Tom Eastep
|
680ca519ed
|
Correct deletion of ipv6 'shorewall' chain
|
2011-05-17 11:33:56 -07:00 |
|
Tom Eastep
|
11ff245697
|
Don't generate refresh rules unless the command is 'refresh'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-05-16 13:08:32 -07:00 |
|
Tom Eastep
|
ffe7a1b777
|
Avoid inconsistencies and errors in refresh
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-05-16 11:34:41 -07:00 |
|
Tom Eastep
|
30f2fbff60
|
Issue warning on missing IPSET
|
2011-05-15 11:48:34 -07:00 |
|
Tom Eastep
|
72a330cba2
|
Don't emit degenerate tcfilters
|
2011-05-15 10:57:02 -07:00 |
|
Tom Eastep
|
e459fbf997
|
Don't allow non-leaf default class
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-05-15 10:56:46 -07:00 |
|
Tom Eastep
|
3f90f00081
|
Issue warnings and ignore non-leaf class in tcfilters and tcrules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-05-15 10:56:31 -07:00 |
|
Tom Eastep
|
7d25f6356b
|
Augment a comment
|
2011-05-15 08:45:41 -07:00 |
|
Tom Eastep
|
c247140063
|
Restore 'our' to a couple of exported variables in the Config module
|
2011-05-14 14:18:22 -07:00 |
|
Tom Eastep
|
00add745b7
|
Use -o when copying routing tables
|
2011-05-14 13:56:39 -07:00 |
|
Tom Eastep
|
05e385a748
|
Only use 'our' when required
|
2011-05-14 13:21:31 -07:00 |
|
Tom Eastep
|
0626594cda
|
Restore accuracy of tcclasses diagram
|
2011-05-14 09:27:51 -07:00 |
|
Tom Eastep
|
539e42aa2e
|
Correct earlier patch
|
2011-05-09 16:34:31 -07:00 |
|
Tom Eastep
|
bbab1c9682
|
Ensure USER/GROUP is only specified when SOURCE in $FW
|
2011-05-09 16:33:34 -07:00 |
|
Tom Eastep
|
359de906ca
|
Refinement to fix for double exclusion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-05-09 16:28:53 -07:00 |
|
Tom Eastep
|
1a48dd3eb9
|
Correct last merged patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-05-08 05:51:58 -07:00 |
|
Tom Eastep
|
93d8b538eb
|
Ensure route to gateway in the main table
|
2011-05-08 05:43:53 -07:00 |
|
Tom Eastep
|
a1bd664447
|
Fix issues with 'gawk'
|
2011-05-08 05:39:07 -07:00 |
|
Tom Eastep
|
afed909e52
|
Simplify the fix for double exclusion in ipset lists
|
2011-05-07 06:38:08 -07:00 |
|
Tom Eastep
|
0c59e0231d
|
Correct double-exclusion fix
|
2011-05-07 06:37:37 -07:00 |
|
Tom Eastep
|
58c25e8517
|
Let tcfilters deal correctly with hex device numbers
|
2011-05-05 10:12:20 -07:00 |
|
Tom Eastep
|
59ea511201
|
Complain if there is no default class defined
|
2011-05-05 10:12:14 -07:00 |
|
Tom Eastep
|
91d8f39f2e
|
Enforce limits on device and class numbers
|
2011-05-05 10:11:47 -07:00 |
|
Tom Eastep
|
349960294c
|
Detect double exclusion in ipset expressions
|
2011-05-05 10:11:30 -07:00 |
|
Tom Eastep
|
368fe46932
|
Correct Comment
|
2011-05-05 10:11:22 -07:00 |
|
Tom Eastep
|
d8c2845085
|
Back out part of TC change
|
2011-05-05 10:11:13 -07:00 |
|
Tom Eastep
|
9a95bad17e
|
Don't require '0x' on devnum > 10 in tcclasses
|
2011-05-05 10:06:55 -07:00 |
|
Tom Eastep
|
4300ef3ee2
|
Fix another couple of bugs with device numbers > 9
|
2011-05-05 10:06:41 -07:00 |
|
Tom Eastep
|
222c5dbf46
|
Normalize hex numbers before using them in string comparisons
|
2011-05-02 10:08:36 -07:00 |
|
Tom Eastep
|
e66d491f11
|
Correct patch for > 9 interfaces with tcfilters
|
2011-05-02 10:08:19 -07:00 |
|
Tom Eastep
|
bf10e104b7
|
Fix bug in tcfilters with device numbers > 9
|
2011-05-02 07:25:21 -07:00 |
|
Tom Eastep
|
d2407cb7a0
|
Don't allow IFB classes in tcrules
|
2011-05-02 07:23:28 -07:00 |
|
Tom Eastep
|
a0b00b4bd6
|
More fixes for TC
|
2011-05-01 21:24:52 -07:00 |
|
Tom Eastep
|
61c654634b
|
Correct some TC issues
|
2011-05-01 06:40:14 -07:00 |
|
Tom Eastep
|
e2b1069c1c
|
Support ipsets in the ORIGINAL DEST column for DNAT and REDIRECT rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-04-28 12:22:26 -07:00 |
|
Tom Eastep
|
59024ff49d
|
Delete some blank lines
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-04-24 08:29:28 -07:00 |
|
Tom Eastep
|
67e920eb53
|
Use del/add for provider ipv6 routes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-04-19 10:56:59 -07:00 |
|
Tom Eastep
|
1bcba8bbc7
|
Update version of changed Perl modules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-04-19 10:02:29 -07:00 |
|
Tom Eastep
|
ec8bb8049a
|
Delete/Add routes for NDP rather than replace
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-04-19 09:40:24 -07:00 |
|
Tom Eastep
|
1a0388080f
|
Initiate 4.4.20
Update versions
Update release documents
Apply Togan Muftuoglu's change to increase installation flexibility
|
2011-04-16 08:31:46 -07:00 |
|
Tom Eastep
|
4f5970b5f2
|
Use 'ip route list' rather than 'ip route ls' for busybox compatability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-04-15 11:15:32 -07:00 |
|
Tom Eastep
|
d42a65fd11
|
Correct one more default route save/restore defect
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-04-15 07:09:34 -07:00 |
|
Tom Eastep
|
dff405683c
|
Correct default route save/restore
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-04-14 12:25:33 -07:00 |
|
Tom Eastep
|
96af7bfed6
|
Fix the prior commit
|
2011-04-13 17:56:15 -07:00 |
|
Tom Eastep
|
9a8f411531
|
Update version to 4.4.19.1 and document corrected problems
|
2011-04-13 17:22:07 -07:00 |
|
Tom Eastep
|
9008cd960c
|
Fix a silly masq bug
|
2011-04-13 17:01:22 -07:00 |
|
Tom Eastep
|
16276b9900
|
Don't assume that all nexthop routes are default routes
|
2011-04-13 13:57:22 -07:00 |
|
Tom Eastep
|
a0b16e2803
|
Delete duplicate rule
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-04-13 06:56:17 -07:00 |
|
Tom Eastep
|
5919c234f4
|
Update version of IPAddrs.pm
|
2011-04-12 07:21:24 -07:00 |
|
Tom Eastep
|
53571043c0
|
Fix another proto editing defect
|
2011-04-11 17:18:39 -07:00 |
|
Tom Eastep
|
18f4b11b09
|
Don't allow '\!0' in the PROTO column
|
2011-04-11 16:25:19 -07:00 |
|
Tom Eastep
|
73754521b1
|
Correct Perl module versions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-04-11 15:05:18 -07:00 |
|
Tom Eastep
|
ca46052410
|
Fix file name in split_line error message for proxyndp file
|
2011-04-10 13:19:42 -07:00 |
|
Tom Eastep
|
512008170d
|
Revert "Fold some long lines"
This reverts commit 3674cfd387 .
|
2011-04-10 11:20:50 -07:00 |
|
Tom Eastep
|
3674cfd387
|
Fold some long lines
|
2011-04-10 10:10:00 -07:00 |
|
Tom Eastep
|
8abc78331b
|
Two minor cosmetic changes
|
2011-04-10 09:52:00 -07:00 |
|
Tom Eastep
|
1be89edb49
|
Version to 4.4.19
|
2011-04-09 07:58:13 -07:00 |
|
Tom Eastep
|
92611d6789
|
A couple of tweaks before releasing RC1
|
2011-04-08 07:50:54 -07:00 |
|
Tom Eastep
|
7ab55f4217
|
Ensure that the PREROUTING->dnat jump is added when a wildcard interface is present
|
2011-04-06 15:14:39 -07:00 |
|
Tom Eastep
|
755c3cfd80
|
Quote param values that include shell metacharacters
|
2011-04-06 14:52:32 -07:00 |
|
Tom Eastep
|
6626ef06fb
|
Fix yet another optimizer bug
|
2011-04-06 10:10:42 -07:00 |
|
Tom Eastep
|
159c871f18
|
Make simple TC work with both IPv4 and IPv6
|
2011-04-04 09:55:45 -07:00 |
|
Tom Eastep
|
7466895919
|
Revert tcpri change
|
2011-04-04 09:14:46 -07:00 |
|
Tom Eastep
|
3b0da84b8d
|
Exit POSTROUTING early if a mark is restored
|
2011-04-04 08:19:58 -07:00 |
|
Tom Eastep
|
c1160ec076
|
Version to RC1
|
2011-04-03 15:54:36 -07:00 |
|
Tom Eastep
|
8609c97d1c
|
Version to Beta 5
|
2011-04-03 10:30:33 -07:00 |
|
Tom Eastep
|
86f4d3bad6
|
Revert "Set version RC1"
This reverts commit ae9558c7c6 .
|
2011-04-03 10:28:20 -07:00 |
|
Tom Eastep
|
ae9558c7c6
|
Set version RC1
|
2011-04-03 10:04:53 -07:00 |
|
Tom Eastep
|
cc633c5bd9
|
Shorewall 4.4.19 Changes
|
2011-04-03 09:56:30 -07:00 |
|
Tom Eastep
|
26e7f86c87
|
Fix icmp u32 match with type/code
|
2011-03-19 14:29:03 -07:00 |
|
Tom Eastep
|
742aa95660
|
Tighten editing of TC_PRIOMAP value
|
2011-03-17 11:50:13 -07:00 |
|
Tom Eastep
|
965ab0257f
|
Correct fix for Tuomo's problem
|
2011-03-13 15:24:48 -07:00 |
|
Tom Eastep
|
f5d06024fc
|
Bump version to 4.4.18.1
|
2011-03-13 07:56:12 -07:00 |
|
Tom Eastep
|
8383a6e75a
|
Eliminate extra newline in WARNING message
|
2011-03-13 07:52:25 -07:00 |
|
Tom Eastep
|
68b15c9544
|
Fix for Tuomo's params issue
|
2011-03-13 07:47:06 -07:00 |
|
Tom Eastep
|
57f1a0fa34
|
Accomodate tcfilters entries for non-present interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-03-03 07:44:12 -08:00 |
|
Tom Eastep
|
0283a8eeec
|
Fix for previous commit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-03-03 07:43:37 -08:00 |
|
Tom Eastep
|
87240b00c9
|
Update version of the Tc module
|
2011-03-02 07:52:38 -08:00 |
|
Tom Eastep
|
1bbd963c3f
|
Bump version to 4.4.18
|
2011-03-02 07:43:03 -08:00 |
|
Tom Eastep
|
329655cc66
|
Make burst in tcdevices IN-BANDWIDTH column work
|
2011-03-02 07:34:55 -08:00 |
|
Tom Eastep
|
e4e574605e
|
Fix an edit about duplicate device:class
|
2011-03-01 20:48:40 -08:00 |
|
Tom Eastep
|
f92349edba
|
Correct handling of IPv6 address used in a net context
|
2011-03-01 13:49:19 -08:00 |
|
Tom Eastep
|
428e898bfe
|
Update version to RC1
|
2011-02-28 15:24:04 -08:00 |
|
Tom Eastep
|
9decf354d5
|
Update the version of the Config module
|
2011-02-24 16:50:48 -08:00 |
|
Tom Eastep
|
de7a0df550
|
Cosmetic changes to the Chains module
|
2011-02-24 15:56:50 -08:00 |
|
Tom Eastep
|
951f641a6c
|
Cleanup of Rules file
|
2011-02-21 08:13:46 -08:00 |
|
Tom Eastep
|
fcebdc3ec2
|
Correct typo in Chains module
|
2011-02-21 08:09:33 -08:00 |
|
Tom Eastep
|
cf60752988
|
Move section processing to the Rules module where it belongs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-02-20 15:35:58 -08:00 |
|
Tom Eastep
|
c03caf7c2f
|
Combine the Policy and Rules modules
|
2011-02-20 11:28:47 -08:00 |
|
Tom Eastep
|
052bc87bd5
|
Set version to Beta 4
|
2011-02-20 09:20:43 -08:00 |
|
Tom Eastep
|
b90ea8a9e0
|
Change default for MODULE_PREFIX
|
2011-02-20 08:52:07 -08:00 |
|
Tom Eastep
|
685de1c588
|
Cosmetic changes to the Accounting module"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-02-19 15:50:18 -08:00 |
|
Tom Eastep
|
f44b643038
|
Fix another bug with tri-value
|
2011-02-19 15:46:06 -08:00 |
|
Tom Eastep
|
e69de13eff
|
Fix common-rule/action2 processing order
|
2011-02-19 15:44:39 -08:00 |
|
Tom Eastep
|
59ac90d717
|
Couple of minor issues in the Chains module
|
2011-02-19 09:08:43 -08:00 |
|
Tom Eastep
|
30768a03d1
|
Bump version to Beta 3
|
2011-02-19 08:55:28 -08:00 |
|
Tom Eastep
|
974a542585
|
Improve MARK column validation
|
2011-02-19 08:18:21 -08:00 |
|
Tom Eastep
|
9173b22b58
|
Disallow USER/GROUP anywhere but in the OUTPUT section
|
2011-02-19 08:00:00 -08:00 |
|
Tom Eastep
|
cf2d4e154f
|
Add a comment
|
2011-02-18 21:05:44 -08:00 |
|
Tom Eastep
|
d8c36da069
|
Make reserved name illegal for Actions -- take 2
|
2011-02-18 17:46:41 -08:00 |
|
Tom Eastep
|
011c90e6b8
|
Make reserved name illegal for Actions
|
2011-02-18 17:44:14 -08:00 |
|
Tom Eastep
|
b4946dcf65
|
Enforce a couple of accounting restrictions
|
2011-02-18 16:47:12 -08:00 |
|
Tom Eastep
|
e47cb61c33
|
Introduce 'accountfwd' chain for forwarded accounting in sectioned configuration
|
2011-02-18 15:44:55 -08:00 |
|
Tom Eastep
|
2e2472a15a
|
Tighen up an RE
|
2011-02-17 17:56:29 -08:00 |
|
Tom Eastep
|
58e480b502
|
Correct defects in the prior commit
|
2011-02-17 17:35:56 -08:00 |
|
Tom Eastep
|
993bdc740d
|
Make it invalid to to use a config file name as a chain name
|
2011-02-17 16:31:22 -08:00 |
|
Tom Eastep
|
b06630091d
|
Make procedure to delete a chain plus references to it; make exclusion chains begin with '~'
|
2011-02-17 14:53:39 -08:00 |
|
Tom Eastep
|
6f00f2127c
|
Delete optimize_okay() and add a couple of assertions
|
2011-02-17 10:48:46 -08:00 |
|
Tom Eastep
|
5634b08e22
|
Don't clear dont_optimize flag in accounting in sectioned configuration
|
2011-02-17 10:47:57 -08:00 |
|
Tom Eastep
|
300d931922
|
Assert correctness in decrement_reference_count()
|
2011-02-16 13:16:42 -08:00 |
|
Tom Eastep
|
fa8c8f5850
|
Dont optimize chains with RETURN
|
2011-02-16 13:15:29 -08:00 |
|
Tom Eastep
|
030839e4a4
|
Remove recursive_delete_references
|
2011-02-16 12:49:04 -08:00 |
|
Tom Eastep
|
2974167f06
|
Finally fix issue with copy_rules()
|
2011-02-16 10:08:11 -08:00 |
|
Tom Eastep
|
b03e3b94ef
|
More optimization fixes
|
2011-02-15 19:24:14 -08:00 |
|
Tom Eastep
|
99f38bfca1
|
Make the source-net and dest-match routines more readable
|
2011-02-14 20:11:38 -08:00 |
|
Tom Eastep
|
32f341c279
|
Correct optimization fix
|
2011-02-14 16:54:27 -08:00 |
|
Tom Eastep
|
6a9ca303d1
|
Remove masking declaration
|
2011-02-14 15:56:02 -08:00 |
|
Tom Eastep
|
4ad9a83996
|
Centralize handling of MACs in the Chains module
|
2011-02-14 15:34:11 -08:00 |
|
Tom Eastep
|
0fa027802f
|
Don't allow accounting or manual changes to have the name of a builtin target
|
2011-02-14 10:50:04 -08:00 |
|
Tom Eastep
|
3b7232a5fa
|
Fix a bug in the optimizer
|
2011-02-14 10:00:28 -08:00 |
|
Tom Eastep
|
59e361e93e
|
Split the 'restriction' member into two members
|
2011-02-14 09:22:27 -08:00 |
|
Tom Eastep
|
e64070f9e1
|
Restore loop detection in sectioned accounting rules
|
2011-02-13 16:38:01 -08:00 |
|
Tom Eastep
|
dd81eedb42
|
Fix another accounting sectioning bug
|
2011-02-13 14:32:11 -08:00 |
|
Tom Eastep
|
46a99a7cd9
|
Correct Config.pm version again
|
2011-02-13 11:46:56 -08:00 |
|
Tom Eastep
|
567824b7e2
|
Correct Config.pm version
|
2011-02-13 11:45:46 -08:00 |
|
Tom Eastep
|
95f8100696
|
Cosmetic change
|
2011-02-13 11:34:53 -08:00 |
|
Tom Eastep
|
b1abb3f554
|
Don't do unref/loop detection when accounting file is sectioned
|
2011-02-13 11:13:43 -08:00 |
|
Tom Eastep
|
a1eefea224
|
Fix FORWARD chain jumps with sectioning
|
2011-02-13 08:23:48 -08:00 |
|
Tom Eastep
|
1438332bbe
|
Remove hard-coded 0.0.0.0/0 from Providers.pm
|
2011-02-13 08:13:22 -08:00 |
|
Tom Eastep
|
5c0b592934
|
Section the accounting file
|
2011-02-12 12:47:15 -08:00 |
|
Tom Eastep
|
195903444d
|
Insist that SECTION headers have exactly two columns
|
2011-02-12 07:54:20 -08:00 |
|
Tom Eastep
|
677bd08d5d
|
Add more targets
|
2011-02-11 17:13:48 -08:00 |
|
Tom Eastep
|
4acdc5314a
|
Add 'NG' value for ACCOUNTING
|
2011-02-11 17:01:10 -08:00 |
|
Tom Eastep
|
9e921beb49
|
Fix a tri-value bug
|
2011-02-11 16:53:49 -08:00 |
|
Tom Eastep
|
af363888ab
|
Alphabetize the builtin target list
|
2011-02-10 16:55:04 -08:00 |
|
Tom Eastep
|
64614b7464
|
Add CLASSIFY to the builtin targets
|
2011-02-10 16:46:44 -08:00 |
|
Tom Eastep
|
2885081d86
|
Add more keywords to %builtin_targets
|
2011-02-10 13:11:58 -08:00 |
|
Tom Eastep
|
a3232516bb
|
Detect loops in accounting chain jumps
|
2011-02-09 15:43:19 -08:00 |
|
Tom Eastep
|
88244dc132
|
Don't allow MAC addresses in the accounting file
|
2011-02-07 17:12:43 -08:00 |
|
Tom Eastep
|
b4b59119ef
|
Don't allow non-accounting chain in the CHAIN accounting column
|
2011-02-07 16:32:38 -08:00 |
|
Tom Eastep
|
6e66736d28
|
Make IPv6 logic safer; cosmetic improvements in the generated script
|
2011-02-06 08:57:48 -08:00 |
|
Tom Eastep
|
2c2fdab0fe
|
Rename USE_LOCAL_MODULES to EXPORTMODULES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-02-06 08:42:35 -08:00 |
|
Tom Eastep
|
2b8579c090
|
Tweak USE_LOCAL_MODULES change
Make the "Other than /usr/share" test dependent on export
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-02-06 08:28:10 -08:00 |
|
Tom Eastep
|
106f23634c
|
Make use of USE_LOCAL_MODULES independent of export
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2011-02-06 08:15:16 -08:00 |
|
Tom Eastep
|
88bce4100a
|
Initiate 4.4.18
|
2011-02-05 16:41:34 -08:00 |
|
Tom Eastep
|
c557ec3740
|
Bump version of Tc module
|
2011-02-04 07:46:35 -08:00 |
|
Tom Eastep
|
ea2c72d1b1
|
Prepare for 4.4.17
|
2011-02-04 06:44:02 -08:00 |
|
Tom Eastep
|
838c7ac57b
|
Change a comment
|
2011-02-03 17:22:04 -08:00 |
|
Tom Eastep
|
23eef3b215
|
Normalize IPv6 addresses in decompose_net
|
2011-02-03 09:57:47 -08:00 |
|
Tom Eastep
|
4ed4443abb
|
Do a fancier job of comparing networks
|
2011-02-03 09:44:46 -08:00 |
|