Tom Eastep
|
c597eb25fc
|
Delete QUOTA_MATCH
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-08-16 05:39:28 -07:00 |
|
Tom Eastep
|
bc706324e9
|
Add an ALL section to the rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-08-15 15:32:24 -07:00 |
|
Tom Eastep
|
d5290fc881
|
Correct typo that caused an internal error
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-08-15 10:11:12 -07:00 |
|
Tom Eastep
|
0b2a8b12c7
|
Implement Stateless NAT support.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-08-14 12:01:17 -07:00 |
|
Tom Eastep
|
71480ff647
|
Validate nets in the netmap file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-08-13 15:59:42 -07:00 |
|
Tom Eastep
|
97121116a3
|
Add rawpost table detection
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-08-13 11:14:29 -07:00 |
|
Tom Eastep
|
37b08dd991
|
Merge branch '4.4.22'
|
2011-08-13 10:48:27 -07:00 |
|
Tom Eastep
|
dec4f4f186
|
Separate target and targetopts in add_ijump calls.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-08-13 09:56:14 -07:00 |
|
Tom Eastep
|
b1b323191c
|
Merge branch '4.4.22'
|
2011-08-11 20:19:47 -07:00 |
|
Tom Eastep
|
786455b287
|
Unlink .bak file if no changes to .conf.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-08-11 20:19:30 -07:00 |
|
Tom Eastep
|
39c71418da
|
Merge branch '4.4.22'
|
2011-08-10 09:34:37 -07:00 |
|
Tom Eastep
|
7708c251db
|
Fix ECN when MANGLE_FORWARD is not available.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-08-10 09:34:15 -07:00 |
|
Tom Eastep
|
8eff66dcfd
|
Fix handling or ORIGINAL DEST when CONNTRACK_MATCH is not available
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-08-10 07:12:13 -07:00 |
|
Tom Eastep
|
67c1fa1e63
|
Fix old state match
|
2011-08-08 20:35:55 -07:00 |
|
Tom Eastep
|
8fe064914b
|
Fix old state match
|
2011-08-08 20:32:02 -07:00 |
|
Tom Eastep
|
4824c9b8ff
|
Add QUOTA_MATCH capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-08-08 14:37:47 -07:00 |
|
Tom Eastep
|
35457f4e95
|
Remove she-bang from lib.*
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-08-03 07:54:46 -07:00 |
|
Tom Eastep
|
b0fe8e1e60
|
Merge branch '4.4.22'
|
2011-08-03 07:20:57 -07:00 |
|
Tom Eastep
|
a548bddea8
|
Remove she-bang from first line of prog.header*
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-08-03 07:20:34 -07:00 |
|
Tom Eastep
|
679de4ccf6
|
Apply Orion Poplawski's 'qtnoin' patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-08-02 16:51:49 -07:00 |
|
Tom Eastep
|
50a29f6858
|
Correct detection of OLD_IPSET_MATCH when LOAD_MODULES_ONLY=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-08-02 11:58:54 -07:00 |
|
Tom Eastep
|
ae0cffa588
|
Fix handling of zone names beginning with 'all'
|
2011-08-02 09:13:23 -07:00 |
|
Tom Eastep
|
d358285d56
|
Remove obsolete comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-31 11:34:46 -07:00 |
|
Tom Eastep
|
f675513383
|
Make 'build' work on a Mac
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-30 10:57:32 -07:00 |
|
Tom Eastep
|
512273fa91
|
Avoid undefined reference in Shorewall::rules::save_policies
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-30 07:04:42 -07:00 |
|
Tom Eastep
|
42ae3ba581
|
Cleaner fix for TCP_FLAGS_DISPOSITION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-30 06:57:18 -07:00 |
|
Tom Eastep
|
d9fe6e7a42
|
Handle missing TCP_FLAGS_DISPOSITION setting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-28 15:56:34 -07:00 |
|
Tom Eastep
|
6c025d20c9
|
Fix Shorewall6 Kernel Version test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-28 15:53:35 -07:00 |
|
Tom Eastep
|
a992ec594a
|
Accomodate kernel version 3.0
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-27 17:03:27 -07:00 |
|
Tom Eastep
|
33f7822df9
|
Correct 'action' editing RE in parameterized actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-25 09:16:22 -07:00 |
|
Tom Eastep
|
a18c502796
|
Correct reference counting in one more place in expand_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-25 07:42:01 -07:00 |
|
Tom Eastep
|
ecd2e2276e
|
Add some comments and remove extra whitespace
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-25 06:56:05 -07:00 |
|
Tom Eastep
|
215e923562
|
A little cleanup
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-24 16:17:22 -07:00 |
|
Tom Eastep
|
703bc88bfd
|
Move merge_rules() back to where it was.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-24 15:06:42 -07:00 |
|
Tom Eastep
|
6300d6cbfc
|
Validate 'action' parameter to the new parameterized actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-24 11:46:57 -07:00 |
|
Tom Eastep
|
ac5a6f4471
|
Cleanup of progress messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-24 09:13:46 -07:00 |
|
Tom Eastep
|
f2c9647579
|
Set empty target in rules created via add_irule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-24 08:28:43 -07:00 |
|
Tom Eastep
|
e693665be1
|
Add correct reference counting to merge_rules()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-24 08:03:45 -07:00 |
|
Tom Eastep
|
ea4b8cdb6f
|
Exempt policy chains from optimization level 8.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-23 16:34:01 -07:00 |
|
Tom Eastep
|
b789d825f8
|
Unify the setting of $targetref and $jump
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-23 14:47:16 -07:00 |
|
Tom Eastep
|
83e6e2f105
|
Another fix for reference counting.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-23 13:54:56 -07:00 |
|
Tom Eastep
|
028fc20741
|
Correct reference accounting when long port lists are split
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-23 07:31:58 -07:00 |
|
Tom Eastep
|
3d616980a6
|
Don't delete the {target} member in clear_rule_target() but instead set it to ''
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-23 07:30:56 -07:00 |
|
Tom Eastep
|
567993292f
|
Some efficiency changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-22 17:48:14 -07:00 |
|
Tom Eastep
|
5764e7899b
|
Rename combined chains created by optimization level 8
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-22 14:12:03 -07:00 |
|
Tom Eastep
|
22463e451d
|
More efficient method of generating rule strings for comparison
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-22 11:06:29 -07:00 |
|
Tom Eastep
|
1d24f28c83
|
Rename %special -> %opttype
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-22 11:06:03 -07:00 |
|
Tom Eastep
|
bfd63dcace
|
Revert LOGLIMIT conversion change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-22 07:53:30 -07:00 |
|
Tom Eastep
|
2adf2883d5
|
Revert addition of do_i functions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-22 07:23:13 -07:00 |
|
Tom Eastep
|
5e190f4e4e
|
Implement '_i' equivalents of all do_ functions.
Also implements handling of long port lists in new-format rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-22 06:22:52 -07:00 |
|
Tom Eastep
|
0791ea6698
|
Make 'KLUDGEFREE' a global to make it faster to test.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-21 12:57:20 -07:00 |
|
Tom Eastep
|
4eeb233d95
|
A little reorg to prepare for moving long port list remediation to the new chain structure.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-20 18:52:20 -07:00 |
|
Tom Eastep
|
705ffbca49
|
Fix for LOGMARK(<list>)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-20 17:33:31 -07:00 |
|
Tom Eastep
|
a7ab53e135
|
Trap '!' in port columns.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-20 15:55:18 -07:00 |
|
Tom Eastep
|
32a8b254a0
|
Some optimizations in the new rule infrastructure
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-20 15:53:00 -07:00 |
|
Tom Eastep
|
ca655a6f52
|
Use add_ijump for all jump 'irules'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-20 07:30:49 -07:00 |
|
Tom Eastep
|
12b5aa687b
|
More conversion to new rule interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-19 11:58:10 -07:00 |
|
Tom Eastep
|
f8be76f471
|
Make LOGMARK work without a parameter.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-19 11:57:12 -07:00 |
|
Tom Eastep
|
8b56e16bf9
|
Fix LOGMARK
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-19 06:54:41 -07:00 |
|
Tom Eastep
|
58de3dd3c1
|
Fix :persistent and :random in /etc/shorewall/masq
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-18 15:35:07 -07:00 |
|
Tom Eastep
|
346df62cc6
|
Support long-form iptables options.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-18 13:47:52 -07:00 |
|
Tom Eastep
|
796f3b6668
|
Correct cmdlevel settings in irules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-18 10:05:39 -07:00 |
|
Tom Eastep
|
1e89074bf8
|
Correct tracing of nested rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-18 09:46:41 -07:00 |
|
Tom Eastep
|
a80b04bd74
|
Correct formatting of empty arguments to add_commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-18 09:45:59 -07:00 |
|
Tom Eastep
|
bfd69c33c7
|
Correctly format empty arguments to add_commands()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-18 09:19:52 -07:00 |
|
Tom Eastep
|
043fb8757c
|
Convert Rules.pm infrastructure to use the new rule interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-18 08:29:42 -07:00 |
|
Tom Eastep
|
7aa7cd54c2
|
Convert Providers.pm to use the new rules interface.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-18 07:43:25 -07:00 |
|
Tom Eastep
|
3c60f107b7
|
Convert generate_matrix() to use the new rules interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-18 07:24:21 -07:00 |
|
Tom Eastep
|
2efa2796d3
|
More new rule interface calls in the Misc module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-17 15:12:58 -07:00 |
|
Tom Eastep
|
b2305ca9cf
|
Convert Tunnels file to use irules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-17 11:33:01 -07:00 |
|
Tom Eastep
|
a211f8fd0f
|
Infrastructure for new rule interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-17 10:37:15 -07:00 |
|
Tom Eastep
|
f3f535abac
|
POC of new rule interface
Also removed FAKE_AUDIT option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-17 08:35:09 -07:00 |
|
Tom Eastep
|
950c32d46b
|
Convert add_commands() calls to the equivalent add_rule() calls.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-16 16:31:29 -07:00 |
|
Tom Eastep
|
03913019d8
|
Mark DHCP rules for the convenience of move_rules().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-16 15:34:57 -07:00 |
|
Tom Eastep
|
27621fa0f9
|
Impose some structure on setting rule options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-16 14:46:34 -07:00 |
|
Tom Eastep
|
0f742187ae
|
Implement intermediate rule representation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-16 09:41:53 -07:00 |
|
Tom Eastep
|
9661b445f2
|
Make install/uninstall files version independent
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-13 07:29:47 -07:00 |
|
Tom Eastep
|
d1b8d7b953
|
Make perl modules version-neutral
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-10 15:10:27 -07:00 |
|
Tom Eastep
|
11c580de54
|
Fix exclusion in IPv6 hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-09 17:27:09 -07:00 |
|
Tom Eastep
|
e21ff03339
|
Fix ipsets in IPv6 hosts file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-09 16:17:35 -07:00 |
|
Tom Eastep
|
fbeddca6a4
|
Another IPv6 ipset issue (z:!+set in the DEST column)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-09 15:40:18 -07:00 |
|
Tom Eastep
|
a998476d00
|
Correct Accounting module version
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-09 07:08:47 -07:00 |
|
Tom Eastep
|
6c802d3353
|
Tighten up source and dest checking in expand_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-09 07:08:39 -07:00 |
|
Tom Eastep
|
1f30976790
|
Correct change that tightened editing of IPv6 addresses
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-08 18:34:33 -07:00 |
|
Tom Eastep
|
22f1d1ba89
|
Another fix for IPv6 and IPSETs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-08 16:31:35 -07:00 |
|
Tom Eastep
|
a8daff0008
|
Correct handling of <interface>:+<ipset> in Shorewall6.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-08 15:57:08 -07:00 |
|
Tom Eastep
|
b70666eaf6
|
Move .spec files to release/
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-08 10:07:08 -07:00 |
|
Tom Eastep
|
27b99a62d0
|
Move known problems file to release sub-directory
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-08 09:14:54 -07:00 |
|
Tom Eastep
|
76c97a1cc4
|
Move release documents to their own directory
|
2011-07-07 15:51:50 -07:00 |
|
Tom Eastep
|
7fa59706c5
|
Correct TPROXY/IPv6 address fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-07 14:50:44 -07:00 |
|
Tom Eastep
|
3f903fe3f1
|
Allow IPv6 Address as the third argument to TPROXY
- also update the manpages to describe TPROXY
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-07 06:43:16 -07:00 |
|
Tom Eastep
|
cf5613441d
|
Correct loading of xt_ipset
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-05 15:57:14 -07:00 |
|
Tom Eastep
|
95acabe97e
|
Make load and reload use the .conf file in the CWD
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-05 15:56:38 -07:00 |
|
Tom Eastep
|
1c199a2644
|
Add semicolons in new actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-04 14:59:07 -07:00 |
|
Tom Eastep
|
20cee7649e
|
Change quotes in action.Broadcast
|
2011-07-04 13:32:32 -07:00 |
|
Tom Eastep
|
a355141f40
|
Correct typo in .spec files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-04 13:13:52 -07:00 |
|
Tom Eastep
|
87870ad121
|
Add new actions to the .spec file
|
2011-07-04 13:01:49 -07:00 |
|
Tom Eastep
|
e1d8d71348
|
Version to 4.4.22 Beta 1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-04 09:36:54 -07:00 |
|
Tom Eastep
|
dd353eeafb
|
Allow optimizatin of Invalid and NotSyn chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-04 07:50:25 -07:00 |
|
Tom Eastep
|
c4ba1089e6
|
Don't include IPv6 code in Shorewall/action.Broadcast
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-07-04 07:49:38 -07:00 |
|