Commit Graph

1183 Commits

Author SHA1 Message Date
Tom Eastep
113f95c11e Provide STARTOPTIONS and RESTARTOPTIONS in all cases
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 10:22:39 -07:00
Tom Eastep
3454e10525 Add SAVE_COUNTERS option.
- Also implement recover command

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 08:57:56 -07:00
Tom Eastep
055fceb82f Update policy manpages for duel limits
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-22 12:27:27 -07:00
Tom Eastep
f5bdc9e7f4 Allow two limits in the RATE LIMIT columns
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-22 11:21:43 -07:00
Tom Eastep
b60d6dd6e5 Avoid duplicate module loads
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-20 10:42:53 -07:00
Tom Eastep
2784e93307 Load xt_LOG in both helpers files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-19 08:28:36 -07:00
Tom Eastep
20c8bf02b1 Correct Shorewall6 helpers file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-19 08:28:19 -07:00
Tom Eastep
38d4b1c5a9 Revert "Correct last patch"
This reverts commit b528625329.
2014-10-19 08:28:11 -07:00
Tom Eastep
e3a332ec27 Correct last patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-19 08:28:00 -07:00
Tom Eastep
49218a4d28 ipt_LOG in helpers file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-15 18:07:09 -07:00
Tom Eastep
3236cd2660 Reinstate IPv6 DropSmurfs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-13 12:34:25 -07:00
Tom Eastep
42363da458 Add new .service files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-09 10:00:53 -07:00
Tom Eastep
c5074bddb2 Rename the .service files to .service.214
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-09 09:45:52 -07:00
Tom Eastep
12458d111a Adjust the .service files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-08 17:28:22 -07:00
Tuomo Soini
a31fd20f22 Shorewall6/nat: clearly make it ipv6 specific 2014-10-07 12:42:57 +03:00
Tom Eastep
2c7ffb525d Updagte Shorewall6-nat manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-05 20:09:18 -07:00
Tom Eastep
316866482b Add ipv6 nat file and manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-05 19:54:19 -07:00
Tom Eastep
3206021278 Another round of uninstall fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 13:50:39 -07:00
Tom Eastep
9dc2bba025 More uninstall corrections.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 09:39:03 -07:00
Tom Eastep
770a505cd2 Delete DropSmurfs from IPv6 actions.std
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-30 16:16:53 -07:00
Tom Eastep
3e2c903a41 Revert "Only save ipsets of the proper family"
This reverts commit b053cab630.
2014-09-28 13:32:32 -07:00
Tom Eastep
b053cab630 Only save ipsets of the proper family
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 12:58:52 -07:00
Tom Eastep
cbcb1ff7e1 Add SAVE_IPSETS to shorewall6.conf.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 11:37:24 -07:00
Tom Eastep
3858683e94 Allow saving a specified list of ipsets
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 11:19:41 -07:00
Tom Eastep
10df9d31c4 Correct typo in the actions manpages (4.6.5 s/b 4.6.4).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-25 14:47:27 -07:00
Tom Eastep
976a1f3deb Merge branch '4.6.3'
Conflicts:
	Shorewall/Perl/Shorewall/Misc.pm
2014-09-25 08:06:16 -07:00
Tom Eastep
ea40068c10 Fix ADMINISABSENTMINDED=No used with stoppedrules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-25 08:03:35 -07:00
Tom Eastep
580e00dabd Implement LOG_BACKEND option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 15:26:13 -07:00
Tom Eastep
a7b57ad32c Clarify iptrace logging.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 09:14:38 -07:00
Tom Eastep
ba7f88c912 Re-apply 'terminating' changes to the actions manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-23 09:33:57 -07:00
Tom Eastep
7481514a97 Implement the 'terminating' action option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-23 09:29:13 -07:00
Tom Eastep
1f5439257a Revert "Implement the 'terminating' action option"
This reverts commit 6851744cb7.
2014-09-23 07:39:25 -07:00
Tom Eastep
4495ed687b Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2014-09-23 07:10:46 -07:00
Tuomo Soini
a03f00bf0f systemd services: multi-user is not same as old runlevel 3 so use basic
add conflicts to obviously conflicting services
remove old version number from init files
remove legacy syslog.target which is not needed on modern systems
fix formatting of email address onold Copyright text

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2014-09-23 16:44:03 +03:00
Tom Eastep
771e487b02 Merge branch '4.6.3' 2014-09-01 09:10:55 -07:00
Tom Eastep
0b66c475a7 Make <command> replacable in the run synopsis
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 09:10:03 -07:00
Tom Eastep
8727a6f1d8 Correct 'run' command synopsis in the shorewall[6] manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:52:09 -07:00
Tom Eastep
f9a62e1650 Correct builtin example in the actions manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:29:29 -07:00
Tom Eastep
6851744cb7 Implement the 'terminating' action option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:16:42 -07:00
Tom Eastep
4bacfced82 Another attempt to fix formatting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 11:59:51 -07:00
Tom Eastep
7c1bbd4dc7 Fix formatting in shorewall[6]-rules(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 11:29:44 -07:00
Tom Eastep
4347190f82 Clarify REJECT handling in IP[6]TABLE rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 09:10:10 -07:00
Tom Eastep
e49832f4b5 Run the 'init' script in the 'run' command.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-30 10:25:00 -07:00
Tom Eastep
31e5aeeaea Refine the 'run' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-29 10:30:07 -07:00
Tom Eastep
a7b18ca875 Implement 'run' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-28 07:04:56 -07:00
Tom Eastep
848078873d Update tcfilters manpages to mention BASIC_FILTERS=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-22 07:19:10 -07:00
Tom Eastep
a97e2fd3d9 Update manpages regarding 'status -i'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-12 19:37:05 -07:00
Tom Eastep
4a4cea46c0 Update copyrights in the Sample files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-06 13:44:34 -07:00
Tom Eastep
8bfff55ed2 Add a TIME column to the mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-04 08:01:14 -07:00
Tom Eastep
b1a6ec7f03 Merge branch '4.6.1' 2014-07-02 21:41:27 -07:00
Tom Eastep
7fdc398a5e Revert "Revert "Revert "Add a TIME column to the mangle file"""
This reverts commit 1165b2689c.
2014-06-27 08:23:04 -07:00
Tom Eastep
1165b2689c Revert "Revert "Add a TIME column to the mangle file""
This reverts commit 9c7fcd09fd.
2014-06-27 08:14:28 -07:00
Tom Eastep
9c7fcd09fd Revert "Add a TIME column to the mangle file"
This reverts commit 824b14b714.
2014-06-25 07:33:42 -07:00
Tom Eastep
80c09c4747 Merge branch '4.6.1' 2014-06-25 07:31:36 -07:00
Tom Eastep
824b14b714 Add a TIME column to the mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-25 07:05:12 -07:00
Tom Eastep
6ad9b95351 Implement 'show bl'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 13:27:25 -07:00
Tom Eastep
ac4bf15606 Implement 'status -i'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 11:07:37 -07:00
Tom Eastep
4e5d24fd9b Currect masq manpages
Describe the SOURCE column as optional

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-16 07:27:05 -07:00
Tom Eastep
89c5d5080b A couple more tweaks to the masq manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-22 11:14:46 -07:00
Tom Eastep
dcc2fb27c5 Apply Tuomo Soini's whitespace patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-19 14:18:48 -07:00
Tom Eastep
7835feb45e Apply Simon Mater's cosmetic fix to the 'mangle' files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-16 07:31:44 -07:00
Tom Eastep
ffc564bdf9 Add ?format 2 to several Shorewall6 actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-10 08:19:03 -07:00
Tom Eastep
f717d097d7 Apply Tuomo Soini's Macro format patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-07 12:19:24 -07:00
Tom Eastep
2b43c28e98 Add tabs to mangle files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-20 07:56:43 -07:00
Tom Eastep
c663f91ec7 Add HEADERS to shorewall6-mangle(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-19 08:01:21 -07:00
Tom Eastep
15507aa265 Update sample rules files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-19 07:48:42 -07:00
Tom Eastep
4d4e8b3df4 Do nothing when a rules file section is empty.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-18 14:13:34 -07:00
Tom Eastep
b3cd9ab15a Default to LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-12 11:05:28 -07:00
Tom Eastep
fdc391cf49 Change all *.conf files to reflect ZONE2ZONE=-
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-11 20:44:15 -07:00
Tom Eastep
eb70234c52 Correct some typos in the .conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-12 14:50:15 -07:00
Tom Eastep
20b10582b4 Moew deprecation of USE_DEFAULT_RT=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-10 08:24:12 -07:00
Tom Eastep
cea237620a Change USE_DEFAULT_RT default to 'Yes'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-09 07:42:22 -07:00
Tom Eastep
c9d7370fb4 Merge branch '4.5.21'
Conflicts:
	Shorewall/manpages/shorewall.conf.xml
	Shorewall6/manpages/shorewall6.conf.xml

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-05 09:00:34 -08:00
Tom Eastep
8b4d8bfa16 Finish ADMINISABSENDMINDED change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-05 08:57:03 -08:00
Tom Eastep
caa72fb7d2 Correct routestopped files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-02 10:39:12 -08:00
Tom Eastep
3e87efc82b Document -t option
- Also copy compiler directives to the mangle file.
2014-02-17 12:50:59 -08:00
Tom Eastep
69fe94ef08 Document the -t option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-16 09:25:58 -08:00
Tom Eastep
16b80c3e45 Add default value for BASIC_FILTERS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 20:45:51 -08:00
Tom Eastep
2dbcd36a9c Implement BASIC_FILTERS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 16:34:03 -08:00
Tom Eastep
7ddc65133e Support ipset lists in the tcfilters file.
- Also document the fact that ipset match options are not available in
  the tcfilters file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 12:16:35 -08:00
Tom Eastep
c08655e0bc Document ipset use in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-01 09:40:39 -08:00
Tom Eastep
44e0d48fc5 Add <refmiscinfo>...</refmiscinfo> to remaining manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-16 08:32:57 -08:00
Tom Eastep
89fd5ced15 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2014-01-12 14:05:48 -08:00
Roberto C. Sanchez
b1a490b50a Cleanup links in manpages so that hrefs in generated HTML don't take the user to a different server 2014-01-12 16:40:03 -05:00
Tom Eastep
a35b7821bf Correct stoppedrules manpages re DROP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:30:09 -08:00
Tom Eastep
fd28a12653 Allow DROP in the stoppedrules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:19:49 -08:00
Tom Eastep
42dd8dfee9 Change license to GPLv2+ and update copyrights
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-04 09:48:27 -08:00
Tom Eastep
78ecf9bdc8 Finish up ipset extensions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-03 09:23:14 -08:00
Tom Eastep
1771bb75cf Finish ipset match option implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-02 14:43:55 -08:00
Tom Eastep
48ceed9ecb Make tcpflags the default.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 15:10:38 -08:00
Tom Eastep
623bdd2ff1 Manpage corrections.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:41:28 -08:00
Tom Eastep
b61ee2d75e Manpage updates for IP[6]TABLES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:18:54 -08:00
Tom Eastep
ac6a506e35 Allow logging from the RAW table
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-31 11:04:43 -08:00
Tom Eastep
4cc5ee6b73 Document IP[6]TABLES in the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 10:13:38 -08:00
Tom Eastep
8f6f0c94a4 Replace tcrules with mangle in the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 15:35:08 -08:00
Tom Eastep
6fe06c82c8 More switch from tcrules to mangle
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 15:24:05 -08:00
Tom Eastep
a1222d10cb change 'marks' file to 'mangle'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 10:03:23 -08:00
Tom Eastep
4c840a05a0 Fix issue in the shorewall-tcrules and shorewall6-tcrules manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-19 16:24:50 -08:00
Tom Eastep
6323372ebd Fix issue in the shorewall-tcrules and shorewall6-tcrules manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-19 16:23:32 -08:00
Tom Eastep
4e4e7cac1d Redefine the -i option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-15 11:23:20 -08:00
Tom Eastep
cb74b2d706 Document the -i update option in the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 20:54:56 -08:00
Tom Eastep
33c5893bdb Implement INLINE_MATCHES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 13:35:01 -08:00
Tom Eastep
2bc329aa1d Add INLINE support to the masq file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-13 15:44:16 -08:00
Tom Eastep
f22dfcaa75 Merge branch '4.5.21' 2013-12-08 09:02:44 -08:00
Tom Eastep
d71c2688dc Clarify the need to quote/escaape settings with parentheses.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-08 09:02:25 -08:00
Tom Eastep
95abeaea24 Finish INLINE in the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-01 09:25:32 -08:00
Tom Eastep
d63262a0cb change ZONE2ZONE default to '-'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-24 08:16:28 -08:00
Tom Eastep
3870157898 Issue warning on bare SECTION headings.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-24 07:58:02 -08:00
Tom Eastep
ea21d61f39 Correct Broadcast Actions
- Delete --dst-type BROADCAST from IPv6
- Suppress superfluous multicast rule

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-12 08:41:58 -08:00
Tom Eastep
3b5c1ad601 Remove anachronistic text from the tcinterfaces manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-10 08:19:16 -08:00
Tom Eastep
e14d92c5ac Add DROP support in tcrules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-04 10:50:11 -08:00
Tom Eastep
6eb2c0cb5f Add link to the logging page from the policy manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-24 08:01:18 -07:00
Roberto C. Sanchez
12563c55a8 Add '. /lib/lsb/init-functions' to the Debian-specific init scripts, as recommended by lintian 2013-10-05 16:31:45 -04:00
Tom Eastep
e570d91ab1 Document 'hostroute' and 'nohostroute'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-18 17:58:28 -07:00
Tom Eastep
159d677acb Update manpages to indicate that 'inline' is assumed for REJECT_ACTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-10 08:08:06 -07:00
Tom Eastep
ae63a0ab77 Correct description of how REJECT is handled:
- Add UDP

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-02 17:07:58 -07:00
Tom Eastep
67603c5eb3 Implement REJECT_ACTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-01 09:14:10 -07:00
Tom Eastep
32763e998b Make -v work with the status command
- Also document exit status

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-13 06:52:46 -07:00
Tom Eastep
a10aea280b Add some abbreviations for common commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-06 07:05:47 -07:00
Tom Eastep
83d1aa6682 Allow OPTIMIZE=All
- Remove use of literal 4096 from OPTIMIZATION checks.
- Moved constant declarations to the Config module.
- Documented that level 1 is ignored when level 4 is specified.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-29 10:08:35 -07:00
Tom Eastep
aabb22a50f Add the TRACK_RULES option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-24 07:22:51 -07:00
Tom Eastep
765b748283 Documentation updates
- Add meaningful IDs to some sections in Events.xml
- Correct typos in the accounting manpages

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-22 07:54:45 -07:00
Tom Eastep
7aa33c140d Add an AutoBL action with helper AutoBLL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-17 10:19:18 -07:00
Tom Eastep
d6d0cad2f9 Add 'show event[s]' to manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 10:37:27 -07:00
Tom Eastep
282bf0a78c Allow Events with Shorewall6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 09:45:41 -07:00
Tom Eastep
71bcd11ab6 Make ?...shell/perl directives case insensitive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-20 10:39:39 -07:00
Tom Eastep
4bd35a0b93 Allow 'routeback=0'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-16 08:37:53 -07:00
Tom Eastep
53f1cd40df Add 'unmanaged' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-10 12:36:18 -07:00
Tom Eastep
a48a4b7a2e Don't allow fowarding between local zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-28 06:14:44 -07:00
Tom Eastep
2de0fbf7d0 Change 'local' to 'loopback' and add 'local' zones that match non-loopback interfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-26 14:06:51 -07:00
Tom Eastep
fd11eb7d82 Omit fw->fw jumps when there is a local zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-22 09:19:34 -07:00
Tom Eastep
ac02c484f5 Change 'local' interface option to a zone type.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-19 15:35:20 -07:00
Tom Eastep
b38f1416aa Mention "all+' in the "Important" notes at the top
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-13 13:41:12 -07:00
Tom Eastep
c8133145e6 Add support for "all+" in the policy file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-13 09:01:12 -07:00
Tom Eastep
e3d9b2762d Add 'destonly' and 'local' to the interface manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-12 12:48:58 -07:00
Tom Eastep
7215b61aa4 Document changes introduced by Mr-4.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-07 10:16:38 -07:00
Tom Eastep
577db69719 Support conditional compilation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-07 09:36:02 -07:00
Roberto C. Sanchez
a0228e9d3b Fix typos in manpages 2013-05-03 12:19:45 -04:00
Tom Eastep
8bb03a741d Update blrules manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-24 08:17:10 -07:00
Tom Eastep
f543c3bd1e Finish Mr-4's NFACCT patch
- Correct indentation
- Remove '$type' argument to split_nfacct_list
- Update manpages.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-23 06:55:30 -07:00
Tom Eastep
5ad69aa650 Add CHAIN_SCRIPTS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-21 07:30:31 -07:00
Tom Eastep
a56dcc745d Clarify <chain>:COUNT in the accounting files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-20 17:11:46 -07:00
Tom Eastep
1b9fd642bb Add INLINE to the accounting file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-20 08:02:02 -07:00
Tom Eastep
1fd62e1612 Restore order in the NFACCT target.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 11:11:37 -07:00
Tom Eastep
6c2679ce75 Allow incrementing an nfacct object when an ipset matches.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 10:44:57 -07:00
Tom Eastep
91c4dd2e56 Document multiple nfacct objects in one rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 06:38:02 -07:00
Tom Eastep
8ef11a376b Document 'HELPERS=none'.
- Also make 'check -u' work correctly regarding HELPERS=

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-18 11:30:47 -07:00
Tom Eastep
ef01748dc9 Update manpages for INLINE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-17 07:34:00 -07:00
Tom Eastep
beec4a188f Implement INLINE action (again).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 09:15:59 -07:00
Tom Eastep
50494f667c Implement INLINE action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-08 17:30:00 -07:00
Tom Eastep
efebda76d2 Improve the description of 'accept_ra' in shorewall6-interfaces(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-01 14:25:49 -07:00
Tom Eastep
d415de1883 Add the accept_ra Shorewall6 interface option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-30 16:44:18 -07:00
Tom Eastep
b5ea4067e4 Implement USE_RT_NAMES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-24 10:56:38 -07:00
Tom Eastep
1e866eac28 Implement the other forms of NULL routing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-16 08:20:52 -07:00
Tom Eastep
fe6533943c Correct 'routes' manpages.
- change 4.5.15 with 4.5.14 for the availability of blackhole routes
- Add 'main' to the legal providers.
2013-03-08 08:26:08 -08:00
Tom Eastep
06e7f297f7 Allow addition of blackhole routes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 11:48:09 -08:00
Tom Eastep
631c1ac843 Mention the multiport match requirement for '='
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-04 12:53:00 -08:00
Tom Eastep
49918b654e Support '=' in SOURCE PORT(S) columns
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-04 09:56:10 -08:00
Tom Eastep
8960f72532 Handle DNAT with no port correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-01 07:58:58 -08:00
Tom Eastep
252dd9b676 Correct SUBSYSLOCK setting in shorewall6.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-28 07:45:17 -08:00
Tom Eastep
418034579f Support IPv6 Masquerade
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-27 09:25:26 -08:00
Tom Eastep
7006c62892 Correct port pair handling in the snat ADDRESS column.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-25 15:31:36 -08:00
Tom Eastep
0349a9a88c Rename the IPv6 masq file 'snat'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-19 13:05:24 -08:00
Tom Eastep
524d6242b0 More SNAT/DNAT manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-19 12:42:09 -08:00
Tom Eastep
b562f7f311 Allow specification of destination addresses in Shorewall6 masq.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-19 08:34:03 -08:00
Tom Eastep
ce28c70c60 SNAT and DNAT support for IPv6.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-19 07:08:08 -08:00
Tom Eastep
010c44d07a Correct description of the 'sourceroute' interface option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-18 11:33:19 -08:00
Tom Eastep
e486c16513 Correct all configpath files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-14 15:10:21 -08:00
Tom Eastep
f44becdee1 Rename BLACKLIST_LOGLEVEL to BLACKLIST_LOG_LEVEL for consistent naming.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-12 07:47:02 -08:00
Tom Eastep
aae6e001fe Convert dropInvalid and allowInvalid to inline actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-07 11:21:13 -08:00
Tom Eastep
aa528dd075 Revert "Convert allowInvalid and dropInvalid into macros"
This reverts commit 272e1d330c.
2013-02-07 09:09:56 -08:00
Tom Eastep
272e1d330c Convert allowInvalid and dropInvalid into macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-06 09:54:12 -08:00
Tom Eastep
61c219ed3a Clarify the CHAIN column in the accounting manpage. Also mention ipset support.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 08:00:24 -08:00
Tom Eastep
0616dd9fcb Add 'New' action for conntrack state NEW
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 09:33:24 -08:00
Tom Eastep
c68d4c6e27 Simplify Perl from actions even further.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 15:55:39 -08:00
Tom Eastep
9f82d82a92 Update Shorewall6 actions.std
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 12:59:24 -08:00
Evangelos Foutras
c9247c8074 Remove Arch Linux init file
Arch Linux only supports systemd now.

Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 10:13:54 -08:00
Tom Eastep
f407068d20 Update shorewall[6]-actions(5) regarding inline for some standard actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 08:27:30 -08:00
Tom Eastep
fc73c3934b Replace BLACKLISTNEWONLY with BLACKLIST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 08:00:47 -08:00
Tom Eastep
6b889e537f Correct typo in the actions.std files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 12:07:04 -08:00
Tom Eastep
519861d7b2 Add CONTINUE as a possible setting for RELATED_DISPOSITION.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:58:03 -08:00
Tom Eastep
f7bdb71aad Add an Established action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 15:40:53 -08:00
Tom Eastep
69b660ba56 Add Related and Untracked actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-26 09:45:16 -08:00
Tom Eastep
c958329d14 More manpage updates for RELATED and UNTRACKED rules sections.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 19:24:01 -08:00
Tom Eastep
575673a8f5 Correct broken links in the .conf manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 15:42:20 -08:00
Tom Eastep
6403f4959d Implement UNTRACKED SECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 15:42:01 -08:00
Tom Eastep
c2bc74cdfe Add INVALID section to the rules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 08:33:59 -08:00
Tom Eastep
a03e793907 Added OUT-BANDWIDTH to the tcinterfaces column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-22 16:33:57 -08:00
Tom Eastep
17eae4adee Update the description of BLACKLISTNEWONLY to match the implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-22 09:11:15 -08:00
Tom Eastep
b5cb27e84e Correct .service files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-20 15:15:46 -08:00
Tom Eastep
89a09f0256 Implement DEFER_DNS_RESOLUTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-13 17:00:14 -08:00
Tom Eastep
f41b2fbffc Clarify the LENGTH column of the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-09 16:22:38 -08:00
Tom Eastep
414a74d23c Support protocol lists in most files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 16:06:54 -08:00
Tom Eastep
d4c9885c09 Change interpretation of the log tag when LOGTAGONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-06 13:10:18 -08:00
Tom Eastep
f955abe18b Unify IPv4 and IPv6 modules.xtables files
- only difference now is xt_ipp2p

Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-01 08:44:36 -08:00
Tom Eastep
25b2341ecf Add sch_fq_codel to modules.tc
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-01 08:29:41 -08:00
Tom Eastep
4590e25052 Correct modules.xtables
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2012-12-31 08:54:32 -08:00
Tom Eastep
115081dda5 Tweak fq_codel documentation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 11:20:16 -08:00
Tom Eastep
6d9cca1cff fq_codel
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 10:58:11 -08:00
Tom Eastep
ebe4267c49 Rename IGNOREOLDCAPVERSIONS to WARNOLDCAPVERSION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:58:45 -08:00
Tom Eastep
f96bc7cc2d Cosmetic cleanup of the .conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:01:37 -08:00
Tom Eastep
8bb6f81dc5 Rename IGNOREOLDCAPS to IGNOREOLDCAPVERSIONS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 08:54:22 -08:00
Tom Eastep
01a8ff20d4 Add the xtables modules to modules.xtables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 16:06:54 -08:00
Tom Eastep
ef0102e9f1 Add the 'IGNOREOLDCAPS' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 15:48:08 -08:00
Tom Eastep
4d2379f542 Implement update -D
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-23 10:50:31 -08:00
Tom Eastep
c9eccaf3b8 Implement ?COMMENT directive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-23 10:49:32 -08:00
Tom Eastep
96b61ea05c Update documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-21 16:13:23 -08:00
Tom Eastep
dbd55acba2 Update samples, standard Actions and Macros to use ?FORMAT 2012-12-21 15:51:14 -08:00
Tom Eastep
1cbeaa6a9f Apply Tuomo Soini's tabs patches for the rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-13 09:26:09 -08:00
Tom Eastep
8a0abab4cc Rename 'ALLOWUNKNOWNVARIABLES' to 'IGNOREUNKNOWNVARIABLES'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-12 11:51:31 -08:00
Tom Eastep
88d4814209 Merge branch '4.5.10'
Conflicts:
	Shorewall/Perl/Shorewall/Config.pm
2012-12-08 20:54:33 -08:00
Tom Eastep
4d064d6713 Replace spaces with tabs in rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-07 16:48:55 -08:00
Tom Eastep
56d7b6248b Begin Action Documentaiton Update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-05 19:07:42 -08:00
Tom Eastep
02cbd72a91 Merge branch '4.5.10' 2012-12-04 10:56:09 -08:00
Tom Eastep
60012d1208 Add additional space for the OPTIONS column
- actions and actions.std problem

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 10:54:32 -08:00
Tom Eastep
903e25a91a Add ALLOWUNKNOWNVARIABLES to the sample configurations.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 09:04:34 -08:00
Tom Eastep
8f1e8bf475 Add 'ALLOWUNKNOWNVARIABLES' to the manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 08:50:23 -08:00
Tom Eastep
cd5e9be467 Carefully suppress duplicate rules in all tables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-02 12:20:24 -08:00
Tom Eastep
cc657e571d Update action templates with new columns.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 10:25:10 -08:00
Tom Eastep
f358a78eca Revise the description of 'noinline' to match the changed implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 09:33:38 -08:00
Tom Eastep
8cbe26e32c Ignore 'inline' for certain actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 07:54:42 -08:00
Tom Eastep
15121e0743 Also substitute the chain name for '@0' in SWITCH names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-29 08:05:49 -08:00
Tom Eastep
9c0d8a2533 Use '@{0}' as the chain name surrogate in SWITCH columns
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-29 07:17:13 -08:00
Tom Eastep
bff91cd325 Allow overriding 'inline' on some standard actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-28 15:03:08 -08:00
Tom Eastep
8006d150f1 Allow switch initialization.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-27 16:17:43 -08:00
Tom Eastep
d7096ae52e Back out default-action macros and document in-line actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-27 10:53:18 -08:00
Tom Eastep
6bf996d4b8 Implement inline actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-27 10:32:48 -08:00
Tom Eastep
7673b1ac4b Support multiple parameters in macros.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 11:04:19 -08:00
Tom Eastep
fc87576005 Back out silly change for output interfaces in the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 09:47:42 -08:00
Tom Eastep
21c2963691 Correct Format-3 syntax for the SOURCE column of the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 07:48:43 -08:00
Tom Eastep
fb3194d96b Correct handling of default-action macro when specified as "macro.Name"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 10:16:43 -08:00
Tom Eastep
629717f7cc Correct policy manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 09:33:46 -08:00
Tom Eastep
8c2db40783 Correct errors in the conntrack manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 08:52:51 -08:00
Tom Eastep
dbfc805707 Add 'IU' state in secmarks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 08:10:53 -08:00
Tom Eastep
748d532175 Correct the explaination of ULOG and NFLOG in the manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-24 09:11:28 -08:00
Tom Eastep
30de211bda Implement format-3 conntrack files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 20:56:56 -08:00
Tom Eastep
47ef3db53c Add SWITCH column to sample IPv6 conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 09:10:30 -08:00
Tom Eastep
8a744de906 Document semantic change to 'all' handling in the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 09:10:07 -08:00
Tom Eastep
059095e366 Corrected shorewall6-rules(8)
- delete A_ACCEPT+
- correct a typo

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 09:09:35 -08:00
Tom Eastep
df7ce1a7d1 Add the AUDIT built-in and delete the Audit action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 08:24:33 -08:00
Tom Eastep
3040156981 Add SWITCH column to the conntrack file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 14:20:56 -08:00
Tom Eastep
952aed225d Improve handling of 'all' in the conntrack file.
- Also added 'all-' to represent all off-firewall zones.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 13:07:01 -08:00
Tom Eastep
7bfbf522bc Document that parameters are allowed in default actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 11:12:55 -08:00
Tom Eastep
3b20c0db54 Allow Macros to be used as Default Actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-19 16:52:10 -08:00
Tom Eastep
be587726f4 Merge branch '4.5.9' 2012-11-19 08:22:05 -08:00
Tom Eastep
60a509c926 Add new macros and alphabetize the ACTION list in the rules manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-19 08:19:12 -08:00
Tom Eastep
37779038da More expunging of USE_ACTIONS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 20:54:24 -08:00
Tom Eastep
9dac330756 Remove references to USE_ACTIONS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 13:13:20 -08:00
Tom Eastep
dfd02c932e Correct typo in shorewall(8) and shorewall6(8).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 13:12:03 -08:00
Tom Eastep
c6ffdd67e2 Add DROP target to the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 11:35:40 -08:00