Commit Graph

3594 Commits

Author SHA1 Message Date
Tom Eastep
44f001388a Only call normalized_action_name() when needed 2010-12-19 13:32:08 -08:00
Tom Eastep
7be3ed33d5 Fix undef access out of notrack file 2010-12-19 13:30:02 -08:00
Tom Eastep
c302e82233 Disallow wildcard interfaces in additional contexts 2010-12-19 10:46:35 -08:00
Tom Eastep
54c57e3bc7 Disallow wildcard interfaces in additional contexts 2010-12-19 10:43:03 -08:00
Tom Eastep
55452c6e59 Disallow wildcards in the proxyarp file 2010-12-19 08:55:03 -08:00
Tom Eastep
8526dafc5d Don't allow interface that is identical to the root of a wildcard 2010-12-19 08:10:41 -08:00
Tom Eastep
45faba0b7c Enable parameters for actions 2010-12-18 16:29:29 -08:00
Tom Eastep
4b22bbd90d Add logic for parameterized actions 2010-12-18 16:16:29 -08:00
Tom Eastep
4573b5ba8e Generate normalized name in process_rule_common() 2010-12-18 13:32:53 -08:00
Tom Eastep
21166e07f3 Add action normalization routines 2010-12-18 12:31:37 -08:00
Tom Eastep
c659f05491 Make generate_matrix locals more obvious 2010-12-17 20:16:09 -08:00
Tom Eastep
b9a086c7f2 Fix fly-speck in prog.header 2010-12-16 09:55:31 -08:00
Tom Eastep
9d0bff62fa Finish code re-org
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-15 12:57:55 -08:00
Tom Eastep
92894a7482 Step 1 of module re-org 2010-12-15 11:57:51 -08:00
Tom Eastep
9db42bf3da Update wording in the release notes 2010-12-14 11:28:46 -08:00
Tom Eastep
880a94e42f Update documentation regarding Hack removal 2010-12-14 11:19:17 -08:00
Tom Eastep
999ef7105b Eliminate process_macro1() and process_action1()
They are replaced with process_macro() and process_rule_common() respectively.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-14 08:55:30 -08:00
Tom Eastep
94faafd662 Reorg export list 2010-12-13 21:05:21 -08:00
Tom Eastep
9e684a80c1 Move more code from Rules.pm to Actions.pm 2010-12-13 17:54:53 -08:00
Tom Eastep
5b0d8922e7 Consolidate definitions of rule exception command handling 2010-12-13 17:29:22 -08:00
Tom Eastep
0ec68c7407 Prune the Actions.pm export list 2010-12-13 16:55:00 -08:00
Tom Eastep
09bb5bb9b3 Use $macro_commands when splitting action file records 2010-12-13 16:46:40 -08:00
Tom Eastep
aba63d5c9b More action/macro documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-13 09:06:29 -08:00
Tom Eastep
9ba8823011 Document Action Changes in the release documents
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-13 08:45:58 -08:00
Tom Eastep
c18154cedc NAT in Actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-13 08:26:24 -08:00
Tom Eastep
ff402dcf09 Add a comment to the params for process_rule_common()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-12 13:02:27 -08:00
Tom Eastep
2e7dd0de97 Use process_rule_common() to process entries in action files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-12 12:55:32 -08:00
Tom Eastep
444a38ae2e Add a chain reference argument to process_rule_common()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-12 12:22:12 -08:00
Tom Eastep
dfa47cc300 Implement format-2 Actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-12 12:09:48 -08:00
Tom Eastep
1bbe95ead8 Allow wide macros in actions 2010-12-12 10:14:47 -08:00
Tom Eastep
acbbdc1690 Bump version in the Proxyarp module 2010-12-12 08:56:12 -08:00
Tom Eastep
13c4d21762 Replace a couple of lists of scalars with arrays; document move of process_rules1() 2010-12-12 07:29:46 -08:00
Tom Eastep
138e49276d Rename process_rule1() to process_rule_common() 2010-12-11 17:19:43 -08:00
Tom Eastep
7b86c699b6 Move process_rule1() from Rules.pm to Actions.pm 2010-12-11 17:16:50 -08:00
Tom Eastep
48b00d719e Complete Proxy NDP implementation 2010-12-11 10:04:07 -08:00
Tom Eastep
147e4da223 Ensure that interfaces listed in the tcinterfaces file are known 2010-12-11 07:39:16 -08:00
Tom Eastep
0344cdb294 Correct handling of proxyndp 2010-12-11 07:10:50 -08:00
Tom Eastep
1f4b218cde Ensure that interfaces listed in the proxyarp (proxyndp) file are known 2010-12-11 07:10:23 -08:00
Tom Eastep
caa4a54e38 Implement IPv6 proxyndp 2010-12-10 19:06:44 -08:00
Tom Eastep
2ae809888c Document fix for logical naming
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-10 12:19:43 -08:00
Tom Eastep
0a4e098c69 Fix broken logical naming in Proxy ARP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-10 07:52:54 -08:00
Tom Eastep
fc6dbb3d56 Bump version to Beta 4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-10 06:53:36 -08:00
Tom Eastep
6d65100457 Add PPP support in RedHat and SuSE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-05 09:11:08 -08:00
Tom Eastep
b9ee064284 Update version to Beta 4 2010-12-04 11:40:34 -08:00
Tom Eastep
19f40ab721 Bump version to Beta 3 2010-12-03 13:43:46 -08:00
Tom Eastep
2e35ad0a1b Fix params parsing on older distros 2010-12-03 13:40:11 -08:00
Tom Eastep
5458d9367f Bump version and document bug catcher 2010-12-03 09:17:26 -08:00
Tom Eastep
8ce1755f8e Add bug-catcher to get_params() 2010-12-03 08:05:11 -08:00
Tom Eastep
04537b8f2d Add some comments 2010-12-02 16:10:35 -08:00
Tom Eastep
79c87b2c72 Document fixes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-02 12:26:58 -08:00
Tom Eastep
4cd77bf9aa Correct handling of params file opens.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-02 10:14:45 -08:00
Tom Eastep
ec75c8aa86 Redirect params output to stderr 2010-12-01 15:04:33 -08:00
Tom Eastep
f68bfde86f Continue to fine-tune params processing 2010-12-01 13:57:16 -08:00
Tom Eastep
d33491d6c6 Continue to enhance params procesing 2010-12-01 13:18:10 -08:00
Tom Eastep
49cdc5d9eb Make new get_params work with bash 2010-12-01 10:41:49 -08:00
Tom Eastep
22580c5be0 More parameter processing improvements 2010-12-01 10:11:02 -08:00
Tom Eastep
901a986b18 Update release notes regarding suppressed warning 2010-12-01 09:21:46 -08:00
Tom Eastep
b224eb80d5 Omit warning message 2010-12-01 09:21:23 -08:00
Tom Eastep
cdb75bfd96 Better solution to multi-line exported symbols issue 2010-12-01 09:14:09 -08:00
Tom Eastep
5761bfd7d1 Document change to params processing 2010-12-01 08:16:41 -08:00
Tom Eastep
0455673bcb Remove fly speck from release notes 2010-12-01 07:27:31 -08:00
Tom Eastep
cae5ddc7e0 Initiate 4.4.16 2010-11-30 17:30:11 -08:00
Tom Eastep
6ef0f0f9d3 Document addition of startup_error()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-29 16:02:35 -08:00
Tom Eastep
6dc65e2811 Update Rules.pm version 2010-11-28 19:21:31 -08:00
Tom Eastep
81cc39049c Cosmetic change 2010-11-28 09:22:03 -08:00
Tom Eastep
f45af8ff0a Localize $current_params 2010-11-28 09:14:52 -08:00
Tom Eastep
ecb71f7791 Eliminate @param_stack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-28 08:06:58 -08:00
Tom Eastep
195c0cdaca Document fix of root cause 2010-11-28 07:48:03 -08:00
Tom Eastep
4db68697b2 Fix root cause of macro.JAP failure 2010-11-28 07:42:12 -08:00
Tom Eastep
d5b5e7fa75 Document correction to macro.JAP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-28 07:07:58 -08:00
Tom Eastep
3a8634934a Correct macro.JAP 2010-11-28 07:05:18 -08:00
Tom Eastep
b771ce2925 Clarify 'switch' in the Fool's firewall article 2010-11-27 10:28:44 -08:00
Tom Eastep
1ae9a3185a Disallow standard providers in the routes file 2010-11-26 16:41:30 -08:00
Tom Eastep
053da3a2c0 Fix undefined value on HEADER_MATCH 2010-11-26 16:41:07 -08:00
Tom Eastep
d5fc0150d0 Set version to 4.4.15 2010-11-26 09:49:40 -08:00
Tom Eastep
81622fe63b Add new Macros 2010-11-26 08:32:54 -08:00
Tom Eastep
00cedeeda3 Update macro template for HEADERS column 2010-11-24 11:23:37 -08:00
Tom Eastep
2702d7f208 Implement header matching 2010-11-24 10:46:06 -08:00
Tom Eastep
70453f2648 Avoid regression in fixing syn flood chain names 2010-11-22 14:34:58 -08:00
Tom Eastep
f2f2ef713d Update version of a couple of Perl Modules 2010-11-22 13:23:15 -08:00
Tom Eastep
93d165d3ec Document Munin Macro 2010-11-22 13:04:21 -08:00
Tom Eastep
6f6b417232 Add Munin Macro 2010-11-22 13:01:38 -08:00
Tom Eastep
9427510e8f Update version to RC 1 2010-11-22 13:01:12 -08:00
Tom Eastep
93f9e8914c Add another SNAT virtual alias example 2010-11-22 11:59:59 -08:00
Tom Eastep
2e4da207de Update version to Beta 3 2010-11-21 09:52:34 -08:00
Tom Eastep
befdbb4a04 Move version_command() to where it belongs 2010-11-21 07:41:29 -08:00
Tom Eastep
d08f8d6ac3 Update release documents 2010-11-19 17:53:58 -08:00
Tom Eastep
3ca3d64efe Generate correct name for synflood chains 2010-11-18 20:32:20 -08:00
Tom Eastep
407b92829f Another Perl 5.12 issue 2010-11-18 20:12:13 -08:00
Tom Eastep
63e5f6aff9 Correct handling of family switch in tcfilters processing 2010-11-18 06:56:07 -08:00
Tom Eastep
63fd81f9ec Simplify getparams 2010-11-17 17:26:41 -08:00
Tom Eastep
5e1c8f8d2a Add DEVICE column to routes file 2010-11-17 08:35:20 -08:00
Tom Eastep
421b1e745d Update release documents with /etc/shorewall/routes information 2010-11-16 21:02:50 -08:00
Tom Eastep
71eb783fcd Implement explicit provider routing 2010-11-16 20:38:54 -08:00
Tom Eastep
81e6e0889c Initiate Beta 2 2010-11-15 15:09:22 -08:00
Tom Eastep
3c5cadb02c Add another variable to the preceding optimization 2010-11-15 08:42:58 -08:00
Tom Eastep
64e49229f8 Simply variable initialization 2010-11-15 08:14:31 -08:00
Tom Eastep
7507f67d9a Now that I've RTFM, simplify the rule for skipping over the IPv6 header 2010-11-15 07:40:50 -08:00
Tom Eastep
94e827862e Fix typo in release notes 2010-11-15 07:40:18 -08:00
Tom Eastep
31bcb8727e Update release documents 2010-11-14 15:54:58 -08:00
Tom Eastep
5d0e719d03 Prevent suprious 'fi' in filter output 2010-11-14 10:51:42 -08:00
Tom Eastep
0e5dc41d31 Fix 'Shared' traffic shaping 2010-11-14 09:31:00 -08:00
Tom Eastep
997a697a65 Fix required/optional interface with physical eq '+' 2010-11-14 08:43:20 -08:00
Tom Eastep
9568a6ef59 Add getparams to the .spec file - Take 2 2010-11-14 08:10:05 -08:00
Tom Eastep
59f6b10a55 Add getparams to the .spec file 2010-11-14 08:03:14 -08:00
Tom Eastep
2d8785d574 Add 'TC_ENABLED=Shared' support 2010-11-14 07:52:51 -08:00
Tom Eastep
5bae689fe1 Generate distinct progress messages for IPv4 and IPv6 filters 2010-11-14 07:38:01 -08:00
Tom Eastep
ff571cb83b Give IPv6 filters a distinct priority 2010-11-14 06:55:09 -08:00
Tom Eastep
1d93a18b8d IPV6 now working -- BOTH still broken 2010-11-13 18:08:19 -08:00
Tom Eastep
3f6cce10d2 Protect against accidental output from params file 2010-11-13 16:16:58 -08:00
Tom Eastep
19122512d0 Fix new params file processing for INCLUDE 2010-11-13 10:59:09 -08:00
Tom Eastep
b20ed2d4de Simply another RE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-11 14:03:00 -08:00
Tom Eastep
775bee278a Fix for unexpected /usr/share/shorewall/init
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-11 13:03:00 -08:00
Tom Eastep
ff61d4dba4 Correct documentation of NULL_ROUTE_RFC1918 fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-10 14:18:33 -08:00
Tom Eastep
0602b619bd Fix NULL_ROUTE_RFC1918=Yes 2010-11-09 15:20:23 -08:00
Tom Eastep
8a9aaff4e8 Change shell variable resolution order 2010-11-07 13:28:03 -08:00
Tom Eastep
1e6b7c8130 Simplify an RE 2010-11-06 20:25:46 -07:00
Tom Eastep
092f032b8e Realign precedence of environment inheritance 2010-11-06 19:02:14 -07:00
Tom Eastep
25397e8284 Document params file processing change 2010-11-06 18:33:41 -07:00
Tom Eastep
69c3600107 Modernize processing of params file 2010-11-06 17:12:05 -07:00
Tom Eastep
7c4bc900d6 Belated update to Perl module versions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-30 10:45:14 -07:00
Tom Eastep
dcf2d633b1 Don't save ipsets if there are no dynamic zones or ipset rules 2010-10-30 10:35:52 -07:00
Tom Eastep
d4f857f877 Update version to 4.4.15-Beta1 2010-10-30 07:12:03 -07:00
Tom Eastep
4daf4c372e Initialize release documents for 4.4.15
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-29 08:28:58 -07:00
Tom Eastep
1db13849ab Clear VERBOSE and VERBOSITY at CLI startup
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-28 15:17:37 -07:00
Tom Eastep
5cf0cd2c33 Document VERBOSITY fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-28 11:41:38 -07:00
Tom Eastep
8758d3a834 Insure that VERBOSITY=0 when interrogating compiled script version
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-28 11:25:56 -07:00
Tom Eastep
20bb781874 Document fix for 10+ TC interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-28 10:33:17 -07:00
Tom Eastep
bc406b39bc Fix > 10 TC interfaces 2010-10-28 10:27:55 -07:00
Tom Eastep
6c90046ab5 Document fix for split_list() 2010-10-26 06:55:01 -07:00
Tom Eastep
f2ab068044 Fix split_list() 2010-10-26 06:49:55 -07:00
Tom Eastep
1060b201dd Update version to 4.4.14 2010-10-23 21:40:22 -07:00
Tom Eastep
ded852e0ee Fix compilation warning 2010-10-19 08:42:35 -07:00
Tom Eastep
3ec6185f72 Run update-rc.d on Debian
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-13 08:42:35 -07:00
Tom Eastep
28e473d9a1 Document change to FORWARD_CLEAR_MARK default
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-10 07:49:17 -07:00
Tom Eastep
11f2c7772a Clear FORWARD_CLEAR_MARK setting in the remaining config files 2010-10-09 11:28:13 -07:00
Tom Eastep
17860cacd8 Move dump_command() to a more logical place in the file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-07 14:36:05 -07:00
Tom Eastep
033d43b014 Implement undocumented dumpfilter extension file 2010-10-07 14:35:51 -07:00
Tom Eastep
f0ef27b3e5 Update version to RC1 2010-10-06 16:16:37 -07:00
Tom Eastep
b9602d9a6a Correct typo in the release notes 2010-10-06 11:24:45 -07:00
Tom Eastep
3d90c63528 Improve validation and reporting in the net list processing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-05 16:20:07 -07:00
Tom Eastep
a10ced2da2 Make exclusion of set lists more consistent
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-05 12:22:27 -07:00
Tom Eastep
7767d30c7c Improve error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-05 11:25:18 -07:00
Tom Eastep
587dacdae0 Allow set lists with "!"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-05 08:38:30 -07:00
Tom Eastep
8fd221ef30 Refine source/dest network parsing in expand_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-04 18:57:11 -07:00
Tom Eastep
e74f48410f Correct handling of exclusion with ipset lists
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-04 14:29:50 -07:00
Tom Eastep
38851fe446 Delete obsolete options from shorewall.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-04 07:44:28 -07:00
Tom Eastep
cee05d9763 Refine -lite handling of scfilter.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-03 12:52:30 -07:00
Tom Eastep
b3d0447ef2 Reword scfilter -lite explaination
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-03 11:00:51 -07:00
Tom Eastep
432534a650 Eliminate need to restart -lite to extract scfilter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-03 10:56:55 -07:00