333 Update release notes to reflect reality.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-28 06:57:45 -07:00
Tom Eastep
2c1cede54e Revise addressless bridge change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 15:23:38 -07:00
Tom Eastep
013567496c Update manpages for addressless bridge
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 12:40:57 -07:00
Tom Eastep
d8b0f496df Allow simple configuration of a bridge with no IP address
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 12:26:58 -07:00
Tom Eastep
4b6bff7693 Add link from the netmap article to the OpenVPN doc.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 07:04:33 -07:00
Tom Eastep
eab6387817 Add solution for handling duplicate networks in an OpenVPN environment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 07:04:06 -07:00
Tom Eastep
40bc2cc4a2 Update Link
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 18:06:16 -07:00
Tom Eastep
988f7c4d7e More fixes for bad NAT optimization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:50:18 -07:00
Tom Eastep
f49848bd5b Document rare optimization fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:32:53 -07:00
Tom Eastep
0e4698d57c Fix rare optimization bug
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:19:58 -07:00
Tom Eastep
6e04c7eec8 Mention 6in4 Tunnels in the Documentation Index
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 11:11:12 -07:00
Tom Eastep
6d61e962eb Use -m conntrack if available in place of -m state
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-25 13:35:41 -07:00
Tom Eastep
21e0c68ef2 Bump version to 4.4.9 RC1 2010-04-25 09:37:17 -07:00
Tom Eastep
fb2ddcee7b Bump Version to 4.4.9 Beta 5 2010-04-24 21:53:12 -07:00
Tom Eastep
33801bb8a9 Add 6in4 information to 6to4 article 2010-04-24 19:53:15 -07:00
Tom Eastep
f2f8bcd804 Add link to 2010 Linuxfest presentation 2010-04-24 08:06:07 -07:00
Tom Eastep
6053352f8c A better fix for find_first_interface_address()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-23 20:06:45 -07:00
Tom Eastep
2cb3bac946 Document fix for find_first_interface_address() 2010-04-23 12:18:51 -07:00
Tom Eastep
232fc21fe2 Allow find_first_interface_address[_if_any] to work properly in the params file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-23 11:54:36 -07:00
Tom Eastep
b821bdcdfd One more pass at improving regex's for target isolation and matching
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 14:45:34 -07:00
Tom Eastep
64bf772594 Set OUTPUT policy to ACCEPT when optimize_chain deletes all of its rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 13:38:38 -07:00
Tom Eastep
b0b39cfc39 Document optimization level 2 fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 11:55:13 -07:00
Tom Eastep
fb754b3a2e Don't remove a lone ACCEPT rule from the OUTPUT chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 11:35:14 -07:00
Tom Eastep
0dde75d345 Fix install scripts (again)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-19 13:08:03 -07:00
Tom Eastep
a0abb11f67 Extend 'show log <ipaddr>' to search for a regular expression.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-19 13:02:21 -07:00
Tom Eastep
8c09f21e5d Implement 'show log <token>'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-19 10:20:28 -07:00
Tom Eastep
32d3e50c05 Remove extra <emphasis> <\emphasis>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-17 08:54:37 -07:00
Tom Eastep
66a07c3ce6 Update copyright in UPnP Doc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-17 08:51:57 -07:00
Tom Eastep
a620aa22f9 Remove outdated information from the UPnP doc.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-17 08:51:11 -07:00
Tom Eastep
a1a78cf09b Abandon the fantesy that multiple optimize 8 passes will achieve anything.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 17:12:08 -07:00
Tom Eastep
938cfd7ba4 Don't create fw-><bport> chains and rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 12:29:51 -07:00
Tom Eastep
c52a3dcd14 Don't generate policy chains for fw to bridgeport zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:56:11 -07:00
Tom Eastep
1030c852f9 Simplify a test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:21:30 -07:00
Tom Eastep
e7a4aaafc1 Modify optimization 8 loop to continue until no chains are combined.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:17:57 -07:00