Commit Graph

12312 Commits

Author SHA1 Message Date
Tom Eastep
d2a221a9cd Correct handling of capbilities file in load/reload.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-20 14:40:23 -08:00
Tom Eastep
2147a421f0 Correct Protocol in macro.DCC
- From Orion Poplawski

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-20 09:41:24 -08:00
Tom Eastep
ab5a11e91b Correct IPv6 address checking (again)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-15 14:26:08 -08:00
Tom Eastep
36db41457d Make 'version -a' work when not run by /sbin/shorewall.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-15 12:45:49 -08:00
Tom Eastep
80c51b466e Fix broken link.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-15 10:33:20 -08:00
Tom Eastep
bfc958b94f Remove macros during uninstall.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-15 08:21:58 -08:00
Tom Eastep
acb72e7213 Give address-family specific help text for 'iptrace'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-15 08:21:51 -08:00
Tom Eastep
5cc6894425 Defer reading .conf when processing the 'update' command.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-15 08:21:35 -08:00
Tom Eastep
4865e2c3af Save/use local SHAREDIR in reload_command
- Remove SHAREDIR may differ from the local one

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-15 08:21:19 -08:00
Tom Eastep
4b01b42c34 Correct all configpath files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/configpath
2013-02-15 08:20:45 -08:00
Tom Eastep
a6d6cc9da7 Fix load, reload and export WRT shorewallrc.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-15 08:19:30 -08:00
Tom Eastep
e2ad98b364 Correct syntax error in Shorewall uninstall.sh
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-15 08:18:53 -08:00
Tom Eastep
1ede47034b Correct IPv6 List Handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-15 08:18:36 -08:00
Tom Eastep
db8f90f182 Remove allow_optimize() call from action.New.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-11 06:45:33 -08:00
Tom Eastep
bda1e05d9a Mention the requirement for a params file in the Shorewall Lite article.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-11 05:58:01 -08:00
Tom Eastep
b9d5b92f1b Correct handling of expressions consisting of a single number.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-10 15:19:30 -08:00
Tom Eastep
b349cc0f22 A better fix for inline default action with parameters.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-10 09:29:30 -08:00
Tom Eastep
54c43396f0 Correct default action handling:
- isolate basic target before testing for action/inline
- delete the action chain if appropriate.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-10 09:00:13 -08:00
Tom Eastep
f9dc89dc61 Allow arbitrary $n variables when IGNOREUNKNOWNVARIABLES=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-10 07:56:04 -08:00
Tom Eastep
cadf2747fe Correct reset_optflags()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-09 17:53:40 -08:00
Tom Eastep
c04c61b314 Correct typos in check_rules().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-09 11:42:54 -08:00
Tom Eastep
a4297381e9 Don't ACCEPT untracked packets unless UNTRACKED_DISPOSITION=ACCEPT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-09 09:15:05 -08:00
Tom Eastep
eaa6d72a4f Allow parameters to be omitted in action invocations.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-09 07:07:01 -08:00
Tom Eastep
e664b6bafb Correct action.TCPFlags
- restore rule dropped when converted.
- remove cruft
- Correct parameter handling

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-08 15:39:04 -08:00
Tom Eastep
96d64d0a04 Remove extraneous default parameter from action.Untracked
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-08 13:00:54 -08:00
Tom Eastep
122a8358fc Correct the default action description in the New action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-08 12:59:22 -08:00
Tom Eastep
acbff91d87 Remove 'default action' comments from the xxxInvalid actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-08 12:57:44 -08:00
Tom Eastep
1bd9e8b015 Correct allowInvalid and dropInvalid
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-08 10:49:12 -08:00
Tom Eastep
62a567b550 Treat each -m conntrack subtype as a separate match
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-08 10:08:23 -08:00
Tom Eastep
e4f1c62e71 Improve handling of nested state actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-08 09:09:20 -08:00
Tom Eastep
b3caaaf707 Pass the state name to perl_action_helper() from the state actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-08 06:39:16 -08:00
Tom Eastep
b9e504683e Prevent a state action from invoking another one.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-07 16:52:06 -08:00
Tom Eastep
aae6e001fe Convert dropInvalid and allowInvalid to inline actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-07 11:21:13 -08:00
Tom Eastep
aa528dd075 Revert "Convert allowInvalid and dropInvalid into macros"
This reverts commit 272e1d330c.
2013-02-07 09:09:56 -08:00
Tom Eastep
e4ae242123 Another tweak to check_state()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-06 12:07:51 -08:00
Tom Eastep
272e1d330c Convert allowInvalid and dropInvalid into macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-06 09:54:12 -08:00
Tom Eastep
a66256b25b Additional refinements of check_state()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-06 08:16:42 -08:00
Tom Eastep
11b976fb36 Correct reference type in check_state()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-05 19:55:22 -08:00
Tom Eastep
a6ccd53fe0 Unconditionally use '-j' to branch to a state chain or DISPOSITION.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-04 15:17:49 -08:00
Tom Eastep
b22b63b1c3 Don't use '-g' when DISPOSITION is CONTINUE.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-04 15:09:17 -08:00
Tom Eastep
615df6ab8f Handle 'RETURN' in state chain with terminating disposition.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-04 15:08:20 -08:00
Tom Eastep
3757607356 Remove cruft from two actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-04 10:11:51 -08:00
Tom Eastep
f6faef7cd0 Correct syntax error in action.Untracked
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-04 09:58:38 -08:00
Tom Eastep
d8214885f2 Assume that the conntrack state value in a rule is not a reference.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-04 08:29:50 -08:00
Tom Eastep
475942deb9 Normalize rules prior to combine_state tests.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 18:14:14 -08:00
Tom Eastep
f1707d2ace More state rule check fixes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 18:02:02 -08:00
Tom Eastep
c5dc69b750 Correct state actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 17:21:51 -08:00
Tom Eastep
30d96afb69 Push/pop $actionresult.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 12:43:28 -08:00
Tom Eastep
014b4ddc50 Combine adjacent rules differing only in conntrack state match.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 09:03:22 -08:00
Tom Eastep
61c219ed3a Clarify the CHAIN column in the accounting manpage. Also mention ipset support.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 08:00:24 -08:00