shorewall_code

mirror of https://gitlab.com/shorewall/code.git synced 2024-11-25 00:53:49 +01:00

Author	SHA1	Message	Date
Tom Eastep	467cc4c252	Correct src-dst single exclusion Match the destination address in the output chain Signed-off-by: Tom Eastep <teastep@shorewall.net>	2024-03-08 11:50:49 -08:00
Tom Eastep	a9359d2610	Update $globals{VERSION} Signed-off-by: Tom Eastep <teastep@shorewall.net>	2024-03-07 15:41:15 -08:00
Tom Eastep	9479b83c48	Correct add_dbl_exclution_ijump() Signed-off-by: Tom Eastep <teastep@shorewall.net>	2024-03-07 14:18:06 -08:00
Tom Eastep	f37a74a667	Add a comment Signed-off-by: Tom Eastep <teastep@shorewall.net>	2024-03-07 12:30:37 -08:00
Tom Eastep	0ecf0703dc	Correct classic blacklisting - No filtering in the OUTPUT chain - Correct ipsec filtering Signed-off-by: Tom Eastep <teastep@shorewall.net>	2024-03-07 12:26:59 -08:00
Tom Eastep	f1317f919f	Handle ipsec correctly in ipset-based dynamic blacklisting Signed-off-by: Tom Eastep <teastep@shorewall.net>	2024-03-06 20:26:58 -08:00
Tom Eastep	cbe2935fce	Handle 'nodbl' in complex host definitions Signed-off-by: Tom Eastep <teastep@shorewall.net>	2024-03-06 17:18:50 -08:00
Tom Eastep	a9c2ee3a76	Major cleanup of DYNAMIC_BLACKLIST code 1) Avoid having to parse the setting in the Zones, Misc and rules modules 2) Apply ipset match rule after dealing with exclusions rather than before 3) Correct handling of src-dst Signed-off-by: Tom Eastep <teastep@shorewall.net>	2024-03-05 14:45:41 -08:00
Tom Eastep	dfd40ee208	Factor out ipset match rule generateion Signed-off-by: Tom Eastep <teastep@shorewall.net>	2024-03-04 13:44:23 -08:00
Tom Eastep	8d0dba349c	Shorten DBL exclusion chain names Signed-off-by: Tom Eastep <teastep@shorewall.net>	2024-03-04 12:10:56 -08:00
Tom Eastep	f21d8b2a27	Correct parsing of the hosts file: 1) Fixed IPv6 parsing of the HOSTS column 2) Properly detect IPv4 loopback violations Signed-off-by: Tom Eastep <teastep@shorewall.net>	2024-03-03 09:54:33 -08:00
Tom Eastep	11fb1ab6cf	Insert comments into add_common_rules() Signed-off-by: Tom Eastep <teastep@shorewall.net>	2024-03-02 19:51:18 -08:00
Tom Eastep	e8f28fa564	Allow 'nodbl' for classic blacklisting Signed-off-by: Tom Eastep <teastep@shorewall.net>	2024-03-02 16:16:02 -08:00
Tom Eastep	337a4bd6ec	Use shorter names for dbl exclusion chains Signed-off-by: Tom Eastep <teastep@shorewall.net>	2024-03-02 14:54:45 -08:00
Tom Eastep	91d5dbb7ba	Fix some blacklisting bugs: - src-dst didn't work - typo in shorewall.conf(5) Signed-off-by: Tom Eastep <teastep@shorewall.net>	2024-03-02 13:53:31 -08:00
Tom Eastep	4ca77b109c	Replace bizarre {dbl} encoding (what was I smoking when I wrote that code?) Signed-off-by: Tom Eastep <teastep@shorewall.net>	2024-03-02 10:40:12 -08:00
Tom Eastep	f928b4d6fc	Add a comment Signed-off-by: Tom Eastep <teastep@shorewall.net>	2024-03-02 08:45:46 -08:00
Tom Eastep	a3abafa98b	Add a 'nodbl' option for the hosts file. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2024-03-02 08:33:36 -08:00
Tom Eastep	69f0d4d881	Simon Mater's patch to support gbits and gbps in rate/burst specifications Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-10-09 09:39:01 -07:00
Tom Eastep	34c59dca32	Don't export interface_is_plain() - It was used in a superseded change Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-19 11:38:41 -07:00
Tom Eastep	9aa2a4b704	Use less obscure code to set $call_generate_all_acasts; Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-19 11:20:10 -07:00
Tom Eastep	d363809859	Complete the table documentation at the top of the file Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-18 13:44:41 -07:00
Tom Eastep	126c5ccd53	Include administrative host name in status output Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-15 15:16:23 -07:00
Tom Eastep	8d4e79650e	Refactor ALL_ACASTS code Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-11 15:58:59 -07:00
Tom Eastep	b253be8a69	Localize to IPv6 the effect of generating ALL_ACASTS during 'restore' Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-11 14:35:17 -07:00
Tom Eastep	4385264dc3	Revert "Delete superfuous 'use' statements" This reverts commit `fe7bb4abca`.	2020-09-11 13:43:14 -07:00
Tom Eastep	6cab1c3c8c	Generate ALL_ACASTS during 'restore' processing Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-11 13:11:44 -07:00
Tom Eastep	fe7bb4abca	Delete superfuous 'use' statements Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-11 12:56:37 -07:00
Tom Eastep	63b477a4de	Clean up ALL_ACASTS generation Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-10 15:59:33 -07:00
Tom Eastep	2166251b97	Correct physwild/wildcard usage Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-10 15:59:16 -07:00
Tom Eastep	9e6aec7687	Correct usage of $physwild, replacing with $wildcard Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-10 13:20:20 -07:00
Tom Eastep	b154803f22	Rename 'noanycast' to 'omitanycast' Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-10 09:59:45 -07:00
Tom Eastep	6120eba8f9	Correct generation of code for 'noanycast' Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-09 11:51:38 -07:00
Tom Eastep	4253f23d6b	Add 'noanycast' interface option Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-07 13:47:56 -07:00
Tom Eastep	0b80856eb6	Correct IPv6 ACK handling in Simple TC Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-08-01 17:10:00 -07:00
Tom Eastep	ac221348c0	Add an SPORT column to the tcpri file Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-09 14:15:03 -07:00
Tom Eastep	4b3f9ae1e7	Clean up the connmark implementation Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-07 18:23:39 -07:00
Tom Eastep	89201bd294	Add TC connmark support Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-07 16:44:20 -07:00
Tom Eastep	b617c8d224	Rodrigo Araujo's tc connmark patch Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-07 14:28:21 -07:00
Tom Eastep	4469ddb861	Don't apply the deprecated directory more than once Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-06 15:38:28 -07:00
Tom Eastep	cd5409d633	Take care of '$LOG_LEVEL' during update Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-06 15:38:01 -07:00
Tom Eastep	2f58d4e368	Don't create a zone forwarding chain for local zones Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-06 09:06:03 -07:00
Tom Eastep	628f5f0903	Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code	2020-07-05 15:31:03 -07:00
Tom Eastep	ce73c783dc	Avoid Perl diagnostic when updating shorewall[6].conf Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-05 15:29:34 -07:00
Tom Eastep	e7318459f1	Avoid double colons in the CONFIG_PATH Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-05 15:27:47 -07:00
Tom Eastep	467d41f0cc	Merge branch '5.2.6' Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-05 13:23:48 -07:00
Tom Eastep	b761a6eaa0	Call optimize_policy_chains() after doing other ruleset optimization - This insures that ACCEPT policy chains are optimized when EXPAND_POLICIES=No Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-04 10:40:43 -07:00
Tom Eastep	f8b7815375	Call optimize_policy_chains() after doing other ruleset optimization - This insures that ACCEPT policy chains are optimized when EXPAND_POLICIES=No Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-04 09:49:28 -07:00
Tom Eastep	3dc14e3575	Work around for Centos 7 iptables bug Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-06-29 11:27:14 -07:00
Tom Eastep	7ba6ac71e3	Delete blank line Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-06-28 20:41:21 -07:00

1 2 3 4 5 ...

4198 Commits