extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 04:04:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,366 Commits 104 Branches 736 Tags 55 MiB
82f9ba8bb7
Commit Graph

2714 Commits

Author SHA1 Message Date
Tom Eastep
82f9ba8bb7 Correct detection of IPv6 PERSISTENT_SNAT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-23 12:59:38 -08:00
Tom Eastep
6035d49ede Correct NAT capability required error message. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-23 11:57:32 -08:00
Tom Eastep
67ef1f8b93 Correct detection of IPv6 NAT_ENABLED. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-23 11:57:07 -08:00
Tom Eastep
0349a9a88c Rename the IPv6 masq file 'snat'. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-19 13:05:24 -08:00
Tom Eastep
2591a17946 Cosmetic change to the output with the '-r' option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-19 11:59:57 -08:00
Tom Eastep
b562f7f311 Allow specification of destination addresses in Shorewall6 masq. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-19 08:34:03 -08:00
Tom Eastep
ce28c70c60 SNAT and DNAT support for IPv6. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-19 07:08:08 -08:00
Tom Eastep
d0b2d05d5b Add optional argument to have_capability(). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-18 15:15:26 -08:00
Tom Eastep
088fc1a3a3 Report used/required capabilities 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-18 08:48:18 -08:00
Tom Eastep
6d92d293b8 Use 'here documents' in the usage() function. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-17 07:44:10 -08:00
Tom Eastep
7859267539 Eliminate $globals{CONFDIR} 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-14 17:24:49 -08:00
Tom Eastep
c68513672d Comments and documentation. 
- Removes the Actions-4.5 article

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-14 08:48:45 -08:00
Tom Eastep
93b3fd9be5 Correct IPv6 address checking (again) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-13 13:37:26 -08:00
Tom Eastep
138638cb1a Effectively use the specified directory as the CONFIG_PATH til .conf is read 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-13 07:45:24 -08:00
Tom Eastep
c5bb16ac26 Another fix for IPv6 address lists. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-13 07:44:19 -08:00
Tom Eastep
f44becdee1 Rename BLACKLIST_LOGLEVEL to BLACKLIST_LOG_LEVEL for consistent naming. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-12 07:47:02 -08:00
Tom Eastep
84c5822c20 Correct IPv6 List Handling 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-11 16:45:03 -08:00
Tom Eastep
b4977db5b2 Add %section_states that maps sections to their related state(s). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-11 14:59:48 -08:00
Tom Eastep
8d0a80a7e2 Merge branch '4.5.13' 2013-02-11 06:40:11 -08:00
Tom Eastep
b9d5b92f1b Correct handling of expressions consisting of a single number. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 15:19:30 -08:00
Tom Eastep
b349cc0f22 A better fix for inline default action with parameters. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 09:29:30 -08:00
Tom Eastep
a312bfbb42 Add a section => name function map 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 09:27:43 -08:00
Tom Eastep
c35e753b1d A better fix for inline default action with parameters. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 09:16:18 -08:00
Tom Eastep
8b4349b356 Merge branch '4.5.13' 2013-02-10 09:05:41 -08:00
Tom Eastep
54c43396f0 Correct default action handling: 
- isolate basic target before testing for action/inline
- delete the action chain if appropriate.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 09:00:13 -08:00
Tom Eastep
f9dc89dc61 Allow arbitrary $n variables when IGNOREUNKNOWNVARIABLES=Yes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 07:56:04 -08:00
Tom Eastep
60e3f1015e Allow arbitrary $n variables when IGNOREUNKNOWNVARIABLES=Yes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 07:51:35 -08:00
Tom Eastep
8e0a90e077 Merge branch '4.5.13' 2013-02-09 17:54:06 -08:00
Tom Eastep
cadf2747fe Correct reset_optflags() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-09 17:53:40 -08:00
Tom Eastep
810ebe32ce Merge branch '4.5.13' 2013-02-09 13:15:44 -08:00
Tom Eastep
c04c61b314 Correct typos in check_rules(). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-09 11:42:54 -08:00
Tom Eastep
a8fdfa4e48 Create an ESTABLISHED chain 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-09 09:32:12 -08:00
Tom Eastep
a4297381e9 Don't ACCEPT untracked packets unless UNTRACKED_DISPOSITION=ACCEPT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-09 09:15:05 -08:00
Tom Eastep
eaa6d72a4f Allow parameters to be omitted in action invocations. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-09 07:07:01 -08:00
Tom Eastep
62a567b550 Treat each -m conntrack subtype as a separate match 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-08 10:08:23 -08:00
Tom Eastep
e4f1c62e71 Improve handling of nested state actions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-08 09:09:20 -08:00
Tom Eastep
b9e504683e Prevent a state action from invoking another one. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-07 16:52:06 -08:00
Tom Eastep
aae6e001fe Convert dropInvalid and allowInvalid to inline actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-07 11:21:13 -08:00
Tom Eastep
aa528dd075 Revert "Convert allowInvalid and dropInvalid into macros" 
This reverts commit 272e1d330c.
 2013-02-07 09:09:56 -08:00
Tom Eastep
e4ae242123 Another tweak to check_state() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-06 12:07:51 -08:00
Tom Eastep
272e1d330c Convert allowInvalid and dropInvalid into macros 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-06 09:54:12 -08:00
Tom Eastep
a66256b25b Additional refinements of check_state() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-06 08:16:42 -08:00
Tom Eastep
11b976fb36 Correct reference type in check_state() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-05 19:55:22 -08:00
Tom Eastep
a6ccd53fe0 Unconditionally use '-j' to branch to a state chain or DISPOSITION. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-04 15:17:49 -08:00
Tom Eastep
b22b63b1c3 Don't use '-g' when DISPOSITION is CONTINUE. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-04 15:09:17 -08:00
Tom Eastep
615df6ab8f Handle 'RETURN' in state chain with terminating disposition. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-04 15:08:20 -08:00
Tom Eastep
d8214885f2 Assume that the conntrack state value in a rule is not a reference. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-04 08:29:50 -08:00
Tom Eastep
475942deb9 Normalize rules prior to combine_state tests. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-03 18:14:14 -08:00
Tom Eastep
f1707d2ace More state rule check fixes. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-03 18:02:02 -08:00
Tom Eastep
30d96afb69 Push/pop $actionresult. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-03 12:43:28 -08:00