Commit Graph

368 Commits

Author SHA1 Message Date
teastep
b66929a65e Large merge of function from EXPERIMENTAL to HEAD.
1) Elimination of the "shorewall monitor" command.

2) The /etc/shorewall/ipsec and /etc/shorewall/zones file are combined into
a single /etc/shorewall/zones file. This is done in an upwardly-compatible
way so that current users can continue to use their existing files.

3) Support has been added for the arp_ignore interface option.

4) DROPINVALID has been removed from shorewall.conf. Behavior is as if
DROPINVALID=No was specified.

5) The 'nobogons' option and BOGON_LOG_LEVEL are removed.

6) Error and warning messages have been made easier to spot by using
capitalization (e.g., ERROR: and WARNING:).

7) The /etc/shorewall/policy file now contains a new connection policy and a
policy for ESTABLISHED packets. Useful for users of snort-inline who want to
pass all packets to the QUEUE target.

8) A new 'critical' option has been added to /etc/shorewall/routestopped.
Shorewall insures communication between the firewall and 'critical' hosts
throughout start, restart, stop and clear. Useful for diskless firewall's
with NFS-mounted file systems, LDAP servers, Crossbow, etc.

9) Macros. Macros are very similar to actions but are easier to use, allow
parameter substitution and are more efficient. Almost all of the standard
actions have been converted to macros in the EXPERIMENTAL branch.

10) The default value of ADD_IP_ALIASES in shorewall.conf is changed to No.

11) If you have 'make' installed on your firewall, then when you use
the '-f' option to 'shorewall start' (as happens when you reboot),
if your /etc/shorewall/ directory contains files that were modified
after Shorewall was last restarted then Shorewall is started using
the config files rather than using the saved configuration.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2409 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-25 23:08:09 +00:00
teastep
aaecd53a29 Add 'shorewall show actions command'
Make it possible for the 'stopped' extension script to save commands in
the 'restore-tail' file by calling 'run_and_save_command' and
'save_command'


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2401 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-24 16:27:21 +00:00
teastep
1b5ac5c7d3 Make /sbin/shorewall issue a warning whenever startup is disabled
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2348 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-15 20:50:01 +00:00
paulgear
2a19eb8a5a Copy latest 2.4 version from Shorewall2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2264 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 05:55:29 +00:00
paulgear
90dd62e89e Copy latest 2.2 version from STABLE2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2263 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 05:45:05 +00:00
paulgear
921a7223d4 Copy latest 2.0 code from STABLE2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2262 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 04:45:32 +00:00
teastep
47c914a86b Fix multiple 'drop/reject' bug
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@727 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-24 15:36:13 +00:00
teastep
41de5afd06 Decommit per-interface dynamic blacklisting; warnings on 'unclean' dependencies
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@726 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-24 01:24:23 +00:00
teastep
b5c9917c79 Add RATE LIMIT column; allow multiple chains in a 'show' command
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@718 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-15 15:54:13 +00:00
teastep
b32b250743 Allow display of multiple chains in 'shorewall show'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@716 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-15 00:59:06 +00:00
teastep
b81591abfe Display interface-specific dynamic blacklisting chains in 'shorewall monitor' output
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@702 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-11 22:25:45 +00:00
teastep
a7c1270e07 Shorewall 1.4.6_20030727
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@679 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-27 18:17:39 +00:00
teastep
f7ea7cdd41 Snapshot 1.4.6_20030726
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@678 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-26 16:44:38 +00:00
teastep
9188253bd4 {
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@670 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-21 22:02:34 +00:00
teastep
2ec4e96fbd Export smarter ip_range() with the /sbin/shorewall iprange command
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@644 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-06 13:24:23 +00:00
teastep
eee8b28a8e Add undocumented 'call' commands to /sbin/shorewall and /usr/share/shorewall/firewall
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@636 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-05 17:56:11 +00:00
teastep
678e23918b Add undocumented 'call' commands to /sbin/shorewall and /usr/share/shorewall/firewall
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@635 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-05 17:55:43 +00:00
teastep
17a7a0492d Take care of some ipcalc anomalies
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@634 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-05 17:41:28 +00:00
teastep
134f5db118 Rename ip_cidr() to ip_vlsm()
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@633 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-05 17:23:53 +00:00
teastep
4f6f76ec72 Added ipcalc command to /sbin/shorewall
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@632 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-05 17:14:21 +00:00
teastep
06e38b587d SHOREWALL_SHELL parameter
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@621 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-28 15:22:22 +00:00
teastep
3e20e24c98 Clean up /sbin/shorewall TMP_DIR handling
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@592 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-14 03:24:17 +00:00
teastep
df034f6141 Clean up fix for INCLUDE
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@591 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-14 01:30:32 +00:00
teastep
89bb721da4 More ORIGINAL DEST fixes; restore last 'Hits' report
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@579 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-01 03:14:20 +00:00
teastep
d9268be1c4 List on original dest; debugging try
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@577 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-05-31 15:29:14 +00:00
teastep
e33573eff9 Change LOGMARKER/LOGFORMAT Implementation
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@566 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-05-21 21:36:05 +00:00
teastep
bbcbbca6b8 Implement LOGMARKER variable
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@546 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-04-25 16:22:18 +00:00
teastep
e2748d3245 More SHARED_DIR changes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@489 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-08 18:01:32 +00:00
teastep
2894700fcf Re-add 'check' -- delete trailing white space
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@475 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-27 22:28:06 +00:00
teastep
5f0d26d1b9 Remove 'check' command
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@470 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-25 16:21:41 +00:00
teastep
21cb22303f 1) Remove trailing white space.
2) Improve detection of white space in comma-separated lists.
3) Fix a typo in the INSTALL file.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@464 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-23 14:10:37 +00:00
teastep
5fe2bef29e Remove icmp.def; change versions to 1.4
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@449 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-15 00:09:44 +00:00
teastep
ef51c04d1d Shorewall 2.0.0 Alpha1
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@443 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-08 20:58:44 +00:00
teastep
4cf3600e5c Update copyrights
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@425 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-31 18:04:57 +00:00
teastep
a0cb5de22c Make FORWARDPING=Yes verboten under OLD_PING_HANDLING=No; make 'list' a synonym for 'show' in /sbin/shorewall
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@410 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-23 01:13:36 +00:00
teastep
feb0752113 Allow shared files to be moved easily
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@397 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-06 23:01:23 +00:00
teastep
1aa8a8b329 Remove overzealous quoting in RING_BELL
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@396 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-06 19:54:50 +00:00
teastep
1c8b19cfe8 Add headings for the NAT and Mangle tables in the output from 'shorewall status'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@374 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-19 23:35:21 +00:00
teastep
1220331e35 Add ULOG Support - phase II
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@363 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-13 04:06:24 +00:00
teastep
3ce524d2d8 Added "shorewall show classifiers" command
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@360 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-10 20:42:19 +00:00
teastep
dad45a396f Adopt some ideas from autoconf regarding shell portability
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@329 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-11-11 16:46:50 +00:00
teastep
fbebe29b4d Make bell-ringing echo command more robust
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@328 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-11-11 15:12:52 +00:00
teastep
b8f806e625 Accomodate bash clones like dash and ash
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@325 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-11-10 23:15:53 +00:00
teastep
f80e2d972d Automatically create the /var/lib/shorewall directory during 'save' processing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@315 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-29 03:24:38 +00:00
teastep
0eda4bab27 Conserve space by removing comment decorations
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@311 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-23 16:48:40 +00:00
teastep
93283cc0a3 Always process config file when running /sbin/shorewall
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@283 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-03 16:10:25 +00:00
teastep
129cedbe8f First implementation of dynamic zones
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@275 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-01 20:54:42 +00:00
teastep
c665fec5ef Cleanup of 1.3.9 for Bering
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@261 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-09-29 21:08:25 +00:00
teastep
f536d805b0 Move fireall, function and version to /usr/lib/shorewall
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@259 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-09-27 21:10:21 +00:00
teastep
7c84739589 Add counter reset time to log displays
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@246 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-09-17 23:53:46 +00:00
teastep
27952f3d4b Final 'New not SYN' implementation
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@176 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-08-06 18:45:13 +00:00
teastep
2344570e81 Change Version to 1.3.5
Save counter reset time/date in /var/lib/shorewall/restarted


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@146 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-07-22 22:31:07 +00:00
teastep
e899d2a8ab Untabify major files and fix 'hits' bug
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@114 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-07-05 22:24:40 +00:00
teastep
4bfbc19f47 Enhanced 'hits' command
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@99 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-06-29 22:41:30 +00:00
teastep
1cb43c539c Move the 'save' file to /var/lib/shorewall
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@76 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-06-16 17:56:45 +00:00
teastep
65e4f035b0 Move firewall, functions and version to /var/lib/shorewall
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@73 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-06-15 17:27:41 +00:00
teastep
69220bedfe Cosmetic changes to firewall and shorewall files
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@63 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-06-11 20:14:58 +00:00
teastep
52ef74cfb8 Correct missing argument to packet_log() in the "shorewall status" command.
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@62 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-06-10 16:53:18 +00:00
teastep
b50d647981 Correct several problems with dynamic rules.
Split NAT and Mangle tables into separate displays.
Add dynamic chain to the 'monitor' display.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@60 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-06-04 21:08:44 +00:00
teastep
0e4274e027 Update comments in 'shorewall' for new dynamic firewall commands.
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@59 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-06-04 20:58:53 +00:00
teastep
4e1b049250 Improve 'Allow' logic
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@58 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-06-04 20:39:00 +00:00
teastep
aac129f404 Add dynamic drop/reject/allow/save functions.
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@57 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-06-04 20:17:46 +00:00
teastep
5c9562c20a Add 'blacklist' command to /sbin/shorewall.
Correct 'try' command.
Update rfc1918 per Suggestion from Andy Wiggin


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@56 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-06-04 15:08:50 +00:00
teastep
ca9c02ce7f Fix problem with double-counting SYN packets.
Avoid superfluous jumps to the policy chain with CONTINUE.
Add reserved networks to rfc1918.
Implement MULTIPORT option for multiport match support.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@50 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-06-02 17:05:51 +00:00
teastep
5245e3b75a Final 1.3 Updates
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@41 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-05-30 12:55:47 +00:00
teastep
4c1193e4cd Near complete removal of the 'multi' pseudo-zone
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@31 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-05-18 19:04:45 +00:00
teastep
44170128c2 1.3 Beta 2 Snapshot
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@27 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-05-18 13:45:23 +00:00
teastep
7c78bb16a7 Initial revision
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@10 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-04-30 23:13:15 +00:00