Tom Eastep
|
aabb22a50f
|
Add the TRACK_RULES option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-24 07:22:51 -07:00 |
|
Tom Eastep
|
765b748283
|
Documentation updates
- Add meaningful IDs to some sections in Events.xml
- Correct typos in the accounting manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-22 07:54:45 -07:00 |
|
Tom Eastep
|
7aa33c140d
|
Add an AutoBL action with helper AutoBLL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-17 10:19:18 -07:00 |
|
Tom Eastep
|
8c27b027fc
|
Break <command> into <command>[<optionlist>]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-14 08:44:01 -07:00 |
|
Tom Eastep
|
891e3e0e1d
|
Use the --reap option in sticky recent rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-12 14:46:39 -07:00 |
|
Tom Eastep
|
d6d0cad2f9
|
Add 'show event[s]' to manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-12 10:37:27 -07:00 |
|
Tom Eastep
|
5c7500e13e
|
Display the current time as an integer in 'show event[s]' output
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-12 09:46:08 -07:00 |
|
Tom Eastep
|
09240da55a
|
Change the external name of MARK_ANYWHERE to 'Mark in the filter table'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-12 09:45:20 -07:00 |
|
Tom Eastep
|
2df4aae583
|
Reword an error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-12 07:22:28 -07:00 |
|
Tom Eastep
|
89f16bdb37
|
Include a current time event in /proc/net/xt_recent/
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-12 07:14:22 -07:00 |
|
Tom Eastep
|
8e30831385
|
Resolve merge conflicts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-11 14:20:38 -07:00 |
|
Tom Eastep
|
d2725fcd87
|
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
|
2013-07-11 14:16:19 -07:00 |
|
Tom Eastep
|
9535a7d7df
|
Rename 'Trigger' to 'Event' and document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-11 10:39:21 -07:00 |
|
Tom Eastep
|
3c6df56b57
|
Implement Triggers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-10 13:27:58 -07:00 |
|
Tom Eastep
|
411ca87ec3
|
Allow logging rules with more than 15 ports
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-08 15:59:54 -07:00 |
|
Tom Eastep
|
948a7fccc2
|
Enhance a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-07 12:52:04 -07:00 |
|
Tom Eastep
|
73060a3761
|
Correct typo in dropBcast()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-06 07:58:21 -07:00 |
|
Tom Eastep
|
cd83d7727c
|
Restore handle_original_dest().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-04 14:51:06 -07:00 |
|
Tom Eastep
|
5121634457
|
Add ihandle_original_dest()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-04 14:37:24 -07:00 |
|
Tom Eastep
|
131c1f432b
|
Add iverify_source_interface()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-04 14:07:09 -07:00 |
|
Tom Eastep
|
03885f71d3
|
Create add_expanded_ijump() that breaks long lines
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-03 15:13:48 -07:00 |
|
Tom Eastep
|
b735b93378
|
Re-factor irule generation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-03 10:59:09 -07:00 |
|
Tom Eastep
|
b639a18eb9
|
Simplify fix for -q
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-03 08:16:27 -07:00 |
|
Tom Eastep
|
5ce5d5e607
|
Delete superfluous blank line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-02 15:03:50 -07:00 |
|
Tom Eastep
|
3e1ed30f4e
|
Make initial progress message obey VERBOSITY
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-02 14:23:27 -07:00 |
|
Tom Eastep
|
00c5985458
|
Rename clone_rule() to clone_irule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-02 12:38:16 -07:00 |
|
Tom Eastep
|
1a44b66656
|
Cleaner handling of trailing spaces from log_irule_limit.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-02 12:32:35 -07:00 |
|
Tom Eastep
|
b215cf379a
|
Generate a warning when Limit is invoked.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-02 12:31:29 -07:00 |
|
Tom Eastep
|
3ec6745df9
|
Use log_irule_limit() internally where possible.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-02 11:48:02 -07:00 |
|
Tom Eastep
|
55be5b0119
|
Add log_irule_limit() and log_irule() functions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-02 11:47:19 -07:00 |
|
Tom Eastep
|
42a649d093
|
Create $globals{LOGILIMIT}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-02 09:00:36 -07:00 |
|
Tom Eastep
|
18e7e43b2f
|
Eliminate globals{STATEMATCH}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-01 16:01:57 -07:00 |
|
Tom Eastep
|
6803ce5d41
|
Add constants for %used values.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-07-01 15:36:16 -07:00 |
|
Tom Eastep
|
565fb74795
|
Correct bridge detection and 'qt' implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-24 13:07:38 -07:00 |
|
Tom Eastep
|
fc754040d5
|
Avoid shell error when detecting owner name match
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-24 09:51:32 -07:00 |
|
Tom Eastep
|
cc5a59231b
|
Make qt() work correctly when tracing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-24 07:17:15 -07:00 |
|
Tom Eastep
|
25f96e6a88
|
Reword unreachable warning (again)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-20 10:50:28 -07:00 |
|
Tom Eastep
|
71bcd11ab6
|
Make ?...shell/perl directives case insensitive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-20 10:39:39 -07:00 |
|
Tom Eastep
|
4bd35a0b93
|
Allow 'routeback=0'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-16 08:37:53 -07:00 |
|
Tom Eastep
|
cb132e2421
|
Include the chain name in the 'unreachable' warning.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-11 06:29:07 -07:00 |
|
Tom Eastep
|
53f1cd40df
|
Add 'unmanaged' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-10 12:36:18 -07:00 |
|
Tom Eastep
|
c653d9ce83
|
Only issue one 'unreachable' warning per chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-08 10:02:19 -07:00 |
|
Tom Eastep
|
6b67f2698d
|
Add a Kerberos macro (from James Shubin)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-08 07:37:00 -07:00 |
|
Tom Eastep
|
254d2037ef
|
Delete unused variable.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-04 15:34:25 -07:00 |
|
Tom Eastep
|
cb8e76b1d2
|
Add sub get_opttype to emphasize where rule option types are used.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-04 12:49:20 -07:00 |
|
Tom Eastep
|
2b579d2dff
|
Small efficiency change in helper processing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-04 12:48:22 -07:00 |
|
Tom Eastep
|
fc3e3dbf3c
|
Cosmetic change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-03 10:53:33 -07:00 |
|
Tom Eastep
|
81acedd1b3
|
Reword the 'unreachable' warning.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-02 17:13:41 -07:00 |
|
Tom Eastep
|
d8f53cc0a9
|
Merge branch '4.5.17'
Conflicts:
Shorewall/Perl/Shorewall/Chains.pm
|
2013-06-02 15:31:45 -07:00 |
|
Tom Eastep
|
481811d29f
|
Merge NFACCT and EXPENSIVE matches during optimization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-02 13:29:13 -07:00 |
|
Tom Eastep
|
3867902b27
|
Use 'NONE' policies for LOOPBACK and LOCAL zones to non-firewall zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-02 07:31:32 -07:00 |
|
Tom Eastep
|
adf51d0059
|
Revise the unreachable warning stuff.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-01 16:32:46 -07:00 |
|
Tom Eastep
|
7dbd50708b
|
Clear the current filename after last file is processed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-01 13:05:35 -07:00 |
|
Tom Eastep
|
4340bcffb1
|
Don't optimize away a rule that includes nfacct matches.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-01 13:05:25 -07:00 |
|
Tom Eastep
|
4a05e56d6d
|
Disable warning on unreachable rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-01 13:05:16 -07:00 |
|
Tom Eastep
|
2d8078033c
|
Clear the current filename after last file is processed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-01 13:03:10 -07:00 |
|
Tom Eastep
|
c5f2eeea80
|
Don't optimize away a rule that includes nfacct matches.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-01 13:02:39 -07:00 |
|
Tom Eastep
|
5343243f6b
|
Disable warning on unreachable rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-06-01 13:01:55 -07:00 |
|
Tom Eastep
|
4865899018
|
Avoid a forward jump for local zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-30 06:52:09 -07:00 |
|
Tom Eastep
|
9b68204865
|
Generate an 'unreachable rule(s)' warning.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-30 06:17:22 -07:00 |
|
Tom Eastep
|
a550dd3eed
|
Issue a warning when a rule is dropped do to terminated chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-29 21:01:07 -07:00 |
|
Tom Eastep
|
e9badc1f61
|
Correct comment in action.Drop
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-29 08:35:15 -07:00 |
|
Tom Eastep
|
f0aa29222f
|
Correct minor IPv6 TPROXY bug
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-29 07:18:46 -07:00 |
|
Tom Eastep
|
eaf1d0e5c2
|
Another error check for hosts files and loopback zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-28 10:00:07 -07:00 |
|
Tom Eastep
|
446f764d19
|
Allow config with only local and firewall zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-28 08:03:44 -07:00 |
|
Tom Eastep
|
9b0b3d4b70
|
Correct ICMPV6 type name translation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-28 08:03:19 -07:00 |
|
Tom Eastep
|
a48a4b7a2e
|
Don't allow fowarding between local zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-28 06:14:44 -07:00 |
|
Tom Eastep
|
8743b64e00
|
Export 'shorewall' from the Config module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-27 06:52:45 -07:00 |
|
Tom Eastep
|
2de0fbf7d0
|
Change 'local' to 'loopback' and add 'local' zones that match non-loopback interfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-26 14:06:51 -07:00 |
|
Tom Eastep
|
f89c704d01
|
Disallow 'virtual' physical interfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-26 08:47:44 -07:00 |
|
Tom Eastep
|
0b5a316cfc
|
Emit 'expensive' matches last unless there are '-m nfacct' matches in the rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-26 08:03:54 -07:00 |
|
Tom Eastep
|
31f9ea5b93
|
Add progess and warning messages to 'update -D'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-25 16:31:55 -07:00 |
|
Tom Eastep
|
dde1f0a779
|
Only enable helpers during a 'clear' operation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-25 16:31:27 -07:00 |
|
Tom Eastep
|
60d0a50d9d
|
Add some warning/progress messages to help understand 'update -D' behavior.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-25 13:20:12 -07:00 |
|
Tom Eastep
|
064f9f974c
|
Cosmetic change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-23 09:49:25 -07:00 |
|
Tom Eastep
|
fd11eb7d82
|
Omit fw->fw jumps when there is a local zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-22 09:19:34 -07:00 |
|
Tom Eastep
|
9e77bb5499
|
Ensure correct match ordering with trivial exclusion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-22 08:46:22 -07:00 |
|
Tom Eastep
|
8df8fe990a
|
Allow 'local' zone to work with 'destonly'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-22 07:34:04 -07:00 |
|
Tom Eastep
|
ac02c484f5
|
Change 'local' interface option to a zone type.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-19 15:35:20 -07:00 |
|
Tom Eastep
|
5ec72dad6c
|
Add routes for standard tables when there are no providers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-16 15:32:05 -07:00 |
|
Tom Eastep
|
f6a55bbf05
|
Allow the '-V' option in the CLI programs.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-16 14:29:36 -07:00 |
|
Tom Eastep
|
739f3779f5
|
Generate warnings for local->non-firewall and non-firewall->local rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-16 07:51:12 -07:00 |
|
Tom Eastep
|
2e293dd356
|
Make 'local,destonly' work correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-14 14:36:51 -07:00 |
|
Tom Eastep
|
bc6a38ca64
|
Remove most special handling of 'Auth'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-14 10:44:26 -07:00 |
|
Tom Eastep
|
a5412cff38
|
Issue a warning when a rule will be optimized away due to 'destonly'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-14 09:30:59 -07:00 |
|
Tom Eastep
|
46a6a7b258
|
Correct earlier optimization.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-14 07:27:57 -07:00 |
|
Tom Eastep
|
b38f1416aa
|
Mention "all+' in the "Important" notes at the top
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-13 13:41:12 -07:00 |
|
Tom Eastep
|
105d1db85d
|
Cosmetic change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-13 11:24:09 -07:00 |
|
Tom Eastep
|
200d347ac8
|
Small Efficiency Change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-13 10:52:04 -07:00 |
|
Tom Eastep
|
c8133145e6
|
Add support for "all+" in the policy file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-13 09:01:12 -07:00 |
|
Tom Eastep
|
e3d9b2762d
|
Add 'destonly' and 'local' to the interface manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-12 12:48:58 -07:00 |
|
Tom Eastep
|
9178ecbab0
|
Suppress superfluous ACCEPT rule when 'lo' is attached to a 'local' zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-12 10:38:44 -07:00 |
|
Tom Eastep
|
d06a7b55b6
|
Add a 'destonly' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-12 10:37:40 -07:00 |
|
Tom Eastep
|
2fb01bec8d
|
Don't assume 'destonly' with 'local'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-12 09:58:37 -07:00 |
|
Tom Eastep
|
6551d67b2e
|
Call delete_chain_and_references recursively.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-12 09:29:29 -07:00 |
|
Tom Eastep
|
4b76d8c462
|
Handle optimize level 0 in the IPV6 nat table.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-12 09:28:25 -07:00 |
|
Tom Eastep
|
1bb5b89ee1
|
Add the 'local' interface option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-12 09:27:12 -07:00 |
|
Tom Eastep
|
c3901f1161
|
Release mutex on error.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-09 09:57:09 -07:00 |
|
Tom Eastep
|
3923092468
|
Take 2 on conditional compilation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-08 19:01:39 -07:00 |
|
Tom Eastep
|
7215b61aa4
|
Document changes introduced by Mr-4.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-05-07 10:16:38 -07:00 |
|