Tom Eastep
a990ceecba
Clarify ipsets WRT xtables-addons.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-08 08:18:00 -08:00
Tom Eastep
50030bcc2d
Revert "Don't allow routes to be added to non-Provider tables."
...
This reverts commit 6f9a1ba29d
.
2013-03-08 06:55:12 -08:00
Tom Eastep
8eacbe287b
Correction to MULTIPORT patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 18:11:59 -08:00
Tom Eastep
6f9a1ba29d
Don't allow routes to be added to non-Provider tables.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 17:18:57 -08:00
Tom Eastep
6ba02c4a24
Merge branch 'master' into 4.5.14
...
Conflicts:
Shorewall/Perl/Shorewall/Providers.pm
2013-03-07 08:29:30 -08:00
Tom Eastep
c4f0be96ac
Require that interfaces in the COPY column be known.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 07:32:56 -08:00
Tom Eastep
7da10ff923
Additional change to copy blackhole routes.
...
- Add 'blackhole' to the outer case statement
- Add RFC1918 blackhole routes before starting providers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 07:01:58 -08:00
Tom Eastep
ace9a49106
Allow addition of blackhole routes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 07:01:41 -08:00
Tom Eastep
7f2c933cb3
Copy blackhole routes to secondary tables.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 07:01:18 -08:00
Tom Eastep
f091935f96
Merge branch 'FETCH_HEAD'
2013-03-07 06:53:44 -08:00
Tom Eastep
5aa731e963
Additional change to copy blackhole routes.
...
- Add 'blackhole' to the outer case statement
- Add RFC1918 blackhole routes before starting providers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 06:52:16 -08:00
Tom Eastep
5e0749da3c
New approach to copying blackhole routes to secondary routing tables.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 20:02:48 -08:00
Tom Eastep
06e7f297f7
Allow addition of blackhole routes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 11:48:09 -08:00
Tom Eastep
216029c3a9
Copy blackhole routes to secondary tables.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 11:04:23 -08:00
Tom Eastep
ec5e1b54c1
Correct COPY description in the multi-ISP document.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 08:28:18 -08:00
Tom Eastep
e12bc47546
Remove duplicate interface names in generated case statement.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 08:28:12 -08:00
Tom Eastep
384c179dd6
Avoid duplicate echo command in generated script.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 08:28:03 -08:00
Tom Eastep
ef291b79d5
Correct COPY description in the multi-ISP document.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 07:56:42 -08:00
Tom Eastep
32b2030e59
Remove duplicate interface names in generated case statement.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 07:03:41 -08:00
Tom Eastep
0bb62ed290
Avoid duplicate echo command in generated script.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 06:12:43 -08:00
Tom Eastep
6ffedae4fb
Document '=' in the SOURCE PORT(S) column of shorewall-tcrules(5)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-05 08:39:14 -08:00
Tom Eastep
631c1ac843
Mention the multiport match requirement for '='
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-04 12:53:00 -08:00
Tom Eastep
49918b654e
Support '=' in SOURCE PORT(S) columns
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-04 09:56:10 -08:00
Tom Eastep
fbfd265c0d
Merge branch 'FETCH_HEAD'
...
Conflicts:
Shorewall/Perl/Shorewall/Chains.pm
2013-03-03 17:50:16 -08:00
Tom Eastep
0857eb27d5
Another case of detecting invalid server IP address.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-02 09:08:13 -08:00
Tom Eastep
69f6149d4c
Detect missing, NIL or ALL server IP address in a DNAT rule.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-02 09:00:08 -08:00
Tom Eastep
5ca3b795fc
Correct IPv6 REDIRECT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-01 16:44:49 -08:00
Tom Eastep
9499a47a0d
Revert "Use '--to-dest' for IPv6 rather than '--to-destination'"
...
This reverts commit c9d8c22b60
.
2013-03-01 10:44:40 -08:00
Tom Eastep
c9d8c22b60
Use '--to-dest' for IPv6 rather than '--to-destination'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-01 09:03:22 -08:00
Tom Eastep
8960f72532
Handle DNAT with no port correctly.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-01 07:58:58 -08:00
Tom Eastep
252dd9b676
Correct SUBSYSLOCK setting in shorewall6.conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-28 07:45:17 -08:00
Tom Eastep
ee091d09eb
Allow ports with UDPLITE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-28 06:27:51 -08:00
Tom Eastep
22c614d30b
Don't allow :persistent in a MASQUERADE rule.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-27 12:48:27 -08:00
Tom Eastep
418034579f
Support IPv6 Masquerade
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-27 09:25:26 -08:00
Tom Eastep
78babf0941
Fixes for IPv6 DNAT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-26 10:24:25 -08:00
Tom Eastep
45d53bdb1d
Delete superfluous statement.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-25 17:50:33 -08:00
Tom Eastep
fb17de0595
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2013-02-25 17:29:49 -08:00
Tom Eastep
6ed1caedd0
Validate IPv4 port range in ADDRESSES column
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-25 17:29:33 -08:00
Tom Eastep
1d4f189b5f
Don't allow interior brackets in an address range.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-25 17:26:17 -08:00
Tom Eastep
7006c62892
Correct port pair handling in the snat ADDRESS column.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-25 15:31:36 -08:00
Tom Eastep
6b825abeb4
Catch ::<port-range> in /etc/shorewall6/snat
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-25 13:41:43 -08:00
Tom Eastep
f2ee46b83e
Correct IPv6 address range parsing in handle_one_masq1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-25 13:37:22 -08:00
Tom Eastep
e873cb28f4
Correctly handle a port number/range with an address variable
...
- ADDRESSES column of the masq/snat files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-25 08:00:15 -08:00
Tom Eastep
de1a5a8024
Handle SNAT 'ADDRESS' without enclosing [...]
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-25 06:42:19 -08:00
Tom Eastep
34c6013f1b
Handle missing provider in a masq/snat entry.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-24 08:12:02 -08:00
Tom Eastep
40865dce4d
Correct 'not running' error message in enable/disable commands.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-23 16:32:17 -08:00
Tom Eastep
82f9ba8bb7
Correct detection of IPv6 PERSISTENT_SNAT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-23 12:59:38 -08:00
Tom Eastep
6035d49ede
Correct NAT capability required error message.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-23 11:57:32 -08:00
Tom Eastep
67ef1f8b93
Correct detection of IPv6 NAT_ENABLED.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-23 11:57:07 -08:00
Tom Eastep
8ed6642387
Modify reload_command() and export_command() to directly call compiler()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-22 16:15:41 -08:00