Commit Graph

15518 Commits

Author SHA1 Message Date
Tom Eastep
d89d35a9f0
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2020-06-08 09:48:31 -07:00
Tom Eastep
220e89755e
Omit STATE-orientated rules in wildcard policy chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-07 20:57:55 -07:00
Tom Eastep
1d875b2909
Minor edit to the blacklisting doc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-07 18:12:01 -07:00
Tom Eastep
011638ad7d
Document use of address variables in the snat file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-07 18:11:26 -07:00
Tom Eastep
3f5c47695e
Expand fail2ban documenation in the blacklisting article
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-07 12:37:45 -07:00
Tom Eastep
fb14b0aafc
Update targetname files for 5.2.5-Beta2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-06 12:54:01 -07:00
Tom Eastep
54ab7cdeb5
Update blacklisting documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-06 12:23:32 -07:00
Tom Eastep
aa47554604
Add 'noupdate' DYNAMIC_BLACKLIST option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-06 10:14:32 -07:00
Tom Eastep
07160c5ed1
Add 'blacklist!' command.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-06 10:13:46 -07:00
Tom Eastep
527533ecb6
Add 'log' option to DYNAMIC_BLACKLIST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-03 14:28:08 -07:00
Tom Eastep
4ac64a545c
Change log facility to 'daemon'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-03 13:49:10 -07:00
Tom Eastep
6612ea6b8c
Store the exported configuration paramaters in a named array
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-03 11:50:27 -07:00
Tom Eastep
2646ec79a5
Read the params file when processing an 'allow' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-03 11:39:42 -07:00
Tom Eastep
023437a0e0
Add target files 5.2.5-Beta1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-01 10:07:23 -07:00
Tom Eastep
ffb6ac178e
Shorten the disposition in ADD/DEL log messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-06-01 09:36:00 -07:00
Tom Eastep
726d7cde65
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2020-05-31 17:39:38 -07:00
Tom Eastep
c061d87919
Fix links in shorewall(8)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-05-31 17:39:13 -07:00
Tom Eastep
5af7dce96b
Merge branch 'master' of ssh://gitlab.com/shorewall/code 2020-05-31 14:03:23 -07:00
Tom Eastep
eb5bc3d8a4
Create DBL ipset with 'timeout 0'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-05-31 12:37:42 -07:00
Tom Eastep
b34474df11
Remove the -f option from the documentation of the 'stop' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-05-30 20:10:07 -07:00
Tom Eastep
16a3384a70
Add an example of using 'blacklist ... timeout nnn'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-05-30 19:57:37 -07:00
Tom Eastep
67b421dc00
Correct a comment in the optimize level 8 code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-05-21 11:37:04 -07:00
Matt Darfeuille
c518887a19
Reflect changes in tools repository
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-05-21 10:40:14 -07:00
Tom Eastep
5493a7e4a6
Merge branch '5.2.4' 2020-05-17 13:20:46 -07:00
Tom Eastep
1093f1ac32
Add target files 5.2.4.5
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-05-14 09:43:10 -07:00
Tom Eastep
7882c87afe
Allow AUTOMAKE to work with symbolic links
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-05-14 09:22:44 -07:00
Tom Eastep
7343b19abc
Clarify the 'optional' interface option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-05-13 12:30:12 -07:00
Tom Eastep
f27ab4704c
Merge branch '5.2.4' 2020-04-30 11:18:18 -07:00
Tom Eastep
e5e8e6fbc0
Correct logic for deleting ipsets
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-29 13:07:04 -07:00
Tom Eastep
c11b647b1b
Fix defect which prevented dynamic blacklist ipsets from being created
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-29 12:34:41 -07:00
Tom Eastep
5706c5a860
Avoid hang during 'shorewall[6] start'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-29 12:33:50 -07:00
Tom Eastep
fd1d4a3f35
Update Shared Config Doc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-25 14:48:45 -07:00
Tom Eastep
2bf9048057
Another Debian if_pre-down fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-24 16:47:42 -07:00
Tom Eastep
d618fd5812
Remove extraneous whitespace
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-23 20:31:07 -07:00
Tom Eastep
177cdb1b98
Move a block of code to keep function declarations adjacent
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-23 18:37:47 -07:00
Tom Eastep
dddde56454
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
# Conflicts:
#	Shorewall-init/install.sh
#	Shorewall/Perl/Shorewall/Providers.pm

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-23 18:35:11 -07:00
Tom Eastep
9b196e87e9
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
# Conflicts:
#	Shorewall-init/shorewall-init

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-23 18:27:54 -07:00
Tom Eastep
c30a4fd080
Merge branch '5.2.4' of ssh://server.shorewall.net/home/teastep/shorewall/code into 5.2.4
# Conflicts:
#	Shorewall/Perl/Shorewall/Chains.pm

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-22 16:27:03 -07:00
Tom Eastep
0a9d2d9a33
Don't install script in if_down.d on Debian
- Eliminates need for Debian-specific code in generated script

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-22 13:47:09 -07:00
Tom Eastep
39de88563f
Cleanup of Optimize 16 change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-21 13:02:56 -07:00
Tom Eastep
e14798b4a2
Make OPTIMIZE=16 an order of magnitude faster
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-21 13:02:34 -07:00
Tom Eastep
3042ae815e
Make OPTIMIZE=16 an order of magnitude faster
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-20 15:00:33 -07:00
Tom Eastep
86ebb22dd3
Cosmetic changes to shorewall-init
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-20 10:29:36 -07:00
Tom Eastep
18360471ab
Have Shorewall-init restore ipsets before stopping the firewalls
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-20 09:23:34 -07:00
Tom Eastep
086f7a0e6d
Only destroy ipsets that will be restored
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-20 09:11:03 -07:00
Tom Eastep
057a2dec70
Correct typo with bad consequences
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-19 18:44:19 -07:00
Tom Eastep
16af9ee2de
Revert "Don't install ifupdown script in if-down.d on Debian"
This reverts commit 7d4d409799.
2020-04-19 15:19:13 -07:00
Tom Eastep
cabadd4846
Honor 'wait=<seconds> when enabling an interface.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-19 14:31:12 -07:00
Tom Eastep
3c06be28be
Delete unnecessary check if IPv6 interface_is_usable()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-19 12:28:16 -07:00
Tom Eastep
7d4d409799
Don't install ifupdown script in if-down.d on Debian
- Proper location for the script is if-post-down

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-04-19 12:18:44 -07:00