extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-16 04:33:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,526 Commits 104 Branches 736 Tags 55 MiB
d9fe6e7a42
Commit Graph

4209 Commits

Author SHA1 Message Date
Tom Eastep
9661b445f2 Make install/uninstall files version independent 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-13 07:29:47 -07:00
Tom Eastep
d1b8d7b953 Make perl modules version-neutral 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-10 15:10:27 -07:00
Tom Eastep
11c580de54 Fix exclusion in IPv6 hosts file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-09 17:27:09 -07:00
Tom Eastep
e21ff03339 Fix ipsets in IPv6 hosts file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-09 16:17:35 -07:00
Tom Eastep
fbeddca6a4 Another IPv6 ipset issue (z:!+set in the DEST column) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-09 15:40:18 -07:00
Tom Eastep
a998476d00 Correct Accounting module version 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-09 07:08:47 -07:00
Tom Eastep
6c802d3353 Tighten up source and dest checking in expand_rule() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-09 07:08:39 -07:00
Tom Eastep
1f30976790 Correct change that tightened editing of IPv6 addresses 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-08 18:34:33 -07:00
Tom Eastep
22f1d1ba89 Another fix for IPv6 and IPSETs 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-08 16:31:35 -07:00
Tom Eastep
a8daff0008 Correct handling of <interface>:+<ipset> in Shorewall6. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-08 15:57:08 -07:00
Tom Eastep
b70666eaf6 Move .spec files to release/ 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-08 10:07:08 -07:00
Tom Eastep
27b99a62d0 Move known problems file to release sub-directory 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-08 09:14:54 -07:00
Tom Eastep
76c97a1cc4 Move release documents to their own directory 2011-07-07 15:51:50 -07:00
Tom Eastep
7fa59706c5 Correct TPROXY/IPv6 address fix 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-07 14:50:44 -07:00
Tom Eastep
3f903fe3f1 Allow IPv6 Address as the third argument to TPROXY 
- also update the manpages to describe TPROXY

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-07 06:43:16 -07:00
Tom Eastep
cf5613441d Correct loading of xt_ipset 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-05 15:57:14 -07:00
Tom Eastep
95acabe97e Make load and reload use the .conf file in the CWD 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-05 15:56:38 -07:00
Tom Eastep
1c199a2644 Add semicolons in new actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-04 14:59:07 -07:00
Tom Eastep
20cee7649e Change quotes in action.Broadcast 2011-07-04 13:32:32 -07:00
Tom Eastep
a355141f40 Correct typo in .spec files 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-04 13:13:52 -07:00
Tom Eastep
87870ad121 Add new actions to the .spec file 2011-07-04 13:01:49 -07:00
Tom Eastep
e1d8d71348 Version to 4.4.22 Beta 1 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-04 09:36:54 -07:00
Tom Eastep
dd353eeafb Allow optimizatin of Invalid and NotSyn chains 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-04 07:50:25 -07:00
Tom Eastep
c4ba1089e6 Don't include IPv6 code in Shorewall/action.Broadcast 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-04 07:49:38 -07:00
Tom Eastep
6be8c08673 Create action chain without leading % when possible 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-04 07:48:52 -07:00
Tom Eastep
863881841a Add action.Invalid and action.NotSyn and modify action.Drop and action.Reject to use them 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-03 17:14:36 -07:00
Tom Eastep
1536ff4b92 Corrections to dropBcast/allowBcast 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-03 15:58:19 -07:00
Tom Eastep
bd1d7d6f92 Don't quote the empty setting of LOGLIMIT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-03 15:55:45 -07:00
Tom Eastep
f96c32634c Make config file quoting more consistent with update 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-03 15:55:27 -07:00
Tom Eastep
befc8a00f6 Create parameterized action.Broadcast 
- replace invocations of dropBcast with invocations of Broadcast(DROP,...)

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-03 08:58:30 -07:00
Tom Eastep
24deabb03f Merge branch '4.4.21' 2011-07-03 08:48:27 -07:00
Tom Eastep
9691a8ceb3 Don't collapse '-' and '--' in @actparms 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-03 08:47:53 -07:00
Tom Eastep
029ac610fe Merge branch '4.4.21' 2011-07-03 07:23:09 -07:00
Tom Eastep
d31e2d67ba DEFAULTS directive enforces max number of parameters 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-03 07:22:29 -07:00
Tom Eastep
62c62441bb Eliminate duplicate function definitions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-03 07:04:52 -07:00
Tom Eastep
d99090978d Merge branch '4.4.21' 2011-07-03 06:40:08 -07:00
Tom Eastep
5b06e88b3d Push/Pop comment during action processing 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-03 06:37:41 -07:00
Tom Eastep
7e3f97c154 Prepare for more parameterized actions 
- Export add_commands, incr_cmd_level and decr_cmd_level by default
- Move ensure_audit_chain and require_audit from Rules.pm to Chains.pm
- Add get_action_logging() function
- Export require_capability and have_capability by default

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-03 06:22:51 -07:00
Tom Eastep
ad71faacaa Correct push_action_params() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-02 17:02:39 -07:00
Tom Eastep
42aa3724af Trace system calls when debugging 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-02 08:37:57 -07:00
Tom Eastep
4ea8a65cd9 Trace system calls when debugging 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-02 08:27:17 -07:00
Tom Eastep
afa5ea3fd2 Minor tweaks to Config.pm 
- Look for unprintable gunk in lines processed by split_line1()
- Modify a comment
- replace awkward close/assert statement

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-02 08:10:43 -07:00
Tom Eastep
bd9bf3d43a Rename & export get_actionchain() -> get_action_chain() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-02 07:02:18 -07:00
Tom Eastep
c309ca3075 Revert "Simplify push_action_params()" 
This reverts commit 89ee25dde2.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-01 16:23:39 -07:00
Tom Eastep
8ab45b4de3 Save current action chain along with params. Add get_action_chain() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-01 16:21:36 -07:00
Tom Eastep
89ee25dde2 Simplify push_action_params() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-01 15:38:39 -07:00
Tom Eastep
981c9a9047 Minor rewording in the release notes. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-07-01 13:03:33 -07:00
Tom Eastep
ea22d79aeb Update the version of Providers.pm 2011-06-30 18:40:48 -07:00
Tom Eastep
6ff02dbaa3 Make 'fallback' and 'balance' mutually exclusive 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-30 10:00:01 -07:00
Tom Eastep
7f255313d9 Document fix for TPROXY 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-29 20:29:18 -07:00
Tom Eastep
f09d286738 Correct script generation problem with TPROXY 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-29 20:05:27 -07:00
Tom Eastep
3e8c1f4e3c Add undocumented -c option to show and dump 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-29 11:48:23 -07:00
Tom Eastep
cbeebb6bf8 Bump version to 4.4.21. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-29 11:36:04 -07:00
Tom Eastep
20283d7151 Update Change log with RC 1 changes. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-29 11:34:53 -07:00
Tom Eastep
ea038bcecb Correct regular expression in process_shorewall_conf() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-28 06:42:41 -07:00
Tom Eastep
05103bacd0 Don't expand single-quoted .conf option values 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-26 07:45:09 -07:00
Tom Eastep
0b431aa8c1 Minor tweaks to Config.pm 
- Add/revise comments
- Rename $line -> $lineref in expand_variables()
- Collapse 3 lines into one in process_shorewall_conf()
 2011-06-26 06:50:22 -07:00
Tom Eastep
7507c81882 Remove some whitespace 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-25 21:55:49 -07:00
Tom Eastep
9f37f09b28 Clean up variable expansion: 
1) Centralize code in function expand_variables()
2) Eliminate %rawconfig
3) Correct logic in update_config_file() - the defect was not observable
   but the code was clearly silly
 2011-06-25 21:08:32 -07:00
Tom Eastep
47c759d93c Convert %actparms to an array 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-25 11:39:13 -07:00
Tom Eastep
024c1fbd08 Validate first argument to the default actions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-25 10:51:17 -07:00
Tom Eastep
713af61380 Detect too many parameters to Drop and Reject 2011-06-25 10:38:01 -07:00
Tom Eastep
5740b69dc6 Fix another empty parameter list issue 2011-06-25 09:46:58 -07:00
Tom Eastep
fe2ef23f04 Correct install.sh 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-24 21:16:55 -07:00
Tom Eastep
f4acb5fa2f Install annotated and un-annotated config files 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-24 15:13:40 -07:00
Tom Eastep
19c1f388a7 Modify Debian test in update 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-24 15:01:25 -07:00
Tom Eastep
fb2085b0c3 Support 'update' on Debian 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-24 13:40:32 -07:00
Tom Eastep
ca9276fd7e Add quotes on deprecated and obsolete options if appropriate 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-24 11:47:34 -07:00
Tom Eastep
129d1739d1 Cosmetic changes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-24 07:58:46 -07:00
Tom Eastep
7583a5c7a3 Use updated values in configuration verification 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-24 07:22:41 -07:00
Tom Eastep
7ec5f60571 Document FOREWARD->FORWARD typo correction 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-24 07:21:12 -07:00
Tom Eastep
11b847f3a4 Correct spelling in an error message (FOREWARD -> FORWARD) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-24 06:22:16 -07:00
Tom Eastep
4c9417d5f6 Add ipset support in Shorewall6 to the highlights section. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-24 06:21:42 -07:00
Tom Eastep
6f68ed5508 Initiate 4.4.21 RC 1 2011-06-23 16:23:52 -07:00
Tom Eastep
ba9a0016a8 Move update_config_file() to before process_shorewall_conf() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-23 06:37:21 -07:00
Tom Eastep
de7d95e7ff Rename 'ipset v4' -> 'ipset v5' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-23 06:36:35 -07:00
Tom Eastep
04d551d8ca Detect ipset V4 and use its syntax 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-22 16:43:42 -07:00
Tom Eastep
000268f50c Smarten up action.Drop and action.Reject WRT omitted parameters 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-22 15:45:14 -07:00
Tom Eastep
a5167dcd28 Update header documentation in action.Drop and action.Reject 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-22 14:27:32 -07:00
Tom Eastep
7ef7490cd6 Change the compiler's default for LEGACY_FASTSTART 
- No visible effect since the compiler doesn't use this option
 2011-06-22 13:56:17 -07:00
Tom Eastep
1b3d7947b8 Update the .conf file before validating ('update' command) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-22 12:31:58 -07:00
Tom Eastep
ba7d5fd720 Avoid two-stage processing of shorewall.conf when not updating. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-22 10:56:25 -07:00
Tom Eastep
106ba52362 Change signature of get_action_params 
- Accepts a number of parameters rather than a list
- Change action.Drop and action.Reject accordingly
- Define correct number of parameter variables in action.Drop and action.Reject

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-22 08:27:01 -07:00
Tom Eastep
0d2e2a14d3 Document additional parameters to standard default actions and DEFAULT in macro files 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-22 08:05:13 -07:00
Tom Eastep
62a75cb98d Fix parameterization of standard default actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-22 07:51:42 -07:00
Tom Eastep
b43bee2c62 Streamline PERL in action.Drop and action.Reject 
- Rename read_action_param => get_action_params
- Allow it to accept a list of indexes and to return a list

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-22 06:53:15 -07:00
Tom Eastep
bbf853bd1d Cleaner handling of DEFAULTS in a non-action context 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-22 06:11:20 -07:00
Tom Eastep
ece598288f Disallow DEFAULTS in the rules file 2011-06-21 21:00:08 -07:00
Tom Eastep
d51ca478bd Reverse one hunk from empty-parameter fix 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-21 11:45:32 -07:00
Tom Eastep
fe9e2ba28d Correct error message 2011-06-20 19:47:33 -07:00
Tom Eastep
063e21e69f Allow an empty parameter list in an action (e.g., "Action()") 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-20 19:45:01 -07:00
Tom Eastep
71d88b93a0 Make IPv6 Dynamic Zone set names unique 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-20 17:22:34 -07:00
Tom Eastep
7b2cbf2449 Make 'show dynamic <zone>' work correctly with new ipset program 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-20 17:22:04 -07:00
Tom Eastep
39e74911d8 Improve generated code 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-20 14:34:26 -07:00
Tom Eastep
ec28bdb5a0 Document Shorewall6 support for dynamic zones. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-20 14:33:49 -07:00
Tom Eastep
44cbfd8f27 Correct defects found while unit testing IPv6 Dynamic Zones 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-20 13:33:25 -07:00
Tom Eastep
119d38c92b Enable dynamic zones for IPv6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-20 10:41:29 -07:00
Tom Eastep
785de281b5 More IPv6 ipset fixes 
- use 'family inet6' rather than 'family ipv6'
- Correct one more case of 'iphash' vs 'hash:ip family inet6'
- Encapsulate ipset -N into an 'ensure_ipset()' function

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-20 07:43:32 -07:00
Tom Eastep
4c2f12e645 Some whitespace changes 2011-06-19 19:08:32 -07:00
Tom Eastep
e4bcc12301 Use 'here documents' rather than single quotes. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-06-19 18:33:10 -07:00