Commit Graph

3592 Commits

Author SHA1 Message Date
Tom Eastep
9dd0346987 Apply Paul Gear's patch for Ubuntu 16.04
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-02 07:25:37 -07:00
Tom Eastep
ccfa181a6d Tweak compile_info_command()
- Fix comment
- use $globals{VERSION} for the version number

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-30 14:12:34 -07:00
Tom Eastep
24d40f4cc2 Add VERBOSE_MESSAGES option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-30 08:00:56 -07:00
Tom Eastep
244f2cefe5 Update comment describing info_command()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-29 15:42:48 -07:00
Tom Eastep
41923cb80e Improve compile time/date implementation
- Rename the command from 'date' to 'info'
- Return the complete date/time/version string in the command

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-29 12:31:17 -07:00
Tom Eastep
2a40012fc4 Include compile time and date in the output of 'shorewall status'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-27 16:25:21 -07:00
Tom Eastep
a92d10f19c Merge branch '5.0.8' 2016-04-27 10:23:51 -07:00
Tom Eastep
f6b7eb4ea0 Correct handling of persistent provider with no IP address
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-25 12:27:00 -07:00
Tom Eastep
800c06e8c9 Rename lib.core to lib.runtime
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-21 08:12:41 -07:00
Tom Eastep
f16e3f1fbe Issue warning when enable/disable won't work correctly
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-19 10:42:50 -07:00
Tom Eastep
0faf3b6db1 Send INFO messages to STDERR rather than STDOUT 2016-04-18 13:59:29 -07:00
Tom Eastep
3253c882e9 Merge branch '5.0.8' 2016-04-18 12:36:28 -07:00
Tom Eastep
5212dba7cb Add an ESTABLISHED,RELATED rule for docker0
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-18 10:13:05 -07:00
Tom Eastep
35a22eedac Reword error message when tcclass MARK is too large
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-18 10:06:04 -07:00
Tom Eastep
b53de922d1 Catch 0 in the MARK column of the tcclasses file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-18 08:50:10 -07:00
Tom Eastep
ae852b513d Correct indentation issue
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-17 10:23:18 -07:00
Tom Eastep
9611b588e3 Use a uniform format for log timestamps
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-16 09:52:35 -07:00
Tom Eastep
fb8dbcf44b Use a uniform format for log timestamps
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-16 09:49:38 -07:00
Tom Eastep
335f2968f8 Implement ?INFO and ?WARNING
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-16 09:20:09 -07:00
Tom Eastep
c725372639 Correct logging of 'reloaded' message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-15 14:46:21 -07:00
Tom Eastep
524838ae47 Implement $SW_LOGGERTAG
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-15 14:29:51 -07:00
Tom Eastep
6aa0ecae4f Re-factor the code for saving/loading ipsets
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 15:15:47 -07:00
Tom Eastep
434e042494 Add the deprecated/ directories to the CONFIG_PATH
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 14:17:06 -07:00
Tom Eastep
9fa0df2fd1 Move the code that generates zap_ipsets() to after save_ipsets() generation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 09:56:48 -07:00
Tom Eastep
216bc715e8 Clean up V4/V5 ipset enforcement
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 09:00:38 -07:00
Tom Eastep
dbd42e1d5d More ipset fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-12 16:29:13 -07:00
Tom Eastep
2cf3706864 Correct handling of a zone with two interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-11 10:32:26 -07:00
Tom Eastep
3028dafbac Correct DBL 'src-dst' handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-11 09:13:17 -07:00
Tom Eastep
16a31c3d29 Make MINIUPNPD work with DOCKER
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-11 09:02:44 -07:00
Tom Eastep
d3f377e915 Don't double-save the dynamic blacklisting ipset
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-11 08:37:39 -07:00
Tom Eastep
6c00f72f44 Create ipsets with the 'counters' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 18:09:41 -07:00
Tom Eastep
deaaecdf1c Add 'nodbl' interface option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 16:09:39 -07:00
Tom Eastep
05e4049174 Ipset-based blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 16:07:56 -07:00
Tom Eastep
5db6cb1b7d Correct load_ipsets()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-09 16:07:10 -07:00
Tom Eastep
321476fd51 Tweak terminating() implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-08 08:24:57 -07:00
Tom Eastep
bd6b32eb25 Add a progress message for REJECT_ACTION processing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 10:30:54 -07:00
Tom Eastep
4fdf54eca1 Tweak process_reject_action()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 10:02:48 -07:00
Tom Eastep
70bbd21b35 Ensure that the REJECT_ACTION is terminating
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 09:34:38 -07:00
Tom Eastep
87a9b95f73 Catch case where a transformed rule jumps to its own chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 08:58:50 -07:00
Tom Eastep
ecd7261365 Use -g when target is a terminating chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 08:48:36 -07:00
Tom Eastep
293cd1d66a Always go to the reject chain rather than jump to it
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-06 09:14:06 -07:00
Tom Eastep
436b5d89ce Correct comment
- The chain will only exist if logging wasn't specified for the same
  disposition.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-06 08:50:29 -07:00
Tom Eastep
26795cf082 Correct setup of $usedactions{A_REJECT}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-06 08:18:36 -07:00
Tom Eastep
3ac3ae279f Add A_REJECT action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-05 16:38:39 -07:00
Tom Eastep
e9467326f3 Allow allow REJECT to take a parameter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-05 11:20:44 -07:00
Tom Eastep
75df718865 Reword comment in push_action_params()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-04 09:41:28 -07:00
Tom Eastep
ae8e2f70ea Efficiency change to known_interface()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-03 17:34:02 -07:00
Tom Eastep
39f5b77e5f Fix known_interface()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-03 16:31:45 -07:00
Tom Eastep
cb5a2519f3 Keep hyphens in @chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-03 16:30:31 -07:00
Tom Eastep
4151f7c504 Revert change to log_[i]rule_limit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-03 16:29:52 -07:00