Tom Eastep
|
6d3b1d80d4
|
Make 'update -A' convert the tcrules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-05-16 14:46:15 -07:00 |
|
Tom Eastep
|
c6565f051e
|
Clean up checking for chain designators with SOURCE $FW.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-05-16 07:18:35 -07:00 |
|
Tom Eastep
|
c9b6d4a670
|
Correct CHECKSUM handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-05-16 07:18:06 -07:00 |
|
Tom Eastep
|
d15956feea
|
Deprecate FORMAT-1 actions and macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-05-08 14:30:33 -07:00 |
|
Tom Eastep
|
f717d097d7
|
Apply Tuomo Soini's Macro format patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-05-07 12:19:24 -07:00 |
|
Tom Eastep
|
ba3a7d0621
|
Do not deprecate USE_DEFAULT_RT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-04-19 07:53:18 -07:00 |
|
Tom Eastep
|
4d4e8b3df4
|
Do nothing when a rules file section is empty.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-04-18 14:13:34 -07:00 |
|
Tom Eastep
|
240d3d8cab
|
Improve interface option inheritence
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-04-18 13:36:06 -07:00 |
|
Tom Eastep
|
acda5482c4
|
If USE_DEFAULT_RT isn't specified, make it 'No'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-04-18 13:22:58 -07:00 |
|
Tom Eastep
|
e731ea1ca8
|
Revert "Always inherit interface options"
This reverts commit 65cde3475f .
|
2014-04-15 11:54:58 -07:00 |
|
Tom Eastep
|
65cde3475f
|
Always inherit interface options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-04-15 11:37:51 -07:00 |
|
Tom Eastep
|
b3cd9ab15a
|
Default to LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-04-12 11:05:28 -07:00 |
|
Tom Eastep
|
58700b2301
|
Correct the behavior of rpfilter when FASTACCEPT=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-03-31 07:29:29 -07:00 |
|
Tom Eastep
|
a9ac9c274e
|
Correct the behavior of rpfilter when FASTACCEPT=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-03-31 07:28:30 -07:00 |
|
Tom Eastep
|
72869adcd6
|
Correct missing comment in trace entry.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-03-28 08:55:55 -07:00 |
|
Tom Eastep
|
0c8365001d
|
Avoid spurious comments on jumps to section chains.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-03-28 08:55:48 -07:00 |
|
Tom Eastep
|
6274f8444f
|
Correct missing comment in trace entry.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-03-28 08:55:23 -07:00 |
|
Tom Eastep
|
05816e94ee
|
Avoid spurious comments on jumps to section chains.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-03-28 08:55:00 -07:00 |
|
Tom Eastep
|
0561b10adb
|
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
|
2014-03-22 08:58:20 -07:00 |
|
Tom Eastep
|
db1b25b4d7
|
Restore small mark verification.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-03-22 08:38:57 -07:00 |
|
Tom Eastep
|
4de651ff55
|
Add a comment line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-03-19 10:38:41 -07:00 |
|
Tom Eastep
|
5981ce59e3
|
Include -t <table> in debug_restore_input() error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-03-19 10:25:37 -07:00 |
|
Tom Eastep
|
54a5e4af52
|
A couple of minor tweaks to the Chains module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-03-19 10:24:30 -07:00 |
|
Tom Eastep
|
4bd8d9791c
|
Include -t <table> in debug_restore_input() error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-03-18 07:28:14 -07:00 |
|
Tom Eastep
|
39b7527cb6
|
Include rule priority in delete of generated address route rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-03-10 08:25:59 -07:00 |
|
Tom Eastep
|
08d29edf1a
|
Include rule priority in delete of generated address route rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-03-10 08:24:38 -07:00 |
|
Tom Eastep
|
093ff580b5
|
Deprecate USE_DEFAULT_RT=No.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-03-09 07:48:05 -07:00 |
|
Tom Eastep
|
cea237620a
|
Change USE_DEFAULT_RT default to 'Yes'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-03-09 07:42:22 -07:00 |
|
Tom Eastep
|
c9d7370fb4
|
Merge branch '4.5.21'
Conflicts:
Shorewall/manpages/shorewall.conf.xml
Shorewall6/manpages/shorewall6.conf.xml
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-03-05 09:00:34 -08:00 |
|
Tom Eastep
|
8b4d8bfa16
|
Finish ADMINISABSENDMINDED change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-03-05 08:57:03 -08:00 |
|
Tom Eastep
|
4eadec234a
|
Revert "Correct the behavior of ADMINISABSENTMINDED"
This reverts commit ded747a51a .
|
2014-03-02 08:25:05 -08:00 |
|
Tom Eastep
|
2b489993ca
|
Revert "Correct the behavior of ADMINISABSENTMINDED"
This reverts commit df09e0ccc5 .
|
2014-03-02 08:23:23 -08:00 |
|
Tom Eastep
|
ded747a51a
|
Correct the behavior of ADMINISABSENTMINDED
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-02-28 10:14:33 -08:00 |
|
Tom Eastep
|
df09e0ccc5
|
Correct the behavior of ADMINISABSENTMINDED
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-02-28 10:14:08 -08:00 |
|
Tom Eastep
|
454e53bcfa
|
Reformat preceding patch and correct syntax errors.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-02-25 13:21:23 -08:00 |
|
Tom Eastep
|
66fdc9f6a7
|
Call directive_callback for directives without '?'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-02-25 12:48:25 -08:00 |
|
Tom Eastep
|
c74235a200
|
Correct typos
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-02-17 14:17:49 -08:00 |
|
Tom Eastep
|
1759fc75b0
|
Correctly handle alternate specification with ';' in 'update -t'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-02-17 14:10:17 -08:00 |
|
Tom Eastep
|
3e87efc82b
|
Document -t option
- Also copy compiler directives to the mangle file.
|
2014-02-17 12:50:59 -08:00 |
|
Tom Eastep
|
a011ad8efe
|
Add raw matches to the converted mangle file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-02-16 09:59:13 -08:00 |
|
Tom Eastep
|
0e40a42729
|
Allow SAVE and RESTORE in the postrouting chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-02-16 09:50:43 -08:00 |
|
Tom Eastep
|
669d15e2cf
|
Implement the -t update option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-02-15 09:36:13 -08:00 |
|
Tom Eastep
|
2dbcd36a9c
|
Implement BASIC_FILTERS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-02-04 16:34:03 -08:00 |
|
Tom Eastep
|
0383ca7de6
|
Correct semantics of ipset lists in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-02-04 12:27:46 -08:00 |
|
Tom Eastep
|
7ddc65133e
|
Support ipset lists in the tcfilters file.
- Also document the fact that ipset match options are not available in
the tcfilters file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-02-04 12:16:35 -08:00 |
|
Tom Eastep
|
1d4a87a0d0
|
Excape an opening parehthesis.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-02-04 12:15:35 -08:00 |
|
Tom Eastep
|
3b3608ad65
|
Correct ICMP handling in basic filters.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-02-04 07:16:41 -08:00 |
|
Tom Eastep
|
081a387f1d
|
Fix some bugs in basic filter generation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-02-03 14:59:27 -08:00 |
|
Tom Eastep
|
50fb8e3f2f
|
Use HEX representation for matching IPv6 addresses in basic filters.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-31 12:49:47 -08:00 |
|
Tom Eastep
|
f029f5b483
|
Correct handling of logging of a non-terminating target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-29 08:22:31 -08:00 |
|
Tom Eastep
|
86f667afd4
|
Correct handling of logging of a non-terminating target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-29 08:19:53 -08:00 |
|
Tom Eastep
|
8a63053c13
|
Correct defects found in unit testing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-21 20:19:56 -08:00 |
|
Tom Eastep
|
62557cb98e
|
Correct defects found during testing of ematch.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-21 12:53:33 -08:00 |
|
Tom Eastep
|
9c4089fc99
|
Initial basic filter implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-20 18:40:40 -08:00 |
|
Tom Eastep
|
fd28a12653
|
Allow DROP in the stoppedrules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-07 13:19:49 -08:00 |
|
Tom Eastep
|
7e6fc3229d
|
Correct handling of default chain when a mark range is specified.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-07 13:15:51 -08:00 |
|
Tom Eastep
|
42dd8dfee9
|
Change license to GPLv2+ and update copyrights
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-04 09:48:27 -08:00 |
|
Tom Eastep
|
5a7e458104
|
Backout ematch stuff for now
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-03 12:01:56 -08:00 |
|
Tom Eastep
|
7e1a310929
|
Implement ipset matches in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-03 09:35:34 -08:00 |
|
Tom Eastep
|
78ecf9bdc8
|
Finish up ipset extensions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-03 09:23:14 -08:00 |
|
Tom Eastep
|
1771bb75cf
|
Finish ipset match option implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-02 14:43:55 -08:00 |
|
Tom Eastep
|
b4847d6a01
|
New IPSET MATCH extensions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-02 09:36:35 -08:00 |
|
Tom Eastep
|
48ceed9ecb
|
Make tcpflags the default.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-01 15:10:38 -08:00 |
|
Tom Eastep
|
1083dd8c26
|
Allow ?COMMENT in the mangle file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-01 08:02:17 -08:00 |
|
Tom Eastep
|
5e7cd855c2
|
Correct typo in Tc.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-01 07:53:38 -08:00 |
|
Tom Eastep
|
2c2aaf262c
|
Add IP[6]TABLES support for the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-01 07:18:36 -08:00 |
|
Tom Eastep
|
6c990a7253
|
Logically OR builtin definitions from the actions file if the builtin exists
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-01 07:18:00 -08:00 |
|
Tom Eastep
|
f7bbac6ea8
|
Make tcrules/mangle similar to notrack/conntrack.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2014-01-01 07:15:56 -08:00 |
|
Tom Eastep
|
4c1b83beef
|
Tweaks to the Tc.pm module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-31 11:42:38 -08:00 |
|
Tom Eastep
|
ac6a506e35
|
Allow logging from the RAW table
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-31 11:04:43 -08:00 |
|
Tom Eastep
|
11e61ec6e5
|
Add chain information to the builtin_target table.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-31 08:22:58 -08:00 |
|
Tom Eastep
|
5985a6e9b3
|
Implement IP[6]TABLES in the rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-29 13:46:58 -08:00 |
|
Tom Eastep
|
66a04e4819
|
Allow inline matches with IP[6]TABLES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-29 10:13:00 -08:00 |
|
Tom Eastep
|
1634267faa
|
Rename JUMP to IP[6]TABLES.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-29 10:12:33 -08:00 |
|
Tom Eastep
|
c8866ef8bf
|
Correct handling of columns with embedded spaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-29 08:56:14 -08:00 |
|
Tom Eastep
|
6fe06c82c8
|
More switch from tcrules to mangle
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-28 15:24:05 -08:00 |
|
Tom Eastep
|
543446f8d7
|
Integrate tcrules and mangle processing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-28 14:24:36 -08:00 |
|
Tom Eastep
|
a1222d10cb
|
change 'marks' file to 'mangle'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-28 10:03:23 -08:00 |
|
Tom Eastep
|
3dba1f5bee
|
Tested version of the marks file handler
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-27 12:38:22 -08:00 |
|
Tom Eastep
|
3960aaee4c
|
Consolidate declarations in process_mark_rule().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-24 09:49:10 -08:00 |
|
Tom Eastep
|
5419109880
|
Correct syntax errors in new mars handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-24 09:04:54 -08:00 |
|
Tom Eastep
|
584b0ac50e
|
Some small tweaks to the marks file processing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-24 07:25:40 -08:00 |
|
Tom Eastep
|
4c2cedb670
|
Add get_target_param1() that doesn't accept the <action>/<param> syntax
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-19 09:17:11 -08:00 |
|
Tom Eastep
|
f32a777099
|
Fix INLINE in tcrles
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-18 09:19:35 -08:00 |
|
Tom Eastep
|
cd5be38cfb
|
Eliminate silly extra loop in accounting processing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-18 09:19:16 -08:00 |
|
Tom Eastep
|
2894bb9656
|
Move INLINE processing into the Chains module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-16 12:31:35 -08:00 |
|
Tom Eastep
|
fad3b42bd3
|
Correct line split in the Accounting module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-16 07:40:41 -08:00 |
|
Tom Eastep
|
4e4e7cac1d
|
Redefine the -i option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-15 11:23:20 -08:00 |
|
Tom Eastep
|
6d72cb3138
|
Correct update inline
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-15 09:32:09 -08:00 |
|
Tom Eastep
|
9abe60bc27
|
Implement the -i option of upgrade
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-14 17:54:10 -08:00 |
|
Tom Eastep
|
33c5893bdb
|
Implement INLINE_MATCHES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-14 13:35:01 -08:00 |
|
Tom Eastep
|
2bc329aa1d
|
Add INLINE support to the masq file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-13 15:44:16 -08:00 |
|
Tom Eastep
|
95abeaea24
|
Finish INLINE in the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-01 09:25:32 -08:00 |
|
Tom Eastep
|
75258083e3
|
Cleanup of column splitting change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-12-01 09:24:49 -08:00 |
|
Tom Eastep
|
bf44e514e3
|
Keep parentheses balanced when splitting a line.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-11-30 14:13:42 -08:00 |
|
Tom Eastep
|
e5d250750b
|
Correct handling of ?SECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-11-27 07:53:33 -08:00 |
|
Tom Eastep
|
d63262a0cb
|
change ZONE2ZONE default to '-'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-11-24 08:16:28 -08:00 |
|
Tom Eastep
|
3870157898
|
Issue warning on bare SECTION headings.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-11-24 07:58:02 -08:00 |
|
Tom Eastep
|
80d54ec40b
|
Implement ?SECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-11-18 06:57:54 -08:00 |
|
Tom Eastep
|
855cb6e7f4
|
Correct handling of HFSC classes with DMAX but no UMAX
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-11-16 08:07:23 -08:00 |
|