Commit Graph

11763 Commits

Author SHA1 Message Date
Tom Eastep
cd2205a325 Upgrade down-rev rc file during install
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-15 08:09:37 -07:00
Tom Eastep
664dc0b71e Another case of incorrect quoting.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-14 08:20:54 -07:00
Tom Eastep
0400cedc6c More TC manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-14 08:01:08 -07:00
Tom Eastep
a581958042 Document filter priority algorithm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 16:31:39 -07:00
Tom Eastep
e0f85edab3 Assign sequential priorities to filters
- Also remove a redundant 0x prefix from a table number.

Signed-off-by: Tom Eastep <teastep@shorewall.net
2012-09-13 09:30:11 -07:00
Tom Eastep
14073e8943 Change TOS priority offset from 10 to 15
- Make it distinct from tcp-ack

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 08:25:05 -07:00
Tom Eastep
e02906e4f9 Add TOS to classification priority enumeration
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 07:46:52 -07:00
Tom Eastep
75953a87cb Optional priority on hfsc classes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 13:39:54 -07:00
Tom Eastep
e9b0e2f912 Revert "Improve handling of mutex contention when 'lockfile' is installed."
This reverts commit 2f56caf8fd.

The change only worked on very recent distributions.
2012-09-12 10:03:09 -07:00
Tom Eastep
a223245c01 Don't create classic blacklist chains if no blacklist file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 07:30:34 -07:00
Tom Eastep
89289f95ba Allow specification of priority for Shorewall-generated tc filters.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 07:22:07 -07:00
Tom Eastep
2f56caf8fd Improve handling of mutex contention when 'lockfile' is installed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 07:18:26 -07:00
Tom Eastep
e431d5ab53 Document changes to filter priorities
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 17:12:59 -07:00
Tom Eastep
8c7b8c9390 Correct missing VARLIB handling in the installers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 11:12:43 -07:00
Tom Eastep
f6e3107c00 Redefine tc filter priorities
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 10:03:16 -07:00
Tom Eastep
b4098ff5dd Appease the Fedora 17 version of emacs.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 10:02:47 -07:00
Tom Eastep
9d6e0fd9ed Add a PRIORITY column to the tcfilters file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 14:48:32 -07:00
Tom Eastep
0e1e38b035 Adjust VARDIR/VARLIB for old shorewallrc files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 13:12:32 -07:00
Tom Eastep
5c62bf297a Document multiple GID/UIDs in the USER/GROUP column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 08:18:25 -07:00
Tom Eastep
0dd7ad7920 Re-organize Squid document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-08 08:08:16 -07:00
Tom Eastep
c13bdbd316 Correct 'setstatedir' functions in the init scripts
- Replaced g_program with PRODUCT
- Added setstatedir and call to ifupdown.sh

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-05 07:37:12 -07:00
Tom Eastep
d7354aca14 Add a warning regarding the blacklist option being deprecated.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-05 07:19:48 -07:00
Tom Eastep
ebc4ad2f1e Add warning message when an OUTPUT stopped rule is ignored due to ADMINISABSENTMINDED
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-05 07:16:40 -07:00
Tom Eastep
6614239b32 Allow multiple USER/GROUPs in a rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 17:03:26 -07:00
Tom Eastep
3993abad4e Revert routestopped changes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 17:03:02 -07:00
Tom Eastep
ae1c2cb0ff Use VARLIB rather than VARDIR in the ifupdown script.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 15:42:15 -07:00
Tom Eastep
5e07ad8caa Allow a directory to be specified with -e.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 14:05:52 -07:00
Tom Eastep
6aaf06c2e8 Add stoppedrules files to the samples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 09:06:45 -07:00
Tom Eastep
eb854f1dbe Only process routestopped when stoppedrules does not exist or is empty
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 08:46:04 -07:00
Tom Eastep
2050d566b8 Handle PRODUCT correctly at run-time.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 07:36:47 -07:00
Tom Eastep
188f05e130 Make ./firewall the default file when compile -e
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 07:35:03 -07:00
Tom Eastep
4260e5f6ba Correctly handle the product name in export shorewallrc.
- Also re-arranged the processing of the shorewallrc file to eliminate
  the kludgy shuffling of hashes.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 06:59:16 -07:00
Tom Eastep
7235d4da11 Update manpage indexes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 20:25:15 -07:00
Tom Eastep
bdd66e68c9 Have separate hashes for the two shorewallrc files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 20:09:20 -07:00
Tom Eastep
55e3b11a28 Pass both shorewallrc files to the compiler from lib.cli-std
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 15:07:50 -07:00
Tom Eastep
b8e6a812bd Specify the cwd when compiling or checking for export
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 11:33:58 -07:00
Tom Eastep
09ce6239a7 Install stoppedrules rather than routestopped
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 11:00:22 -07:00
Tom Eastep
5645d66719 Add VARDIR to the shorewallrc files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 10:52:40 -07:00
Tom Eastep
afd9875d3a Update Manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 10:52:22 -07:00
Tom Eastep
5b953cc1dd Handle different layouts on the admin system and remote firewall(s)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 09:50:07 -07:00
Tom Eastep
8e5bd3637d Implement stoppedrules file (less manpages)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 08:44:03 -07:00
Tom Eastep
01696e7298 Remove empty paragraph in shorewall-rules(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 05:52:40 -07:00
Tom Eastep
b922177769 Handle missing VARDIR
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 15:51:35 -07:00
Tom Eastep
c16dfc609d Documentation updates for VARLIB
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 15:43:52 -07:00
Tom Eastep
88ab423b2a Correct 'postcompile' patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 14:55:56 -07:00
Tom Eastep
e66d9e3418 Rename VARDIR to VARLIB in shorewallrc
- Done so that existing shorewallrc files are still valid.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 14:36:11 -07:00
Tom Eastep
bf70f6e71e More Shorewall-init init script corrections
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 13:43:43 -07:00
Tom Eastep
7279553be4 Revert "Add GROUP zones"
This reverts commit 4f2a4c0c6c.
2012-09-02 11:08:38 -07:00
Tom Eastep
a6740c6c53 Revert "Assign marks to according to GROUP zones"
This reverts commit 3fbfafb6e3.
2012-09-02 11:06:28 -07:00
Tom Eastep
c31c9bca9c Handle ${CONFDIR}/$PRODUCT/vardir consistently in Shorewall-init init scripts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 10:23:11 -07:00