Tom Eastep
8ac754caed
Add 'origin' member to the interface and hosts tables
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-21 17:08:19 -08:00
Tom Eastep
1abb77d66d
Remove restrictions on -m geoip
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-18 22:30:15 -08:00
Tom Eastep
a28f3012d5
Correct $VERSION setting in Raw.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-18 09:38:35 -08:00
Tom Eastep
7d443b5e2e
Eliminate return value from process_action()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-18 09:08:35 -08:00
Tom Eastep
a945b3e0dd
Tweak the process_action() changes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 17:03:46 -08:00
Tom Eastep
ec6c233666
Centralize Rules module handling of @CALLER in actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 16:29:35 -08:00
Tom Eastep
4059e9de95
Clean up use_policy_action()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 12:35:12 -08:00
Tom Eastep
1ee645cd79
Another determinism fix -- red and codel options are now sorted
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 09:50:34 -08:00
Tom Eastep
1fedb26f1d
Handle @CALLER in policy chains
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 09:42:01 -08:00
Tom Eastep
031371f259
Improve maintainability of action-tuple code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-16 17:26:16 -08:00
Tom Eastep
742c15b289
Improve @CALLER fix to create unique chains per caller
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-16 17:12:03 -08:00
Tom Eastep
726d1492cd
Correct error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-13 17:08:57 -08:00
Tom Eastep
12513e24a3
Revert "Implement dynamic actions"
...
This reverts commit 8075ba719a
.
2016-01-13 11:04:41 -08:00
Tom Eastep
21765d618d
Create unique chains when @caller is used
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-13 11:04:23 -08:00
Tom Eastep
de21c59885
Correct hashlimit in logging rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-13 09:49:22 -08:00
Tom Eastep
8075ba719a
Implement dynamic actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-13 09:33:38 -08:00
Tom Eastep
3828eb856b
Rename HADIVERT to DIVERTHA
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-08 15:36:10 -08:00
Tom Eastep
ad2f20b824
Finish HAProxy support
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-06 09:12:33 -08:00
Tom Eastep
4c33c2b957
Add support for HAProxy
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-06 08:27:50 -08:00
Tom Eastep
2f59ea5ca3
Implement the WAIT_OPTION capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-05 09:28:24 -08:00
Tom Eastep
e695e08009
A couple of corrections to the IP[6]TABLE transparency change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-04 14:13:58 -08:00
Tom Eastep
c91b78a875
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2016-01-04 13:10:48 -08:00
Tom Eastep
70a9240de6
Make IP[6]TABLES transparent
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-04 13:10:03 -08:00
Tom Eastep
06dd5dc38f
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2016-01-02 12:37:43 -08:00
Tom Eastep
fad41e262a
Support the DROP command in the mangle file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-02 12:36:38 -08:00
Tom Eastep
694dc64900
Allow comma in disposition when LOGTAGONLY=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-23 09:06:43 -08:00
Tom Eastep
54b6488113
Allow a timeout to be specified in ADD rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-23 08:24:00 -08:00
Tom Eastep
8429f68897
Handle MAC addresses in IPv6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-07 15:15:28 -08:00
Tom Eastep
3ddc2a8f8b
Add parentheses for readability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-07 08:02:35 -08:00
Tom Eastep
e75c88219f
Start optional interfaces when there are no providers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-05 18:07:31 -08:00
Tom Eastep
460f4bc5b7
Correct defect in processing the 'persistent' route option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 08:15:10 -07:00
Tom Eastep
5a3589b9a6
Add some comments in get_params()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-30 08:18:45 -07:00
Tom Eastep
3973cdf0da
Merge branch '5.0.1'
2015-10-28 14:35:27 -07:00
Tom Eastep
e39d405e86
More tweaks to params processing and exporting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-28 14:33:55 -07:00
Tom Eastep
239560be8d
Add Cygwin-specific code in get_params()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-28 13:47:40 -07:00
Tom Eastep
3873ebe06a
More param handling fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-28 09:37:52 -07:00
Tom Eastep
081cf30447
Don't export variables with parentheses in their names
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-27 17:45:22 -07:00
Tom Eastep
c2768a2d64
Correct error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-26 13:08:09 -07:00
Tom Eastep
4f4358d4db
Correct error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-26 13:07:40 -07:00
Tom Eastep
f822afef99
Issue warning if a persistent provider isn't optional
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-26 13:07:28 -07:00
Tom Eastep
56bf8b1572
Don't configure persistence if the interface has no address
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-26 07:42:47 -07:00
Tom Eastep
69dd7ce0b9
Add 'persistent' provider option - Phase II
...
- Also allow the creation of 'persistent' routing rules and routes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-25 16:45:11 -07:00
Tom Eastep
46c3db4f32
Add 'persistent' provider option - Phase I
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-22 06:58:32 -07:00
Tom Eastep
8dc16268a7
Delete main default routes when there are 'load=' or 'fallback=' interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-13 09:34:58 -07:00
Tom Eastep
7388ff5154
Fix RESTART
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-12 14:08:24 -07:00
Tom Eastep
72d4637c22
Replace LEGACY_RESTART with RESTART
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-12 11:45:58 -07:00
Tom Eastep
bb538a7c10
Merge branch 'master' into 5.0.0
...
Conflicts:
Shorewall-core/lib.common
Shorewall-core/shorewallrc.debian.systemd
Shorewall-lite/shorewall-lite.service.debian
Shorewall/Perl/Shorewall/Chains.pm
Shorewall/Perl/Shorewall/Compiler.pm
Shorewall/Perl/Shorewall/Config.pm
Shorewall/Perl/Shorewall/Misc.pm
Shorewall/Perl/Shorewall/Raw.pm
Shorewall/Perl/Shorewall/Tc.pm
Shorewall/Perl/compiler.pl
Shorewall/Perl/prog.footer
Shorewall/lib.cli-std
Shorewall/manpages/shorewall-mangle.xml
Shorewall/manpages/shorewall.conf.xml
Shorewall/manpages/shorewall.xml
Shorewall/shorewall.service.debian
Shorewall6-lite/shorewall6-lite.service.debian
Shorewall6/manpages/shorewall6-mangle.xml
Shorewall6/manpages/shorewall6.conf.xml
Shorewall6/manpages/shorewall6.xml
Shorewall6/shorewall6.service.debian
docs/MultiISP.xml
docs/Shorewall_Squid_Usage.xml
2015-10-12 10:55:36 -07:00
Tom Eastep
97e821d12d
Use %e rather than %_d for busybox compatibility
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-08 13:16:32 -07:00
Tom Eastep
af18896851
Remove options from 'update' warning messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-05 08:19:09 -07:00
Tom Eastep
85e44c70eb
Add the Meta-connection to Tinc
...
- Both the macro and the tunnel type are updated
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-17 09:17:35 -07:00
Tom Eastep
888444f210
Add the Meta-connection to Tinc
...
- Both the macro and the tunnel type are updated
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-17 09:16:33 -07:00
Tom Eastep
03d99de8d5
Correct handling of reset
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-11 15:02:32 -07:00
Tom Eastep
1b571f3d86
Correct the reset command
...
- Also allow chain names to be specified a la the refresh command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-11 14:16:16 -07:00
Tom Eastep
7be4190e4c
Man page updates for the PROBABILITY column in the masq files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-08 18:00:53 -07:00
Tom Eastep
ddb325a662
Code changes for a PROBABILITY column in the masq file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-08 17:20:46 -07:00
Tom Eastep
e8ebfb5a11
Correct PSH,FIN check
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-07 15:46:14 -07:00
Tom Eastep
242080c59c
Rename SMALL_MASK to SMALL_MAX
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-07 13:10:44 -07:00
Tom Eastep
0aa5cb5086
Allow non-experts to use the user bits in the fw mark
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-07 11:35:47 -07:00
Tom Eastep
4b14924b99
Allow non-experts to use the user bits in the fw mark
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-07 11:29:24 -07:00
Tom Eastep
17d1caf8c5
Allow tags in global LOG_LEVELs
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-06 16:08:59 -07:00
Tom Eastep
fcd5b30ca8
Add FIN,RST and PSH,FIN to the tcpflags set
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-06 11:49:29 -07:00
Tom Eastep
e6ec52c711
Move a line of code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-06 10:33:36 -07:00
Tom Eastep
eddd58d459
Move a line of code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-06 10:33:09 -07:00
Tom Eastep
1bf13e5fda
Provide default for SHOREWALL_SHELL
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-06 10:29:36 -07:00
Tom Eastep
dbf2c89083
Provide default for SHOREWALL_SHELL
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-06 10:28:44 -07:00
Tom Eastep
6554f7fe28
Disable bare SECTION in the rules file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-04 11:16:07 -07:00
Tom Eastep
8f86e2df19
Correct typo
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-02 13:07:33 -07:00
Tom Eastep
59aeafba3a
Delimit inline matches by ';;'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-02 10:24:31 -07:00
Tom Eastep
9e98d30c92
Correct handling of log levels with default actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-02 08:55:18 -07:00
Tom Eastep
582755edf4
Unconditionally get inline matches
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-02 08:03:22 -07:00
Tom Eastep
c6ec9990e7
Unconditionally get inline matches
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-02 08:02:02 -07:00
Tom Eastep
dea1f853ea
Correct progress messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-01 12:42:01 -07:00
Tom Eastep
a30708519d
Correct progress messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-01 11:57:28 -07:00
Tom Eastep
f5d9e87c59
Remove anacronistic logic from the Rules module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 16:02:22 -07:00
Tom Eastep
ed90360b4c
Remove all of the update-specific options from the update command
...
Leave -i and -A
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 14:21:41 -07:00
Tom Eastep
6a374b80e0
Correct INLINE handling
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 12:36:05 -07:00
Tom Eastep
9638033e24
Cosmetic changes to first_entry() calls
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
Conflicts:
Shorewall/Perl/Shorewall/Tc.pm
2015-08-31 11:33:32 -07:00
Tom Eastep
87ef6f730f
Correct a typo
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 11:21:37 -07:00
Tom Eastep
53223e1440
Uniform mechanism for inserting conversion comments
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
Conflicts:
Shorewall/Perl/Shorewall/Tc.pm
2015-08-31 11:21:18 -07:00
Tom Eastep
9b886a99af
Fix $convert/$tcrules mess
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
Conflicts:
Shorewall/Perl/Shorewall/Tc.pm
2015-08-31 11:19:42 -07:00
Tom Eastep
c77d18965a
Place a header in a created mangle file during update -t
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
Conflicts:
Shorewall/Perl/Shorewall/Tc.pm
2015-08-31 11:16:45 -07:00
Tom Eastep
5a6586e06c
Don't enforce FASTACCEPT/BLACKLISTNEWONLY on convert
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 11:14:49 -07:00
Tom Eastep
df73f4b925
Assume EXPORTMODULES=No if it doesn't exist in old file during update
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 11:14:26 -07:00
Tom Eastep
be81ace811
Read capabilities file before the .conf file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 11:11:25 -07:00
Tom Eastep
e15a6f452e
Cosmetic changes to first_entry() calls
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 10:54:30 -07:00
Tom Eastep
656eaabce9
Correct a typo
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 09:39:40 -07:00
Tom Eastep
f42dc6def1
Uniform mechanism for inserting conversion comments
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-30 15:35:05 -07:00
Tom Eastep
6e303aef69
Fix $convert/$tcrules mess
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-29 18:52:11 -07:00
Tom Eastep
ab260dc5b1
Place a header in a created mangle file during update -t
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-29 12:52:21 -07:00
Tom Eastep
55ab498291
Don't enforce FASTACCEPT/BLACKLISTNEWONLY on convert
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-29 12:51:52 -07:00
Tom Eastep
de74273dbb
Assume EXPORTMODULES=No if it doesn't exist in old file during update
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-27 15:15:03 -07:00
Tom Eastep
af1e2f6c8b
Read capabilities file before the .conf file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-27 11:26:26 -07:00
Tom Eastep
dc2406d25b
update -t also converts the 'tos' file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 13:51:02 -07:00
Tom Eastep
e0734a45ee
Allow 'seconds' and 'minutes' in LOGLIMIT specifications
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 12:53:36 -07:00
Tom Eastep
28df894add
Improve 'update'
...
- convert BLACKLISTNEWONLY
- convert LOGRATE and LOGBURST
- default USE_DEFAULT_RT to No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 12:50:56 -07:00
Tom Eastep
b0bf726c7e
Let 'update' default USE_DEFAULT_RT to 'No'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 12:40:16 -07:00
Tom Eastep
ad06ec3eef
Correct IPV6 range parsing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 11:52:51 -07:00
Tom Eastep
71611233fb
Correct IPV6 range parsing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 11:51:29 -07:00
Tom Eastep
7a98c7b9e5
More 'update' fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-25 15:55:49 -07:00
Tom Eastep
dc73832570
Delete unneeded 'my'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-25 14:36:53 -07:00
Tom Eastep
f5d1ec0243
Delete EXPORTPARAMS from %config
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-25 14:36:14 -07:00
Tom Eastep
f9ae28aeea
The -t option also converts the 'tos' file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-24 14:56:24 -07:00
Tom Eastep
f4776bf388
Eliminate WIDE_TC_MARKS, HIGH_ROUTE_MARKS and BLACKLISTNEWONLY
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-21 12:42:19 -07:00
Tom Eastep
80acdd2836
Disallow bare COMMENT, SECTION and FORMAT lines
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-21 11:18:40 -07:00
Tom Eastep
40d1d86d2c
Drop support for the 'tos' file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 15:35:03 -07:00
Tom Eastep
5af5c67c75
Update a message to refer to the 'mangle' file rather than 'tcrules'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 14:54:54 -07:00
Tom Eastep
7956c5f6e0
Update a message to refer to the 'mangle' file rather than 'tcrules'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 14:48:29 -07:00
Tom Eastep
82330395e9
Correct grammer in an error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 09:25:32 -07:00
Tom Eastep
9f2958fd27
Correct wording of an error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 09:21:20 -07:00
Tom Eastep
39982c20c4
Restore the text of tcrules warning message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 12:34:35 -07:00
Tom Eastep
2b1f33c391
Don't unlink the tcrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 11:48:23 -07:00
Tom Eastep
1c33717cf5
Reverse the change to delete host routes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 11:06:28 -07:00
Tom Eastep
cd8fe38c85
Delete host routes added to the main routing table for providers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 10:44:37 -07:00
Tom Eastep
d525419c65
Correct wording of an error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 10:44:00 -07:00
Tom Eastep
9d3f35a22d
Enable new update options in compiler.pl
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-16 11:57:36 -07:00
Tom Eastep
6bdf90631c
Fix a couple of bugs in 5.0.0
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-16 10:05:21 -07:00
Tom Eastep
c604823053
Default to FORMAT-2 macros and actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 16:11:41 -07:00
Tom Eastep
12f8cbae29
Correct the test for the existence of the routestopped file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 15:29:52 -07:00
Tom Eastep
4de6638385
Correct handling of termination after .conf file not updated
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 09:32:27 -07:00
Tom Eastep
0cef7fad35
Add conversion version and date to the converted files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 09:32:17 -07:00
Tom Eastep
ea2a35415e
Correct convert_blacklist()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 09:32:01 -07:00
Tom Eastep
4cc7a1b87d
Correct tcrules update
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
Conflicts:
Shorewall/Perl/Shorewall/Tc.pm
2015-08-14 09:31:36 -07:00
Tom Eastep
7c2a969de0
Correct handling of notrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 09:26:45 -07:00
Tom Eastep
fd46c0ffed
Correct handling of termination after .conf file not updated
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-13 15:42:38 -07:00
Tom Eastep
60acddbb37
Add conversion version and date to the converted files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-13 14:37:13 -07:00
Tom Eastep
306dc34b31
Correct convert_blacklist()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-13 13:22:14 -07:00
Tom Eastep
f5c6a6fe82
Correct tcrules update
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-13 13:21:51 -07:00
Tom Eastep
af2b7910bd
Port update changes from 5.0.0
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-12 12:33:09 -07:00
Tom Eastep
2ab8bd3040
More update fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-09 14:31:47 -07:00
Tom Eastep
0d635632e3
Add conversion of notrack to conntrack
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-08 16:46:58 -07:00
Tom Eastep
fb2d261cdb
More Fixes for update
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-08 12:42:32 -07:00
Tom Eastep
88f9a3e255
Allow zero-valued options on multi-zoned interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-07 14:30:21 -07:00
Tom Eastep
4c4c5a436a
Allow zero-valued options on multi-zoned interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-07 14:09:08 -07:00
Tom Eastep
73c8b563a1
Add -s option to update to convert the routestopped file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-07 13:46:16 -07:00
Tom Eastep
0f61bd34e6
Drop support for the 'blacklist' zone option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 14:45:52 -07:00
Tom Eastep
f4620606b3
Drop support for the 'blacklist' file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 14:35:51 -07:00
Tom Eastep
65baa7e3b8
Drop support for the tcrules file
...
- The upgrade -t option is still available
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 12:34:22 -07:00
Tom Eastep
e5c7ded951
Drop support for the 'notrack' file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 11:36:54 -07:00
Tom Eastep
8bed5c9d65
Drop support for the IPSECFILE option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 10:11:52 -07:00
Tom Eastep
85648bded1
Deimplement several .conf options
...
- LOGRATE/LOGBURST
- EXPORTPARAMS
- LEGACY_FASTSTART
2015-08-01 11:11:35 -07:00
Tom Eastep
67589cab69
More version changes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-28 10:59:11 -07:00
Tom Eastep
fa7248c58c
Add the LEGACY_RESTART option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-27 09:19:52 -07:00
Tom Eastep
0a7c65ae0d
Allow connlimit by destination
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 14:26:58 -07:00
Tom Eastep
6e0fb1ab88
Correct syntax error
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 14:16:12 -07:00
Tom Eastep
a00bf196a3
Remove all workarounds
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 10:27:30 -07:00
Tom Eastep
f9ec0c6930
New 'reload' and 'restart' semantics
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 09:59:49 -07:00
Tom Eastep
d0fc7f6547
Add some comments to the Zones module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-13 12:57:00 -07:00
Tom Eastep
5704438a44
Second Wave of changes to make script output reproducable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-12 15:00:41 -07:00
Tom Eastep
014ec1af1d
First phase of producing consistent scripts with Perl >= 5.18.0
...
Beginning with Perl 5.18.0, the order of elements returned by the 'keys'
and 'each' iterators is no longer deterministic. This is the first wave
of Shorewall changes to compensate for this irrational behavior.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-12 10:54:48 -07:00
Tom Eastep
4995456563
Clean up compiler PATH fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 14:33:20 -07:00
Tom Eastep
c6f48a77e0
Only add dhcp rule if one rpfilter interface has the 'dhcp' option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 12:21:04 -07:00
Tom Eastep
e7792fc868
Exempt IPv4 DHCP broadcasts from rpfilter
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 10:03:03 -07:00
Tom Eastep
c47abe416a
Add default PATH to current PATH in the compiler
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 09:38:06 -07:00
Tom Eastep
9f08726794
Eliminate running the script twice is some cases
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 14:32:43 -07:00
Tom Eastep
116e85e040
Cosmetic cleanup of the Compiler module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-08 11:27:37 -07:00
Tom Eastep
2956698298
Corrections to WORKAROUNDS implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-06 12:15:03 -07:00
Tom Eastep
eb6be0e84d
Remove old comment that now makes no sense
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-01 15:55:06 -07:00
Tom Eastep
019e49b481
Implement WORKAROUNDS option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-01 12:59:25 -07:00
Tom Eastep
9a3c43b6d3
Make NFQUEUE parsing more robust
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-30 07:01:30 -07:00
Tom Eastep
0a45c7a646
Another Tweak to the NFQUEUE parser
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-30 06:38:21 -07:00
Tom Eastep
f227250959
Fix NFQUEUE parsing and documentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-29 18:19:35 -07:00
Tom Eastep
29a0c92918
Fix ancient bug in old parameter syntax
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-29 14:39:48 -07:00
Tuomo Soini
4edd6026f0
prog.footer: disabling already disabled inteface is not an error.
...
Neither is enabling already enabled interface
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-05-29 22:15:55 +03:00
Tom Eastep
18348ef6f1
Clean up distribute_load()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-27 06:58:10 -07:00
Tom Eastep
93c7e2c2f7
Change the way in which a warning message is suppressed
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-26 15:54:41 -07:00
Tom Eastep
602315938c
Correct the load distribution algorithm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-26 14:59:20 -07:00
Tom Eastep
ca35f565e0
Return success exit status when no ipsets are saved by the script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-25 07:36:00 -07:00
Tom Eastep
631ebdecb8
load= enhancements
...
- Normalize loads to 0.nnnnnnnn
- Issue warning if the loads don't sum to 1.000000
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-23 08:05:58 -07:00
Tom Eastep
c851e03313
Don't try to use a probibility >= 1.00000000
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-23 07:06:31 -07:00
Tom Eastep
c7ca3119ef
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-05-22 07:20:51 -07:00
Tom Eastep
ba7afcaeae
Make 'call' a supported command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-21 10:38:35 -07:00
Tom Eastep
809e56cef6
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-05-21 09:04:35 -07:00
Tom Eastep
e3805b0ada
Implement 'call' in the compiled script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-21 09:00:11 -07:00
Tom Eastep
f1b6e71e56
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-05-20 10:59:06 -07:00
Tom Eastep
f77d649ac7
Make policy descriptions match what the user entered rather than what was generated by the compiler
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-20 10:58:57 -07:00
Tom Eastep
267637f139
NFQUEUE enhancements
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-20 10:55:21 -07:00
Tom Eastep
acd921cd08
Don't require a helper for ctevents and expevents
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-16 13:40:40 -07:00
Tom Eastep
9329e7c36c
Don't require a helper in the CT action.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-16 09:08:32 -07:00
Tom Eastep
50d1a719f9
Delete superfluous test
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-08 09:48:58 -07:00
Tom Eastep
3bb1f74283
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code into 4.6.9
2015-05-05 11:28:13 -07:00
Tuomo Soini
87eca92b10
lib.core: use consisten indenting
2015-05-05 20:40:17 +03:00
Tom Eastep
b58aadad01
Correct Syntax error in the generated code.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-04 08:23:42 -07:00
Tom Eastep
6dcd8174ee
Don't require interfaces on stop, clear, etc.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-04 08:23:10 -07:00
Tom Eastep
3f17a8cf24
Update the program header information in lib.core
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 13:13:06 -07:00
Tom Eastep
2cea78e6df
Add the 'reenable' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 13:02:12 -07:00
Tom Eastep
0abd51c796
Fix module versioning
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 11:59:01 -07:00
Tom Eastep
86e053be7a
More optimization of detect_configuration()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 11:32:45 -07:00
Tom Eastep
75d18139f7
Optimize detect_configuration() for enable/disable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-25 15:46:19 -07:00
Tom Eastep
42f75f7ba2
Correct SetEvent and ResetEvent
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-25 12:56:36 -07:00
Tom Eastep
0e8b427778
Remove false comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-18 14:31:07 -07:00
Tom Eastep
4fd8aa692d
Add comment to setting of TCPMSS_TARGET with old caps file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-04 09:34:23 -07:00
Tom Eastep
8c3dda80a3
Simplify previous change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-03 16:35:50 -07:00
Tom Eastep
9f96f58a0d
Default TCPMSS_TARGET to 1 in old capabilities files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-03 14:46:50 -07:00
Tom Eastep
7442c2189d
Implement TCPMSS_TARGET capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-31 15:53:05 -07:00
Tom Eastep
468167f9e5
Apply nfw's fix for IP[6]TABLES in the conntrack file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-24 09:23:15 -07:00
Tom Eastep
b00a7af619
Allow a comma-separated list in the rtrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-18 15:16:25 -07:00
Tom Eastep
0c11870e46
Implement the 'savesets' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-17 10:03:12 -07:00
Tom Eastep
2817060edb
Improvements to the 'open' and 'close' commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 08:13:44 -08:00
Tom Eastep
cdc2d52208
Implement ADD and DEL in the mangle file.
...
- Also document the parameter to SAME
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-18 12:04:01 -08:00
Tom Eastep
18c8f1f835
Remove blank line
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-17 20:10:25 -08:00