Tom Eastep
|
6aa0ecae4f
|
Re-factor the code for saving/loading ipsets
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-14 15:15:47 -07:00 |
|
Tom Eastep
|
434e042494
|
Add the deprecated/ directories to the CONFIG_PATH
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-14 14:17:06 -07:00 |
|
Tom Eastep
|
9fa0df2fd1
|
Move the code that generates zap_ipsets() to after save_ipsets() generation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-14 09:56:48 -07:00 |
|
Tom Eastep
|
074655d1bd
|
Fix AUTOMAKE and the start command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-14 09:43:21 -07:00 |
|
Tom Eastep
|
216bc715e8
|
Clean up V4/V5 ipset enforcement
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-14 09:00:38 -07:00 |
|
Tom Eastep
|
dbd42e1d5d
|
More ipset fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-12 16:29:13 -07:00 |
|
Tuomo Soini
|
772f88b1fd
|
action.A_Reject: improve comment text
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-12 13:17:56 +03:00 |
|
Tuomo Soini
|
3e0b8c60a2
|
Reverse the order of ICMP and Broadcast checking in the default actions
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-12 10:12:29 +03:00 |
|
Tom Eastep
|
16afd880b2
|
Reverse the order of ICMP and Broadcast checking in the default actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-11 11:16:46 -07:00 |
|
Tom Eastep
|
76a5841fcd
|
Reverse the order of Broadcast and ICMP checking in the default actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-11 10:47:11 -07:00 |
|
Tom Eastep
|
9758e8cdc5
|
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
|
2016-04-11 10:41:44 -07:00 |
|
Tom Eastep
|
2cf3706864
|
Correct handling of a zone with two interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-11 10:32:26 -07:00 |
|
Tom Eastep
|
3028dafbac
|
Correct DBL 'src-dst' handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-11 09:13:17 -07:00 |
|
Tom Eastep
|
16a31c3d29
|
Make MINIUPNPD work with DOCKER
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-11 09:02:44 -07:00 |
|
Tom Eastep
|
d3f377e915
|
Don't double-save the dynamic blacklisting ipset
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-11 08:37:39 -07:00 |
|
Tuomo Soini
|
54a5748395
|
macros: RedisCluster and RedisSentinel
http://redis.io/topics/sentinel
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-11 14:39:21 +03:00 |
|
Tom Eastep
|
6c00f72f44
|
Create ipsets with the 'counters' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-10 18:09:41 -07:00 |
|
Tom Eastep
|
deaaecdf1c
|
Add 'nodbl' interface option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-10 16:09:39 -07:00 |
|
Tom Eastep
|
05e4049174
|
Ipset-based blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-10 16:07:56 -07:00 |
|
Tom Eastep
|
ef10515a42
|
Correct FASTACCEPT description
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-10 07:20:45 -07:00 |
|
Tom Eastep
|
5db6cb1b7d
|
Correct load_ipsets()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-09 16:07:10 -07:00 |
|
Tom Eastep
|
76c8917aa7
|
Add a sixth parameter to Drop and Reject
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-08 09:10:45 -07:00 |
|
Tom Eastep
|
be58d530c4
|
Document 'logjump'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-08 09:09:59 -07:00 |
|
Tom Eastep
|
321476fd51
|
Tweak terminating() implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-08 08:24:57 -07:00 |
|
Tom Eastep
|
bd6b32eb25
|
Add a progress message for REJECT_ACTION processing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-07 10:30:54 -07:00 |
|
Tom Eastep
|
4fdf54eca1
|
Tweak process_reject_action()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-07 10:02:48 -07:00 |
|
Tom Eastep
|
70bbd21b35
|
Ensure that the REJECT_ACTION is terminating
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-07 09:34:38 -07:00 |
|
Tom Eastep
|
87a9b95f73
|
Catch case where a transformed rule jumps to its own chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-07 08:58:50 -07:00 |
|
Tom Eastep
|
ecd7261365
|
Use -g when target is a terminating chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-07 08:48:36 -07:00 |
|
Tom Eastep
|
293cd1d66a
|
Always go to the reject chain rather than jump to it
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-06 09:14:06 -07:00 |
|
Tom Eastep
|
436b5d89ce
|
Correct comment
- The chain will only exist if logging wasn't specified for the same
disposition.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-06 08:50:29 -07:00 |
|
Tom Eastep
|
26795cf082
|
Correct setup of $usedactions{A_REJECT}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-06 08:18:36 -07:00 |
|
Tom Eastep
|
95e4071f34
|
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
|
2016-04-06 07:42:46 -07:00 |
|
Tuomo Soini
|
20179a5c9d
|
remove completely false README.txt
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-06 10:23:58 +03:00 |
|
Tom Eastep
|
b7e6893f7d
|
Restore DropUPnP behavior in Reject
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-05 20:00:15 -07:00 |
|
Tom Eastep
|
3ac3ae279f
|
Add A_REJECT action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-05 16:38:39 -07:00 |
|
Tom Eastep
|
54843c617d
|
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
|
2016-04-05 11:46:42 -07:00 |
|
Tom Eastep
|
e9467326f3
|
Allow allow REJECT to take a parameter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-05 11:20:44 -07:00 |
|
Tuomo Soini
|
80bf77e8a8
|
modules.xtables: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:31:36 +03:00 |
|
Tuomo Soini
|
1e5ebee799
|
modules.tc: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:31:36 +03:00 |
|
Tuomo Soini
|
74fe7b302e
|
modules.ipset: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:31:36 +03:00 |
|
Tuomo Soini
|
d70e18535b
|
modules.extensions: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:31:36 +03:00 |
|
Tuomo Soini
|
64a6b36918
|
modules.essential: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:31:36 +03:00 |
|
Tuomo Soini
|
2962809243
|
action.Untracked: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
23a91d7c26
|
action.template: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
30b2b2dcb4
|
action.TCPFlags: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
46a86cfa58
|
action.SetEvent: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
ad2dfd9eaf
|
action.RST: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
001aabf72c
|
action.ResetEvent: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
7052819a9c
|
action.Related: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
2b1244c110
|
action.Reject: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
94803b63b1
|
action.NotSyn: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
5f33cb5d0a
|
action.New: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
deda26c790
|
action.mangletemplate: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
f9f349a148
|
action.Invalid: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
2842e897c9
|
action.IfEvent: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
de44a16094
|
action.GlusterFS: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
6560e74c2c
|
action.Established: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
f7ddf3008d
|
action.DropSmurfs: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
cb608172d3
|
action.dropInvalid: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
f806010521
|
action.Drop: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
205254e043
|
action.DNSAmp: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
a7efa12fff
|
action.Broadcast: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
95c4f2d7f6
|
action.AutoBLL: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
89189f7836
|
action.AutoBL: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
c2e3156e5c
|
action.A_Reject: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
ffe9f88c07
|
action.allowInvalid: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tuomo Soini
|
e4c9c83e2b
|
action.A_Drop: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
|
2016-04-05 20:13:55 +03:00 |
|
Tom Eastep
|
77a93d10a4
|
Don't pass an argument to DropUPnP out of Drop and Reject
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-04 15:55:48 -07:00 |
|
Tom Eastep
|
75df718865
|
Reword comment in push_action_params()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-04 09:41:28 -07:00 |
|
Tom Eastep
|
ae8e2f70ea
|
Efficiency change to known_interface()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-03 17:34:02 -07:00 |
|
Tom Eastep
|
39f5b77e5f
|
Fix known_interface()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-03 16:31:45 -07:00 |
|
Tom Eastep
|
cb5a2519f3
|
Keep hyphens in @chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-03 16:30:31 -07:00 |
|
Tom Eastep
|
4151f7c504
|
Revert change to log_[i]rule_limit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-03 16:29:52 -07:00 |
|
Tom Eastep
|
054837aeea
|
Use the real chain name in log messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-03 13:04:25 -07:00 |
|
Tom Eastep
|
b637d303b9
|
Correct use of a physical interface name in the hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-02 17:27:20 -07:00 |
|
Tom Eastep
|
0dbf42424d
|
Make physical name a synonym for the correcponding logical name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-02 10:04:05 -07:00 |
|
Tom Eastep
|
f22e8d6d55
|
Allow physical interface to work in the ecn file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-01 15:10:49 -07:00 |
|
Tom Eastep
|
d98305c6f4
|
Correct default for MINIUPNOD
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-01 12:20:42 -07:00 |
|
Tom Eastep
|
3cbfdadb32
|
Merge branch '5.0.7'
|
2016-04-01 09:46:53 -07:00 |
|
Tom Eastep
|
81d76e3817
|
Document + in the MODULESDIR setting.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-01 09:43:06 -07:00 |
|
Tom Eastep
|
df1b1f6768
|
Add MINIUPNPD option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-01 08:57:08 -07:00 |
|
Tom Eastep
|
3881b38e02
|
Fix similar INTERFACE column issue in the nat and netmap files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-31 14:16:43 -07:00 |
|
Tom Eastep
|
8a8f3b6f59
|
Merge branch '5.0.7'
|
2016-03-31 12:55:16 -07:00 |
|
Tom Eastep
|
b9bed00123
|
Correct handling of a physical name in a masq rule
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-31 12:52:30 -07:00 |
|
Tom Eastep
|
38aa7797c4
|
Allow protocol and user lists in actions and macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-30 08:34:42 -07:00 |
|
Tom Eastep
|
404540ffe1
|
Merge branch '5.0.7'
|
2016-03-30 08:17:19 -07:00 |
|
Tom Eastep
|
dd3c0daa08
|
Handle inline matches correctly in the mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-29 13:33:47 -07:00 |
|
Tom Eastep
|
4fddfcfba0
|
More complete fix for inline matches
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-29 13:15:01 -07:00 |
|
Tom Eastep
|
421d5f6043
|
Move Raw matches to last.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-29 09:31:27 -07:00 |
|
Tom Eastep
|
382ab380a2
|
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
|
2016-03-29 07:36:49 -07:00 |
|
Tuomo Soini
|
2342c7cd9c
|
Perl/Shorewall/Chains.pm: Fix warning with older perl
|
2016-03-29 09:58:33 +03:00 |
|
Tom Eastep
|
66ae4975b2
|
Allow :R with DIVERT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-28 15:52:49 -07:00 |
|
Tom Eastep
|
5b7a9db170
|
Correct clearing of inline matches
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-28 15:48:59 -07:00 |
|
Roberto C. Sánchez
|
899a317c95
|
Fix typos
|
2016-03-26 22:25:30 -04:00 |
|
Tom Eastep
|
ad87d94e33
|
Small efficiency change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-26 13:12:33 -07:00 |
|
Tom Eastep
|
f86abf9552
|
Eliminate @columnstack -- simple save the columns array on the call stack.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-22 10:49:40 -07:00 |
|
Tom Eastep
|
9fe1a34412
|
Tighten up editing of configuration options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-21 12:03:45 -07:00 |
|
Tom Eastep
|
abe533b6e3
|
Correct the action on ingress filters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-19 13:45:33 -07:00 |
|
Tom Eastep
|
1c3140789c
|
Add stab to ingress qdiscs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-19 13:25:39 -07:00 |
|
Tom Eastep
|
0399a346d0
|
Replace a silly line of code.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-19 12:05:45 -07:00 |
|
Tom Eastep
|
6ed3861d76
|
Correct Mangle Action Handling for second visit to the same action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-18 15:25:52 -07:00 |
|
Tom Eastep
|
7a18847c14
|
Correct handling of log level in a _DEFAULT setting.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-18 15:25:14 -07:00 |
|
Tom Eastep
|
273c89a753
|
Implement MARK and CONNMARK in the rules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-18 11:42:58 -07:00 |
|
Tom Eastep
|
2bebf1c95a
|
Make '&' and '|' work with CONNMARK
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-18 11:30:52 -07:00 |
|
Tom Eastep
|
18573037f9
|
More 'check -r' fixes around Docker
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-18 11:09:39 -07:00 |
|
Tom Eastep
|
818628138b
|
Add MARK and CONNMARK to the %targets table
- Also, sort the table entries
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-18 10:21:35 -07:00 |
|
Tom Eastep
|
2adec0eb65
|
Implement a filename cache for find_file()
- Don't need to search the CONFIG_PATH for re-open of same file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-18 09:45:41 -07:00 |
|
Tom Eastep
|
6ae94767b7
|
Correct a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-18 08:31:52 -07:00 |
|
Tom Eastep
|
9f26c010ac
|
Remove embedded Perl from allowInvalid and dropInvalid
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-17 08:59:29 -07:00 |
|
Tom Eastep
|
9ab2310dc8
|
Correct an incorrect comment in process_rules()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-17 08:47:33 -07:00 |
|
Tom Eastep
|
c9c5f0174c
|
Remove trailing blank lines from action.TCPFlags
|
2016-03-16 14:54:05 -07:00 |
|
Tom Eastep
|
da0653cb2f
|
Declare passed() in Shorewall::User rather than importing it from Config
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-15 14:16:15 -07:00 |
|
Tom Eastep
|
65ce6ed226
|
Update modules to use passed() for parameter testing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-15 12:06:32 -07:00 |
|
Tom Eastep
|
eb9dd3e485
|
Implement passed() in Config.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-15 12:00:56 -07:00 |
|
Tom Eastep
|
796f191d48
|
Don't re-stat action files in process_action()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-15 09:03:36 -07:00 |
|
Tom Eastep
|
71c26beab4
|
Remove dead code (caused by bad test)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-14 17:56:34 -07:00 |
|
Tom Eastep
|
6f04902963
|
Make use of 'state=' in actions a fatal error
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-14 17:55:54 -07:00 |
|
Tom Eastep
|
bd2295c4c3
|
Avoid embedded Perl in the Broadcast action when ADDRTYPE is available
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-14 15:57:32 -07:00 |
|
Tom Eastep
|
901c6d34f6
|
Correct typo in Rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-14 15:56:57 -07:00 |
|
Tom Eastep
|
741da14789
|
Ignore 'state' in the actions file with a warning
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-14 15:46:29 -07:00 |
|
Tom Eastep
|
34c3828b7c
|
Fix action.Related
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-14 15:44:16 -07:00 |
|
Tom Eastep
|
eed7692952
|
Document the state action option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-14 15:15:32 -07:00 |
|
Tom Eastep
|
3c544b20e6
|
Convert the state actions to use the 'state' action option
- Also avoid the CLI having to know about builtin actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-14 14:54:09 -07:00 |
|
Tom Eastep
|
dd547c90a8
|
Implement the 'state' action option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-14 14:30:36 -07:00 |
|
Tom Eastep
|
35fac8c2ea
|
Avoid repeated %actions lookup in process_action()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-14 12:37:45 -07:00 |
|
Tom Eastep
|
513b828788
|
Pass '$prerule' to process_inline()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-14 10:56:07 -07:00 |
|
Tom Eastep
|
28e0cb5335
|
Use filename stored in the actions table
- Avoid a find_file call on each action invocation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-14 10:55:39 -07:00 |
|
Tom Eastep
|
c631173310
|
Eliminate the %inlines table
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-14 10:47:18 -07:00 |
|
Tom Eastep
|
95da427ea8
|
Update manpages for 'audit' actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-13 15:53:31 -07:00 |
|
Tom Eastep
|
2c14b7c9e3
|
Rename %actparms to %actparams
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-13 15:36:38 -07:00 |
|
Tom Eastep
|
8e7af2e95e
|
Additional editing of audit action parameters.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-13 15:28:49 -07:00 |
|
Tom Eastep
|
6be4fd377f
|
Make RST and NotSyn 'audit' actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-13 14:40:12 -07:00 |
|
Tom Eastep
|
44c0bffcd3
|
Add 'audit' option to actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-13 14:39:46 -07:00 |
|
Tom Eastep
|
2c3644a510
|
Make Action/Inline binary options into a bitmap
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-13 14:15:43 -07:00 |
|
Tom Eastep
|
407bc8f8db
|
More prerule fixes in expand_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-13 12:57:23 -07:00 |
|
Tom Eastep
|
2743a411ae
|
Add a jump to DOCKER from OUTPUT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-13 12:51:36 -07:00 |
|
Tom Eastep
|
1a23e840d7
|
Restore NotSyn rule in action.Reject
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-13 12:21:24 -07:00 |
|
Tom Eastep
|
bed747c20b
|
Restore NotSyn and RST logic using perl_action_tcp_helper()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-13 10:49:23 -07:00 |
|
Tom Eastep
|
c2fd48c4c6
|
Include pre-rule matches when the target is a chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-13 10:08:17 -07:00 |
|
Tom Eastep
|
054637880b
|
Cleanup of Standard Actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-13 10:06:02 -07:00 |
|
Tom Eastep
|
5f01bc75bd
|
Better fix for $current_param in the INLINE block of process_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-12 18:28:27 -08:00 |
|
Tom Eastep
|
0e59b82503
|
Handle '+' in inline matches the mangle and masq files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-12 17:14:15 -08:00 |
|
Tom Eastep
|
33343aaf17
|
Modify TCP-specific actions to use + in inline_matches
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-12 17:01:52 -08:00 |
|
Tom Eastep
|
90ace544eb
|
Implement '+' to specify inline matches as "early"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-12 16:39:46 -08:00 |
|
Tom Eastep
|
c36cee28fb
|
Save/Restore $current_param in process_inline()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-12 16:39:08 -08:00 |
|
Tom Eastep
|
df5f34951c
|
Correct actions
- Restore the TCP-related actions
- Correct typo in action.Drop
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-12 15:09:31 -08:00 |
|
Tom Eastep
|
ec2ebee0e6
|
Clear inline matches between calls to process_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-12 15:08:47 -08:00 |
|
Tom Eastep
|
a50c52675b
|
Correct a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-12 15:08:04 -08:00 |
|
Tom Eastep
|
bb7b3123df
|
Eliminate ?begin perl ... ?end Perl in many actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-12 12:15:07 -08:00 |
|