Tom Eastep
6f2308e0fa
Correct syntax of the SAVE and RESTORE actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-20 08:09:55 -08:00
Tom Eastep
a7cacdfee3
Allow SAVE and RESTORE in the INPUT chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-20 08:09:09 -08:00
Tom Eastep
28ac76bde4
Add tinc tunnel support
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-13 13:28:37 -08:00
Tom Eastep
83431514fb
Add Tinc macro
...
- From Răzvan Sandu
2015-01-13 07:05:15 -08:00
Tom Eastep
111c454193
Make leading SHELL case-sensitive
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-13 07:04:20 -08:00
Tuomo Soini
b06ba536e9
macro.Zabbix: This macro handles Zabbix monitoring software server traffic to agent
...
and trap traffic from agent to zabbix server.
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-01-13 13:51:00 +02:00
Tom Eastep
97846e14de
Correct handling of ipsets in one of the PORTS columns
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-09 09:28:08 -08:00
Tom Eastep
07c21b8968
Add 'primary' provider option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-06 09:06:27 -08:00
Tom Eastep
668759edad
Catch parameter problems with TARPIT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 11:09:39 -08:00
Tom Eastep
0f1f54b57b
Tweak loopback change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 11:00:02 -08:00
Tom Eastep
60d5a177a3
Use the 'Iface Match' capability for loopback traffic.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 09:46:39 -08:00
Tom Eastep
3ed5ced581
Correct syntax error introduced in Beta 2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 08:35:33 -08:00
Tom Eastep
086f8b6073
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-01-03 13:23:00 -08:00
Tom Eastep
fa377df9dc
Fix installer's use of the DIGEST environmental variable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-03 13:22:06 -08:00
Tom Eastep
7dd9ccd06b
Add the 'loopback' interface option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-03 09:22:40 -08:00
Tom Eastep
33e2e19193
Always set IP
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 09:28:50 -08:00
Tom Eastep
4a4bfe77ce
Implement IFACE_MATCH capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 09:05:06 -08:00
Tom Eastep
3890b8a884
Infrastructure for detecting loopback interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 08:49:38 -08:00
Tom Eastep
551a16d18f
Document TARPIT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-01 09:14:00 -08:00
Tom Eastep
d1b597394f
Correct typo (TARPIT_MATCH -> TARPIT_TARGET)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-30 10:22:33 -08:00
Tom Eastep
15a2fd14f9
Implement TARPIT target
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-28 15:23:30 -08:00
Tom Eastep
f96baca780
Use the readable representation of the SHA1 digest in the chain table
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-27 11:13:10 -08:00
Tom Eastep
1b5f439609
Rewrite 'process_actions'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-27 09:28:02 -08:00
Tom Eastep
1655054de2
Rename 'externalize' to 'external_name'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-27 09:19:00 -08:00
Tom Eastep
89877ed3f7
Rename 'policy_rules' to 'add_policy_rules'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 15:58:13 -08:00
Tom Eastep
9649107a8e
Rename 'apply_policy_rules' to 'complete_policy_chains'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 15:53:50 -08:00
Tom Eastep
33eb47a48a
Reorder parameters and change identifiers in set_policy_chain()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 15:47:50 -08:00
Tom Eastep
93285e2798
Cleanup of preceding fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 14:05:43 -08:00
Tom Eastep
2430796495
Document the -c option of 'show routing'
...
Correct choice in show commands to 'req'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 12:15:28 -08:00
Tom Eastep
06ef7596cd
Document the -c 'dump' option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 11:57:24 -08:00
Tom Eastep
227db0cfa7
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2014-12-23 15:37:38 -08:00
Tom Eastep
c0f7d0e65d
Start firewall after the network-online target has been reached
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-23 15:37:22 -08:00
Tom Eastep
ba806379f4
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2014-12-23 15:36:56 -08:00
Tom Eastep
6a15cead52
Cosmetic/commentary changes to the Config Module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-23 15:25:20 -08:00
Tom Eastep
f925358872
Minor Compiler Reorganization
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-23 12:27:37 -08:00
Tom Eastep
52d2e62274
Convert two macros to Format 2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-22 08:36:34 -08:00
Tom Eastep
56e8068f3d
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2014-12-20 15:12:44 -08:00
Tom Eastep
35fc7b34b8
Minor code tweak
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-20 15:09:21 -08:00
Tom Eastep
fdf513fba6
Correct font in mangle manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-19 14:26:20 -08:00
Tom Eastep
79430673b8
Correct handling of duplicate states in the mangle file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-16 19:08:25 -08:00
Tom Eastep
695db284c0
Improve Mark Range Implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-15 11:19:23 -08:00
Tom Eastep
807b9ca627
Revert "Improve handling of mark ranges"
...
This reverts commit 62f480897e
.
2014-12-15 09:39:24 -08:00
Tom Eastep
62f480897e
Improve handling of mark ranges
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-14 09:13:41 -08:00
Tom Eastep
2d7025dcc3
Correct mark range handling
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-13 08:31:31 -08:00
Tom Eastep
a833815b31
Correct IPv6 handling of LOG_BACKEND=LOG
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 08:56:42 -08:00
Thomas D
664e3bb0a8
Installer: $INITDIR already starts with a "/", so no need for, "$DESTDIR/$INITDIR"
...
Hi,
before the patch (DESTDIR = "/tmp/shorewall-4.6.5"; INITDIR =
"/etc/init.d"),
> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5//etc/init.d/shorewall-lite
after the patch
> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5/etc/init.d/shorewall-lite
-Thomas
From e7a192397323bb6cb66d08a6f24e7edfee044f31 Mon Sep 17 00:00:00 2001
From: Thomas D <whissi@whissi.de>
Date: Sat, 15 Nov 2014 16:38:05 +0100
Subject: [PATCH] $INITDIR already starts with a "/", so no need for
"$DESTDIR/$INITDIR"
Before the patch (DESTDIR = "/tmp/shorewall-4.6.5"; INITDIR = "/etc/init.d"),
> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5//etc/init.d/shorewall-lite
after the patch
> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5/etc/init.d/shorewall-lite
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 07:55:14 -08:00
Tom Eastep
9241552c52
Make emacs sh-mode work better with lib.core
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-14 16:28:44 -08:00
Tom Eastep
16c1809ef2
Apply Alan Barrett's dhclient patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-14 13:39:23 -08:00
Tom Eastep
7100af5380
Correct .service files
...
- Make them match earlier versions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-11 18:05:04 -08:00
Tom Eastep
c4171a92f6
Change spacing in shorewall[6] usage output
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-10 07:38:58 -08:00
Thomas D
a5b2886ae9
Patches for shorewall manpage
...
Hi,
I corrected some errors in the manpages. I started with "shorewall".
Tom, please tell me if you like this format and the patches at all.
If you like them, I can send you a similar patch set for shorewall6, too.
-Thomas
From 2aaeaa4f2da7aae92177ced0530f1deff86f44a9 Mon Sep 17 00:00:00 2001
From: Thomas D <whissi@whissi.de>
Date: Sun, 9 Nov 2014 15:45:29 +0100
Subject: [PATCH 11/14] The "-i" option from the "reload" command wasn't marked
as an option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-09 07:40:59 -08:00
Tom Eastep
9a6047b3c4
Correct reversed naming of SHA chains
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-06 08:18:52 -08:00
Tom Eastep
6f5de7ef3f
Add now logging modules to the modules files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-05 16:19:30 -08:00
Tom Eastep
5b4e3bc07c
Accomodate new module names for LOG_BACKEND
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-05 12:51:24 -08:00
Tom Eastep
dc3f163e71
Change the names of the sha1 chains for uniqueness
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-04 17:54:38 -08:00
Tom Eastep
2f545012a6
More documentation updates for -C
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 09:25:58 -08:00
Tom Eastep
c97226c46c
Correct behavior of 'start -fC'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 09:25:23 -08:00
Tom Eastep
8c0c1bd1e0
Omit the 'shorewall' chain from .ip[6]tables-restore-input
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 08:16:47 -08:00
Tom Eastep
8b825c4c4c
Avoid failure of ip[6]tables-restore.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 07:56:05 -08:00
Tom Eastep
4493b2ab6b
Correct typo in 'rules' manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 06:50:40 -08:00
Tom Eastep
9598ac6fad
Correct a couple of problems with -C
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-01 10:09:04 -07:00
Tom Eastep
8fb73026c8
Replace SAVE_COUNTERS with the -C command option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-01 09:37:57 -07:00
Tom Eastep
4546cbaff7
Use chains with names derived from a digest to identify ruleset
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-31 11:36:53 -07:00
Tom Eastep
a83c146636
Cleanup
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 20:27:06 -07:00
Tom Eastep
2ffc97867c
Correct syntax error in the generated script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 19:59:20 -07:00
Tom Eastep
f08803e293
Preserve counts on 'restart' without compilation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 18:38:45 -07:00
Tom Eastep
b7ab82dba4
Implement -f option in the -lite products' start command
...
- Remove 'recover' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 10:42:39 -07:00
Tom Eastep
113f95c11e
Provide STARTOPTIONS and RESTARTOPTIONS in all cases
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 10:22:39 -07:00
Tom Eastep
3454e10525
Add SAVE_COUNTERS option.
...
- Also implement recover command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 08:57:56 -07:00
Tom Eastep
edc30fcc8d
Process the params file with SHOREWALL_SHELL
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-29 12:22:00 -07:00
Tom Eastep
85e5669fc7
Rename function interface_up() to interface_enabled()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-27 18:38:22 -07:00
Tom Eastep
055fceb82f
Update policy manpages for duel limits
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-22 12:27:27 -07:00
Tom Eastep
f5bdc9e7f4
Allow two limits in the RATE LIMIT columns
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-22 11:21:43 -07:00
Tom Eastep
b60d6dd6e5
Avoid duplicate module loads
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-20 10:42:53 -07:00
Tom Eastep
2784e93307
Load xt_LOG in both helpers files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-19 08:28:36 -07:00
Tom Eastep
90d1e41dcb
Correct IPv4 Helpers file
...
- Change xt_ULOG to ipt_ULOG
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-19 08:28:29 -07:00
Tom Eastep
49218a4d28
ipt_LOG in helpers file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-15 18:07:09 -07:00
Tom Eastep
e3b10343a5
Change SYSTEMDDIR to SERVICEDIR
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-13 11:56:26 -07:00
Tom Eastep
286bc50bb3
Remove 'optional' from the Universal interfaces file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-13 08:07:14 -07:00
Tom Eastep
42363da458
Add new .service files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-09 10:00:53 -07:00
Tom Eastep
c5074bddb2
Rename the .service files to .service.214
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-09 09:45:52 -07:00
Tom Eastep
12458d111a
Adjust the .service files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-08 17:28:22 -07:00
Tom Eastep
815e93e80c
Rename SYSTEMD to SYSTEMDDIR
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-07 16:46:16 -07:00
Tom Eastep
3bae6e61cf
Eliminate syntax errors in the generated script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-07 07:53:26 -07:00
Tom Eastep
5204cbc95f
Suppress 'No ipsets were saved' warning when SAVE_IPSETS=No
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-07 07:50:12 -07:00
Tom Eastep
ea1b8ac63a
Correct handling of empty LOG_BACKEND
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-07 07:34:55 -07:00
Tom Eastep
3206021278
Another round of uninstall fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 13:50:39 -07:00
Tom Eastep
8571e0dca0
Another round of uninstall fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 13:29:51 -07:00
Tom Eastep
9dc2bba025
More uninstall corrections.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 09:39:03 -07:00
Tom Eastep
2fce05b3ab
Correct a couple of errors
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 09:11:29 -07:00
Tom Eastep
00b0489047
Implement SANDBOX variable in the installers/uninstallers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 07:50:30 -07:00
Tom Eastep
f9a21bd90e
Add -n option to the uninstallers.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-03 17:10:36 -07:00
Tom Eastep
8a5e71a56f
Implement the -n option in the installers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-03 07:59:41 -07:00
Tom Eastep
483ea3e437
Create INITDIR in -lite installs.
...
- Also don't link the init script if it isn't installed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-02 17:42:08 -07:00
Tom Eastep
2ec3adcc44
Don't link the init script if SYSTEMD is set.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-02 16:23:26 -07:00
Tom Eastep
820c769499
Correct silly bug in last change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-29 07:08:39 -07:00
Tom Eastep
e6b0666ac9
Save ipsets during normal stop (duh)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 18:43:11 -07:00
Tom Eastep
2a463e06aa
More documentation changes regarding SAVE_IPSETS.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 17:10:45 -07:00
Tom Eastep
3174454300
Correct SAVE_IPSETS logic in Config.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 14:38:01 -07:00
Tom Eastep
ce1c367d1d
Re-commit the fix that saves only the appropriate family
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 14:09:20 -07:00