Commit Graph

9276 Commits

Author SHA1 Message Date
Tom Eastep
c6c6503d83 Clean up a remaining issue with SAME 2010-09-11 15:24:01 -07:00
Tom Eastep
f004916055 Disallow a DEST interface in mangle OUTPUT rules 2010-09-11 14:10:05 -07:00
Tom Eastep
3ea7808b38 Disallow a DEST interface in mangle PREROUTING rules 2010-09-11 14:02:09 -07:00
Tom Eastep
37a5a01185 Correct INPUT marking documentation 2010-09-11 12:47:32 -07:00
Tom Eastep
e93a7fe9df Avoid recent problems by not padding $target in process_tc_rule() 2010-09-11 11:03:28 -07:00
Tom Eastep
d9ced1051a One more fix for SAME 2010-09-11 10:35:45 -07:00
Tom Eastep
367fc041b8 Correct handling of SAME -- Take 2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-11 09:36:19 -07:00
Tom Eastep
83ae6d6eba Document fix for 'SAME'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-11 09:04:42 -07:00
Tom Eastep
dbc9f6ac8f Correct handling of SAME
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-11 08:56:22 -07:00
Tom Eastep
05b6947aac Document fix for ipset invocation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-11 08:55:35 -07:00
Tom Eastep
8dd42c9e19 Correct handling of dst/src list in ipset invocation 2010-09-11 07:41:01 -07:00
Tom Eastep
99f8f84024 Fix name of F chain in secmarks 2010-09-10 16:45:22 -07:00
Tom Eastep
69817007bf Some more fixes for blacklisting 2010-09-09 14:53:12 -07:00
Tom Eastep
50300a60b7 A number of corrections to split blacklisting.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-09 11:20:49 -07:00
Tom Eastep
64544f4ab5 Correct comparison in 'blacklist' handling 2010-09-09 10:22:48 -07:00
Tom Eastep
cd4b5d80ed Reduce patch footprint by two lines 2010-09-09 09:00:28 -07:00
Tom Eastep
df1e17eaa8 Re-enable 'blacklist' on bridge ports 2010-09-09 07:09:08 -07:00
Tom Eastep
7e8979157c Update Features Page re: Virtualization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-08 15:47:23 -07:00
Tom Eastep
2cb5aaeb07 Correct interface reference 2010-09-08 13:12:19 -07:00
Tom Eastep
a4606bee80 Pretty up Network Diagram -- exchange caption location 2010-09-08 12:57:35 -07:00
Tom Eastep
bbe5dae9b0 Pretty up Network Diagram some more 2010-09-08 12:44:40 -07:00
Tom Eastep
0907a7b6c2 Pretty up Network Diagram 2010-09-08 12:38:14 -07:00
Tom Eastep
7f72d66b90 A couple of documentation updates 2010-09-08 11:55:16 -07:00
Tom Eastep
b091169ed9 Remove deprecated syntax from examples 2010-09-08 06:04:57 -07:00
Tom Eastep
828d190436 Change example 2010-09-07 19:14:43 -07:00
Tom Eastep
8853de0c2e Fix links to secmark manpages 2010-09-07 15:03:05 -07:00
Tom Eastep
46bbb26b6b Tweak secmarks example to use ESTABLISHED,RELATED 2010-09-07 13:59:33 -07:00
Tom Eastep
ee83b7f022 Add link to James Morris blog re SECMARK 2010-09-07 13:52:43 -07:00
Tom Eastep
ab87d8800a List secmarks as SEE ALSO 2010-09-07 12:27:39 -07:00
Tom Eastep
7dbd994f51 Update installers for secmarks 2010-09-07 07:56:11 -07:00
Tom Eastep
8d63e04926 Yet more docunentation updates 2010-09-06 20:37:34 -07:00
Tom Eastep
50b4bd8dfe More Blacklist and Secmark documentation updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-06 17:26:49 -07:00
Tom Eastep
f3255cd83a Rework blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-06 15:29:20 -07:00
Tom Eastep
c6f58ba924 Enhance SELinux support:
- Add state match
- Add user/group match
- Add examples to the man pages
2010-09-06 09:06:40 -07:00
Tom Eastep
33dc8de8fb Allow dash's in ipset names 2010-09-05 11:41:35 -07:00
Tom Eastep
23e94e136c Allow COMMENT, SAVE and RESTORE to work correctly in secmarks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-05 08:17:58 -07:00
Tom Eastep
629290259d Allow secmarks without TC_ENABLED
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-05 07:49:03 -07:00
Tom Eastep
b139ff7e90 Update docs and implementation of SECMARK 2010-09-04 16:08:29 -07:00
Tom Eastep
28ff3548ff Bump version to 4.4.13-Beta4 2010-09-04 15:30:02 -07:00
Tom Eastep
15d8d6d8b7 Add SECMARK and CONNSECMARK support 2010-09-04 15:12:08 -07:00
Tom Eastep
6caff51c98 Modify a comment are delete a silly identity assignment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-01 11:24:19 -07:00
Tom Eastep
62fcf1ae8b Adjust version of Raw.pm 2010-08-31 16:52:48 -07:00
Tom Eastep
dfebe5a35e Correct error message 2010-08-31 16:33:15 -07:00
Tom Eastep
f93413b2a7 Update Multi-ISP doc for variable name change in 4.4.8.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-31 15:33:22 -07:00
Tom Eastep
8f94137007 Fix last change 2010-08-30 16:47:45 -07:00
Tom Eastep
1da6d51d1a Reduce the Beta3 patch footprint by making the second arg to known_interface() optional 2010-08-30 16:43:30 -07:00
Tom Eastep
add76ed14e Bump version to 4.4.13 Beta 3
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-30 12:33:10 -07:00
Tom Eastep
7f0f4516d7 Rework handle_optional_interfaces() somewhat
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-30 12:29:39 -07:00
Tom Eastep
8077c9e1c3 Add FAQ 91 2010-08-30 11:07:37 -07:00
Tom Eastep
c18d206726 Use a function to generate the list of interfaces with an L3 address 2010-08-29 20:13:56 -07:00