Tom Eastep
d51ca478bd
Reverse one hunk from empty-parameter fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-21 11:45:32 -07:00
Tom Eastep
fe9e2ba28d
Correct error message
2011-06-20 19:47:33 -07:00
Tom Eastep
063e21e69f
Allow an empty parameter list in an action (e.g., "Action()")
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 19:45:01 -07:00
Tom Eastep
71d88b93a0
Make IPv6 Dynamic Zone set names unique
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 17:22:34 -07:00
Tom Eastep
7b2cbf2449
Make 'show dynamic <zone>' work correctly with new ipset program
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 17:22:04 -07:00
Tom Eastep
39e74911d8
Improve generated code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 14:34:26 -07:00
Tom Eastep
ec28bdb5a0
Document Shorewall6 support for dynamic zones.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 14:33:49 -07:00
Tom Eastep
44cbfd8f27
Correct defects found while unit testing IPv6 Dynamic Zones
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 13:33:25 -07:00
Tom Eastep
119d38c92b
Enable dynamic zones for IPv6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 10:41:29 -07:00
Tom Eastep
785de281b5
More IPv6 ipset fixes
...
- use 'family inet6' rather than 'family ipv6'
- Correct one more case of 'iphash' vs 'hash:ip family inet6'
- Encapsulate ipset -N into an 'ensure_ipset()' function
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 07:43:32 -07:00
Tom Eastep
4c2f12e645
Some whitespace changes
2011-06-19 19:08:32 -07:00
Tom Eastep
e4bcc12301
Use 'here documents' rather than single quotes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 18:33:10 -07:00
Tom Eastep
2097d0f4a0
Accomodate new syntax of ipset saved commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 14:06:42 -07:00
Tom Eastep
46d64e39d1
Use correct syntax to create IPv6 ipsets.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 14:04:53 -07:00
Tom Eastep
be6b08f835
Be sure to detect IPSET_MATCH before OLD_IPSET_MATCH.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 13:29:10 -07:00
Tom Eastep
d12336ec78
Reword 'update' description.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 13:28:17 -07:00
Tom Eastep
ee384d03ce
Allow Shorewall-init to save/restore ipset contents
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 10:10:59 -07:00
Tom Eastep
7753f798b0
Bump Version to Beta 3
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 10:09:53 -07:00
Tom Eastep
2769b09f64
Correct typeos in shorewall and shorwall6
2011-06-19 08:39:44 -07:00
Tom Eastep
c264aaae6b
Update module versions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 07:41:26 -07:00
Tom Eastep
4916610033
Rename upgrade => update
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 07:14:27 -07:00
Tom Eastep
df2f7ec6a5
Implement 'upgrade' and delete the '-u' and '-a' options of 'check'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 17:39:44 -07:00
Tom Eastep
55242d1ed6
Add a few comments
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 16:55:00 -07:00
Tom Eastep
d66c7d478e
Eliminate expansion of shell variables in the upgraded config file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 16:33:41 -07:00
Tom Eastep
380443f26d
Eliminate %defaults
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 15:44:07 -07:00
Tom Eastep
faeb2da2ba
Corrections to Defaults
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 15:38:08 -07:00
Tom Eastep
f93ac02bfc
Provide default values for added entries
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 14:50:07 -07:00
Tom Eastep
96f6dc3558
More defined => supplied changes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 13:08:26 -07:00
Tom Eastep
6f2cc31dde
Implement .conf file upgrade
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 13:03:55 -07:00
Tom Eastep
e5d8be5aa5
Bump version to Beta 2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 11:23:43 -07:00
Tom Eastep
d23f932ebe
Don't generate INPUT hairpin rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 06:21:36 -07:00
Tom Eastep
f9ee8c494d
Exempt wildcard interfaces from sfilter
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-14 06:45:22 -07:00
Tom Eastep
9aedd407cc
Quell compiler warnings from Perl 5.14.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-13 06:40:03 -07:00
Tom Eastep
10ae91b600
Delete deprecated options from the .conf files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-12 13:46:26 -07:00
Tom Eastep
8780aff7f2
Rename PLAIN->ANNOTATED
2011-06-12 09:45:50 -07:00
Tom Eastep
65d4709372
Drop IPv6 IPSET support for now
2011-06-12 09:14:33 -07:00
Tom Eastep
785bd7c987
Apply Tuomo Soini's patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-12 07:22:26 -07:00
Tom Eastep
9ab901927f
Use supplied() where appropriate
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 16:14:31 -07:00
Tom Eastep
774aac1228
Add a supplied() function
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 15:40:55 -07:00
Tom Eastep
b7a3142620
Document parameterized default actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 15:25:48 -07:00
Tom Eastep
a60fe6e665
Allow parameters to be specified to Default Actions in the policy file
...
and in shorewall.conf.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 14:58:54 -07:00
Tom Eastep
68bf99ec69
Parameterize the standard default actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 08:34:37 -07:00
Tom Eastep
3dd363677c
Implement set_action_param
...
Export both set_action_params and read_action_param by default
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 08:33:21 -07:00
Tom Eastep
8b6a7a7053
Implement read_action_param()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 07:49:57 -07:00
Tom Eastep
f278d05637
Rename action param functions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 07:46:54 -07:00
Tom Eastep
2549982528
Fix DEFAULTS
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 07:23:41 -07:00
Tom Eastep
af1898b17b
Document default values for parameters
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 07:18:11 -07:00
Tom Eastep
6e6be468a9
Support for DEFAULT statements in actions
2011-06-10 17:05:09 -07:00
Tom Eastep
32c7d36cd0
Make zones with multiple interfaces complex
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-10 15:37:26 -07:00
Tom Eastep
dbd30f981c
Set the interface routeback option if there are any IP host groups with 'routeback'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-10 15:37:09 -07:00
Tom Eastep
8a7ad569e4
Don't leave unused sfilter chains in the config
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 17:22:48 -07:00
Tom Eastep
3e9a54d404
Couple of tweaks
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 17:22:34 -07:00
Tom Eastep
a0b0c5bdac
Jump (don't go) to sfilter1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 14:24:44 -07:00
Tom Eastep
1399a8ffde
Don't move rules from a chain with references
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 14:24:38 -07:00
Tom Eastep
9555a552c2
Fix FORWARD with ipsec dest
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 14:24:08 -07:00
Tom Eastep
71177c3ca3
Exempt ipsec from sfilter
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 07:27:06 -07:00
Tom Eastep
fa2746d469
Apply sfilter to INPUT as well as FORWARD
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-08 09:40:28 -07:00
Tom Eastep
35d1586672
Correct sfq handle assignment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-07 13:58:45 -07:00
Tom Eastep
a3968beb7e
Add fix inadvertently dropped from 4.4.19.4
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-07 13:57:52 -07:00
Tom Eastep
0e839f3d7b
Initiate 4.4.21
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-07 09:54:35 -07:00
Tom Eastep
9fb2ab718c
Have AUTOMAKE follow CONFIG_PATH
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-07 08:51:36 -07:00
Tom Eastep
9c2c562bf5
Correct autorepeat wart
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-07 06:45:50 -07:00
Tom Eastep
cf0275a049
Make FAKE_AUDIT work again
2011-06-06 16:08:29 -07:00
Tom Eastep
59c11e205b
Update release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-06 15:48:26 -07:00
Tom Eastep
642319d706
Change annotated documentation default
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-06 15:40:21 -07:00
Tom Eastep
cfb3d6a801
Merge branch '4.4.20'
2011-06-06 14:09:26 -07:00
Tom Eastep
6136e986cf
Update version to 4.4.20.1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-06 14:08:25 -07:00
Tom Eastep
186f89f387
Merge branch '4.4.20'
2011-06-06 13:23:47 -07:00
Tom Eastep
e8f61e2109
Restate vulnerability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-06 13:19:40 -07:00
Tom Eastep
447d0f0b2d
Don't modify the .conf file installed in configfiles.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-06 09:46:52 -07:00
Tom Eastep
c42c6864b4
Don't modify the .conf file installed in configfiles.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-06 09:46:22 -07:00
Tom Eastep
2803d3ee0b
Merge branch '4.4.20'
2011-06-06 07:02:57 -07:00
Tom Eastep
c2e78bfaf8
Correct address of the FSF
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-06 06:55:40 -07:00
Tom Eastep
aabefe91f1
Merge branch '4.4.20'
2011-06-04 08:46:40 -07:00
Tom Eastep
f1cbfab7ac
More blacklist/audit fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-04 08:45:23 -07:00
Tom Eastep
653a61a04a
Merge branch '4.4.20'
2011-06-04 07:44:24 -07:00
Tom Eastep
a9c0824a30
Correct BLACKLIST_DISPOSITION=A_xxx with BLACKLIST_LOG_LEVEL
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-04 07:44:07 -07:00
Tom Eastep
aa86b65ec3
Merge branch '4.4.20'
2011-06-02 11:44:15 -07:00
Tom Eastep
254e1ed784
Add 'I' STATE to secmarks
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-02 11:43:55 -07:00
Tom Eastep
c3b56c1e73
Merge branch '4.4.20'
2011-06-02 10:07:03 -07:00
Tom Eastep
561d461a25
Add 'NI' STATE setting in secmarks.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-02 10:06:27 -07:00
Tom Eastep
169c995940
Fix a typo in the release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-02 06:50:10 -07:00
Tom Eastep
1e883c2fdf
Merge branch '4.4.20'
2011-06-02 06:47:09 -07:00
Tom Eastep
086a99ea24
Don't initialize PLAIN
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-02 06:23:57 -07:00
Tom Eastep
f9c5b8b0d5
Improve some comments
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-02 06:23:37 -07:00
Tom Eastep
36aee407ef
Merge branch '4.4.20'
2011-06-01 13:01:27 -07:00
Tom Eastep
5f08605adc
Delete some cruft
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-01 12:26:05 -07:00
Tom Eastep
faff915dd2
Fix a typo in the release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-01 06:53:09 -07:00
Tom Eastep
b30d1bfc48
Merge branch '4.4.20'
2011-06-01 06:34:43 -07:00
Tom Eastep
f253bb5a11
Corrections to release notes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-01 06:31:02 -07:00
Tom Eastep
243a09783c
Merge branch '4.4.20'
2011-05-31 15:45:09 -07:00
Tom Eastep
7bf74bb8c9
Add new builtin targets to %builtin_target
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-31 15:43:42 -07:00
Tom Eastep
21d2c5720b
Clarify 'bridge_nf_call_*'; mention that problems corrected in 4.4.19 dot releases are included
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-31 12:22:45 -07:00
Tom Eastep
468ff6efab
First cut at IPSET/Dynamic-zone support in Shorewall6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-31 11:23:43 -07:00
Tom Eastep
8df470b5f5
Version to 4.4.20
2011-05-31 09:30:18 -07:00
Tom Eastep
5ce3a1f4d1
Update release documents
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-31 07:03:56 -07:00
Tom Eastep
2f6c5fd260
Set 'bridge-nf-call-ip6?tables' if bridges are configured.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-31 06:59:43 -07:00
Tom Eastep
4f296b62ae
Another fix for auditone
2011-05-30 16:37:56 -07:00
Tom Eastep
e6275ba31d
Fix a bug in auditing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 15:28:00 -07:00
Tom Eastep
d89a915f26
Load IPv6 libraries when processing /etc/shorewall6/params
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 13:24:36 -07:00
Tom Eastep
2dec3a8ecb
Correct handling of AUDIT_TARGET is both cli libraries.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 11:39:21 -07:00
Tom Eastep
26d08b92c0
Correct use of null value as a hash
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 11:38:49 -07:00
Tom Eastep
b0447b8bd3
Remove another MACLIST defect
2011-05-30 08:49:41 -07:00
Tom Eastep
7b560eefe4
Allow compound options in the installers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 08:15:59 -07:00
Tom Eastep
60d33740f6
Fix MACLIST_DISPOSITION defect introduced earlier in this release
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 07:59:44 -07:00
Tom Eastep
11c209c55f
Restore access to $Shorewall::Rules::family
2011-05-29 17:22:36 -07:00
Tom Eastep
2852cdeb53
Another attempt at the IPMARK fix
2011-05-29 14:42:23 -07:00
Tom Eastep
a71136fd5a
Rework configuration files for Shorewall and Shorewall6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-29 14:34:18 -07:00
Tom Eastep
7404d912bd
Add LOGRATE to */shorewall.conf
2011-05-28 19:12:34 -07:00
Tom Eastep
ec01e39479
Add LOGBURST to */shorewall.conf
2011-05-28 19:03:18 -07:00
Tom Eastep
9dc689dd13
Sort Sample .conf files
2011-05-28 12:38:12 -07:00
Tom Eastep
6d3640dafc
Alphabetize config files and sync files and manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 10:34:54 -07:00
Tom Eastep
03ecdc8c06
Clean up shorewall.conf and its documentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 09:10:46 -07:00
Tom Eastep
243e8f1dbe
Fix check for unreferenced 'sfilter' chain
2011-05-28 08:31:36 -07:00
Tom Eastep
fc34f07a7a
Remove PKTTYPE option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 07:11:48 -07:00
Tom Eastep
a37dbf76dc
Delete 'sfilter' chain if it isn't referenced
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 19:56:54 -07:00
Tom Eastep
1a2c9a08e1
Don't include comment in audit chain rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 19:56:04 -07:00
Tom Eastep
5082b0701a
Get release notes changes for filter->sfilter
2011-05-27 19:43:13 -07:00
Tom Eastep
bac640e731
Get changes from 4.5.0 branch
2011-05-27 19:42:09 -07:00
Tom Eastep
586a3537bf
Delete 'sfiter' chain if it doesn't have referenes
2011-05-27 19:38:03 -07:00
Tom Eastep
790c96c90a
Version to RC 1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 09:11:47 -07:00
Tom Eastep
c6e9de65f1
Prevent duplicate 'filter' rules when combining two interface chains
...
into the same zone forwarding chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 06:43:47 -07:00
Tom Eastep
8a0dc9f0f6
Clean up release notes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 06:42:56 -07:00
Tom Eastep
fbfe7b9f93
Don't create 'reject' and AUDIT' in the 'stopped' case.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-26 14:11:36 -07:00
Tom Eastep
0287d96aa2
Finish filtering implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-26 13:38:44 -07:00
Tom Eastep
6c3163cc27
Routeback corrections
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-25 10:45:57 -07:00
Tom Eastep
e4d667ca6a
Add routeback protection
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 17:07:31 -07:00
Tom Eastep
bbe165c3cf
Bump version to Beta 5
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 11:40:11 -07:00
Tom Eastep
0beb327f0a
Rename audited actions and Macros
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 11:31:42 -07:00
Tom Eastep
84b844ae79
Implement -T option for compile and check
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 10:21:49 -07:00
Tom Eastep
ee98772349
Add -c to the start command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 09:13:02 -07:00
Tom Eastep
021048379f
Additions to the Beta 4 Documentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 08:54:43 -07:00
Tom Eastep
e6c1de3829
Correct ADrop action
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 07:47:42 -07:00
Tom Eastep
d4b2a462a2
Add audited actions to the .spec files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 07:30:46 -07:00
Tom Eastep
704f3fdd55
Document audited default actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 07:24:15 -07:00
Tom Eastep
c333368243
Create Audited versions of the IPv4 standard default actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 07:09:15 -07:00
Tom Eastep
f464ec5624
Fixes for AUDIT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 20:59:33 -07:00
Tom Eastep
016f7d9f2a
Yet more shorewall/shorewall6 unification
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 16:41:51 -07:00
Tom Eastep
a64d882a36
Apply Ed W's first patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 14:36:21 -07:00
Tom Eastep
c050b29985
Factor some similar code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 14:20:14 -07:00
Tom Eastep
0a11a0e2ad
Add xt_AUDIT to modules.xtables
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 12:08:51 -07:00
Tom Eastep
3ab35c65b0
Correct LEGACY_FASTSTART error messages in shorewall and shorwall6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 11:24:52 -07:00
Tom Eastep
15e9e3182d
Update copyrights
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 10:06:56 -07:00
Tom Eastep
31e74658c8
Update copyrights
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 09:51:51 -07:00
Tom Eastep
0704f7ca59
Clarify the problem corrected
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 09:25:19 -07:00
Tom Eastep
2d574fff10
Tweak wording
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 06:56:54 -07:00
Tom Eastep
7c250cd5b3
Clean up release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 06:55:54 -07:00
Tom Eastep
54f9a0e671
Correct and expand the Problems Corrected section of the release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 06:43:31 -07:00
Tom Eastep
3b28fcd566
Remove documentation disclaimer from release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 06:41:32 -07:00
Tom Eastep
485a7fb29d
Implement 'restart -c'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 06:39:26 -07:00
Tom Eastep
e95003b82a
Add FAKE_AUDIT option
2011-05-22 17:42:50 -07:00
Tom Eastep
5d04c93a16
Implement LEGACY_FASTSTART option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-22 15:36:29 -07:00
Tom Eastep
981b503fa4
Bump version to Beta 4
2011-05-22 11:05:22 -07:00
Tom Eastep
c56fe3448a
Update release documents
2011-05-22 11:03:57 -07:00
Tom Eastep
529e256856
Assigned unused dev numbers
2011-05-22 10:18:26 -07:00
Tom Eastep
db6091f101
Avoid dependence on 'make'
2011-05-22 09:47:57 -07:00
Tom Eastep
99cb09bd84
Documentation update 1 for AUDIT supportttt
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-21 16:25:38 -07:00
Tom Eastep
83cdf78b18
Replace A_* builtin actions with builtin targets
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-21 15:02:04 -07:00
Tom Eastep
d9b095bdea
Document new features
2011-05-21 12:07:23 -07:00
Tom Eastep
71ef1f48e2
Allow auditing of the builtin actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-21 10:38:25 -07:00
Tom Eastep
82d6a00c9e
Implement some extentions to AUDIT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-21 09:25:58 -07:00
Tom Eastep
61b5dbbb95
Eliminate cruft left over from when Action.pm and Policy.pm were folded into Rules.pm - Phase II
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 10:48:28 -07:00
Tom Eastep
f64e171c19
Eliminate cruft left over from when Action.pm and Policy.pm were folded into Rules.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 10:46:18 -07:00
Tom Eastep
ac2e9cce64
Shrink process_actions2 further.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 10:28:30 -07:00
Tom Eastep
676af32ebc
Simplify a loop in process_actions2()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 10:11:23 -07:00
Tom Eastep
7cbf113ba0
Simplify an RE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 08:33:36 -07:00
Tom Eastep
d15475efae
Cleanup of AUDIT before Beta 3
...
- Correct merge snafus
- Rename the new actions (e.g., ADROP->A_DROP)
- Correct MACLIST_DISPOSITION logic
2011-05-20 07:47:35 -07:00
Tom Eastep
e9df13a42b
Resolve merge conflicts
2011-05-19 15:10:22 -07:00
Tom Eastep
2e93b95afe
Clean up release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-19 14:57:16 -07:00
Tom Eastep
5e68dbfa9a
Complete first attempt at AUDIT support
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-19 12:06:43 -07:00
Tom Eastep
814494e277
More AUDIT changes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-19 08:35:40 -07:00
Tom Eastep
d2ab27c071
More AUDIT changes
2011-05-18 21:25:57 -07:00
Tom Eastep
ce8df2f66c
Revert "Bump version to Beta 3"
...
This reverts commit 465e729288
.
2011-05-18 17:50:12 -07:00
Tom Eastep
465e729288
Bump version to Beta 3
2011-05-18 17:08:07 -07:00
Tom Eastep
314921f766
Revert "Set quantum in subordinate SFQ class to the MTU for HFSC parents."
...
This reverts commit 5ab6f8e0e5
.
2011-05-18 11:13:50 -07:00
Tom Eastep
166d27f6d4
Minor tweak to blacklisting
...
Reverse order of tests for 'from' and 'src'.
Use equivalent logic for generating unknown option error
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-18 11:13:03 -07:00
Tom Eastep
5ab6f8e0e5
Set quantum in subordinate SFQ class to the MTU for HFSC parents.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-18 10:34:46 -07:00
Tom Eastep
0e59932b8d
Correct known problems
2011-05-18 10:14:20 -07:00
Tom Eastep
568e54b50d
Update version to Beta 2
2011-05-18 09:58:35 -07:00
Tom Eastep
e940f5018e
Implement whitelisting.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-18 08:30:01 -07:00
Tom Eastep
cec07a6be5
Don't apply HTB quantum to HFSC
2011-05-17 18:34:41 -07:00
Tom Eastep
8d12e13ff1
Improve wording in the change log
2011-05-17 13:55:00 -07:00
Tom Eastep
495aa9b9ac
Implement NFLOG accounting action.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-17 13:42:13 -07:00
Tom Eastep
fd70e73d34
Add ACCOUNTING_TABLE option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-17 12:51:33 -07:00
Tom Eastep
680ca519ed
Correct deletion of ipv6 'shorewall' chain
2011-05-17 11:33:56 -07:00
Tom Eastep
11ff245697
Don't generate refresh rules unless the command is 'refresh'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-16 13:08:32 -07:00
Tom Eastep
ffe7a1b777
Avoid inconsistencies and errors in refresh
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-16 11:34:41 -07:00
Tom Eastep
30f2fbff60
Issue warning on missing IPSET
2011-05-15 11:48:34 -07:00
Tom Eastep
72a330cba2
Don't emit degenerate tcfilters
2011-05-15 10:57:02 -07:00
Tom Eastep
e459fbf997
Don't allow non-leaf default class
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-15 10:56:46 -07:00
Tom Eastep
3f90f00081
Issue warnings and ignore non-leaf class in tcfilters and tcrules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-15 10:56:31 -07:00
Tom Eastep
7d25f6356b
Augment a comment
2011-05-15 08:45:41 -07:00
Tom Eastep
c247140063
Restore 'our' to a couple of exported variables in the Config module
2011-05-14 14:18:22 -07:00
Tom Eastep
00add745b7
Use -o when copying routing tables
2011-05-14 13:56:39 -07:00
Tom Eastep
05e385a748
Only use 'our' when required
2011-05-14 13:21:31 -07:00
Tom Eastep
0626594cda
Restore accuracy of tcclasses diagram
2011-05-14 09:27:51 -07:00
Tom Eastep
7327c24f14
Document that non-leaf tcrules and tcfilters are ignored
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-14 07:22:20 -07:00
Tom Eastep
5f4d40019e
Update release notes with relative/absolute path behavior.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-14 06:18:39 -07:00
Tom Eastep
f75961dc63
Ensure absolute path name in LIBEXEC and PERLLIB
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-14 05:31:19 -07:00
Tom Eastep
6d7ebb14b8
Update trunk's release notes and change log with 4.4.19.* corrections
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-13 13:14:29 -07:00
Tom Eastep
9ba9d40b77
More LIBEXEC/PERLLIB fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-12 07:42:09 -07:00
Tom Eastep
0614f61347
Fix PERLLIB
2011-05-11 12:58:57 -07:00
Tom Eastep
63d5171ae9
Correct typo
2011-05-11 12:44:48 -07:00
Tom Eastep
539e42aa2e
Correct earlier patch
2011-05-09 16:34:31 -07:00
Tom Eastep
bbab1c9682
Ensure USER/GROUP is only specified when SOURCE in $FW
2011-05-09 16:33:34 -07:00
Tom Eastep
359de906ca
Refinement to fix for double exclusion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-09 16:28:53 -07:00
Tom Eastep
1a48dd3eb9
Correct last merged patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-08 05:51:58 -07:00
Tom Eastep
93d8b538eb
Ensure route to gateway in the main table
2011-05-08 05:43:53 -07:00
Tom Eastep
a1bd664447
Fix issues with 'gawk'
2011-05-08 05:39:07 -07:00
Tom Eastep
afed909e52
Simplify the fix for double exclusion in ipset lists
2011-05-07 06:38:08 -07:00
Tom Eastep
0c59e0231d
Correct double-exclusion fix
2011-05-07 06:37:37 -07:00
Tom Eastep
58c25e8517
Let tcfilters deal correctly with hex device numbers
2011-05-05 10:12:20 -07:00
Tom Eastep
59ea511201
Complain if there is no default class defined
2011-05-05 10:12:14 -07:00
Tom Eastep
91d8f39f2e
Enforce limits on device and class numbers
2011-05-05 10:11:47 -07:00
Tom Eastep
349960294c
Detect double exclusion in ipset expressions
2011-05-05 10:11:30 -07:00
Tom Eastep
368fe46932
Correct Comment
2011-05-05 10:11:22 -07:00
Tom Eastep
d8c2845085
Back out part of TC change
2011-05-05 10:11:13 -07:00
Tom Eastep
9a95bad17e
Don't require '0x' on devnum > 10 in tcclasses
2011-05-05 10:06:55 -07:00
Tom Eastep
4300ef3ee2
Fix another couple of bugs with device numbers > 9
2011-05-05 10:06:41 -07:00
Tom Eastep
70151d453a
Update release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-02 10:16:23 -07:00
Tom Eastep
222c5dbf46
Normalize hex numbers before using them in string comparisons
2011-05-02 10:08:36 -07:00
Tom Eastep
e66d491f11
Correct patch for > 9 interfaces with tcfilters
2011-05-02 10:08:19 -07:00
Tom Eastep
bf10e104b7
Fix bug in tcfilters with device numbers > 9
2011-05-02 07:25:21 -07:00
Tom Eastep
d2407cb7a0
Don't allow IFB classes in tcrules
2011-05-02 07:23:28 -07:00
Tom Eastep
a0b00b4bd6
More fixes for TC
2011-05-01 21:24:52 -07:00
Tom Eastep
3bdde27bd1
Document TC Fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-01 06:42:37 -07:00
Tom Eastep
61c654634b
Correct some TC issues
2011-05-01 06:40:14 -07:00
Tom Eastep
4a4d74b52b
Document fix for IPSETs and ORIGINAL DEST
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-29 07:25:42 -07:00
Tom Eastep
27f1c494a0
Document restoration of IPSET use in ORIGINAL DEST
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-28 12:25:07 -07:00
Tom Eastep
e2b1069c1c
Support ipsets in the ORIGINAL DEST column for DNAT and REDIRECT rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-28 12:22:26 -07:00
Tom Eastep
59024ff49d
Delete some blank lines
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-24 08:29:28 -07:00
Tom Eastep
67e920eb53
Use del/add for provider ipv6 routes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-19 10:56:59 -07:00
Tom Eastep
1bcba8bbc7
Update version of changed Perl modules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-19 10:02:29 -07:00
Tom Eastep
ec8bb8049a
Delete/Add routes for NDP rather than replace
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-19 09:40:24 -07:00
Tom Eastep
cdf2014ce2
Apply Togan's patch with fixes
...
/sbin/shorewall and /sbin/shorewall6 modified
uninstallers modified
Additional installer changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-17 11:20:26 -07:00
Tom Eastep
aca5b33858
Backout my start for a fix for Togan's patch
2011-04-17 09:06:13 -07:00
Tom Eastep
97b7856380
Reverse Togan's patch -- it is woefully incomplete
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-17 07:55:30 -07:00
Tom Eastep
46191c9f87
Re-bump versions
2011-04-16 09:15:29 -07:00
Tom Eastep
1430856164
Re-apply Togun's Patch
2011-04-16 08:51:19 -07:00
Tom Eastep
1a0388080f
Initiate 4.4.20
...
Update versions
Update release documents
Apply Togan Muftuoglu's change to increase installation flexibility
2011-04-16 08:31:46 -07:00
Tom Eastep
4f5970b5f2
Use 'ip route list' rather than 'ip route ls' for busybox compatability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-15 11:15:32 -07:00
Tom Eastep
5126c439a4
Fix a progress message in the installer.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-15 11:06:45 -07:00
Tom Eastep
d42a65fd11
Correct one more default route save/restore defect
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-15 07:09:34 -07:00
Tom Eastep
0b18c37a91
Fix install.sh bug
2011-04-14 17:00:35 -07:00
Tom Eastep
f2acf4bfe5
Fix install.sh bug
2011-04-14 16:55:56 -07:00
Tom Eastep
4c1fbb67e4
Update release documents
2011-04-14 15:20:15 -07:00
Tom Eastep
dff405683c
Correct default route save/restore
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-14 12:25:33 -07:00
Tom Eastep
96af7bfed6
Fix the prior commit
2011-04-13 17:56:15 -07:00
Tom Eastep
9a8f411531
Update version to 4.4.19.1 and document corrected problems
2011-04-13 17:22:07 -07:00
Tom Eastep
9008cd960c
Fix a silly masq bug
2011-04-13 17:01:22 -07:00
Tom Eastep
16276b9900
Don't assume that all nexthop routes are default routes
2011-04-13 13:57:22 -07:00
Tom Eastep
a0b16e2803
Delete duplicate rule
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-13 06:56:17 -07:00
Tom Eastep
5919c234f4
Update version of IPAddrs.pm
2011-04-12 07:21:24 -07:00
Tom Eastep
53571043c0
Fix another proto editing defect
2011-04-11 17:18:39 -07:00
Tom Eastep
18f4b11b09
Don't allow '\!0' in the PROTO column
2011-04-11 16:25:19 -07:00
Tom Eastep
73754521b1
Correct Perl module versions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-11 15:05:18 -07:00
Tom Eastep
5734c84499
Documentation updates
2011-04-11 09:37:50 -07:00
Tom Eastep
0b17136780
Consolidate corrected problem list
2011-04-11 07:22:30 -07:00
Tom Eastep
57165c6551
Document fix for split_line().
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-10 15:25:35 -07:00
Tom Eastep
ca46052410
Fix file name in split_line error message for proxyndp file
2011-04-10 13:19:42 -07:00
Tom Eastep
512008170d
Revert "Fold some long lines"
...
This reverts commit 3674cfd387
.
2011-04-10 11:20:50 -07:00
Tom Eastep
3674cfd387
Fold some long lines
2011-04-10 10:10:00 -07:00
Tom Eastep
8abc78331b
Two minor cosmetic changes
2011-04-10 09:52:00 -07:00
Tom Eastep
2a34a30b42
Update release documents
2011-04-09 10:32:18 -07:00
Tom Eastep
1be89edb49
Version to 4.4.19
2011-04-09 07:58:13 -07:00
Tom Eastep
2ee452794e
Add a corrected problem (shell metacharacters in variable values)
2011-04-08 07:57:12 -07:00
Tom Eastep
92611d6789
A couple of tweaks before releasing RC1
2011-04-08 07:50:54 -07:00
Tom Eastep
cafb810b63
Update release documents
2011-04-06 17:07:05 -07:00
Tom Eastep
7ab55f4217
Ensure that the PREROUTING->dnat jump is added when a wildcard interface is present
2011-04-06 15:14:39 -07:00
Tom Eastep
755c3cfd80
Quote param values that include shell metacharacters
2011-04-06 14:52:32 -07:00
Tom Eastep
e653a34865
Fix man page typo (CLEAR_FORWARD_MARK -> FORWARD_CLEAR_MARK)
2011-04-06 10:46:47 -07:00
Tom Eastep
6626ef06fb
Fix yet another optimizer bug
2011-04-06 10:10:42 -07:00
Tom Eastep
81437b2bb1
Don't mention downloads in the complex TC doc
2011-04-04 19:01:06 -07:00
Tom Eastep
159c871f18
Make simple TC work with both IPv4 and IPv6
2011-04-04 09:55:45 -07:00
Tom Eastep
a927ccf410
Correct typo in release notes
2011-04-04 09:29:45 -07:00
Tom Eastep
7466895919
Revert tcpri change
2011-04-04 09:14:46 -07:00
Tom Eastep
3730283b64
Move and correct EXPORTMODULES in shorewall6.conf manpage
2011-04-04 08:32:18 -07:00
Tom Eastep
3b0da84b8d
Exit POSTROUTING early if a mark is restored
2011-04-04 08:19:58 -07:00
Tom Eastep
10cc400cfd
Display mangle table in the output of 'shorewall show tc'
2011-04-04 08:19:36 -07:00
Tom Eastep
c1160ec076
Version to RC1
2011-04-03 15:54:36 -07:00
Tom Eastep
1b9b6b6467
Correct release notes
2011-04-03 13:21:07 -07:00
Tom Eastep
8609c97d1c
Version to Beta 5
2011-04-03 10:30:33 -07:00
Tom Eastep
86f4d3bad6
Revert "Set version RC1"
...
This reverts commit ae9558c7c6
.
2011-04-03 10:28:20 -07:00
Tom Eastep
ae9558c7c6
Set version RC1
2011-04-03 10:04:53 -07:00
Tom Eastep
9f5783ca26
Set version to RC1
2011-04-03 10:01:01 -07:00
Tom Eastep
cc633c5bd9
Shorewall 4.4.19 Changes
2011-04-03 09:56:30 -07:00
Tom Eastep
2029978050
Document fix for icmps in tcfilters.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-03-19 14:32:12 -07:00
Tom Eastep
26e7f86c87
Fix icmp u32 match with type/code
2011-03-19 14:29:03 -07:00
Tom Eastep
6fe64e3dfa
Update to 4.4.18.1
2011-03-19 14:22:52 -07:00
Tom Eastep
895dbfc6dc
Document changed to TC_PRIOMAP editing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-03-17 11:57:01 -07:00
Tom Eastep
742aa95660
Tighten editing of TC_PRIOMAP value
2011-03-17 11:50:13 -07:00
Tom Eastep
965ab0257f
Correct fix for Tuomo's problem
2011-03-13 15:24:48 -07:00
Tom Eastep
f5d06024fc
Bump version to 4.4.18.1
2011-03-13 07:56:12 -07:00
Tom Eastep
8383a6e75a
Eliminate extra newline in WARNING message
2011-03-13 07:52:25 -07:00
Tom Eastep
68b15c9544
Fix for Tuomo's params issue
2011-03-13 07:47:06 -07:00
Tom Eastep
bd8dc9d381
Document fix for interfaces/tcfilters
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-03-03 07:44:37 -08:00
Tom Eastep
57f1a0fa34
Accomodate tcfilters entries for non-present interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-03-03 07:44:12 -08:00
Tom Eastep
0283a8eeec
Fix for previous commit
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-03-03 07:43:37 -08:00
Tom Eastep
87240b00c9
Update version of the Tc module
2011-03-02 07:52:38 -08:00
Tom Eastep
1bbd963c3f
Bump version to 4.4.18
2011-03-02 07:43:03 -08:00