Commit Graph

15658 Commits

Author SHA1 Message Date
Tom Eastep
895428c7c1 Handle the case where a single host exclusion specifies multiple nets
Also reorganize the exclusion code to make it self-contained within
add_common_rules()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-10 10:30:33 -07:00
Tom Eastep
0855bc4187 Create /etc/iproute2/rt_tables if it doesn't exist
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-09 15:52:49 -08:00
Tom Eastep
3e52a6c005 Remove interface status files during 'stop/clear' processing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-08 16:13:05 -08:00
Tom Eastep
8ce3f23464 Set AUTOHELPERS=No in the samples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-08 13:27:47 -08:00
Tom Eastep
467cc4c252 Correct src-dst single exclusion
Match the destination address in the output chain

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-08 11:50:49 -08:00
Tom Eastep
a9359d2610 Update $globals{VERSION}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-07 15:41:15 -08:00
Tom Eastep
9479b83c48 Correct add_dbl_exclution_ijump()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-07 14:18:06 -08:00
Tom Eastep
f37a74a667 Add a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-07 12:30:37 -08:00
Tom Eastep
0ecf0703dc Correct classic blacklisting
- No filtering in the OUTPUT chain
- Correct ipsec filtering

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-07 12:26:59 -08:00
Tom Eastep
f1317f919f Handle ipsec correctly in ipset-based dynamic blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-06 20:26:58 -08:00
Tom Eastep
cbe2935fce Handle 'nodbl' in complex host definitions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-06 17:18:50 -08:00
Tom Eastep
a8718b9867 Clearify 'ip' in shorewall-hosts(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-05 15:21:26 -08:00
Tom Eastep
a9c2ee3a76 Major cleanup of DYNAMIC_BLACKLIST code
1) Avoid having to parse the setting in the Zones, Misc and rules modules
2) Apply ipset match rule after dealing with exclusions rather than before
3) Correct handling of src-dst

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-05 14:45:41 -08:00
Tom Eastep
dfd40ee208 Factor out ipset match rule generateion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-04 13:44:23 -08:00
Tom Eastep
8d0dba349c Shorten DBL exclusion chain names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-04 12:10:56 -08:00
Tom Eastep
f21d8b2a27 Correct parsing of the hosts file:
1) Fixed IPv6 parsing of the HOSTS column
2) Properly detect IPv4 loopback violations

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-03 09:54:33 -08:00
Tom Eastep
11fb1ab6cf Insert comments into add_common_rules()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-02 19:51:18 -08:00
Tom Eastep
e8f28fa564 Allow 'nodbl' for classic blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-02 16:16:02 -08:00
Tom Eastep
337a4bd6ec Use shorter names for dbl exclusion chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-02 14:54:45 -08:00
Tom Eastep
91d5dbb7ba Fix some blacklisting bugs:
- src-dst didn't work
- typo in shorewall.conf(5)

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-02 13:53:31 -08:00
Tom Eastep
4ca77b109c Replace bizarre {dbl} encoding (what was I smoking when I wrote that code?)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-02 10:40:12 -08:00
Tom Eastep
a96656a509 Clean up shorewall.conf(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-02 09:52:16 -08:00
Tom Eastep
f928b4d6fc Add a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-02 08:45:46 -08:00
Tom Eastep
a3abafa98b Add a 'nodbl' option for the hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-02 08:33:36 -08:00
Tom Eastep
1377fc8897 Stop errors when displaying an empty routing table
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-02-28 15:20:25 -08:00
Tom Eastep
b8581e54fa
Remove StandardOutput specifications from unit files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-11-03 10:38:26 -08:00
Tom Eastep
ba87937f49
Replace StandardOutput=syslog by StandardOutput=journal in unit files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-10-30 09:24:47 -07:00
Tom Eastep
69f0d4d881
Simon Mater's patch to support gbits and gbps in rate/burst specifications
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-10-09 09:39:01 -07:00
Tom Eastep
6681191c88
Correct 'show bl|blacklists' syntax
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-10-09 09:26:41 -07:00
Tom Eastep
2ceeb2c934
Merge branch '5.2.8' 2020-09-25 10:05:35 -07:00
Tom Eastep
97165ed41e
Add target file(s) 5.2.8-base
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-24 15:16:51 -07:00
Tom Eastep
5b0cacd9c4
Add NFS V1.4 macro
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-24 14:46:24 -07:00
Tom Eastep
eeec6f2396
Update shorewall-snat(5)
- Delete incorrect statement about a list of addresses in SNAT()
- Replace IPv4 Example 6 with one that uses the PROBABILITY column

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-24 11:19:46 -07:00
Tom Eastep
2e7d1ac4a3
Update shorewall-snat(5)
- Delete incorrect statement about a list of addresses in SNAT()
- Replace IPv4 Example 6 with one that uses the PROBABILITY column

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-24 11:19:12 -07:00
Tom Eastep
34c59dca32
Don't export interface_is_plain()
- It was used in a superseded change

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-19 11:38:41 -07:00
Tom Eastep
9aa2a4b704
Use less obscure code to set $call_generate_all_acasts;
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-19 11:20:10 -07:00
Tom Eastep
d363809859
Complete the table documentation at the top of the file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-18 13:44:41 -07:00
Tom Eastep
6c4383b5ce
Add target file(s) 5.2.8-RC1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-17 14:47:53 -07:00
Tom Eastep
877807943d
Add target file(s) 5.2.8-RC1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-17 14:47:29 -07:00
Tom Eastep
378df2861a
Add target file(s) 5.2.8-RC1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-17 14:47:20 -07:00
Tom Eastep
f84be9faa4
Display consistent banner
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-17 10:46:53 -07:00
Tom Eastep
c6dea1525f
Describe using a shell alias to invoke shorewall6-lite from 'shorewall6'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 18:04:33 -07:00
Tom Eastep
a7505f3ecb
Remove ${SBINDIR}/shorewall when removing Shorewall-core
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 16:57:44 -07:00
Tom Eastep
8c10c96844
Revert "Move ${SBINDIR}/shorewall6 to the Shorewall-core product"
This reverts commit 1ca886abd7.
2020-09-15 16:49:19 -07:00
Tom Eastep
126c5ccd53
Include administrative host name in status output
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 15:16:23 -07:00
Tom Eastep
1ca886abd7
Move ${SBINDIR}/shorewall6 to the Shorewall-core product
- Default 'shorewall6' to 'shorewall6-lite' if that product is installed
  and 'shorewall6' is not.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 13:55:57 -07:00
Tom Eastep
ca78c0221c
Don't remote ${SBINDIR}/shorewall when uninstalling Shorewall
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 11:58:05 -07:00
Tom Eastep
e4c2122532
Eliminate duplicate function names between lib.cli and lib.cli-std
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 11:45:45 -07:00
Tom Eastep
f16e666858
Redirect STDERR to STDOUT when using $PAGER
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-13 15:46:04 -07:00
Tom Eastep
b5f3294adb
Set SHOREWALL_SHELL=/sbin/sh if it isn't set and export or test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-13 15:33:01 -07:00