Commit Graph

772 Commits

Author SHA1 Message Date
Tom Eastep
42362ea318 Document fix for AUTOMAKE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-14 07:55:45 -07:00
Tom Eastep
b7f638ddb3 Document status command change 2010-08-12 19:46:57 -07:00
Tom Eastep
7168257152 Document port range editing fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-12 11:52:43 -07:00
Tom Eastep
92eed0d23c Document fix for any bug 2010-08-12 07:35:45 -07:00
Tom Eastep
0234564a1b Add destination IP blacklisting 2010-08-10 17:33:50 -07:00
Tom Eastep
364ad41cf5 Add support for new ipset match syntax 2010-08-03 21:06:17 -07:00
Tom Eastep
2774ee1bd6 Make 'icmp' a synonym for 'ipv6-icmp' in IPv6 compilations 2010-08-02 08:04:55 -07:00
Tom Eastep
967629569b Taylor Universal config to work with Shorewall-init and streamline ruleset
- Make interface 'all' optional and set REQUIRE_INTERFACE=Yes
- Add COMPLETE option
- Set FASTACCEPT in Universal samples
- Reset SUBSYSLOCK in Universal samples

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-01 08:36:56 -07:00
Tom Eastep
4e02031985 Document Universal Configuration 2010-07-31 11:59:25 -07:00
Tom Eastep
005b6f7b45 Use new hashlimit match syntax if available 2010-07-31 07:19:41 -07:00
Tom Eastep
bd5facda30 Implement per-IP log rate limiting 2010-07-25 12:42:39 -07:00
Tom Eastep
055f92c3d2 Document fix for :random with REDIRECT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-22 07:28:43 -07:00
Tom Eastep
cbb524b067 Implement ADD/DEL commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-18 08:46:38 -07:00
Tom Eastep
27937f32e3 Document IPv6 multicast network fix 2010-07-16 09:37:38 -07:00
Tom Eastep
e0ae48f4c4 Document fix for IPv6 shorecap program
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-15 13:32:10 -07:00
Tom Eastep
4792d1e5f1 Fix nets= in Shorewall6 2010-07-11 19:52:18 -07:00
Tom Eastep
02fab09a14 Add PERL= option to shorewall.conf and shorewall6.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-05 13:11:52 -07:00
Tom Eastep
4547067da9 Document fix for missing closing quote 2010-07-05 11:43:37 -07:00
Tom Eastep
d3e30b5fe4 Add FORWARD_CLEAR_MARK option 2010-07-03 17:03:42 -07:00
Tom Eastep
364cddf99b Update release documents for find_hosts_by_option() fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 07:40:30 -07:00
Tom Eastep
e4afc15370 Finish Vserver Implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-30 20:35:46 -07:00
Tom Eastep
9e37fe1ffa Deimplement flawed rate limiting with simple TC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-26 07:42:08 -07:00
Tom Eastep
fe27554fd0 Document undefined value issue
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-24 14:18:48 -07:00
Tom Eastep
cc376ab72e Update release documents for REQUIRE_INTERFACE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-23 13:00:00 -07:00
Tom Eastep
d5aaa97d4e Update release documents for changes ported from the 4.4.10 branch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-22 08:40:07 -07:00
Tom Eastep
efa4cfa921 Update release documents for 4.4.11 Beta 1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-18 12:09:43 -07:00
Tom Eastep
625f254d02 Add tcfilters to manpage index 2010-06-10 06:15:15 -07:00
Tom Eastep
b3370dfd78 Initiate 4.4.11
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-06 13:36:45 -07:00
Tom Eastep
82a74d7534 Resolve Optional/Required interfaces with wildcard names
Optional is allowed
Required is not

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-04 08:46:29 -07:00
Tom Eastep
165535cd8b Disallow wildcard optional/required interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-04 07:18:55 -07:00
Tom Eastep
91840acb18 Remove unused RUNLEVELS variable from the install scripts.
Add some documentation

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-01 07:12:19 -07:00
Tom Eastep
5bd1bac70d Document fix for optimization bug
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 09:13:52 -07:00
Tom Eastep
e29d6d080d Restore -a functionality to the version command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 08:59:45 -07:00
Tom Eastep
84909de8b9 Fixes for Debian
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-25 16:02:57 -07:00
Tom Eastep
5b2affbd01 Changes to make RedHat work with NetworkManager
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 13:41:01 -07:00
Tom Eastep
679ad6cf04 Allow OS X to be an Administrative System
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-06 09:07:16 -07:00
Tom Eastep
96bef5bd49 Assume 'routeback' in routestopped based on interface config.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 12:31:11 -07:00
Tom Eastep
d8b0f496df Allow simple configuration of a bridge with no IP address
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 12:26:58 -07:00
Tom Eastep
f49848bd5b Document rare optimization fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:32:53 -07:00
Tom Eastep
2cb3bac946 Document fix for find_first_interface_address() 2010-04-23 12:18:51 -07:00
Tom Eastep
64bf772594 Set OUTPUT policy to ACCEPT when optimize_chain deletes all of its rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 13:38:38 -07:00
Tom Eastep
b0b39cfc39 Document optimization level 2 fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 11:55:13 -07:00
Tom Eastep
8c09f21e5d Implement 'show log <token>'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-19 10:20:28 -07:00
Tom Eastep
938cfd7ba4 Don't create fw-><bport> chains and rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 12:29:51 -07:00
Tom Eastep
aeb90969f7 Optimize 8 Documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-14 17:12:25 -07:00
Tom Eastep
91a711b34f Document startup log fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 11:54:54 -07:00
Tom Eastep
2f3f591af1 Document removal of fallback scripts.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 07:43:36 -07:00
Tom Eastep
3937c10251 Keep rule arrays compressed during optimization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 11:35:15 -07:00
Tom Eastep
9126cc63d9 Delete unused rules arrays
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 10:55:31 -07:00
Tom Eastep
c668707aac Update release docs with optimize 4 fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 20:18:56 -07:00
Tom Eastep
9d7d7e06d8 Update release documents
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 14:43:50 -07:00
Tom Eastep
3b317afb2f Add mDNS macro from Vincent Smeets.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-03 15:57:50 -07:00
Tom Eastep
3b07053d3b Document new 'trace' facility
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 14:37:22 -07:00
Tom Eastep
5a36606167 Document fix of EXTERNAL handling in proxyarp.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-25 12:13:52 -07:00
Tom Eastep
05752dcf0b Auto-detection of bridges -- release documents.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-23 08:58:44 -07:00
Tom Eastep
914d829a49 Don't optimize the 'blacklst' chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-22 06:47:39 -07:00
Tom Eastep
6fc347b9be Prepare 4.4.9-Beta1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-20 07:06:47 -07:00
Tom Eastep
b22b279bd1 Some additional idiot-proofing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 10:01:02 -07:00
Tom Eastep
91bc3b3293 Mark a restored configuration as 'Restored' rather than 'Started'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-17 10:10:56 -07:00
Tom Eastep
a01fa345b7 Add support for UDP Lite
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 09:42:50 -07:00
Tom Eastep
a2ac726ce9 Add changelog entry
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-11 18:16:31 -08:00
Tom Eastep
57dc5731b2 Add change log entry
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-10 17:31:35 -08:00
Tom Eastep
f246f728e7 Flag '-' used as a port range separator
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-07 08:36:26 -08:00
Tom Eastep
5d87983803 Update change log. Remove anacronistic comment.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 16:14:15 -08:00
Tom Eastep
169f97d76b Fix typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 11:28:54 -08:00
Tom Eastep
8cfcacc862 Update release document with fix for multiple policy matches
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 08:40:20 -08:00
Tom Eastep
c9c957c5b8 HKP Macro
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 07:37:16 -08:00
Tom Eastep
3c4b41fbe0 Implement -s option in the major installers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-27 11:48:39 -08:00
Tom Eastep
7fe7ebc891 Fix Handling of NFQUEUE(queue-num) in policies
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 08:44:28 -08:00
Tom Eastep
5696742ef3 Update release Document with 4.4.7.5 changes and Debian Init Script Fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 08:34:47 -08:00
Tom Eastep
ea8a6c837f Document per-IP rate change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 15:41:12 -08:00
Tom Eastep
115ce7b87d Update release documents for bug fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 06:49:13 -08:00
Tom Eastep
ec95e5b32c Document fix for rate limiting of NAT rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-13 09:11:14 -08:00
Tom Eastep
5a96771e07 Start 4.4.8 Beta 1 2010-02-11 15:46:57 -08:00
Tom Eastep
21d4c8ba21 Document workaround for lack of 'flow'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-08 10:03:10 -08:00
Tom Eastep
f4e175f149 Fix IPv6 'nosmurfs'. Make 'nosmurfs' logging more efficient.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-03 15:03:15 -08:00
Tom Eastep
9d288241da Fix issues in generate_matrix().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 19:42:54 -08:00
Tom Eastep
ede17e2da0 Set ADD_IP_ALIASES=No in all shorewall.conf files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 08:16:41 -08:00
Tom Eastep
dd60f04a9f Work around lack of MARK Target support 2010-02-01 16:22:57 -08:00
Tom Eastep
9408a114c6 Don't load unused modules when LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-25 10:50:49 -08:00
Tom Eastep
8def4d03c3 Document LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 20:17:25 -08:00
Tom Eastep
10fe25050f Add TC_PRIOMAP fix to change log
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 10:39:40 -08:00
Tom Eastep
146a738e4c Document TPROXY
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-17 08:20:15 -08:00
Tom Eastep
fddb85189e Update release documents for functionality backported from 4.5.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 11:32:50 -08:00
Tom Eastep
d5cc302ad9 Start 4.4.7
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 08:11:13 -08:00
Tom Eastep
55e41483de Update Release Documents
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 20:12:31 -08:00
Tom Eastep
4420eed8d7 Allow users to preview the generated ruleset.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 15:32:50 -08:00
Tom Eastep
818dfb6295 Document 'show macro' in the release docs.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 13:46:14 -08:00
Tom Eastep
4464094773 Update release documents for DHCPfwd
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 07:51:20 -08:00
Tom Eastep
fc8bfdcbf9 Update release documents
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 14:49:45 -08:00
Tom Eastep
54b21365c2 Update release documents for [...] change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-08 13:58:15 -08:00
Tom Eastep
e3c75dcfcc Document the restoration of SAVE_IPSETS=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-04 11:54:59 -08:00
Tom Eastep
b491eae3c0 Document Lenny/xtables-addons hack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-04 10:20:40 -08:00
Tom Eastep
15a1b39822 Update change log 2009-12-19 16:40:13 -08:00
Tom Eastep
9cf75a4253 Revert "this is crap"
This reverts commit 7be7ef6685.
2009-12-19 16:05:28 -08:00
Tom Eastep
7be7ef6685 this is crap 2009-12-19 16:05:13 -08:00
Tom Eastep
508e1123bb Revert change that allowed out of order policies 2009-12-19 07:24:17 -08:00
Tom Eastep
43c45a064c Add current and limit to conntrack table display 2009-12-12 09:10:24 -08:00
Tom Eastep
9988cfb619 Remove silly logic in expand_rule() 2009-12-10 08:00:18 -08:00
Tom Eastep
a150ed1a72 Update change log 2009-12-08 13:30:55 -08:00