Commit Graph

13167 Commits

Author SHA1 Message Date
Tom Eastep
b6ceb96ebe Add 'initdone' to the config file list in the conf basics article.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-22 07:57:18 -07:00
Tom Eastep
739013f248 Handle nfacct object lists in parens following an ipset name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-22 07:56:56 -07:00
Tom Eastep
6d57e7a0ce Mark a rule as complex if an option value is a reference.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-21 14:44:30 -07:00
Tom Eastep
0d39d7542e Update the Actions document re: CHAIN_SCRIPTS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-21 08:49:22 -07:00
Tom Eastep
5ad69aa650 Add CHAIN_SCRIPTS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-21 07:30:31 -07:00
Tom Eastep
a56dcc745d Clarify <chain>:COUNT in the accounting files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-20 17:11:46 -07:00
Tom Eastep
1b9fd642bb Add INLINE to the accounting file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-20 08:02:02 -07:00
Tom Eastep
7c8f1ae020 Correct HELPERS handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 16:35:19 -07:00
Tom Eastep
c5d4a63afe Describe a more complex dmz squid solution
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 14:15:40 -07:00
Tom Eastep
a9ce4c20f0 Add routefilter=0,logmartians=0 to Squid routing solution
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 13:52:01 -07:00
Tom Eastep
1fd62e1612 Restore order in the NFACCT target.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 11:11:37 -07:00
Tom Eastep
6c2679ce75 Allow incrementing an nfacct object when an ipset matches.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 10:44:57 -07:00
Tom Eastep
610bdf1aac Correct merge_rules() for LAST matches.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 08:40:01 -07:00
Tom Eastep
91c4dd2e56 Document multiple nfacct objects in one rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 06:38:02 -07:00
Tom Eastep
cbdca08fea Fix for multiple nfacct patch.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-18 16:37:54 -07:00
Tom Eastep
b87b4b61d8 Allow multiple nfacct matches in one accounting rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-18 16:14:57 -07:00
Tom Eastep
9c010691a3 Always place 'nfacct' last
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-18 15:26:34 -07:00
Tom Eastep
d3e9a2f7e8 Remove wrong entries from the helpers file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-18 15:25:18 -07:00
Tom Eastep
8ef11a376b Document 'HELPERS=none'.
- Also make 'check -u' work correctly regarding HELPERS=

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-18 11:30:47 -07:00
Tom Eastep
4d686e873b Implement 'HELPERS=none'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-18 10:30:56 -07:00
Tom Eastep
f55e34dd8b Don't allow options on targets that don't accept them.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-17 17:18:01 -07:00
Tom Eastep
668bd4a1a4 Accept complex log levels with INLINE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-17 16:59:14 -07:00
Tom Eastep
5d5f168f25 Don't clone rule unconditionally in format_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-17 13:35:32 -07:00
Tom Eastep
938bd72844 Better handling of the matches rule member.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-17 10:39:32 -07:00
Tom Eastep
ef01748dc9 Update manpages for INLINE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-17 07:34:00 -07:00
Tom Eastep
8b91575c9e Maintain order when multiple instances of a match are separated.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-17 06:52:32 -07:00
Tom Eastep
0da38cc38e Order matches in rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-12 11:37:29 -07:00
Tom Eastep
6950cd2576 Allow '-' in a match name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 18:30:02 -07:00
Tom Eastep
ff4fb21044 Require that the '-j' part of a free-form rule be known.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 18:29:45 -07:00
Tom Eastep
614c5e6155 Assume LOG if a level is specified with INLINE.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 14:16:34 -07:00
Tom Eastep
35b0b4a4f9 Support A_ACCEPT!
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 13:37:49 -07:00
Tom Eastep
c34cf333ba Allow both {...} and ';' with INLINE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 12:57:59 -07:00
Tom Eastep
b33bdeaa02 Allow a parameter to INLINE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 11:54:58 -07:00
Tom Eastep
38f3ae0934 Handle 'NONE' policy correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 09:35:27 -07:00
Tom Eastep
beec4a188f Implement INLINE action (again).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 09:15:59 -07:00
Tom Eastep
f85d548d40 Correct handling of MACLIST_DISPOSITION with MACLIST_TABLE=mangle
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 06:23:22 -07:00
Tom Eastep
ee2e85c0fb Correct generation of the blacklog chain when disposition is audited
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-10 16:43:38 -07:00
Tom Eastep
186f71fa96 Add NEW_TOS_MATCH capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-09 14:04:16 -07:00
Tom Eastep
477e2bc455 Additional corrections to INLINE action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-09 09:41:43 -07:00
Tom Eastep
273f109daf Correct handling of MACLIST_DISPOSITION=A_xxx when MACLIST_TABLE=mangle
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-09 09:37:12 -07:00
Tom Eastep
50494f667c Implement INLINE action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-08 17:30:00 -07:00
Tom Eastep
183a0a75a1 Implement 'builtin' actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-08 16:14:26 -07:00
James Shubin
f176f91b7e Added VRRP macro.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-05 12:37:46 -07:00
Tom Eastep
a56f485797 Add Xymon macro.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-05 08:49:33 -07:00
Tom Eastep
9e10c38e26 Don't emit 'quantum' calculation unless the qdisc is 'htb'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-03 08:39:18 -07:00
Tom Eastep
64e7675f45 Add note about rate-estimators in FAQ 97a
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-03 07:28:23 -07:00
Tom Eastep
ee66a45e2e Correct comments in the Chains module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-02 12:52:10 -07:00
Tom Eastep
190e43ff51 Correct typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-02 10:55:09 -07:00
Tom Eastep
c200efa6d7 Revert "Disable script generation while processing TC"
This reverts commit 5b18ff91ca.
2013-04-01 15:23:16 -07:00
Tom Eastep
efebda76d2 Improve the description of 'accept_ra' in shorewall6-interfaces(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-01 14:25:49 -07:00