extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-08-04 21:05:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,679 Commits 104 Branches 736 Tags
d3f3a59d6fc119e658a0991035de75121321fa49
Commit Graph

15679 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Eastep
d3f3a59d6f Merge branch 'master' of ssh://gitlab.com/shorewall/code 
Merge changes that occurred while I was inactive
 2024-04-15 14:29:10 -07:00
Tom Eastep
b619f1333e Correct status of optional interface during 'disable' 
- If <interface>.status contains 0 but the interface's routing table has
  been deleted, then 'disable' would not correct the file.

- This simple change corrects that problem.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-04-15 13:29:08 -07:00
Tom Eastep
9b1ef03c49 Correct the 'show filter' command 
- Also consolidate some awkward code

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-29 15:49:41 -07:00
Tom Eastep
90444bdc44 Correct comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-29 15:48:45 -07:00
Tom Eastep
44671e906d Correct typo 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-13 18:16:51 -07:00
Tom Eastep
160c259866 Silly documentation change 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-11 12:32:45 -07:00
Tom Eastep
8f826ce70d Avoid 'ip' error messages due to missing optional interface 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-10 12:55:34 -07:00
Tom Eastep
895428c7c1 Handle the case where a single host exclusion specifies multiple nets 
Also reorganize the exclusion code to make it self-contained within
add_common_rules()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-10 10:30:33 -07:00
Tom Eastep
0855bc4187 Create /etc/iproute2/rt_tables if it doesn't exist 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-09 15:52:49 -08:00
Tom Eastep
3e52a6c005 Remove interface status files during 'stop/clear' processing 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-08 16:13:05 -08:00
Tom Eastep
8ce3f23464 Set AUTOHELPERS=No in the samples 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-08 13:27:47 -08:00
Tom Eastep
467cc4c252 Correct src-dst single exclusion 
Match the destination address in the output chain

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-08 11:50:49 -08:00
Tom Eastep
a9359d2610 Update $globals{VERSION} 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-07 15:41:15 -08:00
Tom Eastep
9479b83c48 Correct add_dbl_exclution_ijump() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-07 14:18:06 -08:00
Tom Eastep
f37a74a667 Add a comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-07 12:30:37 -08:00
Tom Eastep
0ecf0703dc Correct classic blacklisting 
- No filtering in the OUTPUT chain
- Correct ipsec filtering

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-07 12:26:59 -08:00
Tom Eastep
f1317f919f Handle ipsec correctly in ipset-based dynamic blacklisting 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-06 20:26:58 -08:00
Tom Eastep
cbe2935fce Handle 'nodbl' in complex host definitions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-06 17:18:50 -08:00
Tom Eastep
a8718b9867 Clearify 'ip' in shorewall-hosts(5) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-05 15:21:26 -08:00
Tom Eastep
a9c2ee3a76 Major cleanup of DYNAMIC_BLACKLIST code 
1) Avoid having to parse the setting in the Zones, Misc and rules modules
2) Apply ipset match rule after dealing with exclusions rather than before
3) Correct handling of src-dst

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-05 14:45:41 -08:00
Tom Eastep
dfd40ee208 Factor out ipset match rule generateion 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-04 13:44:23 -08:00
Tom Eastep
8d0dba349c Shorten DBL exclusion chain names 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-04 12:10:56 -08:00
Tom Eastep
f21d8b2a27 Correct parsing of the hosts file: 
1) Fixed IPv6 parsing of the HOSTS column
2) Properly detect IPv4 loopback violations

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-03 09:54:33 -08:00
Tom Eastep
11fb1ab6cf Insert comments into add_common_rules() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-02 19:51:18 -08:00
Tom Eastep
e8f28fa564 Allow 'nodbl' for classic blacklisting 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-02 16:16:02 -08:00
Tom Eastep
337a4bd6ec Use shorter names for dbl exclusion chains 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-02 14:54:45 -08:00
Tom Eastep
91d5dbb7ba Fix some blacklisting bugs: 
- src-dst didn't work
- typo in shorewall.conf(5)

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-02 13:53:31 -08:00
Tom Eastep
4ca77b109c Replace bizarre {dbl} encoding (what was I smoking when I wrote that code?) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-02 10:40:12 -08:00
Tom Eastep
a96656a509 Clean up shorewall.conf(5) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-02 09:52:16 -08:00
Tom Eastep
f928b4d6fc Add a comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-02 08:45:46 -08:00
Tom Eastep
a3abafa98b Add a 'nodbl' option for the hosts file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-03-02 08:33:36 -08:00
Tom Eastep
1377fc8897 Stop errors when displaying an empty routing table 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2024-02-28 15:20:25 -08:00
Paul Gear
aae5baedfd Merge branch 'idl0r_iptablesw' into 'master' 
Improve iptables --wait check

See merge request shorewall/code!6
 2023-02-01 02:47:31 +00:00
Paul Gear
95831e372f Merge branch 'tor_metrics' into 'master' 
Add TorMetrics macro

See merge request shorewall/code!7
 2023-02-01 02:41:22 +00:00
Paul Gear
77317c1766 Merge branch 'systemd-service-documentation' into 'master' 
Document related man-pages in Debian systemd service files

See merge request shorewall/code!8
 2023-02-01 02:39:27 +00:00
Paul Gear
236b06d480 Merge branch 'gfdl-text-corrections' into 'master' 
Correct GFDL text embedded in document sources

See merge request shorewall/code!9
 2023-02-01 02:38:53 +00:00
Paul Gear
86244d8faf Merge branch 'shorewall-man-page-stop-command-fix/v1' into 'master' 
Restore omitted words from `stop` command description

See merge request shorewall/code!10
 2023-02-01 02:35:57 +00:00
Paul Gear
b8ef488f64 Merge branch 'init-script-SRWL-definition-fix/v1' into 'master' 
Move '-6' and '-l' options from SRWL to SRWL_OPTS in Debian init-scripts.

See merge request shorewall/code!12
 2023-02-01 01:53:53 +00:00
Jeremy Sowden
b7f2d1b22e Move '-6' and '-l' options from SRWL to SRWL_OPTS in Debian init-scripts. 
Changing the definitions of SRWL from /sbin/shorewall6 to
'/sbin/shorewall -6' and so on broke the init-scripts since the scripts
test whether `$SRWL` is executable:

    test -x $SRWL || exit 0

which now fails:

    sh: test: /sbin/shorewall: binary operator expected

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2023-01-31 22:52:21 +00:00
Jeremy Sowden
c93817f30b Correct GFDL text embedded in document sources 
The invariant sections clause doesn't quite match the official text.  It should
read:

  with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts

not:

  with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2023-01-31 22:50:37 +00:00
Jeremy Sowden
5637385507 Document related man-pages in Debian systemd service files 
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2023-01-31 22:50:18 +00:00
Jeremy Sowden
23f66180e9 Restore omitted words from stop command description 
In commit c061d87919 ("Fix links in shorewall(8)") the end of one of
the sentences in the description of the `stop` command was erroneously
truncated.

Fixes: c061d87919 ("Fix links in shorewall(8)")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
 2023-01-31 20:50:00 +00:00
Vincas Dargis
c1e58f6faf Add TorMetrics macro 
Add macro for Tor metrics port.

See
https://support.torproject.org/relay-operators/relay-bridge-overloaded/
 2022-09-18 15:08:54 +03:00
Christian Ruppert
8b0d829531 Check for wait option if we don't have capabilities 
Only check for iptables --wait option if we don't already have existing
capabilities. If we have some and they're not up2date / don't match,
it will issue a warning anyway.
If a valid capabilities file exists, it will already cover whether we
can use --wait or not, that's what WAIT_OPTION is for.

Signed-off-by: Christian Ruppert <idl0r@qasl.de>
 2022-04-02 11:52:10 +02:00
Christian Ruppert
c941cf4bb5 Run iptables -w check against a usually small chain 
The iptablesw check, that's just looking for whether -w is supported or
not, previousely caused iptables to list all rules, each time you do
a shorewall check or shorewall start/reload. That might be quite
a lot, depending on the amount of rules you have. It is also no
necessary to parse each rule just to check for -w. Let's switch to the
usually much smaller INPUT chain, to reduce the overhead
 2022-04-01 16:45:42 +02:00
Tuomo Soini
672c3420a0 support: update chat server address 2021-05-27 01:44:15 +03:00
Tom Eastep
b8581e54fa Remove StandardOutput specifications from unit files 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2020-11-03 10:38:26 -08:00
Tom Eastep
ba87937f49 Replace StandardOutput=syslog by StandardOutput=journal in unit files 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2020-10-30 09:24:47 -07:00
Tom Eastep
69f0d4d881 Simon Mater's patch to support gbits and gbps in rate/burst specifications 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2020-10-09 09:39:01 -07:00
Tom Eastep
6681191c88 Correct 'show bl|blacklists' syntax 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2020-10-09 09:26:41 -07:00