Commit Graph

9430 Commits

Author SHA1 Message Date
Tom Eastep
a56a9d77d1 Fix log reading in the -lite packages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-02 07:47:38 -07:00
Tom Eastep
f9af35ffbe Document -lite fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-02 07:22:37 -07:00
Tom Eastep
87dbf42bad Clamp VERBOSITY to valid range
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 13:56:44 -07:00
Tom Eastep
38ea8159d4 Correct Debian Lite init scripts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 13:56:06 -07:00
Tom Eastep
b27fd07e9f Don't indent the embedded scfilter file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 13:20:36 -07:00
Tom Eastep
5b86cbdabf Document scfilter in the Extensions Scripts Doc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 12:29:41 -07:00
Tom Eastep
ac71868cc1 Package the scfilter along with the generated script for -lite
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 10:59:15 -07:00
Tom Eastep
91dbae9476 Remove requirement that scfilter be executable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 09:53:54 -07:00
Tom Eastep
6e9fc12517 Update version to Beta 4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 09:31:11 -07:00
Tom Eastep
468af44876 Add support for 'scfilter' script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 09:15:58 -07:00
Tom Eastep
2fa7e11976 Add 'scfilter' extension script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 07:38:14 -07:00
Tom Eastep
3898edfddb Make 'show connections' work on ancient distros 2010-09-30 17:18:58 -07:00
Tom Eastep
077aa18a2d Update release notes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-30 15:03:02 -07:00
Tom Eastep
e795a9995b Update release documents
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-30 14:17:51 -07:00
Tom Eastep
1218ccf0cb More optimization performance improvements
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-30 14:15:19 -07:00
Tom Eastep
252a9f2205 More speedup of optimization level 8
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-29 13:30:10 -07:00
Tom Eastep
46f1074422 Reduce the cost of optimization substantially.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-29 11:54:39 -07:00
Tom Eastep
8017f603a0 Add progress message for each optimization pass.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 12:20:35 -07:00
Tom Eastep
6171d938f7 Correction to last change -- move two declarations to an outer block.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 12:20:06 -07:00
Tom Eastep
48c3200a5a Issue error message when required file is missing or has zero size.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 11:22:47 -07:00
Tom Eastep
68f537ac5b Bypass processing logic when an optional config file is absent.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 10:48:44 -07:00
Tom Eastep
47fbc83419 Don't add trailing whitespace to DNAT/REDIRECT target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 09:27:42 -07:00
Tom Eastep
468c918121 Correct grammar in FAQ 92 2010-09-28 08:05:18 -07:00
Tom Eastep
a7be406fb9 Add FAQ 92 2010-09-28 08:04:02 -07:00
Tom Eastep
91aabfc078 Revise fix for extraneous progress messages 2010-09-27 16:18:11 -07:00
Tom Eastep
0109b8113a Prevent random progress messages during compilation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 15:56:22 -07:00
Tom Eastep
75d50d126c Make zones with 'mss' complex.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 13:57:56 -07:00
Tom Eastep
489364a1a0 Correct zone manpages re: blacklist vs zone type
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 13:57:03 -07:00
Tom Eastep
f7eb3c3d8c Periodic elimination of trailing white space
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 11:16:18 -07:00
Tom Eastep
f33912d5f7 Correct/update release notes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 09:11:17 -07:00
Tom Eastep
ac646930a3 Tighter validation of ipset names in the hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-26 08:36:27 -07:00
Tom Eastep
066c772fcd Correct minor issue with previous error message improvement change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-26 08:28:25 -07:00
Tom Eastep
0becb39202 Bump version to Beta 3
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-26 08:15:32 -07:00
Tom Eastep
2828b65326 Improve error message generated when a token beginning with '+' reaches validate_net()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-26 07:56:55 -07:00
Tom Eastep
74f1cb2443 Mention maclist file in shorewall-ipsets(5) 2010-09-25 16:07:56 -07:00
Tom Eastep
f07ec1e9d3 Clean up untidiness where Shorewall6 tries to start on a system with an old kernel
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-25 08:46:14 -07:00
Tom Eastep
a79a8d4acc Document that ipset multi-match may not be used in the hosts file 2010-09-24 15:44:44 -07:00
Tom Eastep
e018ee6adc Don't create <zone>_frwd when unnecessary
- Set the zone {complex} flag based on ipsec options rather than the presense of any options.
- Generate forwarding blacklist rules in lieu of creating<zone>_frwd

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-24 15:25:57 -07:00
Tom Eastep
b5fdb089bc Fix syntax error in blacklist fix 2010-09-24 13:42:05 -07:00
Tom Eastep
0768235278 Correct blacklisting in simple configurations
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-24 13:41:54 -07:00
Tom Eastep
03161ed57d Bump version to 4.4.14 Beta 2 2010-09-23 19:33:37 -07:00
Tom Eastep
0f4d8eb929 Use 'conntrack' for 'show connections' 2010-09-23 19:08:40 -07:00
Tom Eastep
611c33e052 Add rule order warning to secmark manpages 2010-09-23 11:31:56 -07:00
Tom Eastep
6702fbbd40 Make timestamps in log uniform 2010-09-23 07:40:27 -07:00
Tom Eastep
2c7b1b5d7b Add more comments 2010-09-22 15:26:01 -07:00
Tom Eastep
9d5642aedd Update Version to 4.4.14-Beta1 2010-09-21 11:34:26 -07:00
Tom Eastep
26ec7cee1d Update ipset doc with multiple match syntax 2010-09-21 06:59:55 -07:00
Tom Eastep
dbd7914ee6 More fiddling with move_rules()
- Assert that the chain being moved has no blacklist jumps
- delete duplicate rules in case the destination chain has such a jump
2010-09-20 18:00:39 -07:00
Tom Eastep
c21a4d786d add ipset manpage to the index 2010-09-20 16:00:19 -07:00
Tom Eastep
6069d8d509 Add shorewall-ipsets(5) to See Also 2010-09-20 15:37:42 -07:00