Commit Graph

3273 Commits

Author SHA1 Message Date
Tom Eastep
c604823053 Default to FORMAT-2 macros and actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 16:11:41 -07:00
Tom Eastep
12f8cbae29 Correct the test for the existence of the routestopped file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 15:29:52 -07:00
Tom Eastep
4de6638385 Correct handling of termination after .conf file not updated
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 09:32:27 -07:00
Tom Eastep
0cef7fad35 Add conversion version and date to the converted files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 09:32:17 -07:00
Tom Eastep
ea2a35415e Correct convert_blacklist()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 09:32:01 -07:00
Tom Eastep
4cc7a1b87d Correct tcrules update
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/Perl/Shorewall/Tc.pm
2015-08-14 09:31:36 -07:00
Tom Eastep
2ab8bd3040 More update fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-09 14:31:47 -07:00
Tom Eastep
0d635632e3 Add conversion of notrack to conntrack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-08 16:46:58 -07:00
Tom Eastep
fb2d261cdb More Fixes for update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-08 12:42:32 -07:00
Tom Eastep
88f9a3e255 Allow zero-valued options on multi-zoned interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-07 14:30:21 -07:00
Tom Eastep
73c8b563a1 Add -s option to update to convert the routestopped file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-07 13:46:16 -07:00
Tom Eastep
0f61bd34e6 Drop support for the 'blacklist' zone option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 14:45:52 -07:00
Tom Eastep
f4620606b3 Drop support for the 'blacklist' file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 14:35:51 -07:00
Tom Eastep
65baa7e3b8 Drop support for the tcrules file
- The upgrade -t option is still available

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 12:34:22 -07:00
Tom Eastep
e5c7ded951 Drop support for the 'notrack' file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 11:36:54 -07:00
Tom Eastep
8bed5c9d65 Drop support for the IPSECFILE option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 10:11:52 -07:00
Tom Eastep
85648bded1 Deimplement several .conf options
- LOGRATE/LOGBURST
- EXPORTPARAMS
- LEGACY_FASTSTART
2015-08-01 11:11:35 -07:00
Tom Eastep
67589cab69 More version changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-28 10:59:11 -07:00
Tom Eastep
fa7248c58c Add the LEGACY_RESTART option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-27 09:19:52 -07:00
Tom Eastep
0a7c65ae0d Allow connlimit by destination
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 14:26:58 -07:00
Tom Eastep
6e0fb1ab88 Correct syntax error
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 14:16:12 -07:00
Tom Eastep
a00bf196a3 Remove all workarounds
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 10:27:30 -07:00
Tom Eastep
f9ec0c6930 New 'reload' and 'restart' semantics
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 09:59:49 -07:00
Tom Eastep
d0fc7f6547 Add some comments to the Zones module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-13 12:57:00 -07:00
Tom Eastep
5704438a44 Second Wave of changes to make script output reproducable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-12 15:00:41 -07:00
Tom Eastep
014ec1af1d First phase of producing consistent scripts with Perl >= 5.18.0
Beginning with Perl 5.18.0, the order of elements returned by the 'keys'
and 'each' iterators is no longer deterministic. This is the first wave
of Shorewall changes to compensate for this irrational behavior.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-12 10:54:48 -07:00
Tom Eastep
4995456563 Clean up compiler PATH fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 14:33:20 -07:00
Tom Eastep
c6f48a77e0 Only add dhcp rule if one rpfilter interface has the 'dhcp' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 12:21:04 -07:00
Tom Eastep
e7792fc868 Exempt IPv4 DHCP broadcasts from rpfilter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 10:03:03 -07:00
Tom Eastep
c47abe416a Add default PATH to current PATH in the compiler
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 09:38:06 -07:00
Tom Eastep
9f08726794 Eliminate running the script twice is some cases
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 14:32:43 -07:00
Tom Eastep
116e85e040 Cosmetic cleanup of the Compiler module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-08 11:27:37 -07:00
Tom Eastep
2956698298 Corrections to WORKAROUNDS implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-06 12:15:03 -07:00
Tom Eastep
eb6be0e84d Remove old comment that now makes no sense
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-01 15:55:06 -07:00
Tom Eastep
019e49b481 Implement WORKAROUNDS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-01 12:59:25 -07:00
Tom Eastep
9a3c43b6d3 Make NFQUEUE parsing more robust
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-30 07:01:30 -07:00
Tom Eastep
0a45c7a646 Another Tweak to the NFQUEUE parser
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-30 06:38:21 -07:00
Tom Eastep
f227250959 Fix NFQUEUE parsing and documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-29 18:19:35 -07:00
Tom Eastep
29a0c92918 Fix ancient bug in old parameter syntax
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-29 14:39:48 -07:00
Tuomo Soini
4edd6026f0 prog.footer: disabling already disabled inteface is not an error.
Neither is enabling already enabled interface

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-05-29 22:15:55 +03:00
Tom Eastep
18348ef6f1 Clean up distribute_load()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-27 06:58:10 -07:00
Tom Eastep
93c7e2c2f7 Change the way in which a warning message is suppressed
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-26 15:54:41 -07:00
Tom Eastep
602315938c Correct the load distribution algorithm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-26 14:59:20 -07:00
Tom Eastep
ca35f565e0 Return success exit status when no ipsets are saved by the script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-25 07:36:00 -07:00
Tom Eastep
631ebdecb8 load= enhancements
- Normalize loads to 0.nnnnnnnn
- Issue warning if the loads don't sum to 1.000000

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-23 08:05:58 -07:00
Tom Eastep
c851e03313 Don't try to use a probibility >= 1.00000000
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-23 07:06:31 -07:00
Tom Eastep
c7ca3119ef Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-05-22 07:20:51 -07:00
Tom Eastep
ba7afcaeae Make 'call' a supported command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-21 10:38:35 -07:00
Tom Eastep
809e56cef6 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-05-21 09:04:35 -07:00
Tom Eastep
e3805b0ada Implement 'call' in the compiled script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-21 09:00:11 -07:00