Commit Graph

4164 Commits

Author SHA1 Message Date
Tom Eastep
bc4c6637c3
Correct IPv6 ACK handling in Simple TC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-08-01 17:44:55 -07:00
Tom Eastep
ac221348c0
Add an SPORT column to the tcpri file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-07-09 14:15:03 -07:00
Tom Eastep
4b3f9ae1e7
Clean up the connmark implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-07-07 18:23:39 -07:00
Tom Eastep
89201bd294
Add TC connmark support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-07-07 16:44:20 -07:00
Tom Eastep
b617c8d224
Rodrigo Araujo's tc connmark patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-07-07 14:28:21 -07:00
Tom Eastep
4469ddb861
Don't apply the deprecated directory more than once
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-07-06 15:38:28 -07:00
Tom Eastep
cd5409d633
Take care of '$LOG_LEVEL' during update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-07-06 15:38:01 -07:00
Tom Eastep
2f58d4e368
Don't create a zone forwarding chain for local zones
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-07-06 09:06:03 -07:00
Tom Eastep
628f5f0903
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2020-07-05 15:31:03 -07:00
Tom Eastep
ce73c783dc
Avoid Perl diagnostic when updating shorewall[6].conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-07-05 15:29:34 -07:00
Tom Eastep
e7318459f1
Avoid double colons in the CONFIG_PATH
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-07-05 15:27:47 -07:00
Tom Eastep
467d41f0cc
Merge branch '5.2.6'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-07-05 13:23:48 -07:00
Tom Eastep
b761a6eaa0
Call optimize_policy_chains() after doing other ruleset optimization
- This insures that ACCEPT policy chains are optimized when EXPAND_POLICIES=No

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-07-04 10:40:43 -07:00
Tom Eastep
f8b7815375
Call optimize_policy_chains() after doing other ruleset optimization
- This insures that ACCEPT policy chains are optimized when EXPAND_POLICIES=No

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-07-04 09:49:28 -07:00
Tom Eastep
3dc14e3575
Work around for Centos 7 iptables bug
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-29 11:27:14 -07:00
Tom Eastep
7ba6ac71e3
Delete blank line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-28 20:41:21 -07:00
Tom Eastep
10aef23ab1
Correct handling of ";;+" in the snat file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-28 11:03:04 -07:00
Tom Eastep
e3f139bbdb
Add SPORT column to the snat file (FORMAT 2)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-27 14:50:23 -07:00
Tom Eastep
43ac903085
Correct action dport implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-26 16:55:39 -07:00
Tom Eastep
bac493c2c5
Merge branch '5.2.5' 2020-06-26 15:31:51 -07:00
Tom Eastep
3ed1cdec94
Rename the snat PORT column to DPORT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-26 14:44:00 -07:00
Tom Eastep
e2aeed898d
Add the 'dport' option to the actions file(s)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-15 13:12:06 -07:00
Tom Eastep
2eb1c88555
Omit superfluous test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-14 15:00:49 -07:00
Tom Eastep
117e9ba5bd
Change kern.err to daemon.err in logger params
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-13 14:29:48 -07:00
Tom Eastep
3ce04a8ef3
Add "zone name too long" error
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-12 12:57:31 -07:00
Tom Eastep
220e89755e
Omit STATE-orientated rules in wildcard policy chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-07 20:57:55 -07:00
Tom Eastep
aa47554604
Add 'noupdate' DYNAMIC_BLACKLIST option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-06 10:14:32 -07:00
Tom Eastep
527533ecb6
Add 'log' option to DYNAMIC_BLACKLIST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-03 14:28:08 -07:00
Tom Eastep
4ac64a545c
Change log facility to 'daemon'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-03 13:49:10 -07:00
Tom Eastep
6612ea6b8c
Store the exported configuration paramaters in a named array
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-03 11:50:27 -07:00
Tom Eastep
ffb6ac178e
Shorten the disposition in ADD/DEL log messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-01 09:36:00 -07:00
Tom Eastep
5af7dce96b
Merge branch 'master' of ssh://gitlab.com/shorewall/code 2020-05-31 14:03:23 -07:00
Tom Eastep
eb5bc3d8a4
Create DBL ipset with 'timeout 0'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-05-31 12:37:42 -07:00
Tom Eastep
67b421dc00
Correct a comment in the optimize level 8 code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-05-21 11:37:04 -07:00
Tom Eastep
f27ab4704c
Merge branch '5.2.4' 2020-04-30 11:18:18 -07:00
Tom Eastep
e5e8e6fbc0
Correct logic for deleting ipsets
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-29 13:07:04 -07:00
Tom Eastep
c11b647b1b
Fix defect which prevented dynamic blacklist ipsets from being created
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-29 12:34:41 -07:00
Tom Eastep
5706c5a860
Avoid hang during 'shorewall[6] start'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-29 12:33:50 -07:00
Tom Eastep
2bf9048057
Another Debian if_pre-down fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-24 16:47:42 -07:00
Tom Eastep
d618fd5812
Remove extraneous whitespace
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-23 20:31:07 -07:00
Tom Eastep
dddde56454
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
# Conflicts:
#	Shorewall-init/install.sh
#	Shorewall/Perl/Shorewall/Providers.pm

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-23 18:35:11 -07:00
Tom Eastep
0a9d2d9a33
Don't install script in if_down.d on Debian
- Eliminates need for Debian-specific code in generated script

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-22 13:47:09 -07:00
Tom Eastep
39de88563f
Cleanup of Optimize 16 change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-21 13:02:56 -07:00
Tom Eastep
e14798b4a2
Make OPTIMIZE=16 an order of magnitude faster
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-21 13:02:34 -07:00
Tom Eastep
086f7a0e6d
Only destroy ipsets that will be restored
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-20 09:11:03 -07:00
Tom Eastep
057a2dec70
Correct typo with bad consequences
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-19 18:44:19 -07:00
Tom Eastep
cabadd4846
Honor 'wait=<seconds> when enabling an interface.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-19 14:31:12 -07:00
Tom Eastep
3c06be28be
Delete unnecessary check if IPv6 interface_is_usable()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-19 12:28:16 -07:00
Tom Eastep
381d55760b
Don't install ifupdown script in /etc/network/if-down.d on Debian
- Network Manager sets PHASE=post-down when calling our updown script
  so we must process down commands in that phase.

- Modify the generated script to eliminate PHASE checks.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-18 11:42:32 -07:00
Tom Eastep
88a799b860
Allow IFUPDOWN=1 to work on Debian
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-18 11:27:15 -07:00