Tom Eastep
|
d7096ae52e
|
Back out default-action macros and document in-line actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-27 10:53:18 -08:00 |
|
Tom Eastep
|
6bf996d4b8
|
Implement inline actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-27 10:32:48 -08:00 |
|
Tom Eastep
|
85a46690c0
|
Improve optimize level 16 fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-26 15:11:07 -08:00 |
|
Tom Eastep
|
a4dcd1071a
|
Revert change to macro level merging.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-26 13:41:12 -08:00 |
|
Tom Eastep
|
78ba8bac50
|
Replace '@' by the chain name in SWITCH columns.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-26 13:28:23 -08:00 |
|
Tom Eastep
|
bf75b2b919
|
$0 expands to the current action chain name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-26 13:23:20 -08:00 |
|
Tom Eastep
|
7673b1ac4b
|
Support multiple parameters in macros.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-26 11:04:19 -08:00 |
|
Tom Eastep
|
fc87576005
|
Back out silly change for output interfaces in the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-26 09:47:42 -08:00 |
|
Tom Eastep
|
3f550622bd
|
Only use routing table for OUTPUT interface in the raw table.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-26 07:51:55 -08:00 |
|
Tom Eastep
|
21c2963691
|
Correct Format-3 syntax for the SOURCE column of the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-26 07:48:43 -08:00 |
|
Tom Eastep
|
e7dee420ee
|
Allow interfaces in the DEST column of the conntrack file when the chain is OUTPUT.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 18:37:23 -08:00 |
|
Tom Eastep
|
e45fe53705
|
Correct another optimizer defect.
- Don't declare command-mode rules as duplicates.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 18:00:26 -08:00 |
|
Tom Eastep
|
697fc001c3
|
Return to zone-based handling of 'all'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 16:31:05 -08:00 |
|
Tom Eastep
|
642f192b3d
|
Disallow destination interface in the OUTPUT chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 15:37:53 -08:00 |
|
Tom Eastep
|
dd0f42c462
|
Mention Macros as default actions in the Actions and Macros docs.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 12:09:41 -08:00 |
|
Tom Eastep
|
7b0578fa84
|
Fix AUDIT on IPv6.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 12:09:18 -08:00 |
|
Tom Eastep
|
5acf0f60e7
|
Only apply log level to bare LOG rules in default-action macro.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 10:17:03 -08:00 |
|
Tom Eastep
|
fb3194d96b
|
Correct handling of default-action macro when specified as "macro.Name"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 10:16:43 -08:00 |
|
Tom Eastep
|
629717f7cc
|
Correct policy manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 09:33:46 -08:00 |
|
Tom Eastep
|
8e239c90c1
|
Update columns in the macro template file.
- It was missing SWITCH and HELPER
|
2012-11-25 08:54:19 -08:00 |
|
Tom Eastep
|
8c2db40783
|
Correct errors in the conntrack manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 08:52:51 -08:00 |
|
Tom Eastep
|
066a017420
|
Correct typo in Raw.pm
- The OUTPUT chain designator test was using '0' (zero) rather than 'O'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 08:52:33 -08:00 |
|
Tom Eastep
|
1870c281a9
|
Make AUDIT support params again.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 08:26:44 -08:00 |
|
Tom Eastep
|
dbfc805707
|
Add 'IU' state in secmarks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-25 08:10:53 -08:00 |
|
Tom Eastep
|
748d532175
|
Correct the explaination of ULOG and NFLOG in the manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-24 09:11:28 -08:00 |
|
Tom Eastep
|
b7e2b28562
|
Transfer tag when merging into an NFLOG/ULOG rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-24 09:04:56 -08:00 |
|
Tom Eastep
|
67e1e6cf91
|
Allow WHITELIST in IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-23 14:19:14 -08:00 |
|
Tom Eastep
|
cd2854cad0
|
Fix NFLOG/ULOG implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-23 13:49:43 -08:00 |
|
Tom Eastep
|
75c148a2dd
|
Enable 'debug' on the try, stop and clear commands.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-23 11:46:14 -08:00 |
|
Tom Eastep
|
71bbc632ce
|
Handle 'fw' correctly in the SOURCE column of the stoppedrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-23 08:35:51 -08:00 |
|
Tom Eastep
|
b6a1a7d538
|
Make NFLOG and ULOG built-ins.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-23 08:14:24 -08:00 |
|
Tom Eastep
|
30de211bda
|
Implement format-3 conntrack files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-22 20:56:56 -08:00 |
|
Tom Eastep
|
3f7425b6a0
|
Purge %renamed before each table is processed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-22 17:27:09 -08:00 |
|
Tom Eastep
|
47ef3db53c
|
Add SWITCH column to sample IPv6 conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-22 09:10:30 -08:00 |
|
Tom Eastep
|
8a744de906
|
Document semantic change to 'all' handling in the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-22 09:10:07 -08:00 |
|
Tom Eastep
|
059095e366
|
Corrected shorewall6-rules(8)
- delete A_ACCEPT+
- correct a typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-22 09:09:35 -08:00 |
|
Tom Eastep
|
26dee73895
|
Support the audited targets on IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-22 08:24:51 -08:00 |
|
Tom Eastep
|
df7ce1a7d1
|
Add the AUDIT built-in and delete the Audit action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-22 08:24:33 -08:00 |
|
Tom Eastep
|
4a05571e7e
|
Add forward prototype for process_macro()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-22 08:00:15 -08:00 |
|
Tom Eastep
|
b89e05740d
|
Insure that nested zone exclusions go in the proper place in raw PREROUTING
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-21 14:49:21 -08:00 |
|
Tom Eastep
|
3040156981
|
Add SWITCH column to the conntrack file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-21 14:20:56 -08:00 |
|
Tom Eastep
|
54dadcc546
|
Ensure that zone-specific rules come before 'all' rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-21 14:20:30 -08:00 |
|
Tom Eastep
|
952aed225d
|
Improve handling of 'all' in the conntrack file.
- Also added 'all-' to represent all off-firewall zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-21 13:07:01 -08:00 |
|
Tom Eastep
|
7bfbf522bc
|
Document that parameters are allowed in default actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-21 11:12:55 -08:00 |
|
Tom Eastep
|
1efd47a7e9
|
Apply Tuomo Soini's fix for RHEL5
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-21 10:34:00 -08:00 |
|
Tom Eastep
|
c0a2f19500
|
Add an Audit action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-21 10:24:14 -08:00 |
|
Tom Eastep
|
374489c3cf
|
Revert "Fix RHEL5 issue with route marking."
This reverts commit 77f342b0e0 .
|
2012-11-21 10:19:24 -08:00 |
|
Tom Eastep
|
77f342b0e0
|
Fix RHEL5 issue with route marking.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-21 09:08:15 -08:00 |
|
Tom Eastep
|
8f52c9744e
|
Correct some issues with default action macros.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-21 08:29:35 -08:00 |
|
Tom Eastep
|
1957af04fd
|
Don't create a _weight file for an optional non-provider interface.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-11-20 16:10:30 -08:00 |
|