Commit Graph

14459 Commits

Author SHA1 Message Date
Tom Eastep
2bebf1c95a Make '&' and '|' work with CONNMARK
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 11:30:52 -07:00
Tom Eastep
18573037f9 More 'check -r' fixes around Docker
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 11:09:39 -07:00
Tom Eastep
818628138b Add MARK and CONNMARK to the %targets table
- Also, sort the table entries

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 10:21:35 -07:00
Tom Eastep
2adec0eb65 Implement a filename cache for find_file()
- Don't need to search the CONFIG_PATH for re-open of same file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 09:45:41 -07:00
Tom Eastep
6ae94767b7 Correct a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 08:31:52 -07:00
Tom Eastep
9f26c010ac Remove embedded Perl from allowInvalid and dropInvalid
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-17 08:59:29 -07:00
Tom Eastep
9ab2310dc8 Correct an incorrect comment in process_rules()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-17 08:47:33 -07:00
Tom Eastep
0b5d59870b Remove embedded Perl from Shorewall6 Drop and Reject actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-16 15:07:59 -07:00
Tom Eastep
c9c5f0174c Remove trailing blank lines from action.TCPFlags 2016-03-16 14:54:05 -07:00
Tom Eastep
5fc391cb58 Document passed() in the config basics document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-15 15:19:21 -07:00
Tom Eastep
da0653cb2f Declare passed() in Shorewall::User rather than importing it from Config
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-15 14:16:15 -07:00
Tom Eastep
65ce6ed226 Update modules to use passed() for parameter testing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-15 12:06:32 -07:00
Tom Eastep
eb9dd3e485 Implement passed() in Config.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-15 12:00:56 -07:00
Tom Eastep
796f191d48 Don't re-stat action files in process_action()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-15 09:03:36 -07:00
Tom Eastep
71c26beab4 Remove dead code (caused by bad test)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-14 17:56:34 -07:00
Tom Eastep
6f04902963 Make use of 'state=' in actions a fatal error
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-14 17:55:54 -07:00
Tom Eastep
bd2295c4c3 Avoid embedded Perl in the Broadcast action when ADDRTYPE is available
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-14 15:57:32 -07:00
Tom Eastep
901c6d34f6 Correct typo in Rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-14 15:56:57 -07:00
Tom Eastep
741da14789 Ignore 'state' in the actions file with a warning
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-14 15:46:29 -07:00
Tom Eastep
34c3828b7c Fix action.Related
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-14 15:44:16 -07:00
Tom Eastep
eed7692952 Document the state action option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-14 15:15:32 -07:00
Tom Eastep
3c544b20e6 Convert the state actions to use the 'state' action option
- Also avoid the CLI having to know about builtin actions

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-14 14:54:09 -07:00
Tom Eastep
dd547c90a8 Implement the 'state' action option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-14 14:30:36 -07:00
Tom Eastep
35fac8c2ea Avoid repeated %actions lookup in process_action()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-14 12:37:45 -07:00
Tom Eastep
513b828788 Pass '$prerule' to process_inline()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-14 10:56:07 -07:00
Tom Eastep
28e0cb5335 Use filename stored in the actions table
- Avoid a find_file call on each action invocation

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-14 10:55:39 -07:00
Tom Eastep
c631173310 Eliminate the %inlines table
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-14 10:47:18 -07:00
Tom Eastep
95da427ea8 Update manpages for 'audit' actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-13 15:53:31 -07:00
Tom Eastep
2c14b7c9e3 Rename %actparms to %actparams
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-13 15:36:38 -07:00
Tom Eastep
8e7af2e95e Additional editing of audit action parameters.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-13 15:28:49 -07:00
Tom Eastep
6be4fd377f Make RST and NotSyn 'audit' actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-13 14:40:12 -07:00
Tom Eastep
44c0bffcd3 Add 'audit' option to actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-13 14:39:46 -07:00
Tom Eastep
2c3644a510 Make Action/Inline binary options into a bitmap
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-13 14:15:43 -07:00
Tom Eastep
407bc8f8db More prerule fixes in expand_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-13 12:57:23 -07:00
Tom Eastep
2743a411ae Add a jump to DOCKER from OUTPUT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-13 12:51:36 -07:00
Tom Eastep
1a23e840d7 Restore NotSyn rule in action.Reject
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-13 12:21:24 -07:00
Tom Eastep
bed747c20b Restore NotSyn and RST logic using perl_action_tcp_helper()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-13 10:49:23 -07:00
Tom Eastep
c2fd48c4c6 Include pre-rule matches when the target is a chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-13 10:08:17 -07:00
Tom Eastep
054637880b Cleanup of Standard Actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-13 10:06:02 -07:00
Tom Eastep
5f01bc75bd Better fix for $current_param in the INLINE block of process_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-12 18:28:27 -08:00
Tom Eastep
0e59b82503 Handle '+' in inline matches the mangle and masq files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-12 17:14:15 -08:00
Tom Eastep
33343aaf17 Modify TCP-specific actions to use + in inline_matches
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-12 17:01:52 -08:00
Tom Eastep
90ace544eb Implement '+' to specify inline matches as "early"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-12 16:39:46 -08:00
Tom Eastep
c36cee28fb Save/Restore $current_param in process_inline()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-12 16:39:08 -08:00
Tom Eastep
df5f34951c Correct actions
- Restore the TCP-related actions
- Correct typo in action.Drop

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-12 15:09:31 -08:00
Tom Eastep
ec2ebee0e6 Clear inline matches between calls to process_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-12 15:08:47 -08:00
Tom Eastep
a50c52675b Correct a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-12 15:08:04 -08:00
Tom Eastep
bb7b3123df Eliminate ?begin perl ... ?end Perl in many actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-12 12:15:07 -08:00
Tom Eastep
3960fa6e0e Performance tweak to read_a_line()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-12 09:05:30 -08:00
Tom Eastep
a7fda02d88 Print lines copied into the generated script when tracing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-11 15:59:49 -08:00