Tom Eastep
|
15121e0743
|
Also substitute the chain name for '@0' in SWITCH names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-29 08:05:49 -08:00 |
|
Tom Eastep
|
9c0d8a2533
|
Use '@{0}' as the chain name surrogate in SWITCH columns
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-29 07:17:13 -08:00 |
|
Tom Eastep
|
bff91cd325
|
Allow overriding 'inline' on some standard actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-28 15:03:08 -08:00 |
|
Tom Eastep
|
8006d150f1
|
Allow switch initialization.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-27 16:17:43 -08:00 |
|
Tom Eastep
|
d7096ae52e
|
Back out default-action macros and document in-line actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-27 10:53:18 -08:00 |
|
Tom Eastep
|
7673b1ac4b
|
Support multiple parameters in macros.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-26 11:04:19 -08:00 |
|
Tom Eastep
|
fc87576005
|
Back out silly change for output interfaces in the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-26 09:47:42 -08:00 |
|
Tom Eastep
|
21c2963691
|
Correct Format-3 syntax for the SOURCE column of the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-26 07:48:43 -08:00 |
|
Tom Eastep
|
e7dee420ee
|
Allow interfaces in the DEST column of the conntrack file when the chain is OUTPUT.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 18:37:23 -08:00 |
|
Tom Eastep
|
642f192b3d
|
Disallow destination interface in the OUTPUT chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 15:37:53 -08:00 |
|
Tom Eastep
|
fb3194d96b
|
Correct handling of default-action macro when specified as "macro.Name"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 10:16:43 -08:00 |
|
Tom Eastep
|
629717f7cc
|
Correct policy manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 09:33:46 -08:00 |
|
Tom Eastep
|
8c2db40783
|
Correct errors in the conntrack manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 08:52:51 -08:00 |
|
Tom Eastep
|
dbfc805707
|
Add 'IU' state in secmarks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 08:10:53 -08:00 |
|
Tom Eastep
|
748d532175
|
Correct the explaination of ULOG and NFLOG in the manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-24 09:11:28 -08:00 |
|
Tom Eastep
|
30de211bda
|
Implement format-3 conntrack files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-22 20:56:56 -08:00 |
|
Tom Eastep
|
8a744de906
|
Document semantic change to 'all' handling in the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-22 09:10:07 -08:00 |
|
Tom Eastep
|
df7ce1a7d1
|
Add the AUDIT built-in and delete the Audit action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-22 08:24:33 -08:00 |
|
Tom Eastep
|
3040156981
|
Add SWITCH column to the conntrack file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-21 14:20:56 -08:00 |
|
Tom Eastep
|
952aed225d
|
Improve handling of 'all' in the conntrack file.
- Also added 'all-' to represent all off-firewall zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-21 13:07:01 -08:00 |
|
Tom Eastep
|
7bfbf522bc
|
Document that parameters are allowed in default actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-21 11:12:55 -08:00 |
|
Tom Eastep
|
3b20c0db54
|
Allow Macros to be used as Default Actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-19 16:52:10 -08:00 |
|
Tom Eastep
|
60a509c926
|
Add new macros and alphabetize the ACTION list in the rules manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-19 08:19:12 -08:00 |
|
Tom Eastep
|
9dac330756
|
Remove references to USE_ACTIONS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-18 13:13:20 -08:00 |
|
Tom Eastep
|
c6ffdd67e2
|
Add DROP target to the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-18 11:35:40 -08:00 |
|
Tom Eastep
|
5265cd5bb7
|
Add UNTRACKED match to the secmarks file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-18 11:01:49 -08:00 |
|
Tom Eastep
|
ab381ed95e
|
Expand the description of enable/disable on optional non-provider interfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-18 09:01:38 -08:00 |
|
Tom Eastep
|
0277d6628e
|
Correct typo in shorewall(8) and shorewall6(8).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-18 08:30:47 -08:00 |
|
Tom Eastep
|
a2b14c37ed
|
Treat optional interfaces as pseudo-providers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-16 09:48:21 -08:00 |
|
Tom Eastep
|
4b6fdf8b72
|
Update masq manpage to expunge exclusion with an interface name in the SOURCE column.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-04 09:11:37 -08:00 |
|
Tom Eastep
|
86ae74005a
|
Correct invalid information in shorewall[6]-tcclasses.
- Delete part about an interface only appearing once.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-29 12:46:58 -07:00 |
|
Tom Eastep
|
e908473d29
|
Clean up description of CHECKSUM in the manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-26 11:22:54 -07:00 |
|
Tom Eastep
|
e177916c12
|
Implement statistical marking in the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-26 07:10:26 -07:00 |
|
Tom Eastep
|
0387b16983
|
Implement CHECKSUM action in the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-22 15:42:13 -07:00 |
|
Tom Eastep
|
f24e194819
|
Don't display chains with no matched entries when -b
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-22 14:15:37 -07:00 |
|
Tom Eastep
|
5a103e8ec5
|
Make options consistent (add a '-' before 't')
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-20 07:15:44 -07:00 |
|
Paul Gear
|
cf68379c4c
|
Document brief option for show command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-20 07:11:56 -07:00 |
|
Paul Gear
|
6c06302d2a
|
Make formatting of interface options consistent
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-20 07:11:48 -07:00 |
|
Tom Eastep
|
cc90a06958
|
Add RESTORE_ROUTEMARKS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-11 07:34:57 -07:00 |
|
Tom Eastep
|
1195661264
|
Document new Dynamic Zone implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-10-07 12:20:36 -07:00 |
|
Tom Eastep
|
83d3d04afb
|
Correct typos (omma -> comma) in the stoppedrules manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-09-23 06:51:56 -07:00 |
|
Tom Eastep
|
32f89fa24b
|
Don't unconditionally detect helpers when LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-09-22 09:27:13 -07:00 |
|
Tom Eastep
|
af5eb575c2
|
Add tcfilter example with PRIORITY
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-09-21 07:40:33 -07:00 |
|
Tom Eastep
|
e14f5e5199
|
Swicth from postincrement to preincrement when bumping 'filterpri'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-09-17 10:46:31 -07:00 |
|
Tom Eastep
|
0400cedc6c
|
More TC manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-09-14 08:01:08 -07:00 |
|
Tom Eastep
|
a581958042
|
Document filter priority algorithm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-09-13 16:31:39 -07:00 |
|
Tom Eastep
|
14073e8943
|
Change TOS priority offset from 10 to 15
- Make it distinct from tcp-ack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-09-13 08:25:05 -07:00 |
|
Tom Eastep
|
e02906e4f9
|
Add TOS to classification priority enumeration
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-09-13 07:46:52 -07:00 |
|
Tom Eastep
|
75953a87cb
|
Optional priority on hfsc classes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-09-12 13:39:54 -07:00 |
|
Tom Eastep
|
e431d5ab53
|
Document changes to filter priorities
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-09-10 17:12:59 -07:00 |
|
Tom Eastep
|
f6e3107c00
|
Redefine tc filter priorities
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-09-10 10:03:16 -07:00 |
|
Tom Eastep
|
9d6e0fd9ed
|
Add a PRIORITY column to the tcfilters file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-09-09 14:48:32 -07:00 |
|
Tom Eastep
|
5c62bf297a
|
Document multiple GID/UIDs in the USER/GROUP column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-09-09 08:18:25 -07:00 |
|
Tom Eastep
|
afd9875d3a
|
Update Manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-09-03 10:52:22 -07:00 |
|
Tom Eastep
|
01696e7298
|
Remove empty paragraph in shorewall-rules(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-09-03 05:52:40 -07:00 |
|
Tom Eastep
|
34ee00a986
|
Document the <directory> argument to the 'try' command.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-09-01 10:53:35 -07:00 |
|
Tom Eastep
|
d838cf41bf
|
Allow TTL and HL in the PREROUTING chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-28 11:45:32 -07:00 |
|
Tom Eastep
|
64edd30a76
|
Correct link in shorewall[6].conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-21 07:54:51 -07:00 |
|
Tom Eastep
|
fdc45a990d
|
Arrange for HELPER to match in the RELATED section.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-13 15:44:19 -07:00 |
|
Tom Eastep
|
44a550870c
|
Add HELPER action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-13 13:23:38 -07:00 |
|
Tom Eastep
|
f1fbb95d48
|
Update documentation for content merged from the 4.5.8 (master) path
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-13 08:16:36 -07:00 |
|
Tom Eastep
|
50bd1d6398
|
Add AUTOHELPER option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-12 07:25:11 -07:00 |
|
Tom Eastep
|
e00616a1fe
|
Don't release blacklist files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-07 07:56:16 -07:00 |
|
Tom Eastep
|
b4c812b676
|
Correct helper parsing in the Raw module.
- Require (...) around multiple ctevents
- Detect invalid options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-05 08:09:17 -07:00 |
|
Tom Eastep
|
093985dd93
|
Use HELPERS to enable/disable helper association.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-03 19:26:02 -07:00 |
|
Tom Eastep
|
72307df6d2
|
Replace the AUTOHELPERS option with the HELPERS option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-03 10:53:20 -07:00 |
|
Tom Eastep
|
7689b1e84b
|
Remove the 'zone' helper option for now.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-03 06:39:58 -07:00 |
|
Tom Eastep
|
21770a89d6
|
Detect which matches are available.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 15:38:23 -07:00 |
|
Tom Eastep
|
07e56d129a
|
Add AUTOHELPERS option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 11:09:18 -07:00 |
|
Tom Eastep
|
62d6d2558e
|
Rename AUTO_COMMENT to AUTOCOMMENT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 11:06:41 -07:00 |
|
Tom Eastep
|
833e54c9c3
|
Rename the notrack file to conntrack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 11:02:17 -07:00 |
|
Tom Eastep
|
ac6e67e371
|
Correct typo in rules manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-30 07:23:40 -07:00 |
|
Tom Eastep
|
735b7c2cf5
|
Add support for nfacct
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-28 11:21:16 -07:00 |
|
Tom Eastep
|
c0e4d4093c
|
Clarify TOS value
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-16 15:53:22 -07:00 |
|
Tom Eastep
|
1db79a91eb
|
'rpfilter' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-15 10:05:32 -07:00 |
|
Tom Eastep
|
5c176c64b7
|
Add an ORIGINAL DEST column to /etc/shorewall/masq
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-06-29 15:32:01 -07:00 |
|
Tom Eastep
|
17d22fb5b8
|
Prevent multiple 'tproxy' providers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-06-23 17:26:18 -07:00 |
|
Tom Eastep
|
b9d59bc60c
|
Document that 'classify' with marks is now allowed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-06-22 10:17:26 -07:00 |
|
Tom Eastep
|
7b6f329830
|
Document UID/GID ranges
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-06-19 14:05:38 -07:00 |
|
Tom Eastep
|
4d336ed8d6
|
Rewrite handling of the USER/GROUP column
- Remove code that handled '+program' as that support was removed from
the kernel in 2.6.14.
|
2012-06-19 08:14:31 -07:00 |
|
Tom Eastep
|
4a55705b9a
|
Update tcclasses manpages titles to include HFSC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-06-18 07:54:25 -07:00 |
|
Tom Eastep
|
0a928cb034
|
Add tc-red(8) as reference to the tcclasses manpages.
|
2012-06-17 10:03:19 -07:00 |
|
Tom Eastep
|
2807502836
|
More tcclasses manpage cleanup.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-06-16 06:50:23 -07:00 |
|
Tom Eastep
|
780e7014d4
|
Cleanup of tcclasses manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-06-15 10:34:09 -07:00 |
|
Tom Eastep
|
9159372897
|
Fix a typo in the tcfilters manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-06-14 13:08:37 -07:00 |
|
Tom Eastep
|
6c47349689
|
Support 'red' queuing discipline
- Also added 'ls' support for HFSC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-06-13 14:29:13 -07:00 |
|
Tom Eastep
|
cbba5741ce
|
Correct typos in tcdevices manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-06-12 09:40:15 -07:00 |
|
Tom Eastep
|
844f6c63e4
|
Add support for TC size tables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-06-11 15:45:47 -07:00 |
|
Tom Eastep
|
170875c7dd
|
Convert the 'ignore' interface to be multi-valued
-Allows 'ignore=1' to only exempt interface from updown processing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-06-05 07:23:23 -07:00 |
|
Tom Eastep
|
69badac72f
|
Merge branch '4.5.4'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-05-30 14:43:05 -07:00 |
|
Tom Eastep
|
de184b32bc
|
Fix sectioned IPSEC accounting.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-05-30 14:37:29 -07:00 |
|
Tom Eastep
|
ea173ab628
|
Correct IPSEC accounting manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-05-30 14:09:41 -07:00 |
|
Tom Eastep
|
fc97f6d00e
|
Implement LOG target option control.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-05-24 13:54:59 -07:00 |
|
Tom Eastep
|
ab2376d61d
|
Document 15-cc limit.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-05-21 07:03:53 -07:00 |
|
Tom Eastep
|
d8ec051114
|
Load the geoip cc's dynamically.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-05-20 08:59:59 -07:00 |
|
Tom Eastep
|
f0a3e1652a
|
Bracket non-trivial cc lists with [...]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-05-19 09:39:49 -07:00 |
|
Tom Eastep
|
f15e6d3995
|
Additional optimization in level 4.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-05-18 16:50:08 -07:00 |
|
Tom Eastep
|
55c88e8e81
|
Replace curly brace enclosure with a preceding caret to avoid ambiguity.
- {...} is used to enclose a set of column/value pairs and it is certain
that the two will become confused.
|
2012-05-17 15:26:16 -07:00 |
|
Tom Eastep
|
d220d3d9d5
|
Abandon action.GeoIP in favor of extended syntax in the SOURCE and DEST columns.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-05-17 10:44:02 -07:00 |
|
Tom Eastep
|
3d541f50c8
|
Use "(S)" consistently in column headings.
- add synonyms so both the singular and plural forms are accepted.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-05-11 12:42:04 -07:00 |
|