Commit Graph

11797 Commits

Author SHA1 Message Date
Tom Eastep
d1bf727127 Allow dynamic zones to work with ipset V5
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-30 08:52:56 -07:00
Tom Eastep
38faa3e071 Correct handling of new ipv6 net syntax in the hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-29 09:01:17 -07:00
Tom Eastep
ffcf262de4 Ensure that the 1:1 NAT chain jumps always come last in PREROUTING.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-26 15:46:52 -07:00
Tom Eastep
bac0f36818 Yet another fix for TTL/HL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 16:23:15 -07:00
Tom Eastep
a8f324b25c Ensure that the .service files run the utility in ${SBINDIR}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 14:32:20 -07:00
Tom Eastep
b451e10dd8 More fixes for HL and TTL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 14:25:31 -07:00
Tom Eastep
6d0142525c Merge branch '4.5.8' 2012-09-24 08:44:07 -07:00
Tom Eastep
cf130a7e16 Correct handling of {+-}0 in the TTL and HL tcrule actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 07:14:44 -07:00
Tom Eastep
e1309b06b1 Correct PPTP Macro
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 12:19:41 -07:00
Tom Eastep
70c76f577c Permit "[<ipv6 address>]/vlsm" in addition to "[<ipv6 address>/vlsm]"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 12:16:17 -07:00
Tom Eastep
86c35339cd Merge branch '4.5.8' 2012-09-23 07:07:37 -07:00
Tom Eastep
f23fb1535d Correct PPTP control port number in conntrack files (1729->1723).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 07:04:43 -07:00
Tom Eastep
607c93125c Don't unconditionally detect helpers when LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	docs/Internals.xml
2012-09-23 06:55:00 -07:00
Tom Eastep
2d01af8256 Correct typos (omma -> comma) in the stoppedrules manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 06:52:32 -07:00
Tom Eastep
9dd5f73581 Replace IPv4 addresses in shorewall6-stoppedrules(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 06:52:26 -07:00
Tom Eastep
83d3d04afb Correct typos (omma -> comma) in the stoppedrules manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 06:51:56 -07:00
Tom Eastep
693c573fc3 Replace IPv4 addresses in shorewall6-stoppedrules(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 06:46:50 -07:00
Tom Eastep
88caf5c9df Correct header in the STOPPEDRULES files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-22 11:51:23 -07:00
Tom Eastep
32f89fa24b Don't unconditionally detect helpers when LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-22 09:27:13 -07:00
Tom Eastep
97cdc390c3 Continue work on Internals document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-21 15:06:29 -07:00
Tom Eastep
8bd5ee355c Merge branch '4.5.8' 2012-09-21 08:56:19 -07:00
Tom Eastep
af5eb575c2 Add tcfilter example with PRIORITY
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-21 07:40:33 -07:00
Tom Eastep
669dbc7238 Merge branch '4.5.8' 2012-09-21 07:28:56 -07:00
Tom Eastep
4c906dc3d1 Add UDP conntrack FAQ 1j.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-21 07:28:37 -07:00
Tom Eastep
4aeebb0b15 Merge branch '4.5.8' 2012-09-19 10:07:31 -07:00
Tom Eastep
e14f5e5199 Swicth from postincrement to preincrement when bumping 'filterpri'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-17 10:46:31 -07:00
Tom Eastep
abbd1b2c35 Combine two identical cases in the Redhat/Fedora shorewall-init script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-17 10:23:18 -07:00
Tom Eastep
483374d356 Continue development of the Internals document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-17 07:52:18 -07:00
Tom Eastep
fc361afbc3 Disallow ':' as the only contents of the USER/GROUP column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-16 16:25:41 -07:00
Tom Eastep
124dafbf52 Delete IPAddrs dependency from Compiler.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-16 15:48:06 -07:00
Tom Eastep
f8c2e129c9 Additional content in the Internals document.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-16 15:47:29 -07:00
Tom Eastep
78f3255bf0 Correct getparams.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-16 09:06:32 -07:00
Tom Eastep
92ed56bbbc More content in the Internals doc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-16 07:29:53 -07:00
Tom Eastep
cd2205a325 Upgrade down-rev rc file during install
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-15 08:09:37 -07:00
Tom Eastep
adc983bccb Issue progress messages to display the priority of Shorewall-generated filters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-15 07:25:16 -07:00
Tom Eastep
664dc0b71e Another case of incorrect quoting.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-14 08:20:54 -07:00
Tom Eastep
0400cedc6c More TC manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-14 08:01:08 -07:00
Tom Eastep
a581958042 Document filter priority algorithm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 16:31:39 -07:00
Tom Eastep
e0f85edab3 Assign sequential priorities to filters
- Also remove a redundant 0x prefix from a table number.

Signed-off-by: Tom Eastep <teastep@shorewall.net
2012-09-13 09:30:11 -07:00
Tom Eastep
14073e8943 Change TOS priority offset from 10 to 15
- Make it distinct from tcp-ack

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 08:25:05 -07:00
Tom Eastep
e02906e4f9 Add TOS to classification priority enumeration
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 07:46:52 -07:00
Tom Eastep
75953a87cb Optional priority on hfsc classes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 13:39:54 -07:00
Tom Eastep
e9b0e2f912 Revert "Improve handling of mutex contention when 'lockfile' is installed."
This reverts commit 2f56caf8fd.

The change only worked on very recent distributions.
2012-09-12 10:03:09 -07:00
Tom Eastep
a223245c01 Don't create classic blacklist chains if no blacklist file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 07:30:34 -07:00
Tom Eastep
89289f95ba Allow specification of priority for Shorewall-generated tc filters.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 07:22:07 -07:00
Tom Eastep
2f56caf8fd Improve handling of mutex contention when 'lockfile' is installed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 07:18:26 -07:00
Tom Eastep
e431d5ab53 Document changes to filter priorities
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 17:12:59 -07:00
Tom Eastep
8c7b8c9390 Correct missing VARLIB handling in the installers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 11:12:43 -07:00
Tom Eastep
f6e3107c00 Redefine tc filter priorities
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 10:03:16 -07:00
Tom Eastep
b4098ff5dd Appease the Fedora 17 version of emacs.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 10:02:47 -07:00