Tom Eastep
8ae6e3ff57
A couple more OpenWRT fixes
...
- Detect OpenWRT in the configure script
- Fix the Shorewall6-lite uninstaller
2015-11-07 07:20:44 -08:00
Tom Eastep
ec1c9bd991
Delete shorewallrc from Shorewall-core
...
- Inadvertently added during OpenWRT testing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-06 14:12:28 -08:00
Tom Eastep
6f560bda38
More OpenWRT tweaks from Matt Darfeuille
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-06 14:01:02 -08:00
Tom Eastep
7cce2e4ed5
Fix mkdir command in mutex_on()
...
- Also support 'lock' utility on openWRT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-05 12:38:54 -08:00
Tom Eastep
3d4cde76aa
OpenWRT support in the installers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-04 13:29:59 -08:00
Tom Eastep
ca0ac0473c
Another tweak to syslog_circular_buffer()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-03 18:59:10 -08:00
Tom Eastep
3890a5c1fd
Correct syslog_circular_buffer()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-02 14:29:06 -08:00
Tom Eastep
332f636d29
Adjust LOGFILE if circular log buffer
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-01 07:25:34 -08:00
Tom Eastep
d1bad364e9
Correct syntax error in installers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 17:54:20 -07:00
Tom Eastep
5807d44733
Allow HOST=default in the configure scripts
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 13:29:02 -07:00
Tom Eastep
aa680d8472
Avoid double slashes in pathnames within the installers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 12:57:33 -07:00
Tom Eastep
3d06a75768
Remove more %_b instances
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 12:43:22 -07:00
Tom Eastep
073b2992cc
Require the 'install' utility in the installers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 12:43:01 -07:00
Tom Eastep
27d94c8921
Improve check for circular log buffer
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 08:31:46 -07:00
Tom Eastep
f90567abf1
Add support for OpenWRT BB and later
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 08:08:17 -07:00
Tom Eastep
c83536767e
Move get_config() into the overloadable part of the file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-30 08:54:07 -07:00
Tom Eastep
1848c3fa45
Add lib.cli-user support to the -lite products
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-30 08:47:01 -07:00
Tom Eastep
38049fd0df
Correct "remote-" commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-26 20:06:10 -07:00
Tom Eastep
1e2cfcd9a3
Deal with missing 'hostname' utility
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-21 17:41:01 -07:00
Tom Eastep
1b571f3d86
Correct the reset command
...
- Also allow chain names to be specified a la the refresh command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-11 14:16:16 -07:00
Tom Eastep
ed90360b4c
Remove all of the update-specific options from the update command
...
Leave -i and -A
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 14:21:41 -07:00
Tom Eastep
5ead22aa48
Move fatal_error() to lib.base
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-21 14:19:20 -07:00
Tom Eastep
0d635632e3
Add conversion of notrack to conntrack
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-08 16:46:58 -07:00
Tom Eastep
73c8b563a1
Add -s option to update to convert the routestopped file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-07 13:46:16 -07:00
Tom Eastep
4bf714aca0
Correct debian systemd shorewallrc file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 14:53:05 -07:00
Tom Eastep
2eb1cb5e6e
More debian changes from 4.6.12
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 14:35:03 -07:00
Tom Eastep
ef9e75753a
Restore .214 files
...
- Also merge Debian changes from 4.6.12
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 11:23:35 -07:00
Tom Eastep
67589cab69
More version changes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-28 10:59:11 -07:00
Tom Eastep
f233031b08
Update shorewallrc files' versions
...
- Correct the SERVICEDIR setting for debian
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-28 10:33:22 -07:00
Tom Eastep
b1d75e53a1
Correct syntax error in lib.cli
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-27 07:23:39 -07:00
Tom Eastep
cecc81ce82
Update .service files
...
- make the .214 versions the default and remove the ones name *.214
- Add 'ExecReload' to all but Shorewall-init
- Create Debian-specific versions with /etc/default rather than /etc/sysconfig
2015-07-26 10:58:03 -07:00
Tom Eastep
a00bf196a3
Remove all workarounds
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 10:27:30 -07:00
Tom Eastep
f9ec0c6930
New 'reload' and 'restart' semantics
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 09:59:49 -07:00
Tom Eastep
3959feebe0
Remove extraneous line that causes a "not found" shell diagnostic
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-10 09:35:43 -07:00
Tom Eastep
0414166d6d
'show connections' enhancement
...
- Allow tayloring of the entries displayed by specifying conntrack
-L options.
2015-06-29 14:55:47 -07:00
Tom Eastep
7153146759
Don't ask for script version when WORKAROUNDS=No
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-28 09:18:47 -07:00
Tom Eastep
a911ec318e
Add a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-27 09:19:14 -07:00
Tom Eastep
5ca68477d5
Corrections to last commit
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 15:18:07 -07:00
Tom Eastep
9f08726794
Eliminate running the script twice is some cases
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 14:32:43 -07:00
Tom Eastep
846d629c47
Eliminate the usage() function in lib.cli-std
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 12:55:34 -07:00
Tom Eastep
5003e826b9
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2015-06-09 10:58:58 -07:00
Tuomo Soini
f8d95d1ee9
rename not_configured() to not_configured_error()
...
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-06-09 20:29:45 +03:00
Tom Eastep
7f50557250
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2015-06-08 13:50:47 -07:00
Tuomo Soini
5221c92d7f
Add to lib.common a new function not_configured()
...
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-06-08 22:18:01 +03:00
Tom Eastep
2956698298
Corrections to WORKAROUNDS implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-06 12:15:03 -07:00
Tom Eastep
019e49b481
Implement WORKAROUNDS option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-01 12:59:25 -07:00
Tom Eastep
93c7e2c2f7
Change the way in which a warning message is suppressed
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-26 15:54:41 -07:00
Tom Eastep
ba7afcaeae
Make 'call' a supported command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-21 10:38:35 -07:00
Tom Eastep
4b27c72c79
Set exit code to 6 when startup is disabled
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-07 14:12:41 -07:00
Tom Eastep
fe37844455
Correct CLI helper capability detection
...
- Previously, the HELPERS setting was ignored
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-02 07:54:01 -07:00
Tom Eastep
2cea78e6df
Add the 'reenable' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 13:02:12 -07:00
Tom Eastep
3cb45f234e
Delete questionable logic in lib.cli
...
- It hasn't worked since there was a typo in it that prevented it from
doing the correct thing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-07 12:12:59 -07:00
Tom Eastep
23137e5e8a
Correct typo in lib.cli
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-07 09:23:35 -07:00
Tom Eastep
77165326f2
Merge branch '4.6.8'
...
Conflicts:
Shorewall6/uninstall.sh
2015-04-03 14:02:21 -07:00
Tom Eastep
eb3a162560
Apply Matt Darfeuille's fix for fatal_error()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-02 13:26:51 -07:00
Tom Eastep
7442c2189d
Implement TCPMSS_TARGET capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-31 15:53:05 -07:00
Tom Eastep
0c11870e46
Implement the 'savesets' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-17 10:03:12 -07:00
Tom Eastep
fdc36747ad
Allow the 'open' and 'close' commands to handle icmp
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-16 16:25:32 -07:00
Tom Eastep
ecaae1f644
Improve editing of open numbers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-15 10:15:39 -07:00
Tom Eastep
52e7efc666
Move open_close_setup() inside open_close_command()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-14 09:42:43 -07:00
Tom Eastep
86d6d6900e
Improve 'close' and 'show opens' commands
...
- close accepts a rule number
- list opens displays rule numbers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-14 08:54:30 -07:00
Tom Eastep
095e523c9f
Add 'show opens' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 13:10:23 -08:00
Tom Eastep
2817060edb
Improvements to the 'open' and 'close' commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 08:13:44 -08:00
Tom Eastep
a85fdc45ac
Implement 'open' and 'close' commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-05 16:20:54 -08:00
Orion Poplawski
9ad0b297e2
Supporting xz compressed kernel modules
...
- I've attached a patch that adds xz support to the default MODULE_SUFFIX.
- I'm wondering it wouldn't be better to not have MODULE_SUFFX=ko in various
sample configs so that the default value is used instead:
./Shorewall/configfiles/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/Universal/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/three-interfaces/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/two-interfaces/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/one-interface/shorewall.conf:MODULE_SUFFIX=ko
./docs/MultiISP.xml:MODULE_SUFFIX=ko
./docs/MyNetwork.xml:MODULE_SUFFIX=ko
./Shorewall6/configfiles/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/Universal/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/three-interfaces/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/two-interfaces/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/one-interface/shorewall6.conf:MODULE_SUFFIX=ko
- Is:
MODULE_SUFFIX=
sufficient to use the default value or does it need to be commented out?
Thanks,
Orion
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion@nwra.com
Boulder, CO 80301 http://www.nwra.com
>From f13edf8fc07c7b62825408b8665b10d6014d368d Mon Sep 17 00:00:00 2001
From: Orion Poplawski <orion@cora.nwra.com>
Date: Mon, 26 Jan 2015 09:48:48 -0700
Subject: [PATCH] Support xz compressed modules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-06 12:51:00 -08:00
Tom Eastep
740e19968b
Don't complain if the 'ip' executable doesn't exist.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-09 12:20:51 -08:00
Tom Eastep
33e2e19193
Always set IP
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 09:28:50 -08:00
Tom Eastep
4a4bfe77ce
Implement IFACE_MATCH capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 09:05:06 -08:00
Tom Eastep
3890b8a884
Infrastructure for detecting loopback interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 08:49:38 -08:00
Tom Eastep
15a2fd14f9
Implement TARPIT target
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-28 15:23:30 -08:00
Tom Eastep
685825a336
Correct Handling of Dynamic Zones
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-13 13:48:36 -08:00
Evangelos Foutras
3a64ef7d3a
Set SBINDIR to /usr/bin in shorewallrc.archlinux
...
/usr/bin is the directory used for all binaries that were previously
installed to /bin, /sbin or /usr/sbin. This unification occurred in
Arch Linux in mid-2013, so might as well change it in Shorewall too.
Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 07:55:08 -08:00
Evangelos Foutras
b746c9319f
Rename SYSTEMDDIR to SERVICEDIR in shorewallrc.*
...
This was omitted from commit e3b1034
(Change SYSTEMDDIR to SERVICEDIR).
Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 07:55:04 -08:00
Evangelos Foutras
6f81bb5c8e
Fix setting of options[SERVICEDIR] in configure
...
The previous syntax resulted in:
./configure: line 199: [SERVICEDIR]=: command not found
Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 07:55:00 -08:00
Tom Eastep
9598ac6fad
Correct a couple of problems with -C
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-01 10:09:04 -07:00
Tom Eastep
8fb73026c8
Replace SAVE_COUNTERS with the -C command option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-01 09:37:57 -07:00
Tom Eastep
b7ab82dba4
Implement -f option in the -lite products' start command
...
- Remove 'recover' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 10:42:39 -07:00
Tom Eastep
3454e10525
Add SAVE_COUNTERS option.
...
- Also implement recover command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 08:57:56 -07:00
Tom Eastep
54461a9a90
Correct indentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-20 12:29:45 -07:00
Tom Eastep
e3b10343a5
Change SYSTEMDDIR to SERVICEDIR
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-13 11:56:26 -07:00
Tom Eastep
a5086f785f
Avoid confusing output when 4.6.4 CLI executes a 'save'
...
- If a down-rev firewall is running, the savesets command produces
confusing usage output
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-10 18:40:55 -07:00
Tom Eastep
815e93e80c
Rename SYSTEMD to SYSTEMDDIR
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-07 16:46:16 -07:00
Tom Eastep
4071b9d337
Update SuSE shorewallrc for SBINDIR
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-30 16:16:33 -07:00
Tom Eastep
3858683e94
Allow saving a specified list of ipsets
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 11:19:41 -07:00
Tom Eastep
4495ed687b
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2014-09-23 07:10:46 -07:00
Tuomo Soini
8f05d0f16d
install.sh: support install on centos7 and foobar7
...
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2014-09-23 13:19:09 +03:00
Tom Eastep
f9d98b74a2
Merge branch '4.6.2' into 4.6.3
...
Conflicts:
Shorewall/Perl/Shorewall/Providers.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-16 08:09:20 -07:00
Tom Eastep
fc58dab66d
Remove redundant 'run' command from help output
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-02 12:57:04 -07:00
Tom Eastep
bf5be7198b
Make dump work correctly on RHEL5
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-12 16:18:42 -07:00
Tom Eastep
0bf80c15d8
Detect missing <commmand> in the generated scrip
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-29 11:35:32 -07:00
Tom Eastep
4e9a0b989d
Update 'run' help text
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-29 10:46:28 -07:00
Tom Eastep
31e5aeeaea
Refine the 'run' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-29 10:30:07 -07:00
Tom Eastep
a7b18ca875
Implement 'run' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-28 07:04:56 -07:00
Tom Eastep
cc935009ce
Correct install problems under Cygwin
...
- configure.pl doesn't understand CYGWIN return from uname
- shorewall-core install.sh doesn't understand CYGWIN return from uname
- shorewall install.sh generates 'mkdir -p //etc/shorewall' which is
broken under Cygwin
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-09 10:48:03 -07:00
Tom Eastep
50736fb8ae
Correct last patch (s/-i/-x/)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 15:38:11 -07:00
Tom Eastep
a2e514c0ab
Add the -i option to the 'show bl' help text
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 15:35:49 -07:00
Tom Eastep
6ad9b95351
Implement 'show bl'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 13:27:25 -07:00
Tom Eastep
ac4bf15606
Implement 'status -i'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 11:07:37 -07:00
Tom Eastep
e64a7feda2
Make 'show filters' work with Simple TC
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-25 12:30:12 -07:00
Tom Eastep
d49d352d77
Improve the output of 'shorewall[6] show filters'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-23 09:26:12 -07:00
Tom Eastep
966926fac5
RHE7 support -- first cut
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-19 15:15:52 -07:00
Tom Eastep
3311bbd73a
Merge branch '4.5.21'
2014-03-27 10:53:16 -07:00
Tom Eastep
9107259a56
Correct reporting of the REAP_OPTION capability.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-27 10:52:40 -07:00
Tom Eastep
8f36c080d0
Streamline the output of the status comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-27 10:44:08 -07:00
Tom Eastep
669d15e2cf
Implement the -t update option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-15 09:36:13 -08:00
Tom Eastep
f140a8e7e2
Detect EMATCH in the CLI
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-03 12:03:22 -08:00
Tom Eastep
4daee95902
Merge branch '4.5.21'
2014-01-30 13:19:26 -08:00
Tom Eastep
245c64478c
Correct 'add/delete' with a VLAN interface.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-30 13:18:05 -08:00
Tom Eastep
d44bc12df3
Merge branch '4.5.21'
2014-01-15 19:25:23 -08:00
Tom Eastep
6223bdd8e1
Add -m to the dump options in help output
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-15 19:25:07 -08:00
Tom Eastep
dec088566b
Merge branch '4.5.21'
2014-01-15 17:39:03 -08:00
Tom Eastep
6d8cadd152
Correct issues in the 'dump' command.
...
- the -x and -l options do nothing
- output of 'help' doesn't describe those options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-15 17:38:39 -08:00
Tom Eastep
42dd8dfee9
Change license to GPLv2+ and update copyrights
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-04 09:48:27 -08:00
Tom Eastep
1771bb75cf
Finish ipset match option implementation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-02 14:43:55 -08:00
Tom Eastep
dd38cdc0f0
Merge branch '4.5.21'
2013-12-18 07:16:12 -08:00
Tom Eastep
a5e8bc6298
Apply Luigi's small fix for IPSET=
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-18 07:15:24 -08:00
Tom Eastep
6d72cb3138
Correct update inline
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-15 09:32:09 -08:00
Tom Eastep
9abe60bc27
Implement the -i option of upgrade
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 17:54:10 -08:00
Tom Eastep
bcb2573918
Don't try to get firewall version if not root
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-14 07:51:07 -07:00
Tom Eastep
66c2fca2b0
Eradicate the use of 'fgrep'
...
- Busybox on Leaf Bering does not have fgrep
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-14 07:15:08 -07:00
Tom Eastep
b6c3d9cae1
Avoid error message during initial install
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-09 14:06:41 -07:00
Tom Eastep
20946f0711
Add Ubuntu support to configure
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-09 07:14:55 -07:00
Tom Eastep
faeea3bd8a
Add Ubuntu support to Shorewall-core installer.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-09 07:05:06 -07:00
Tom Eastep
75f5d97657
Enhance 'shorewall capabilities' output for REAP_OPTION
...
Include 'REAP_OPTION' in parentheses.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 12:53:53 -07:00
Tom Eastep
8c4bbf0c85
Implement REAP_OPTION capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-07 07:54:52 -07:00
Tom Eastep
9c30105fff
Display compiler version in the status and 'version -a' commands.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-30 15:59:42 -07:00
Tom Eastep
4524281163
Apply Thomas D's Gentoo support patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-17 08:22:52 -07:00
Tom Eastep
df028e420c
Use 'ip neigh ls' when 'arp' isn't installed.
...
- From Martin Gignac
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-17 08:10:36 -07:00
Tom Eastep
ff634ac776
Use 'ss' rather than 'ss' in the 'dump' command.
...
- From Martin Gignac
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-17 06:55:04 -07:00
Tom Eastep
e46e059b87
Specify SYSCONFFILE for SuSE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-10 08:04:36 -07:00
Tom Eastep
50411e638c
Report the name of the SysV init file installed.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-09 08:11:45 -07:00
Tom Eastep
39e348997f
Add SERVICEFILE variable to shoreallrc.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-18 14:27:26 -07:00
Tom Eastep
32763e998b
Make -v work with the status command
...
- Also document exit status
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-13 06:52:46 -07:00
Tom Eastep
84e0c98c88
Remove debugging statement
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-10 06:54:43 -07:00
Tom Eastep
5f63183247
More fixes to the configure script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-09 18:35:32 -07:00
Tom Eastep
189b81cd49
Correct more typos
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-09 16:56:48 -07:00
Tom Eastep
2f25584dee
Correct another typo
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-09 16:50:43 -07:00
Tom Eastep
d127c90924
Correct typo
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-09 16:50:30 -07:00
Tom Eastep
fc5c92cabc
Use /etc/os-release to determine build host
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-08 17:44:40 -07:00
Tom Eastep
a10aea280b
Add some abbreviations for common commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-06 07:05:47 -07:00
Tom Eastep
5ba8df81fb
Further improve readability of the show event[s] commands.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-13 09:08:50 -07:00
Tom Eastep
51d5ec6b2b
Make the output of 'show event[2] understandable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 16:07:22 -07:00
Tom Eastep
5c7500e13e
Display the current time as an integer in 'show event[s]' output
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 09:46:08 -07:00
Tom Eastep
09240da55a
Change the external name of MARK_ANYWHERE to 'Mark in the filter table'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 09:45:20 -07:00
Tom Eastep
89f16bdb37
Include a current time event in /proc/net/xt_recent/
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 07:14:22 -07:00
Tom Eastep
f99e20ee19
Allow 'show event[s]'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-11 19:21:56 -07:00
Tom Eastep
b639a18eb9
Simplify fix for -q
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-03 08:16:27 -07:00
Tom Eastep
3e1ed30f4e
Make initial progress message obey VERBOSITY
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 14:23:27 -07:00
Tom Eastep
f6a55bbf05
Allow the '-V' option in the CLI programs.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-16 14:29:36 -07:00
Tom Eastep
c3901f1161
Release mutex on error.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-09 09:57:09 -07:00
Tom Eastep
3923092468
Take 2 on conditional compilation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-08 19:01:39 -07:00
Tom Eastep
56318e6cc8
Try to ensure that cp doesn't copy the firewall script to itself.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-06 09:22:16 -07:00
Tom Eastep
186f71fa96
Add NEW_TOS_MATCH capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-09 14:04:16 -07:00
Tom Eastep
b10218e773
Add a 'UDPLITE Port Redirection' capability.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-10 10:07:52 -07:00
Tom Eastep
e77ca971bd
Avoid shell diagnostic in 'show capabilities' when no arptables installed
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-10 09:48:10 -07:00
Tom Eastep
8442477224
Add Enhanced Multi-port match capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-10 09:04:47 -07:00
Tom Eastep
418034579f
Support IPv6 Masquerade
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-27 09:25:26 -08:00
Tom Eastep
40865dce4d
Correct 'not running' error message in enable/disable commands.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-23 16:32:17 -08:00
Tom Eastep
82f9ba8bb7
Correct detection of IPv6 PERSISTENT_SNAT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-23 12:59:38 -08:00
Tom Eastep
8ed6642387
Modify reload_command() and export_command() to directly call compiler()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-22 16:15:41 -08:00
Tom Eastep
bb5b6e42d6
Replace death sequences with calls to fatal_error()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-16 07:32:47 -08:00
Tom Eastep
430c69b8db
Merge branch '4.5.13'
2013-02-15 18:23:45 -08:00
Tom Eastep
36db41457d
Make 'version -a' work when not run by /sbin/shorewall.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-15 12:45:49 -08:00
Tom Eastep
138638cb1a
Effectively use the specified directory as the CONFIG_PATH til .conf is read
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-13 07:45:24 -08:00
Evangelos Foutras
2d59f7e31a
Tweak shorewallrc.archlinux configuration
...
Changes:
- Remove reference to SysV init script
- Define systemd system unit directory
- Set SBINDIR to /usr/sbin
- Unset BUILD; should be auto-detected
Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 10:13:48 -08:00
Tom Eastep
38657d9f98
Support for arptables.
...
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-04 09:17:57 -08:00
Tom Eastep
24c69f9efb
Sort the output of 'show capabilities'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-21 11:09:18 -08:00
Tom Eastep
60012d1208
Add additional space for the OPTIONS column
...
- actions and actions.std problem
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 10:54:32 -08:00
Tom Eastep
8cbe26e32c
Ignore 'inline' for certain actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 07:54:42 -08:00
Tom Eastep
6702bb1989
Revert condition initialization patch.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-30 07:31:29 -08:00
Tom Eastep
409c427134
Add support for future condition initial values.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-29 12:15:15 -08:00
Tom Eastep
5fcdfd779c
Don't default IPSET to 'ipset'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-09 08:54:54 -08:00
Tom Eastep
d0e03bb03a
Sort IPv6 routing tables.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-23 11:53:19 -07:00
Tom Eastep
0387b16983
Implement CHECKSUM action in the tcrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-22 15:42:13 -07:00
Tom Eastep
f24e194819
Don't display chains with no matched entries when -b
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-22 14:15:37 -07:00
Paul Gear
ca5a0f4b15
Fix option parsing for brief option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-20 07:11:40 -07:00
Paul Gear
baf42f2ac0
Add brief option to shorewall show
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-20 07:11:31 -07:00
Tom Eastep
30066062d1
Move SHOREWALL_CAPVERSION declaration to lib.cli
...
- Make 'shorwall' the default g_program in lib.cli
- Initialize g_tool in lib.cli for shorewall and shorewall6 to
facilitate use of the library without reading shorewall[6].conf.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-19 07:12:49 -07:00
Tom Eastep
49acc84f05
Add URL to the "Log message doesn't exist" message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-13 11:16:59 -07:00
Tom Eastep
47de98ff44
Rename crvsn -> vlsm in sort_routes()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-13 09:58:34 -07:00
Tom Eastep
2a175c627e
Merge branch '4.5.8'
2012-10-09 16:54:22 -07:00
Tom Eastep
4bb86d8126
Correct typo in shorewallrc.default
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-09 16:53:49 -07:00
Tom Eastep
1df48b46ef
Enable 'show dynamic' for dynamic zones.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 08:36:28 -07:00
Tom Eastep
8c97681421
Merge branch '4.5.8'
...
Conflicts:
Shorewall-core/lib.cli
2012-10-07 08:24:04 -07:00
Tom Eastep
431309678a
Enable dynamic zones to work with all ipset versions
...
- Re-add lost logic from 4.5.8.1 fix.
- create separate variables for add/delete and LIST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 08:10:57 -07:00
Tom Eastep
7ca1a43118
Fix 'show dynamic'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 07:15:43 -07:00
Tom Eastep
8091ad6c70
Modify lib.cli to run the 'add' and 'delete' to allow the zone name to come first
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-06 09:22:14 -07:00
Tom Eastep
c12985b75b
Correct typo in error message.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-01 07:17:39 -07:00
Tom Eastep
22c3766b47
Correct typo in error message.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-01 07:17:03 -07:00
Tom Eastep
92d39dc56d
Expunge the g_perllib variable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-01 06:59:39 -07:00
Tom Eastep
a8e9296473
Expunge the g_sbindir variable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-01 06:55:48 -07:00
Tom Eastep
749e239d15
Expunge the g_libexec variable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-01 06:51:36 -07:00
Tom Eastep
526ad75c49
Expunge the g_vardir variable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-01 06:44:52 -07:00
Tom Eastep
a12f1f9fbb
Always set IPSET in get_config()
...
- Previously, lib.cli-std set the variable but lib.cli did not.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-30 11:36:40 -07:00
Tom Eastep
d1bf727127
Allow dynamic zones to work with ipset V5
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-30 08:52:56 -07:00
Tom Eastep
cd2205a325
Upgrade down-rev rc file during install
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-15 08:09:37 -07:00
Tom Eastep
664dc0b71e
Another case of incorrect quoting.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-14 08:20:54 -07:00
Tom Eastep
e9b0e2f912
Revert "Improve handling of mutex contention when 'lockfile' is installed."
...
This reverts commit 2f56caf8fd
.
The change only worked on very recent distributions.
2012-09-12 10:03:09 -07:00
Tom Eastep
2f56caf8fd
Improve handling of mutex contention when 'lockfile' is installed.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 07:18:26 -07:00
Tom Eastep
5645d66719
Add VARDIR to the shorewallrc files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 10:52:40 -07:00