Tom Eastep
895428c7c1
Handle the case where a single host exclusion specifies multiple nets
...
Also reorganize the exclusion code to make it self-contained within
add_common_rules()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-10 10:30:33 -07:00
Tom Eastep
0855bc4187
Create /etc/iproute2/rt_tables if it doesn't exist
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-09 15:52:49 -08:00
Tom Eastep
3e52a6c005
Remove interface status files during 'stop/clear' processing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-08 16:13:05 -08:00
Tom Eastep
8ce3f23464
Set AUTOHELPERS=No in the samples
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-08 13:27:47 -08:00
Tom Eastep
467cc4c252
Correct src-dst single exclusion
...
Match the destination address in the output chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-08 11:50:49 -08:00
Tom Eastep
a9359d2610
Update $globals{VERSION}
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-07 15:41:15 -08:00
Tom Eastep
9479b83c48
Correct add_dbl_exclution_ijump()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-07 14:18:06 -08:00
Tom Eastep
f37a74a667
Add a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-07 12:30:37 -08:00
Tom Eastep
0ecf0703dc
Correct classic blacklisting
...
- No filtering in the OUTPUT chain
- Correct ipsec filtering
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-07 12:26:59 -08:00
Tom Eastep
f1317f919f
Handle ipsec correctly in ipset-based dynamic blacklisting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-06 20:26:58 -08:00
Tom Eastep
cbe2935fce
Handle 'nodbl' in complex host definitions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-06 17:18:50 -08:00
Tom Eastep
a8718b9867
Clearify 'ip' in shorewall-hosts(5)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-05 15:21:26 -08:00
Tom Eastep
a9c2ee3a76
Major cleanup of DYNAMIC_BLACKLIST code
...
1) Avoid having to parse the setting in the Zones, Misc and rules modules
2) Apply ipset match rule after dealing with exclusions rather than before
3) Correct handling of src-dst
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-05 14:45:41 -08:00
Tom Eastep
dfd40ee208
Factor out ipset match rule generateion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-04 13:44:23 -08:00
Tom Eastep
8d0dba349c
Shorten DBL exclusion chain names
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-04 12:10:56 -08:00
Tom Eastep
f21d8b2a27
Correct parsing of the hosts file:
...
1) Fixed IPv6 parsing of the HOSTS column
2) Properly detect IPv4 loopback violations
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-03 09:54:33 -08:00
Tom Eastep
11fb1ab6cf
Insert comments into add_common_rules()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-02 19:51:18 -08:00
Tom Eastep
e8f28fa564
Allow 'nodbl' for classic blacklisting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-02 16:16:02 -08:00
Tom Eastep
337a4bd6ec
Use shorter names for dbl exclusion chains
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-02 14:54:45 -08:00
Tom Eastep
91d5dbb7ba
Fix some blacklisting bugs:
...
- src-dst didn't work
- typo in shorewall.conf(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-02 13:53:31 -08:00
Tom Eastep
4ca77b109c
Replace bizarre {dbl} encoding (what was I smoking when I wrote that code?)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-02 10:40:12 -08:00
Tom Eastep
a96656a509
Clean up shorewall.conf(5)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-02 09:52:16 -08:00
Tom Eastep
f928b4d6fc
Add a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-02 08:45:46 -08:00
Tom Eastep
a3abafa98b
Add a 'nodbl' option for the hosts file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-03-02 08:33:36 -08:00
Tom Eastep
1377fc8897
Stop errors when displaying an empty routing table
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-02-28 15:20:25 -08:00
Tom Eastep
b8581e54fa
Remove StandardOutput specifications from unit files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-11-03 10:38:26 -08:00
Tom Eastep
ba87937f49
Replace StandardOutput=syslog by StandardOutput=journal in unit files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-10-30 09:24:47 -07:00
Tom Eastep
69f0d4d881
Simon Mater's patch to support gbits and gbps in rate/burst specifications
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-10-09 09:39:01 -07:00
Tom Eastep
6681191c88
Correct 'show bl|blacklists' syntax
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-10-09 09:26:41 -07:00
Tom Eastep
2ceeb2c934
Merge branch '5.2.8'
2020-09-25 10:05:35 -07:00
Tom Eastep
97165ed41e
Add target file(s) 5.2.8-base
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-24 15:16:51 -07:00
Tom Eastep
5b0cacd9c4
Add NFS V1.4 macro
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-24 14:46:24 -07:00
Tom Eastep
eeec6f2396
Update shorewall-snat(5)
...
- Delete incorrect statement about a list of addresses in SNAT()
- Replace IPv4 Example 6 with one that uses the PROBABILITY column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-24 11:19:46 -07:00
Tom Eastep
2e7d1ac4a3
Update shorewall-snat(5)
...
- Delete incorrect statement about a list of addresses in SNAT()
- Replace IPv4 Example 6 with one that uses the PROBABILITY column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-24 11:19:12 -07:00
Tom Eastep
34c59dca32
Don't export interface_is_plain()
...
- It was used in a superseded change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-19 11:38:41 -07:00
Tom Eastep
9aa2a4b704
Use less obscure code to set $call_generate_all_acasts;
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-19 11:20:10 -07:00
Tom Eastep
d363809859
Complete the table documentation at the top of the file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-18 13:44:41 -07:00
Tom Eastep
6c4383b5ce
Add target file(s) 5.2.8-RC1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-17 14:47:53 -07:00
Tom Eastep
877807943d
Add target file(s) 5.2.8-RC1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-17 14:47:29 -07:00
Tom Eastep
378df2861a
Add target file(s) 5.2.8-RC1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-17 14:47:20 -07:00
Tom Eastep
f84be9faa4
Display consistent banner
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-17 10:46:53 -07:00
Tom Eastep
c6dea1525f
Describe using a shell alias to invoke shorewall6-lite from 'shorewall6'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 18:04:33 -07:00
Tom Eastep
a7505f3ecb
Remove ${SBINDIR}/shorewall when removing Shorewall-core
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 16:57:44 -07:00
Tom Eastep
8c10c96844
Revert "Move ${SBINDIR}/shorewall6 to the Shorewall-core product"
...
This reverts commit 1ca886abd7
.
2020-09-15 16:49:19 -07:00
Tom Eastep
126c5ccd53
Include administrative host name in status output
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 15:16:23 -07:00
Tom Eastep
1ca886abd7
Move ${SBINDIR}/shorewall6 to the Shorewall-core product
...
- Default 'shorewall6' to 'shorewall6-lite' if that product is installed
and 'shorewall6' is not.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 13:55:57 -07:00
Tom Eastep
ca78c0221c
Don't remote ${SBINDIR}/shorewall when uninstalling Shorewall
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 11:58:05 -07:00
Tom Eastep
e4c2122532
Eliminate duplicate function names between lib.cli and lib.cli-std
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 11:45:45 -07:00
Tom Eastep
f16e666858
Redirect STDERR to STDOUT when using $PAGER
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-13 15:46:04 -07:00
Tom Eastep
b5f3294adb
Set SHOREWALL_SHELL=/sbin/sh if it isn't set and export or test
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-13 15:33:01 -07:00