Tom Eastep
e00616a1fe
Don't release blacklist files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-07 07:56:16 -07:00
Tom Eastep
56caf3687f
Factor out the ?IF __CT_TARGET tests in the conntrack files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-06 09:26:14 -07:00
Tom Eastep
72307df6d2
Replace the AUTOHELPERS option with the HELPERS option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-03 10:53:20 -07:00
Tom Eastep
21770a89d6
Detect which matches are available.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 15:38:23 -07:00
Tom Eastep
223ed5b3a3
More additions to the helper table and to the conntrack files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 13:25:44 -07:00
Tom Eastep
2ae59bb3cd
Add COMMENT directives to conntrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:58:00 -07:00
Tom Eastep
07e56d129a
Add AUTOHELPERS option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:09:18 -07:00
Tom Eastep
62d6d2558e
Rename AUTO_COMMENT to AUTOCOMMENT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:06:41 -07:00
Tom Eastep
833e54c9c3
Rename the notrack file to conntrack
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:02:17 -07:00
Tom Eastep
735b7c2cf5
Add support for nfacct
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-28 11:21:16 -07:00
Tom Eastep
1db79a91eb
'rpfilter' option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-15 10:05:32 -07:00
Tom Eastep
5c176c64b7
Add an ORIGINAL DEST column to /etc/shorewall/masq
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-29 15:32:01 -07:00
Tom Eastep
5b891f1072
Remove quotes from GEOIPDIR setting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-25 07:05:38 -07:00
Tom Eastep
d8ec051114
Load the geoip cc's dynamically.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 08:59:59 -07:00
Tom Eastep
3d541f50c8
Use "(S)" consistently in column headings.
...
- add synonyms so both the singular and plural forms are accepted.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 12:42:04 -07:00
Tom Eastep
9e743451f6
Add FORMAT 2 to tcrules files. Initialize $format in Tc.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 07:08:06 -07:00
Tom Eastep
097ab853db
Apply Tuomo Soini's tunnels patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-04 06:18:22 -07:00
Tom Eastep
bd30d59f3d
Fix annotated interfaces files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-03 14:09:49 -07:00
Tom Eastep
e4c4900b32
Add recent changes to a couple of config files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-03 12:32:47 -07:00
Tom Eastep
0f53c3cc7d
Convert all interfaces files to format-2 only
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-24 10:53:09 -07:00
Tom Eastep
805166a354
Ressurect LOCKFILE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-16 07:21:06 -07:00
Tom Eastep
bb6e17fd3e
Many changes involved in getting a relocated installations to work
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-01 10:47:24 -07:00
Tom Eastep
15ca0fd1f0
Add IPSET_WARNINGS option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-18 19:30:04 -07:00
Tom Eastep
b7465262ca
Rename MARK/CLASSIFY column to ACTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-16 10:09:13 -07:00
Tom Eastep
48570227ba
Big cleanup of TOS handling
...
- Validate settings/matches
- Allow setting in the tcrules file.
- Deprecate /etc/shorewall[6]/tos
2012-03-09 16:16:25 -08:00
Tom Eastep
d5af9c360d
Implement FORMAT-2 interfaces file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-21 11:23:58 -08:00
Tom Eastep
a1ec1dc178
Add DSCP match support
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-20 08:47:48 -08:00
Tom Eastep
59fea1a05d
Add a SWITCH column to /etc/shorewall/masq
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-18 08:17:14 -08:00
Tom Eastep
4c2df6fea7
Rename route_rules to rtrules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-09 06:38:55 -08:00
Tom Eastep
6f5ab698b4
Add a PROBABILITY column to the tcrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-06 12:54:37 -08:00
Tom Eastep
53451bdaa6
Remove BLACKLIST section from rules files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 15:32:49 -08:00
Tom Eastep
c03fe0a076
Implement USE_LOGICAL_NAMES.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-20 16:03:56 -08:00
Tom Eastep
3e72442954
Convert sample notrack files to FORMAT 2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-20 14:38:44 -08:00
Tom Eastep
439af55312
Implement RELATED_DISPOSITION and RELATED_LOG_LEVEL
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-05 16:08:17 -08:00
Tom Eastep
86c51f24d9
Deprecate the old mark layout options.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 17:14:05 -08:00
Tom Eastep
0adc82f469
Add the mark layout options to shorewall.conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 15:29:07 -08:00
Tom Eastep
d053faadde
Allow convertion of a legacy blacklist configuration
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-08 12:59:40 -08:00
Tom Eastep
6108a9cad8
Delete BLACKLISTSECTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-06 14:46:14 -08:00
Tom Eastep
da7516d401
Update config files and manpages for BLACKLISTSECTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-06 12:05:07 -08:00
Tom Eastep
54ba4ed879
Add MARK column to route_rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-23 07:56:53 -07:00
Tom Eastep
835a056eb8
Implement BLACKLIST section in the rules file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-03 16:02:01 -07:00
Tom Eastep
caddd65412
Rename condition->switch and add more documentation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-09-23 12:33:55 -07:00
Tom Eastep
75b4540d26
Add support for condition match in the rules file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-09-21 15:20:50 -07:00
Tom Eastep
6ae184ccc7
Update the released netmap file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-09-06 15:36:33 -07:00
Tom Eastep
bc706324e9
Add an ALL section to the rules files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-08-15 15:32:24 -07:00
Tom Eastep
35457f4e95
Remove she-bang from lib.*
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-08-03 07:54:46 -07:00
Tom Eastep
bd1d7d6f92
Don't quote the empty setting of LOGLIMIT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 15:55:45 -07:00
Tom Eastep
f96c32634c
Make config file quoting more consistent with update
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 15:55:27 -07:00
Tom Eastep
6f2cc31dde
Implement .conf file upgrade
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 13:03:55 -07:00
Tom Eastep
10ae91b600
Delete deprecated options from the .conf files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-12 13:46:26 -07:00
Tom Eastep
785bd7c987
Apply Tuomo Soini's patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-12 07:22:26 -07:00
Tom Eastep
7404d912bd
Add LOGRATE to */shorewall.conf
2011-05-28 19:12:34 -07:00
Tom Eastep
ec01e39479
Add LOGBURST to */shorewall.conf
2011-05-28 19:03:18 -07:00
Tom Eastep
9dc689dd13
Sort Sample .conf files
2011-05-28 12:38:12 -07:00
Tom Eastep
6d3640dafc
Alphabetize config files and sync files and manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 10:34:54 -07:00
Tom Eastep
03ecdc8c06
Clean up shorewall.conf and its documentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 09:10:46 -07:00
Tom Eastep
fc34f07a7a
Remove PKTTYPE option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 07:11:48 -07:00
Tom Eastep
0287d96aa2
Finish filtering implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-26 13:38:44 -07:00
Tom Eastep
e4d667ca6a
Add routeback protection
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 17:07:31 -07:00
Tom Eastep
5d04c93a16
Implement LEGACY_FASTSTART option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-22 15:36:29 -07:00
Tom Eastep
83cdf78b18
Replace A_* builtin actions with builtin targets
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-21 15:02:04 -07:00
Tom Eastep
fd70e73d34
Add ACCOUNTING_TABLE option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-17 12:51:33 -07:00
Tom Eastep
2c2fdab0fe
Rename USE_LOCAL_MODULES to EXPORTMODULES
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-02-06 08:42:35 -08:00
Tom Eastep
a2b440b093
Add USE_LOCAL_MODULES option
2011-01-22 08:13:17 -08:00
Tom Eastep
08f09d7de0
Deprecate EXPORTPARAMS
2011-01-09 10:12:36 -08:00
Tom Eastep
aba63d5c9b
More action/macro documentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-13 09:06:29 -08:00
Tom Eastep
2702d7f208
Implement header matching
2010-11-24 10:46:06 -08:00
Tom Eastep
5e1c8f8d2a
Add DEVICE column to routes file
2010-11-17 08:35:20 -08:00
Tom Eastep
71eb783fcd
Implement explicit provider routing
2010-11-16 20:38:54 -08:00
Tom Eastep
aad8a7b213
Clear FORWARD_CLEAR_MARK setting in the remaining config files
2010-10-09 11:31:19 -07:00
Tom Eastep
38851fe446
Delete obsolete options from shorewall.conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-04 07:44:28 -07:00
Tom Eastep
468af44876
Add support for 'scfilter' script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 09:15:58 -07:00
Tom Eastep
f7eb3c3d8c
Periodic elimination of trailing white space
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 11:16:18 -07:00
Tom Eastep
65de1e4e6e
Re-add OPTIONS column to blacklist templates
2010-09-17 11:56:47 -07:00
Tom Eastep
1d650b41cd
Remove blacklisting by destination IP address support
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 15:24:58 -07:00
Tom Eastep
bd9041306c
Add undocumented OUT-BANDWIDTH column to tcinterfaces
2010-09-12 16:25:45 -07:00
Tom Eastep
828d190436
Change example
2010-09-07 19:14:43 -07:00
Tom Eastep
c6f58ba924
Enhance SELinux support:
...
- Add state match
- Add user/group match
- Add examples to the man pages
2010-09-06 09:06:40 -07:00
Tom Eastep
15d8d6d8b7
Add SECMARK and CONNSECMARK support
2010-09-04 15:12:08 -07:00
Tom Eastep
33ee9b1481
Add IPSEC Accounting (again)
2010-08-20 06:53:31 -07:00
Tom Eastep
e0780b9a84
Rename the first column of the masq file for clarity
2010-08-11 15:34:27 -07:00
Tom Eastep
0234564a1b
Add destination IP blacklisting
2010-08-10 17:33:50 -07:00
Tom Eastep
967629569b
Taylor Universal config to work with Shorewall-init and streamline ruleset
...
- Make interface 'all' optional and set REQUIRE_INTERFACE=Yes
- Add COMPLETE option
- Set FASTACCEPT in Universal samples
- Reset SUBSYSLOCK in Universal samples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-01 08:36:56 -07:00
Tom Eastep
0c38ba815c
Add LOGLIMIT to .conf files while deleting LOGRATE and LOGBURST
2010-07-27 06:44:10 -07:00
Tom Eastep
02fab09a14
Add PERL= option to shorewall.conf and shorewall6.conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-05 13:11:52 -07:00
Tom Eastep
312624cef5
Fix NET3 bug (netmap)
2010-07-04 15:58:37 -07:00
Tom Eastep
3cda3d0315
Add REQUIRE_INTERFACE to shorewall*.conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-23 12:58:35 -07:00
Tom Eastep
d58127e51c
Allow networks to be specified in a NETMAP rule
2010-06-12 13:50:58 -07:00
Tom Eastep
427b14b21d
Clean up file headers in the .conf files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 11:53:36 -07:00
Tom Eastep
b1c64913b4
Reformat column header in tcinterfaces
2010-02-10 12:00:17 -08:00
Tom Eastep
ede17e2da0
Set ADD_IP_ALIASES=No in all shorewall.conf files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 08:16:41 -08:00
Tom Eastep
a248acb4d4
Add LOAD_HELPERS_ONLY Option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 15:49:23 -08:00
Tom Eastep
a7d4207bf5
Add TC_PRIOMAP to shorewall*.conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 10:38:32 -08:00
Tom Eastep
5cc2edf15a
Add the new tc files to the repository
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-18 09:03:05 -08:00
Tom Eastep
957de4b057
Add new options to shorewall[6].conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-17 08:50:32 -08:00
Tom Eastep
f306018159
Update all .conf files to specify 'MODULE_SUFFIX=ko'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-02 09:33:27 -08:00
Tom Eastep
bf8c38e054
Add ZONE2ZONE option to shorewall.conf
2009-11-10 14:12:55 -08:00
Tom Eastep
d0cda6b6ea
Add TRACK_PROVIDERS option
2009-10-20 13:24:17 -07:00
Tom Eastep
beac09e45f
STARTUP_LOG changes
2009-10-02 16:10:14 -07:00
Tom Eastep
de933ba912
Fix typo in comment
2009-10-02 13:10:49 -07:00