Commit Graph

14289 Commits

Author SHA1 Message Date
Tom Eastep
c725372639 Correct logging of 'reloaded' message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-15 14:46:21 -07:00
Tom Eastep
524838ae47 Implement $SW_LOGGERTAG
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-15 14:29:51 -07:00
Tom Eastep
549af8b402 Update config files where address and gateway variables can be used
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-15 10:51:39 -07:00
Tom Eastep
6aa0ecae4f Re-factor the code for saving/loading ipsets
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 15:15:47 -07:00
Tom Eastep
434e042494 Add the deprecated/ directories to the CONFIG_PATH
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 14:17:06 -07:00
Tom Eastep
9fa0df2fd1 Move the code that generates zap_ipsets() to after save_ipsets() generation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 09:56:48 -07:00
Tom Eastep
074655d1bd Fix AUTOMAKE and the start command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 09:43:21 -07:00
Tom Eastep
216bc715e8 Clean up V4/V5 ipset enforcement
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 09:00:38 -07:00
Tom Eastep
541ecb67b4 Update dhcp article
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-13 17:36:56 -07:00
Tom Eastep
dbd42e1d5d More ipset fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-12 16:29:13 -07:00
Tom Eastep
04ec8273ef Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2016-04-12 07:13:29 -07:00
Tuomo Soini
772f88b1fd action.A_Reject: improve comment text
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-12 13:17:56 +03:00
Tuomo Soini
3e0b8c60a2 Reverse the order of ICMP and Broadcast checking in the default actions
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-12 10:12:29 +03:00
Tom Eastep
fc2b555cdb Correct date formatting in startup_error()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-11 15:24:35 -07:00
Tom Eastep
16afd880b2 Reverse the order of ICMP and Broadcast checking in the default actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-11 11:16:46 -07:00
Tom Eastep
76a5841fcd Reverse the order of Broadcast and ICMP checking in the default actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-11 10:47:11 -07:00
Tom Eastep
9758e8cdc5 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2016-04-11 10:41:44 -07:00
Tom Eastep
2cf3706864 Correct handling of a zone with two interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-11 10:32:26 -07:00
Tom Eastep
3028dafbac Correct DBL 'src-dst' handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-11 09:13:17 -07:00
Tom Eastep
16a31c3d29 Make MINIUPNPD work with DOCKER
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-11 09:02:44 -07:00
Tom Eastep
d3f377e915 Don't double-save the dynamic blacklisting ipset
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-11 08:37:39 -07:00
Tuomo Soini
54a5748395 macros: RedisCluster and RedisSentinel
http://redis.io/topics/sentinel

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-11 14:39:21 +03:00
Tom Eastep
6c00f72f44 Create ipsets with the 'counters' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 18:09:41 -07:00
Tom Eastep
8dc88898c8 Tidy up the output of 'shorewall[6][-lite] show bl'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 17:22:22 -07:00
Tom Eastep
deaaecdf1c Add 'nodbl' interface option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 16:09:39 -07:00
Tom Eastep
05e4049174 Ipset-based blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 16:07:56 -07:00
Tom Eastep
ef10515a42 Correct FASTACCEPT description
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 07:20:45 -07:00
Tom Eastep
5db6cb1b7d Correct load_ipsets()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-09 16:07:10 -07:00
Tom Eastep
76c8917aa7 Add a sixth parameter to Drop and Reject
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-08 09:10:45 -07:00
Tom Eastep
be58d530c4 Document 'logjump'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-08 09:09:59 -07:00
Tom Eastep
321476fd51 Tweak terminating() implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-08 08:24:57 -07:00
Tom Eastep
bd6b32eb25 Add a progress message for REJECT_ACTION processing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 10:30:54 -07:00
Tom Eastep
4fdf54eca1 Tweak process_reject_action()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 10:02:48 -07:00
Tom Eastep
70bbd21b35 Ensure that the REJECT_ACTION is terminating
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 09:34:38 -07:00
Tom Eastep
87a9b95f73 Catch case where a transformed rule jumps to its own chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 08:58:50 -07:00
Tom Eastep
ecd7261365 Use -g when target is a terminating chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 08:48:36 -07:00
Tom Eastep
293cd1d66a Always go to the reject chain rather than jump to it
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-06 09:14:06 -07:00
Tom Eastep
436b5d89ce Correct comment
- The chain will only exist if logging wasn't specified for the same
  disposition.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-06 08:50:29 -07:00
Tom Eastep
26795cf082 Correct setup of $usedactions{A_REJECT}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-06 08:18:36 -07:00
Tom Eastep
95e4071f34 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2016-04-06 07:42:46 -07:00
Tuomo Soini
6366fb40cf ProxyARP.xml: fix proxyndp sample column matching
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-06 12:00:41 +03:00
Tuomo Soini
20179a5c9d remove completely false README.txt
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-06 10:23:58 +03:00
Tom Eastep
b7e6893f7d Restore DropUPnP behavior in Reject
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-05 20:00:15 -07:00
Tom Eastep
3ac3ae279f Add A_REJECT action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-05 16:38:39 -07:00
Tom Eastep
54843c617d Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2016-04-05 11:46:42 -07:00
Tom Eastep
e9467326f3 Allow allow REJECT to take a parameter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-05 11:20:44 -07:00
Tuomo Soini
80bf77e8a8 modules.xtables: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-05 20:31:36 +03:00
Tuomo Soini
1e5ebee799 modules.tc: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-05 20:31:36 +03:00
Tuomo Soini
74fe7b302e modules.ipset: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-05 20:31:36 +03:00
Tuomo Soini
d70e18535b modules.extensions: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-05 20:31:36 +03:00