Tom Eastep
30d96afb69
Push/pop $actionresult.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 12:43:28 -08:00
Tom Eastep
014b4ddc50
Combine adjacent rules differing only in conntrack state match.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 09:03:22 -08:00
Tom Eastep
61c219ed3a
Clarify the CHAIN column in the accounting manpage. Also mention ipset support.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 08:00:24 -08:00
Tom Eastep
5b9d1a6159
Handle UNTRACKED_DISPOSITION=ACCEPT correctly.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 07:59:47 -08:00
Tom Eastep
752463bfab
Fix TCPFlags
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 22:19:13 -08:00
Tom Eastep
ebef29e161
Handle port numbers being passed to one of the tcp-specific actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 12:48:54 -08:00
Tom Eastep
ca5a70aa6f
Clarify the <variable> forms allowed in a ?SET directive.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 11:08:29 -08:00
Tom Eastep
9b30f48ba0
Correct handling of actions when @chain is altered.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 10:57:08 -08:00
Tom Eastep
e013e218a2
Don't try to import process_rule1 in three action files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 09:45:12 -08:00
Tom Eastep
0616dd9fcb
Add 'New' action for conntrack state NEW
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 09:33:24 -08:00
Tom Eastep
8249831e6d
Detect some state conflicts
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 09:32:57 -08:00
Tom Eastep
cc1054be66
Correct handling of audited dispositions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-02 09:30:25 -08:00
Tom Eastep
c68d4c6e27
Simplify Perl from actions even further.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 15:55:39 -08:00
Tom Eastep
752e960f2f
Allow specification of the action type via perl_action_helper().
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 12:59:48 -08:00
Tom Eastep
9f82d82a92
Update Shorewall6 actions.std
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 12:59:24 -08:00
Tom Eastep
a5d3b1f470
Remove requirement that matches and proto end with a space in perl helper API.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 12:29:30 -08:00
Evangelos Foutras
c9247c8074
Remove Arch Linux init file
...
Arch Linux only supports systemd now.
Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 10:13:54 -08:00
Evangelos Foutras
2d59f7e31a
Tweak shorewallrc.archlinux configuration
...
Changes:
- Remove reference to SysV init script
- Define systemd system unit directory
- Set SBINDIR to /usr/sbin
- Unset BUILD; should be auto-detected
Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-01 10:13:48 -08:00
Tom Eastep
abca3a2024
Improve maintainability of @colums vis a vis @rulecolumns.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 10:47:40 -08:00
Tom Eastep
8d28c44946
Remove 'audit' parameter handling from new state actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 10:45:10 -08:00
Tom Eastep
f407068d20
Update shorewall[6]-actions(5) regarding inline for some standard actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 08:27:30 -08:00
Tom Eastep
755d605578
Make %statetable global
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 08:26:47 -08:00
Tom Eastep
78db4abef5
Remove some redundant local variables from finish_chain_section()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 08:02:23 -08:00
Tom Eastep
fc73c3934b
Replace BLACKLISTNEWONLY with BLACKLIST
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 08:00:47 -08:00
Tom Eastep
75fb164234
Don't issue fatal error if a proto other than tcp is passed to a tcp-only inline
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-29 10:31:20 -08:00
Tom Eastep
27c5e67632
Rename process_rule to process_raw_rule and process_rule1 to process_rule
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-29 10:13:48 -08:00
Tom Eastep
61d8f704f9
Correct rule-generation detection in perl_action_helper
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-29 09:43:12 -08:00
Tom Eastep
221f4909b5
Document perl_action_helper
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-29 09:12:04 -08:00
Tom Eastep
f33e36b61e
Raise an error if a protocol other than TCP is passed to a TCP-only inline
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-29 07:46:50 -08:00
Tom Eastep
670931c987
Initialize the columns array to '-'s.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-29 07:46:07 -08:00
Tom Eastep
316b67473e
Merge branch 'master' into 4.5.13
...
Conflicts:
Shorewall/Perl/Shorewall/Rules.pm
Shorewall/action.Established
Shorewall/actions.std
2013-01-29 07:30:52 -08:00
Tom Eastep
42f46ea5e7
Accurately determine if an inline action generates a rule.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 20:46:20 -08:00
Tom Eastep
49166efdca
Make the TCP standard actions inline
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 18:01:08 -08:00
Tom Eastep
5a2c1792cb
Inline the conntrack state actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 16:55:54 -08:00
Tom Eastep
de2cf6edf3
Correct typo in the actions.std files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 12:08:00 -08:00
Tom Eastep
6b889e537f
Correct typo in the actions.std files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 12:07:04 -08:00
Tom Eastep
a70c441458
Add CONTINUE as a possible setting for RELATED_DISPOSITION.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 11:47:45 -08:00
Tom Eastep
519861d7b2
Add CONTINUE as a possible setting for RELATED_DISPOSITION.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:58:03 -08:00
Tom Eastep
2e8eeff416
Correct error messages that include the section name.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:41:52 -08:00
Tom Eastep
2217f89902
Correctly initialize $chainref->{sections} vis-a-vis FASTACCEPT.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:41:45 -08:00
Tom Eastep
5c63444c14
Correct error messages that include the section name.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:41:09 -08:00
Tom Eastep
cfa5d86f5c
Correctly initialize $chainref->{sections} vis-a-vis FASTACCEPT.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:40:26 -08:00
Tom Eastep
f7bdb71aad
Add an Established action.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 15:40:53 -08:00
Tom Eastep
819c8bf492
Add Established action.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 15:38:25 -08:00
Tom Eastep
b3b074fb61
More infrastructure
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 15:37:23 -08:00
Tom Eastep
cbbcfe355e
Infrastructure for more powerful action handling
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 12:37:10 -08:00
Tom Eastep
2a2e23cb17
Merge branch '4.5.13'
2013-01-27 11:26:59 -08:00
Tom Eastep
1b94c3651d
Always handle ESTABLISHED before the other connection states.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 10:56:41 -08:00
Tom Eastep
b1b2aa910e
Correct section handling:
...
- Correct typo (' INVALID' -> 'INVALID' )
- Don't jump to non-existent target in finish_chain_section()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 10:14:27 -08:00
Tom Eastep
aa609b87a9
Allow arbitrary actions for the various states.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 10:10:24 -08:00