Commit Graph

12315 Commits

Author SHA1 Message Date
Tom Eastep
30d96afb69 Push/pop $actionresult.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 12:43:28 -08:00
Tom Eastep
014b4ddc50 Combine adjacent rules differing only in conntrack state match.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 09:03:22 -08:00
Tom Eastep
61c219ed3a Clarify the CHAIN column in the accounting manpage. Also mention ipset support.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 08:00:24 -08:00
Tom Eastep
5b9d1a6159 Handle UNTRACKED_DISPOSITION=ACCEPT correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 07:59:47 -08:00
Tom Eastep
752463bfab Fix TCPFlags
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 22:19:13 -08:00
Tom Eastep
ebef29e161 Handle port numbers being passed to one of the tcp-specific actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 12:48:54 -08:00
Tom Eastep
ca5a70aa6f Clarify the <variable> forms allowed in a ?SET directive.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 11:08:29 -08:00
Tom Eastep
9b30f48ba0 Correct handling of actions when @chain is altered.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 10:57:08 -08:00
Tom Eastep
e013e218a2 Don't try to import process_rule1 in three action files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 09:45:12 -08:00
Tom Eastep
0616dd9fcb Add 'New' action for conntrack state NEW
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 09:33:24 -08:00
Tom Eastep
8249831e6d Detect some state conflicts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 09:32:57 -08:00
Tom Eastep
cc1054be66 Correct handling of audited dispositions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 09:30:25 -08:00
Tom Eastep
c68d4c6e27 Simplify Perl from actions even further.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 15:55:39 -08:00
Tom Eastep
752e960f2f Allow specification of the action type via perl_action_helper().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 12:59:48 -08:00
Tom Eastep
9f82d82a92 Update Shorewall6 actions.std
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 12:59:24 -08:00
Tom Eastep
a5d3b1f470 Remove requirement that matches and proto end with a space in perl helper API.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 12:29:30 -08:00
Evangelos Foutras
c9247c8074 Remove Arch Linux init file
Arch Linux only supports systemd now.

Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 10:13:54 -08:00
Evangelos Foutras
2d59f7e31a Tweak shorewallrc.archlinux configuration
Changes:

  - Remove reference to SysV init script
  - Define systemd system unit directory
  - Set SBINDIR to /usr/sbin
  - Unset BUILD; should be auto-detected

Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 10:13:48 -08:00
Tom Eastep
abca3a2024 Improve maintainability of @colums vis a vis @rulecolumns.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 10:47:40 -08:00
Tom Eastep
8d28c44946 Remove 'audit' parameter handling from new state actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 10:45:10 -08:00
Tom Eastep
f407068d20 Update shorewall[6]-actions(5) regarding inline for some standard actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 08:27:30 -08:00
Tom Eastep
755d605578 Make %statetable global
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 08:26:47 -08:00
Tom Eastep
78db4abef5 Remove some redundant local variables from finish_chain_section()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 08:02:23 -08:00
Tom Eastep
fc73c3934b Replace BLACKLISTNEWONLY with BLACKLIST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 08:00:47 -08:00
Tom Eastep
75fb164234 Don't issue fatal error if a proto other than tcp is passed to a tcp-only inline
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-29 10:31:20 -08:00
Tom Eastep
27c5e67632 Rename process_rule to process_raw_rule and process_rule1 to process_rule
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-29 10:13:48 -08:00
Tom Eastep
61d8f704f9 Correct rule-generation detection in perl_action_helper
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-29 09:43:12 -08:00
Tom Eastep
221f4909b5 Document perl_action_helper
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-29 09:12:04 -08:00
Tom Eastep
f33e36b61e Raise an error if a protocol other than TCP is passed to a TCP-only inline
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-29 07:46:50 -08:00
Tom Eastep
670931c987 Initialize the columns array to '-'s.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-29 07:46:07 -08:00
Tom Eastep
316b67473e Merge branch 'master' into 4.5.13
Conflicts:
	Shorewall/Perl/Shorewall/Rules.pm
	Shorewall/action.Established
	Shorewall/actions.std
2013-01-29 07:30:52 -08:00
Tom Eastep
42f46ea5e7 Accurately determine if an inline action generates a rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 20:46:20 -08:00
Tom Eastep
49166efdca Make the TCP standard actions inline
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 18:01:08 -08:00
Tom Eastep
5a2c1792cb Inline the conntrack state actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 16:55:54 -08:00
Tom Eastep
de2cf6edf3 Correct typo in the actions.std files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 12:08:00 -08:00
Tom Eastep
6b889e537f Correct typo in the actions.std files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 12:07:04 -08:00
Tom Eastep
a70c441458 Add CONTINUE as a possible setting for RELATED_DISPOSITION.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 11:47:45 -08:00
Tom Eastep
519861d7b2 Add CONTINUE as a possible setting for RELATED_DISPOSITION.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:58:03 -08:00
Tom Eastep
2e8eeff416 Correct error messages that include the section name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:41:52 -08:00
Tom Eastep
2217f89902 Correctly initialize $chainref->{sections} vis-a-vis FASTACCEPT.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:41:45 -08:00
Tom Eastep
5c63444c14 Correct error messages that include the section name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:41:09 -08:00
Tom Eastep
cfa5d86f5c Correctly initialize $chainref->{sections} vis-a-vis FASTACCEPT.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:40:26 -08:00
Tom Eastep
f7bdb71aad Add an Established action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 15:40:53 -08:00
Tom Eastep
819c8bf492 Add Established action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 15:38:25 -08:00
Tom Eastep
b3b074fb61 More infrastructure
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 15:37:23 -08:00
Tom Eastep
cbbcfe355e Infrastructure for more powerful action handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 12:37:10 -08:00
Tom Eastep
2a2e23cb17 Merge branch '4.5.13' 2013-01-27 11:26:59 -08:00
Tom Eastep
1b94c3651d Always handle ESTABLISHED before the other connection states.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 10:56:41 -08:00
Tom Eastep
b1b2aa910e Correct section handling:
- Correct typo (' INVALID' -> 'INVALID' )
- Don't jump to non-existent target in finish_chain_section()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 10:14:27 -08:00
Tom Eastep
aa609b87a9 Allow arbitrary actions for the various states.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 10:10:24 -08:00