Tom Eastep
113f95c11e
Provide STARTOPTIONS and RESTARTOPTIONS in all cases
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 10:22:39 -07:00
Tom Eastep
3454e10525
Add SAVE_COUNTERS option.
...
- Also implement recover command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 08:57:56 -07:00
Tom Eastep
055fceb82f
Update policy manpages for duel limits
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-22 12:27:27 -07:00
Tom Eastep
f5bdc9e7f4
Allow two limits in the RATE LIMIT columns
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-22 11:21:43 -07:00
Tom Eastep
b60d6dd6e5
Avoid duplicate module loads
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-20 10:42:53 -07:00
Tom Eastep
2784e93307
Load xt_LOG in both helpers files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-19 08:28:36 -07:00
Tom Eastep
20c8bf02b1
Correct Shorewall6 helpers file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-19 08:28:19 -07:00
Tom Eastep
38d4b1c5a9
Revert "Correct last patch"
...
This reverts commit b528625329
.
2014-10-19 08:28:11 -07:00
Tom Eastep
e3a332ec27
Correct last patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-19 08:28:00 -07:00
Tom Eastep
49218a4d28
ipt_LOG in helpers file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-15 18:07:09 -07:00
Tom Eastep
3236cd2660
Reinstate IPv6 DropSmurfs
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-13 12:34:25 -07:00
Tom Eastep
42363da458
Add new .service files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-09 10:00:53 -07:00
Tom Eastep
c5074bddb2
Rename the .service files to .service.214
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-09 09:45:52 -07:00
Tom Eastep
12458d111a
Adjust the .service files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-08 17:28:22 -07:00
Tuomo Soini
a31fd20f22
Shorewall6/nat: clearly make it ipv6 specific
2014-10-07 12:42:57 +03:00
Tom Eastep
2c7ffb525d
Updagte Shorewall6-nat manpage
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-05 20:09:18 -07:00
Tom Eastep
316866482b
Add ipv6 nat file and manpage
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-05 19:54:19 -07:00
Tom Eastep
3206021278
Another round of uninstall fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 13:50:39 -07:00
Tom Eastep
9dc2bba025
More uninstall corrections.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 09:39:03 -07:00
Tom Eastep
770a505cd2
Delete DropSmurfs from IPv6 actions.std
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-30 16:16:53 -07:00
Tom Eastep
3e2c903a41
Revert "Only save ipsets of the proper family"
...
This reverts commit b053cab630
.
2014-09-28 13:32:32 -07:00
Tom Eastep
b053cab630
Only save ipsets of the proper family
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 12:58:52 -07:00
Tom Eastep
cbcb1ff7e1
Add SAVE_IPSETS to shorewall6.conf.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 11:37:24 -07:00
Tom Eastep
3858683e94
Allow saving a specified list of ipsets
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 11:19:41 -07:00
Tom Eastep
10df9d31c4
Correct typo in the actions manpages (4.6.5 s/b 4.6.4).
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-25 14:47:27 -07:00
Tom Eastep
976a1f3deb
Merge branch '4.6.3'
...
Conflicts:
Shorewall/Perl/Shorewall/Misc.pm
2014-09-25 08:06:16 -07:00
Tom Eastep
ea40068c10
Fix ADMINISABSENTMINDED=No used with stoppedrules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-25 08:03:35 -07:00
Tom Eastep
580e00dabd
Implement LOG_BACKEND option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 15:26:13 -07:00
Tom Eastep
a7b57ad32c
Clarify iptrace logging.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 09:14:38 -07:00
Tom Eastep
ba7f88c912
Re-apply 'terminating' changes to the actions manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-23 09:33:57 -07:00
Tom Eastep
7481514a97
Implement the 'terminating' action option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-23 09:29:13 -07:00
Tom Eastep
1f5439257a
Revert "Implement the 'terminating' action option"
...
This reverts commit 6851744cb7
.
2014-09-23 07:39:25 -07:00
Tom Eastep
4495ed687b
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2014-09-23 07:10:46 -07:00
Tuomo Soini
a03f00bf0f
systemd services: multi-user is not same as old runlevel 3 so use basic
...
add conflicts to obviously conflicting services
remove old version number from init files
remove legacy syslog.target which is not needed on modern systems
fix formatting of email address onold Copyright text
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2014-09-23 16:44:03 +03:00
Tom Eastep
771e487b02
Merge branch '4.6.3'
2014-09-01 09:10:55 -07:00
Tom Eastep
0b66c475a7
Make <command> replacable in the run synopsis
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 09:10:03 -07:00
Tom Eastep
8727a6f1d8
Correct 'run' command synopsis in the shorewall[6] manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:52:09 -07:00
Tom Eastep
f9a62e1650
Correct builtin example in the actions manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:29:29 -07:00
Tom Eastep
6851744cb7
Implement the 'terminating' action option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:16:42 -07:00
Tom Eastep
4bacfced82
Another attempt to fix formatting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 11:59:51 -07:00
Tom Eastep
7c1bbd4dc7
Fix formatting in shorewall[6]-rules(5)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 11:29:44 -07:00
Tom Eastep
4347190f82
Clarify REJECT handling in IP[6]TABLE rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 09:10:10 -07:00
Tom Eastep
e49832f4b5
Run the 'init' script in the 'run' command.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-30 10:25:00 -07:00
Tom Eastep
31e5aeeaea
Refine the 'run' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-29 10:30:07 -07:00
Tom Eastep
a7b18ca875
Implement 'run' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-28 07:04:56 -07:00
Tom Eastep
848078873d
Update tcfilters manpages to mention BASIC_FILTERS=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-22 07:19:10 -07:00
Tom Eastep
a97e2fd3d9
Update manpages regarding 'status -i'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-12 19:37:05 -07:00
Tom Eastep
4a4cea46c0
Update copyrights in the Sample files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-06 13:44:34 -07:00
Tom Eastep
8bfff55ed2
Add a TIME column to the mangle file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-04 08:01:14 -07:00
Tom Eastep
b1a6ec7f03
Merge branch '4.6.1'
2014-07-02 21:41:27 -07:00
Tom Eastep
7fdc398a5e
Revert "Revert "Revert "Add a TIME column to the mangle file"""
...
This reverts commit 1165b2689c
.
2014-06-27 08:23:04 -07:00
Tom Eastep
1165b2689c
Revert "Revert "Add a TIME column to the mangle file""
...
This reverts commit 9c7fcd09fd
.
2014-06-27 08:14:28 -07:00
Tom Eastep
9c7fcd09fd
Revert "Add a TIME column to the mangle file"
...
This reverts commit 824b14b714
.
2014-06-25 07:33:42 -07:00
Tom Eastep
80c09c4747
Merge branch '4.6.1'
2014-06-25 07:31:36 -07:00
Tom Eastep
824b14b714
Add a TIME column to the mangle file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-25 07:05:12 -07:00
Tom Eastep
6ad9b95351
Implement 'show bl'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 13:27:25 -07:00
Tom Eastep
ac4bf15606
Implement 'status -i'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 11:07:37 -07:00
Tom Eastep
4e5d24fd9b
Currect masq manpages
...
Describe the SOURCE column as optional
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-16 07:27:05 -07:00
Tom Eastep
89c5d5080b
A couple more tweaks to the masq manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-22 11:14:46 -07:00
Tom Eastep
dcc2fb27c5
Apply Tuomo Soini's whitespace patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-19 14:18:48 -07:00
Tom Eastep
7835feb45e
Apply Simon Mater's cosmetic fix to the 'mangle' files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-16 07:31:44 -07:00
Tom Eastep
ffc564bdf9
Add ?format 2 to several Shorewall6 actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-10 08:19:03 -07:00
Tom Eastep
f717d097d7
Apply Tuomo Soini's Macro format patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-07 12:19:24 -07:00
Tom Eastep
2b43c28e98
Add tabs to mangle files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-20 07:56:43 -07:00
Tom Eastep
c663f91ec7
Add HEADERS to shorewall6-mangle(5)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-19 08:01:21 -07:00
Tom Eastep
15507aa265
Update sample rules files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-19 07:48:42 -07:00
Tom Eastep
4d4e8b3df4
Do nothing when a rules file section is empty.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-18 14:13:34 -07:00
Tom Eastep
b3cd9ab15a
Default to LOAD_HELPERS_ONLY=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-12 11:05:28 -07:00
Tom Eastep
fdc391cf49
Change all *.conf files to reflect ZONE2ZONE=-
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-11 20:44:15 -07:00
Tom Eastep
eb70234c52
Correct some typos in the .conf manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-12 14:50:15 -07:00
Tom Eastep
20b10582b4
Moew deprecation of USE_DEFAULT_RT=No
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-10 08:24:12 -07:00
Tom Eastep
cea237620a
Change USE_DEFAULT_RT default to 'Yes'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-09 07:42:22 -07:00
Tom Eastep
c9d7370fb4
Merge branch '4.5.21'
...
Conflicts:
Shorewall/manpages/shorewall.conf.xml
Shorewall6/manpages/shorewall6.conf.xml
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-05 09:00:34 -08:00
Tom Eastep
8b4d8bfa16
Finish ADMINISABSENDMINDED change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-05 08:57:03 -08:00
Tom Eastep
caa72fb7d2
Correct routestopped files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-02 10:39:12 -08:00
Tom Eastep
3e87efc82b
Document -t option
...
- Also copy compiler directives to the mangle file.
2014-02-17 12:50:59 -08:00
Tom Eastep
69fe94ef08
Document the -t option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-16 09:25:58 -08:00
Tom Eastep
16b80c3e45
Add default value for BASIC_FILTERS
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 20:45:51 -08:00
Tom Eastep
2dbcd36a9c
Implement BASIC_FILTERS
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 16:34:03 -08:00
Tom Eastep
7ddc65133e
Support ipset lists in the tcfilters file.
...
- Also document the fact that ipset match options are not available in
the tcfilters file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 12:16:35 -08:00
Tom Eastep
c08655e0bc
Document ipset use in tcfilters
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-01 09:40:39 -08:00
Tom Eastep
44e0d48fc5
Add <refmiscinfo>...</refmiscinfo> to remaining manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-16 08:32:57 -08:00
Tom Eastep
89fd5ced15
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2014-01-12 14:05:48 -08:00
Roberto C. Sanchez
b1a490b50a
Cleanup links in manpages so that hrefs in generated HTML don't take the user to a different server
2014-01-12 16:40:03 -05:00
Tom Eastep
a35b7821bf
Correct stoppedrules manpages re DROP
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:30:09 -08:00
Tom Eastep
fd28a12653
Allow DROP in the stoppedrules file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:19:49 -08:00
Tom Eastep
42dd8dfee9
Change license to GPLv2+ and update copyrights
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-04 09:48:27 -08:00
Tom Eastep
78ecf9bdc8
Finish up ipset extensions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-03 09:23:14 -08:00
Tom Eastep
1771bb75cf
Finish ipset match option implementation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-02 14:43:55 -08:00
Tom Eastep
48ceed9ecb
Make tcpflags the default.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 15:10:38 -08:00
Tom Eastep
623bdd2ff1
Manpage corrections.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:41:28 -08:00
Tom Eastep
b61ee2d75e
Manpage updates for IP[6]TABLES
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:18:54 -08:00
Tom Eastep
ac6a506e35
Allow logging from the RAW table
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-31 11:04:43 -08:00
Tom Eastep
4cc5ee6b73
Document IP[6]TABLES in the manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 10:13:38 -08:00
Tom Eastep
8f6f0c94a4
Replace tcrules with mangle in the manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 15:35:08 -08:00
Tom Eastep
6fe06c82c8
More switch from tcrules to mangle
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 15:24:05 -08:00
Tom Eastep
a1222d10cb
change 'marks' file to 'mangle'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 10:03:23 -08:00
Tom Eastep
4c840a05a0
Fix issue in the shorewall-tcrules and shorewall6-tcrules manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-19 16:24:50 -08:00
Tom Eastep
6323372ebd
Fix issue in the shorewall-tcrules and shorewall6-tcrules manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-19 16:23:32 -08:00
Tom Eastep
4e4e7cac1d
Redefine the -i option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-15 11:23:20 -08:00
Tom Eastep
cb74b2d706
Document the -i update option in the manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 20:54:56 -08:00
Tom Eastep
33c5893bdb
Implement INLINE_MATCHES
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 13:35:01 -08:00
Tom Eastep
2bc329aa1d
Add INLINE support to the masq file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-13 15:44:16 -08:00
Tom Eastep
f22dfcaa75
Merge branch '4.5.21'
2013-12-08 09:02:44 -08:00
Tom Eastep
d71c2688dc
Clarify the need to quote/escaape settings with parentheses.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-08 09:02:25 -08:00
Tom Eastep
95abeaea24
Finish INLINE in the tcrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-01 09:25:32 -08:00
Tom Eastep
d63262a0cb
change ZONE2ZONE default to '-'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-24 08:16:28 -08:00
Tom Eastep
3870157898
Issue warning on bare SECTION headings.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-24 07:58:02 -08:00
Tom Eastep
ea21d61f39
Correct Broadcast Actions
...
- Delete --dst-type BROADCAST from IPv6
- Suppress superfluous multicast rule
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-12 08:41:58 -08:00
Tom Eastep
3b5c1ad601
Remove anachronistic text from the tcinterfaces manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-10 08:19:16 -08:00
Tom Eastep
e14d92c5ac
Add DROP support in tcrules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-04 10:50:11 -08:00
Tom Eastep
6eb2c0cb5f
Add link to the logging page from the policy manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-24 08:01:18 -07:00
Roberto C. Sanchez
12563c55a8
Add '. /lib/lsb/init-functions' to the Debian-specific init scripts, as recommended by lintian
2013-10-05 16:31:45 -04:00
Tom Eastep
e570d91ab1
Document 'hostroute' and 'nohostroute'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-18 17:58:28 -07:00
Tom Eastep
159d677acb
Update manpages to indicate that 'inline' is assumed for REJECT_ACTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-10 08:08:06 -07:00
Tom Eastep
ae63a0ab77
Correct description of how REJECT is handled:
...
- Add UDP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-02 17:07:58 -07:00
Tom Eastep
67603c5eb3
Implement REJECT_ACTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-01 09:14:10 -07:00
Tom Eastep
32763e998b
Make -v work with the status command
...
- Also document exit status
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-13 06:52:46 -07:00
Tom Eastep
a10aea280b
Add some abbreviations for common commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-06 07:05:47 -07:00
Tom Eastep
83d1aa6682
Allow OPTIMIZE=All
...
- Remove use of literal 4096 from OPTIMIZATION checks.
- Moved constant declarations to the Config module.
- Documented that level 1 is ignored when level 4 is specified.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-29 10:08:35 -07:00
Tom Eastep
aabb22a50f
Add the TRACK_RULES option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-24 07:22:51 -07:00
Tom Eastep
765b748283
Documentation updates
...
- Add meaningful IDs to some sections in Events.xml
- Correct typos in the accounting manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-22 07:54:45 -07:00
Tom Eastep
7aa33c140d
Add an AutoBL action with helper AutoBLL
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-17 10:19:18 -07:00
Tom Eastep
d6d0cad2f9
Add 'show event[s]' to manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 10:37:27 -07:00
Tom Eastep
282bf0a78c
Allow Events with Shorewall6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 09:45:41 -07:00
Tom Eastep
71bcd11ab6
Make ?...shell/perl directives case insensitive
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-20 10:39:39 -07:00
Tom Eastep
4bd35a0b93
Allow 'routeback=0'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-16 08:37:53 -07:00
Tom Eastep
53f1cd40df
Add 'unmanaged' option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-10 12:36:18 -07:00
Tom Eastep
a48a4b7a2e
Don't allow fowarding between local zones.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-28 06:14:44 -07:00
Tom Eastep
2de0fbf7d0
Change 'local' to 'loopback' and add 'local' zones that match non-loopback interfaces.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-26 14:06:51 -07:00
Tom Eastep
fd11eb7d82
Omit fw->fw jumps when there is a local zone.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-22 09:19:34 -07:00
Tom Eastep
ac02c484f5
Change 'local' interface option to a zone type.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-19 15:35:20 -07:00
Tom Eastep
b38f1416aa
Mention "all+' in the "Important" notes at the top
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-13 13:41:12 -07:00
Tom Eastep
c8133145e6
Add support for "all+" in the policy file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-13 09:01:12 -07:00
Tom Eastep
e3d9b2762d
Add 'destonly' and 'local' to the interface manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-12 12:48:58 -07:00
Tom Eastep
7215b61aa4
Document changes introduced by Mr-4.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-07 10:16:38 -07:00
Tom Eastep
577db69719
Support conditional compilation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-07 09:36:02 -07:00
Roberto C. Sanchez
a0228e9d3b
Fix typos in manpages
2013-05-03 12:19:45 -04:00
Tom Eastep
8bb03a741d
Update blrules manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-24 08:17:10 -07:00
Tom Eastep
f543c3bd1e
Finish Mr-4's NFACCT patch
...
- Correct indentation
- Remove '$type' argument to split_nfacct_list
- Update manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-23 06:55:30 -07:00
Tom Eastep
5ad69aa650
Add CHAIN_SCRIPTS option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-21 07:30:31 -07:00
Tom Eastep
a56dcc745d
Clarify <chain>:COUNT in the accounting files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-20 17:11:46 -07:00
Tom Eastep
1b9fd642bb
Add INLINE to the accounting file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-20 08:02:02 -07:00
Tom Eastep
1fd62e1612
Restore order in the NFACCT target.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 11:11:37 -07:00
Tom Eastep
6c2679ce75
Allow incrementing an nfacct object when an ipset matches.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 10:44:57 -07:00
Tom Eastep
91c4dd2e56
Document multiple nfacct objects in one rule.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 06:38:02 -07:00
Tom Eastep
8ef11a376b
Document 'HELPERS=none'.
...
- Also make 'check -u' work correctly regarding HELPERS=
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-18 11:30:47 -07:00
Tom Eastep
ef01748dc9
Update manpages for INLINE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-17 07:34:00 -07:00
Tom Eastep
beec4a188f
Implement INLINE action (again).
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 09:15:59 -07:00
Tom Eastep
50494f667c
Implement INLINE action
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-08 17:30:00 -07:00
Tom Eastep
efebda76d2
Improve the description of 'accept_ra' in shorewall6-interfaces(5)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-01 14:25:49 -07:00
Tom Eastep
d415de1883
Add the accept_ra Shorewall6 interface option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-30 16:44:18 -07:00
Tom Eastep
b5ea4067e4
Implement USE_RT_NAMES
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-24 10:56:38 -07:00
Tom Eastep
1e866eac28
Implement the other forms of NULL routing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-16 08:20:52 -07:00
Tom Eastep
fe6533943c
Correct 'routes' manpages.
...
- change 4.5.15 with 4.5.14 for the availability of blackhole routes
- Add 'main' to the legal providers.
2013-03-08 08:26:08 -08:00
Tom Eastep
06e7f297f7
Allow addition of blackhole routes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 11:48:09 -08:00
Tom Eastep
631c1ac843
Mention the multiport match requirement for '='
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-04 12:53:00 -08:00
Tom Eastep
49918b654e
Support '=' in SOURCE PORT(S) columns
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-04 09:56:10 -08:00
Tom Eastep
8960f72532
Handle DNAT with no port correctly.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-01 07:58:58 -08:00
Tom Eastep
252dd9b676
Correct SUBSYSLOCK setting in shorewall6.conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-28 07:45:17 -08:00
Tom Eastep
418034579f
Support IPv6 Masquerade
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-27 09:25:26 -08:00
Tom Eastep
7006c62892
Correct port pair handling in the snat ADDRESS column.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-25 15:31:36 -08:00
Tom Eastep
0349a9a88c
Rename the IPv6 masq file 'snat'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-19 13:05:24 -08:00
Tom Eastep
524d6242b0
More SNAT/DNAT manpage updates
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-19 12:42:09 -08:00
Tom Eastep
b562f7f311
Allow specification of destination addresses in Shorewall6 masq.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-19 08:34:03 -08:00
Tom Eastep
ce28c70c60
SNAT and DNAT support for IPv6.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-19 07:08:08 -08:00
Tom Eastep
010c44d07a
Correct description of the 'sourceroute' interface option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-18 11:33:19 -08:00
Tom Eastep
e486c16513
Correct all configpath files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-14 15:10:21 -08:00
Tom Eastep
f44becdee1
Rename BLACKLIST_LOGLEVEL to BLACKLIST_LOG_LEVEL for consistent naming.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-12 07:47:02 -08:00
Tom Eastep
aae6e001fe
Convert dropInvalid and allowInvalid to inline actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-07 11:21:13 -08:00
Tom Eastep
aa528dd075
Revert "Convert allowInvalid and dropInvalid into macros"
...
This reverts commit 272e1d330c
.
2013-02-07 09:09:56 -08:00
Tom Eastep
272e1d330c
Convert allowInvalid and dropInvalid into macros
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-06 09:54:12 -08:00
Tom Eastep
61c219ed3a
Clarify the CHAIN column in the accounting manpage. Also mention ipset support.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 08:00:24 -08:00
Tom Eastep
0616dd9fcb
Add 'New' action for conntrack state NEW
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 09:33:24 -08:00
Tom Eastep
c68d4c6e27
Simplify Perl from actions even further.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 15:55:39 -08:00
Tom Eastep
9f82d82a92
Update Shorewall6 actions.std
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 12:59:24 -08:00
Evangelos Foutras
c9247c8074
Remove Arch Linux init file
...
Arch Linux only supports systemd now.
Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 10:13:54 -08:00
Tom Eastep
f407068d20
Update shorewall[6]-actions(5) regarding inline for some standard actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 08:27:30 -08:00
Tom Eastep
fc73c3934b
Replace BLACKLISTNEWONLY with BLACKLIST
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 08:00:47 -08:00
Tom Eastep
6b889e537f
Correct typo in the actions.std files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 12:07:04 -08:00
Tom Eastep
519861d7b2
Add CONTINUE as a possible setting for RELATED_DISPOSITION.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:58:03 -08:00
Tom Eastep
f7bdb71aad
Add an Established action.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 15:40:53 -08:00
Tom Eastep
69b660ba56
Add Related and Untracked actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-26 09:45:16 -08:00
Tom Eastep
c958329d14
More manpage updates for RELATED and UNTRACKED rules sections.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 19:24:01 -08:00
Tom Eastep
575673a8f5
Correct broken links in the .conf manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 15:42:20 -08:00
Tom Eastep
6403f4959d
Implement UNTRACKED SECTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 15:42:01 -08:00
Tom Eastep
c2bc74cdfe
Add INVALID section to the rules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 08:33:59 -08:00
Tom Eastep
a03e793907
Added OUT-BANDWIDTH to the tcinterfaces column
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-22 16:33:57 -08:00
Tom Eastep
17eae4adee
Update the description of BLACKLISTNEWONLY to match the implementation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-22 09:11:15 -08:00
Tom Eastep
b5cb27e84e
Correct .service files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-20 15:15:46 -08:00
Tom Eastep
89a09f0256
Implement DEFER_DNS_RESOLUTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-13 17:00:14 -08:00
Tom Eastep
f41b2fbffc
Clarify the LENGTH column of the tcrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-09 16:22:38 -08:00
Tom Eastep
414a74d23c
Support protocol lists in most files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 16:06:54 -08:00
Tom Eastep
d4c9885c09
Change interpretation of the log tag when LOGTAGONLY=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-06 13:10:18 -08:00
Tom Eastep
f955abe18b
Unify IPv4 and IPv6 modules.xtables files
...
- only difference now is xt_ipp2p
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-01 08:44:36 -08:00
Tom Eastep
25b2341ecf
Add sch_fq_codel to modules.tc
...
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-01 08:29:41 -08:00
Tom Eastep
4590e25052
Correct modules.xtables
...
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2012-12-31 08:54:32 -08:00
Tom Eastep
115081dda5
Tweak fq_codel documentation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 11:20:16 -08:00
Tom Eastep
6d9cca1cff
fq_codel
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 10:58:11 -08:00
Tom Eastep
ebe4267c49
Rename IGNOREOLDCAPVERSIONS to WARNOLDCAPVERSION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:58:45 -08:00
Tom Eastep
f96bc7cc2d
Cosmetic cleanup of the .conf manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:01:37 -08:00
Tom Eastep
8bb6f81dc5
Rename IGNOREOLDCAPS to IGNOREOLDCAPVERSIONS
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 08:54:22 -08:00
Tom Eastep
01a8ff20d4
Add the xtables modules to modules.xtables
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 16:06:54 -08:00
Tom Eastep
ef0102e9f1
Add the 'IGNOREOLDCAPS' option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 15:48:08 -08:00
Tom Eastep
4d2379f542
Implement update -D
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-23 10:50:31 -08:00
Tom Eastep
c9eccaf3b8
Implement ?COMMENT directive
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-23 10:49:32 -08:00
Tom Eastep
96b61ea05c
Update documentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-21 16:13:23 -08:00
Tom Eastep
dbd55acba2
Update samples, standard Actions and Macros to use ?FORMAT
2012-12-21 15:51:14 -08:00
Tom Eastep
1cbeaa6a9f
Apply Tuomo Soini's tabs patches for the rules files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-13 09:26:09 -08:00
Tom Eastep
8a0abab4cc
Rename 'ALLOWUNKNOWNVARIABLES' to 'IGNOREUNKNOWNVARIABLES'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-12 11:51:31 -08:00
Tom Eastep
88d4814209
Merge branch '4.5.10'
...
Conflicts:
Shorewall/Perl/Shorewall/Config.pm
2012-12-08 20:54:33 -08:00
Tom Eastep
4d064d6713
Replace spaces with tabs in rules files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-07 16:48:55 -08:00
Tom Eastep
56d7b6248b
Begin Action Documentaiton Update
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-05 19:07:42 -08:00
Tom Eastep
02cbd72a91
Merge branch '4.5.10'
2012-12-04 10:56:09 -08:00
Tom Eastep
60012d1208
Add additional space for the OPTIONS column
...
- actions and actions.std problem
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 10:54:32 -08:00
Tom Eastep
903e25a91a
Add ALLOWUNKNOWNVARIABLES to the sample configurations.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 09:04:34 -08:00
Tom Eastep
8f1e8bf475
Add 'ALLOWUNKNOWNVARIABLES' to the manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 08:50:23 -08:00
Tom Eastep
cd5e9be467
Carefully suppress duplicate rules in all tables
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-02 12:20:24 -08:00
Tom Eastep
cc657e571d
Update action templates with new columns.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 10:25:10 -08:00
Tom Eastep
f358a78eca
Revise the description of 'noinline' to match the changed implementation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 09:33:38 -08:00
Tom Eastep
8cbe26e32c
Ignore 'inline' for certain actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 07:54:42 -08:00
Tom Eastep
15121e0743
Also substitute the chain name for '@0' in SWITCH names.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-29 08:05:49 -08:00
Tom Eastep
9c0d8a2533
Use '@{0}' as the chain name surrogate in SWITCH columns
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-29 07:17:13 -08:00
Tom Eastep
bff91cd325
Allow overriding 'inline' on some standard actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-28 15:03:08 -08:00
Tom Eastep
8006d150f1
Allow switch initialization.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-27 16:17:43 -08:00
Tom Eastep
d7096ae52e
Back out default-action macros and document in-line actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-27 10:53:18 -08:00
Tom Eastep
6bf996d4b8
Implement inline actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-27 10:32:48 -08:00
Tom Eastep
7673b1ac4b
Support multiple parameters in macros.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 11:04:19 -08:00
Tom Eastep
fc87576005
Back out silly change for output interfaces in the conntrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 09:47:42 -08:00
Tom Eastep
21c2963691
Correct Format-3 syntax for the SOURCE column of the conntrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 07:48:43 -08:00
Tom Eastep
fb3194d96b
Correct handling of default-action macro when specified as "macro.Name"
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 10:16:43 -08:00
Tom Eastep
629717f7cc
Correct policy manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 09:33:46 -08:00
Tom Eastep
8c2db40783
Correct errors in the conntrack manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 08:52:51 -08:00
Tom Eastep
dbfc805707
Add 'IU' state in secmarks
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 08:10:53 -08:00
Tom Eastep
748d532175
Correct the explaination of ULOG and NFLOG in the manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-24 09:11:28 -08:00
Tom Eastep
30de211bda
Implement format-3 conntrack files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 20:56:56 -08:00
Tom Eastep
47ef3db53c
Add SWITCH column to sample IPv6 conntrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 09:10:30 -08:00
Tom Eastep
8a744de906
Document semantic change to 'all' handling in the conntrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 09:10:07 -08:00
Tom Eastep
059095e366
Corrected shorewall6-rules(8)
...
- delete A_ACCEPT+
- correct a typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 09:09:35 -08:00
Tom Eastep
df7ce1a7d1
Add the AUDIT built-in and delete the Audit action.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 08:24:33 -08:00
Tom Eastep
3040156981
Add SWITCH column to the conntrack file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 14:20:56 -08:00
Tom Eastep
952aed225d
Improve handling of 'all' in the conntrack file.
...
- Also added 'all-' to represent all off-firewall zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 13:07:01 -08:00
Tom Eastep
7bfbf522bc
Document that parameters are allowed in default actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 11:12:55 -08:00
Tom Eastep
3b20c0db54
Allow Macros to be used as Default Actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-19 16:52:10 -08:00
Tom Eastep
be587726f4
Merge branch '4.5.9'
2012-11-19 08:22:05 -08:00
Tom Eastep
60a509c926
Add new macros and alphabetize the ACTION list in the rules manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-19 08:19:12 -08:00
Tom Eastep
37779038da
More expunging of USE_ACTIONS
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 20:54:24 -08:00
Tom Eastep
9dac330756
Remove references to USE_ACTIONS
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 13:13:20 -08:00
Tom Eastep
dfd02c932e
Correct typo in shorewall(8) and shorewall6(8).
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 13:12:03 -08:00
Tom Eastep
c6ffdd67e2
Add DROP target to the conntrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 11:35:40 -08:00