extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 12:14:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,196 Commits 104 Branches 736 Tags 55 MiB
a40c74ddec
Commit Graph

2613 Commits

Author SHA1 Message Date
Tom Eastep
a40c74ddec Eliminate forward declaration of finish_chain_section() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-24 09:04:50 -08:00
Tom Eastep
c2bc74cdfe Add INVALID section to the rules file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-24 08:33:59 -08:00
Tom Eastep
7fe2027229 Eliminate superfluous ESTABLISHED,RELATED rule 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-22 16:17:19 -08:00
Tom Eastep
8fe36422b5 Delete stale comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-22 10:44:12 -08:00
Tom Eastep
f61f5a8183 Don't copy a chain that has a single RETURN rule. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-22 09:07:07 -08:00
Tom Eastep
4ed5c5fdfe Sort the chain list in optimize_level8. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-21 16:00:32 -08:00
Tom Eastep
25d6164f21 Try to avoid ~combN chains when dealing with action chains. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-21 11:51:33 -08:00
Tom Eastep
32c475193f Another fix for RELATED_DISPOSITION 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-21 11:50:46 -08:00
Tom Eastep
982fabc96f Delete $caller argument from process_default_action() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-21 09:45:54 -08:00
Tom Eastep
5beae475f5 Make optimize 8 a multi-pass operation. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-21 09:12:42 -08:00
Tom Eastep
c820c54f41 Correctly handle audited RELATED_DISPOSITION 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-21 09:03:27 -08:00
Tom Eastep
4a354ba5a2 Avoid internal error during standard chain completion 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-21 08:02:50 -08:00
Tom Eastep
e23876b582 Rename '$inline' to '$action' in policy_rules() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-21 07:36:50 -08:00
Tom Eastep
64e76599e0 Correct handling of default actions that set Shorewall variables. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-20 16:15:04 -08:00
Tom Eastep
c4a2f3d386 Set caller when possible in policy chains. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-20 14:51:16 -08:00
Tom Eastep
bc882af6c5 Allow RESET of Shorewall variables 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-20 07:32:34 -08:00
Tom Eastep
d31221b03c Fix variable assignment. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-20 07:26:10 -08:00
Tom Eastep
f403420926 Allow setting chain variables 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-19 10:52:11 -08:00
Tom Eastep
b31c76cc50 Proper job of fixing DEFER_DNS_RESOLUTION=No 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-18 17:18:29 -08:00
Tom Eastep
1307770178 Allow setting action parameters 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-18 15:05:14 -08:00
Tom Eastep
95aab78c0d Add infrastructure to delete the %usedactions entry for an action chain if 
the chain parameters are modified.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-18 14:54:57 -08:00
Tom Eastep
4587430e4a Move get_action_logging() to the Config Module 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-18 13:06:55 -08:00
Tom Eastep
8ccd1ab52b Handle exclusion correctly when DEFER_DNS_RESOLUTION=No 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-18 12:09:54 -08:00
Tom Eastep
89a09f0256 Implement DEFER_DNS_RESOLUTION 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-13 17:00:14 -08:00
Tom Eastep
54dbbaaa2d Don't resolve DNS names at compile time. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-13 10:34:31 -08:00
Tom Eastep
90bd19feb9 Convert DNS names into ip addresses in validate_net(). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-13 07:39:27 -08:00
Tom Eastep
853b9ce916 Enable DNS names without an interface name. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-12 14:38:26 -08:00
Tom Eastep
c61d51363d Correct generation of rules in the ESTABLISHED section of the rules file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-12 06:49:32 -08:00
Tom Eastep
af83989465 Update copyright dates. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-11 16:01:10 -08:00
Tom Eastep
b53fd39b49 Avoid a fatal Perl error in Config::cleanup when an fatal error occurs 
while compiling a default action.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-11 15:50:23 -08:00
Tom Eastep
38097bef5d Correct an optimizer bug. 
- delete_chain_and_references() was only deleting the downward references
  and not the upward ones.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-11 14:55:43 -08:00
Tom Eastep
76a63fb7e8 Don't flush 'noarp' ARP entries 
= doing so kills the loopback interface

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-10 17:14:40 -08:00
Tom Eastep
15ca9edf8a Allow delete_tc1() to work on devices which an @ suffix in their reported names. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-09 14:09:07 -08:00
Tom Eastep
199bce925f Don't add chains with RETURNs to %terminating. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-09 12:54:29 -08:00
Tom Eastep
1fd3a6a522 Detect terminating chains 
- no RETURN Rules
- last rule is terminating

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-08 16:32:24 -08:00
Tom Eastep
011dd2c901 Add a RETURNS flag to optflags indicating that there is RETURN in the chain. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-08 15:25:53 -08:00
Tom Eastep
e54563d9c1 Don't append rules that can't be matched. 
Also, delete chains whose only rule is a -j RETURN

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-08 13:53:03 -08:00
Tom Eastep
f8c1b02dba Correct test for optimization in 'check -r' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-08 09:51:32 -08:00
Tom Eastep
dece73f7b6 Another fix for *C actions in arprules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-07 18:59:24 -08:00
Tom Eastep
eb3b47ae24 Correctly handle *C actions in arprules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-07 18:29:41 -08:00
Tom Eastep
c157228f7d Correct handling of unknown ACTION in arprules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-07 18:21:58 -08:00
Tom Eastep
a7af052d91 Correct issue with generating ESTABLISHED rules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-07 16:07:24 -08:00
Tom Eastep
414a74d23c Support protocol lists in most files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-07 16:06:54 -08:00
Tom Eastep
0526863e66 Make $section numeric 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-07 13:39:49 -08:00
Tom Eastep
5dbe2aa9ec Optimize a test in finish_chain_section(). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-07 07:00:15 -08:00
Tom Eastep
ca202ca10b Flush the arp cache after applying the arprules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-06 17:46:40 -08:00
Tom Eastep
de4e0898b5 Catch protocol lists in contexts that don't allow them. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-06 17:23:14 -08:00
Tom Eastep
edc0a84e5d Optimize RELATED rules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-06 16:48:37 -08:00
Tom Eastep
d4c9885c09 Change interpretation of the log tag when LOGTAGONLY=Yes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-06 13:10:18 -08:00
Tom Eastep
c41b9e596d Don't add --cstate to dropInvalid rule. 
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
 2013-01-06 09:42:55 -08:00