Commit Graph

6421 Commits

Author SHA1 Message Date
Tuomo Soini
aef019e16d macro.Jabber: use of jabber has changed from Plain+SSL to STARTTLS 2015-04-23 09:38:40 +03:00
Tom Eastep
3ae243b882 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-04-22 20:34:03 -07:00
Tuomo Soini
0fc58f81cc macro.QUIC: added support for QUIC
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-04-22 16:29:17 +03:00
Tom Eastep
0e8b427778 Remove false comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-18 14:31:07 -07:00
Tom Eastep
6cb3004a39 Clarify helper module loading
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-17 09:51:25 -07:00
Tom Eastep
f5aa0373cb Correct interfaces example 4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-12 08:38:55 -07:00
Tom Eastep
b128c30813 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
Get Tuomo Soini's fix for serviced startup
2015-04-11 07:33:15 -07:00
Tuomo Soini
194252afd3 systemd: fix shorewall startup by adding Wants=network-online.target
Before shorewall failed to load if there were interfaces which were required
but there wasn't any other service which wanted network-online.target.
By adding Wants=network-online.target we make sure shorewall[6]* startup
won't fail if there are required interfaces

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-04-11 10:50:54 +03:00
Tom Eastep
16e3cb1b43 More manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-07 10:14:42 -07:00
Tom Eastep
27c1ffc5fb Include full syntax in lists of CLI commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-07 09:23:58 -07:00
Tom Eastep
0e54a86e82 Add descriptions of 'list' and 'ls' to the CLI manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-06 09:39:41 -07:00
Tom Eastep
4fd8aa692d Add comment to setting of TCPMSS_TARGET with old caps file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-04 09:34:23 -07:00
Tom Eastep
8c3dda80a3 Simplify previous change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-03 16:35:50 -07:00
Tom Eastep
9f96f58a0d Default TCPMSS_TARGET to 1 in old capabilities files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-03 14:46:50 -07:00
Tom Eastep
77165326f2 Merge branch '4.6.8'
Conflicts:
	Shorewall6/uninstall.sh
2015-04-03 14:02:21 -07:00
Tom Eastep
eb3a162560 Apply Matt Darfeuille's fix for fatal_error()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-02 13:26:51 -07:00
Tom Eastep
44142ed457 Apply Matt Darfeuille's uninstall fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-02 07:28:21 -07:00
Tom Eastep
659e9d550c Apply Matt Darfeuille's uninstall fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-02 07:27:57 -07:00
Tom Eastep
7442c2189d Implement TCPMSS_TARGET capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-31 15:53:05 -07:00
Tom Eastep
468167f9e5 Apply nfw's fix for IP[6]TABLES in the conntrack file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-24 09:23:15 -07:00
Tom Eastep
b00a7af619 Allow a comma-separated list in the rtrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-18 15:16:25 -07:00
Tom Eastep
0c11870e46 Implement the 'savesets' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-17 10:03:12 -07:00
Tom Eastep
c5ef3fd905 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-14 08:55:40 -07:00
Tom Eastep
86d6d6900e Improve 'close' and 'show opens' commands
- close accepts a rule number
- list opens displays rule numbers

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-14 08:54:30 -07:00
Tom Eastep
9a5cc5e51c Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-07 07:57:26 -08:00
Tom Eastep
d7a1ca41f9 Another attempt to correct the formatting of the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-07 07:56:34 -08:00
Tom Eastep
d3552346b0 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-06 15:38:48 -08:00
Tom Eastep
1e6c266b51 Formatting fix (I hope)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 15:37:56 -08:00
Tom Eastep
d6f8cda2d5 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-06 14:10:13 -08:00
Tom Eastep
4cc866cd81 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-06 14:09:11 -08:00
Tom Eastep
095e523c9f Add 'show opens' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 13:10:23 -08:00
Tom Eastep
2817060edb Improvements to the 'open' and 'close' commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 08:13:44 -08:00
Tom Eastep
30e750608b Fix broken links
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-05 16:23:49 -08:00
Tom Eastep
a85fdc45ac Implement 'open' and 'close' commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-05 16:20:54 -08:00
Roberto C. Sánchez
e9bb447537 Fix typo 2015-03-02 09:58:09 -05:00
Tom Eastep
cdc2d52208 Implement ADD and DEL in the mangle file.
- Also document the parameter to SAME

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-18 12:04:01 -08:00
Tom Eastep
18c8f1f835 Remove blank line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-17 20:10:25 -08:00
Tom Eastep
aff8623a44 Allow TTL to be specified in the SAME action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-17 19:11:28 -08:00
Tom Eastep
b14e7c54f9 Merge branch '4.6.6' 2015-02-07 08:29:44 -08:00
Tom Eastep
30a5f508be Change samples to specify MODULE_SUFFIX="ko ko.xz"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-06 12:56:35 -08:00
Orion Poplawski
9ad0b297e2 Supporting xz compressed kernel modules
- I've attached a patch that adds xz support to the default MODULE_SUFFIX.
- I'm wondering it wouldn't be better to not have MODULE_SUFFX=ko in various
sample configs so that the default value is used instead:

./Shorewall/configfiles/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/Universal/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/three-interfaces/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/two-interfaces/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/one-interface/shorewall.conf:MODULE_SUFFIX=ko
./docs/MultiISP.xml:MODULE_SUFFIX=ko
./docs/MyNetwork.xml:MODULE_SUFFIX=ko
./Shorewall6/configfiles/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/Universal/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/three-interfaces/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/two-interfaces/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/one-interface/shorewall6.conf:MODULE_SUFFIX=ko

- Is:

MODULE_SUFFIX=

sufficient to use the default value or does it need to be commented out?

Thanks,

  Orion

--
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion@nwra.com
Boulder, CO 80301                   http://www.nwra.com

>From f13edf8fc07c7b62825408b8665b10d6014d368d Mon Sep 17 00:00:00 2001
From: Orion Poplawski <orion@cora.nwra.com>
Date: Mon, 26 Jan 2015 09:48:48 -0700
Subject: [PATCH] Support xz compressed modules

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-06 12:51:00 -08:00
Tom Eastep
40104d0c86 Correct handling of +set[n]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-26 07:53:41 -08:00
Tom Eastep
5d110616a5 Merge branch '4.6.6' 2015-01-24 18:16:47 -08:00
Tom Eastep
a2b8069ee3 Clarify Zone exclusion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-24 18:15:10 -08:00
Tom Eastep
c7cd0060f0 Merge branch '4.6.6' 2015-01-23 09:07:28 -08:00
Tom Eastep
e3b96862ef Propagate the LOCKFILE setting to the generated script.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-23 08:18:30 -08:00
Tom Eastep
a060f683cc Correct file name in mangle 'split_line' error messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:34:47 -08:00
Tom Eastep
01220d58ea Change the installation default value of INLINE_MATCHES to 'No'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:34:39 -08:00
Tom Eastep
c2b6d974e7 Protect 'enable' and 'disable' with mutex
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:34:28 -08:00
Tom Eastep
7ab055e61e Correct file name in mangle 'split_line' error messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:31:51 -08:00
Tom Eastep
758f3cf955 Change the installation default value of INLINE_MATCHES to 'No'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:30:50 -08:00
Tom Eastep
08a184d95b Protect 'enable' and 'disable' with mutex
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:30:05 -08:00
Tom Eastep
50a0103e89 Merge branch '4.6.6' 2015-01-20 08:11:07 -08:00
Tom Eastep
6f2308e0fa Correct syntax of the SAVE and RESTORE actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-20 08:09:55 -08:00
Tom Eastep
a7cacdfee3 Allow SAVE and RESTORE in the INPUT chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-20 08:09:09 -08:00
Tom Eastep
28ac76bde4 Add tinc tunnel support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-13 13:28:37 -08:00
Tom Eastep
83431514fb Add Tinc macro
- From Răzvan Sandu
2015-01-13 07:05:15 -08:00
Tom Eastep
111c454193 Make leading SHELL case-sensitive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-13 07:04:20 -08:00
Tuomo Soini
b06ba536e9 macro.Zabbix: This macro handles Zabbix monitoring software server traffic to agent
and trap traffic from agent to zabbix server.

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-01-13 13:51:00 +02:00
Tom Eastep
97846e14de Correct handling of ipsets in one of the PORTS columns
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-09 09:28:08 -08:00
Tom Eastep
07c21b8968 Add 'primary' provider option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-06 09:06:27 -08:00
Tom Eastep
668759edad Catch parameter problems with TARPIT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 11:09:39 -08:00
Tom Eastep
0f1f54b57b Tweak loopback change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 11:00:02 -08:00
Tom Eastep
60d5a177a3 Use the 'Iface Match' capability for loopback traffic.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 09:46:39 -08:00
Tom Eastep
3ed5ced581 Correct syntax error introduced in Beta 2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 08:35:33 -08:00
Tom Eastep
086f8b6073 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-01-03 13:23:00 -08:00
Tom Eastep
fa377df9dc Fix installer's use of the DIGEST environmental variable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-03 13:22:06 -08:00
Tom Eastep
7dd9ccd06b Add the 'loopback' interface option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-03 09:22:40 -08:00
Tom Eastep
33e2e19193 Always set IP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 09:28:50 -08:00
Tom Eastep
4a4bfe77ce Implement IFACE_MATCH capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 09:05:06 -08:00
Tom Eastep
3890b8a884 Infrastructure for detecting loopback interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 08:49:38 -08:00
Tom Eastep
551a16d18f Document TARPIT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-01 09:14:00 -08:00
Tom Eastep
d1b597394f Correct typo (TARPIT_MATCH -> TARPIT_TARGET)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-30 10:22:33 -08:00
Tom Eastep
15a2fd14f9 Implement TARPIT target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-28 15:23:30 -08:00
Tom Eastep
f96baca780 Use the readable representation of the SHA1 digest in the chain table
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-27 11:13:10 -08:00
Tom Eastep
1b5f439609 Rewrite 'process_actions'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-27 09:28:02 -08:00
Tom Eastep
1655054de2 Rename 'externalize' to 'external_name'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-27 09:19:00 -08:00
Tom Eastep
89877ed3f7 Rename 'policy_rules' to 'add_policy_rules'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 15:58:13 -08:00
Tom Eastep
9649107a8e Rename 'apply_policy_rules' to 'complete_policy_chains'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 15:53:50 -08:00
Tom Eastep
33eb47a48a Reorder parameters and change identifiers in set_policy_chain()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 15:47:50 -08:00
Tom Eastep
93285e2798 Cleanup of preceding fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 14:05:43 -08:00
Tom Eastep
2430796495 Document the -c option of 'show routing'
Correct choice in show commands to 'req'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 12:15:28 -08:00
Tom Eastep
06ef7596cd Document the -c 'dump' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 11:57:24 -08:00
Tom Eastep
227db0cfa7 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2014-12-23 15:37:38 -08:00
Tom Eastep
c0f7d0e65d Start firewall after the network-online target has been reached
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-23 15:37:22 -08:00
Tom Eastep
ba806379f4 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2014-12-23 15:36:56 -08:00
Tom Eastep
6a15cead52 Cosmetic/commentary changes to the Config Module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-23 15:25:20 -08:00
Tom Eastep
f925358872 Minor Compiler Reorganization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-23 12:27:37 -08:00
Tom Eastep
52d2e62274 Convert two macros to Format 2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-22 08:36:34 -08:00
Tom Eastep
56e8068f3d Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2014-12-20 15:12:44 -08:00
Tom Eastep
35fc7b34b8 Minor code tweak
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-20 15:09:21 -08:00
Tom Eastep
fdf513fba6 Correct font in mangle manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-19 14:26:20 -08:00
Tom Eastep
79430673b8 Correct handling of duplicate states in the mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-16 19:08:25 -08:00
Tom Eastep
695db284c0 Improve Mark Range Implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-15 11:19:23 -08:00
Tom Eastep
807b9ca627 Revert "Improve handling of mark ranges"
This reverts commit 62f480897e.
2014-12-15 09:39:24 -08:00
Tom Eastep
62f480897e Improve handling of mark ranges
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-14 09:13:41 -08:00
Tom Eastep
2d7025dcc3 Correct mark range handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-13 08:31:31 -08:00
Tom Eastep
a833815b31 Correct IPv6 handling of LOG_BACKEND=LOG
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 08:56:42 -08:00
Thomas D
664e3bb0a8 Installer: $INITDIR already starts with a "/", so no need for, "$DESTDIR/$INITDIR"
Hi,

before the patch (DESTDIR = "/tmp/shorewall-4.6.5"; INITDIR =
"/etc/init.d"),

> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5//etc/init.d/shorewall-lite

after the patch

> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5/etc/init.d/shorewall-lite

-Thomas

From e7a192397323bb6cb66d08a6f24e7edfee044f31 Mon Sep 17 00:00:00 2001
From: Thomas D <whissi@whissi.de>
Date: Sat, 15 Nov 2014 16:38:05 +0100
Subject: [PATCH] $INITDIR already starts with a "/", so no need for
 "$DESTDIR/$INITDIR"

Before the patch (DESTDIR = "/tmp/shorewall-4.6.5"; INITDIR = "/etc/init.d"),

  > [...]
  > SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5//etc/init.d/shorewall-lite

after the patch

  > [...]
  > SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5/etc/init.d/shorewall-lite

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 07:55:14 -08:00
Tom Eastep
9241552c52 Make emacs sh-mode work better with lib.core
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-14 16:28:44 -08:00