Commit Graph

12451 Commits

Author SHA1 Message Date
Tom Eastep
54c43396f0 Correct default action handling:
- isolate basic target before testing for action/inline
- delete the action chain if appropriate.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-10 09:00:13 -08:00
Tom Eastep
f9dc89dc61 Allow arbitrary $n variables when IGNOREUNKNOWNVARIABLES=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-10 07:56:04 -08:00
Tom Eastep
60e3f1015e Allow arbitrary $n variables when IGNOREUNKNOWNVARIABLES=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-10 07:51:35 -08:00
Tom Eastep
83111a1126 Clarify the requirement for accessing $n in an action body
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-09 20:24:26 -08:00
Tom Eastep
8e0a90e077 Merge branch '4.5.13' 2013-02-09 17:54:06 -08:00
Tom Eastep
cadf2747fe Correct reset_optflags()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-09 17:53:40 -08:00
Tom Eastep
810ebe32ce Merge branch '4.5.13' 2013-02-09 13:15:44 -08:00
Tom Eastep
c04c61b314 Correct typos in check_rules().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-09 11:42:54 -08:00
Tom Eastep
a8fdfa4e48 Create an ESTABLISHED chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-09 09:32:12 -08:00
Tom Eastep
a4297381e9 Don't ACCEPT untracked packets unless UNTRACKED_DISPOSITION=ACCEPT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-09 09:15:05 -08:00
Tom Eastep
eaa6d72a4f Allow parameters to be omitted in action invocations.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-09 07:07:01 -08:00
Tom Eastep
e664b6bafb Correct action.TCPFlags
- restore rule dropped when converted.
- remove cruft
- Correct parameter handling

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-08 15:39:04 -08:00
Tom Eastep
96d64d0a04 Remove extraneous default parameter from action.Untracked
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-08 13:00:54 -08:00
Tom Eastep
122a8358fc Correct the default action description in the New action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-08 12:59:22 -08:00
Tom Eastep
acbff91d87 Remove 'default action' comments from the xxxInvalid actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-08 12:57:44 -08:00
Tom Eastep
1bd9e8b015 Correct allowInvalid and dropInvalid
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-08 10:49:12 -08:00
Tom Eastep
62a567b550 Treat each -m conntrack subtype as a separate match
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-08 10:08:23 -08:00
Tom Eastep
e4f1c62e71 Improve handling of nested state actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-08 09:09:20 -08:00
Tom Eastep
b3caaaf707 Pass the state name to perl_action_helper() from the state actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-08 06:39:16 -08:00
Tom Eastep
b9e504683e Prevent a state action from invoking another one.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-07 16:52:06 -08:00
Tom Eastep
aae6e001fe Convert dropInvalid and allowInvalid to inline actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-07 11:21:13 -08:00
Tom Eastep
aa528dd075 Revert "Convert allowInvalid and dropInvalid into macros"
This reverts commit 272e1d330c.
2013-02-07 09:09:56 -08:00
Tom Eastep
e4ae242123 Another tweak to check_state()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-06 12:07:51 -08:00
Tom Eastep
272e1d330c Convert allowInvalid and dropInvalid into macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-06 09:54:12 -08:00
Tom Eastep
a66256b25b Additional refinements of check_state()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-06 08:16:42 -08:00
Tom Eastep
11b976fb36 Correct reference type in check_state()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-05 19:55:22 -08:00
Tom Eastep
a6ccd53fe0 Unconditionally use '-j' to branch to a state chain or DISPOSITION.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-04 15:17:49 -08:00
Tom Eastep
b22b63b1c3 Don't use '-g' when DISPOSITION is CONTINUE.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-04 15:09:17 -08:00
Tom Eastep
615df6ab8f Handle 'RETURN' in state chain with terminating disposition.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-04 15:08:20 -08:00
Tom Eastep
3757607356 Remove cruft from two actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-04 10:11:51 -08:00
Tom Eastep
f6faef7cd0 Correct syntax error in action.Untracked
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-04 09:58:38 -08:00
Tom Eastep
d8214885f2 Assume that the conntrack state value in a rule is not a reference.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-04 08:29:50 -08:00
Tom Eastep
475942deb9 Normalize rules prior to combine_state tests.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 18:14:14 -08:00
Tom Eastep
f1707d2ace More state rule check fixes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 18:02:02 -08:00
Tom Eastep
c5dc69b750 Correct state actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 17:21:51 -08:00
Tom Eastep
30d96afb69 Push/pop $actionresult.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 12:43:28 -08:00
Tom Eastep
014b4ddc50 Combine adjacent rules differing only in conntrack state match.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 09:03:22 -08:00
Tom Eastep
61c219ed3a Clarify the CHAIN column in the accounting manpage. Also mention ipset support.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 08:00:24 -08:00
Tom Eastep
5b9d1a6159 Handle UNTRACKED_DISPOSITION=ACCEPT correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 07:59:47 -08:00
Tom Eastep
752463bfab Fix TCPFlags
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 22:19:13 -08:00
Tom Eastep
ebef29e161 Handle port numbers being passed to one of the tcp-specific actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 12:48:54 -08:00
Tom Eastep
ca5a70aa6f Clarify the <variable> forms allowed in a ?SET directive.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 11:08:29 -08:00
Tom Eastep
9b30f48ba0 Correct handling of actions when @chain is altered.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 10:57:08 -08:00
Tom Eastep
e013e218a2 Don't try to import process_rule1 in three action files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 09:45:12 -08:00
Tom Eastep
0616dd9fcb Add 'New' action for conntrack state NEW
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 09:33:24 -08:00
Tom Eastep
8249831e6d Detect some state conflicts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 09:32:57 -08:00
Tom Eastep
cc1054be66 Correct handling of audited dispositions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 09:30:25 -08:00
Tom Eastep
c68d4c6e27 Simplify Perl from actions even further.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 15:55:39 -08:00
Tom Eastep
752e960f2f Allow specification of the action type via perl_action_helper().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 12:59:48 -08:00
Tom Eastep
9f82d82a92 Update Shorewall6 actions.std
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 12:59:24 -08:00