extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 12:14:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
9,268 Commits 104 Branches 736 Tags 55 MiB
dbc9f6ac8f
Commit Graph

3205 Commits

Author SHA1 Message Date
Tom Eastep
b52b7c422f Drop multicast and anycast in Drop and Reject actions 2010-07-12 16:44:34 -07:00
Tom Eastep
c1b212225e Use uniform coding style in latest changes 2010-07-12 13:07:11 -07:00
Tom Eastep
328e1b7f6a Don't generate rules to link local net from vserver zones 2010-07-12 12:39:51 -07:00
Tom Eastep
59189d6324 Don't generate rules from link local net to vserver zones 2010-07-12 11:52:56 -07:00
Tom Eastep
4792d1e5f1 Fix nets= in Shorewall6 2010-07-11 19:52:18 -07:00
Tom Eastep
5a5546ef1b Set version to 4.4.11 2010-07-09 09:01:08 -07:00
Tom Eastep
d0c1c3d69c Change comment to clarify assumption about function arguments 2010-07-08 17:45:18 -07:00
Tom Eastep
9eca7fb37b Simplify logic in loopback helper functions 2010-07-08 17:11:27 -07:00
Tom Eastep
591a4bc7f6 Revert version of modules with only whitespace changes; rename a couple of functions for clarity 2010-07-07 06:43:07 -07:00
Tom Eastep
02fab09a14 Add PERL= option to shorewall.conf and shorewall6.conf 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-07-05 13:11:52 -07:00
Tom Eastep
4547067da9 Document fix for missing closing quote 2010-07-05 11:43:37 -07:00
Tom Eastep
31a9d24164 Fix missing quote when REQUIRE_INTERFACE=Yes 2010-07-05 09:47:03 -07:00
Tom Eastep
f977631af9 Just reset provider bits in FORWARD chain 2010-07-05 09:46:24 -07:00
Tom Eastep
b445b4fdd9 Fix compiler detection of FWMARK_RT_MASK -- take 2 2010-07-05 08:51:13 -07:00
Tom Eastep
0e87ccbcfd Fix compiler detection of FWMARK_RT_MASK 2010-07-05 08:39:32 -07:00
Tom Eastep
542557069e Back out a couple of harmless but unintended changes 2010-07-05 08:02:51 -07:00
Tom Eastep
aa6bb6e911 Improve wording of FORWARD_CLEAR_MARK description 2010-07-05 07:53:31 -07:00
Tom Eastep
898c3a045f Bump version to RC1 2010-07-05 07:08:06 -07:00
Tom Eastep
6a644716c9 Unconditionally use /usr/bin/perl 2010-07-04 17:13:33 -07:00
Tom Eastep
312624cef5 Fix NET3 bug (netmap) 2010-07-04 15:58:37 -07:00
Tom Eastep
7689831cd7 Minor cleanup of 4.4.11 Beta 3. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-07-04 09:29:16 -07:00
Tom Eastep
2ee4fd8f5a Add FWMARK_RT_MASK capability. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-07-04 09:08:04 -07:00
Tom Eastep
d3e30b5fe4 Add FORWARD_CLEAR_MARK option 2010-07-03 17:03:42 -07:00
Tom Eastep
5d1e19364a Bump version to Beta 3 2010-07-03 10:54:39 -07:00
Tom Eastep
148b251766 Only send loopback traffic to the 'loopback' chain 2010-07-03 10:53:25 -07:00
Tom Eastep
21ce6f9b84 Add new zone-list function to return all but firewall zone. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-07-03 08:33:10 -07:00
Tom Eastep
c8274f0538 Minor vserver doc update 2010-07-02 13:34:21 -07:00
Tom Eastep
63154367ad Forbid 'ipsec' in a vserver host entry 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-07-02 13:12:23 -07:00
Tom Eastep
e5d3ce582a Correct Old Defect in ipsec match generation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-07-02 13:11:57 -07:00
Tom Eastep
9e81a5101f Cleaner fix for ipsec/vserver issue 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-07-02 12:24:58 -07:00
Tom Eastep
261af19b4e Fix invalid policy match with vserver zone. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-07-02 12:18:18 -07:00
Tom Eastep
364cddf99b Update release documents for find_hosts_by_option() fix 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-07-02 07:40:30 -07:00
Tom Eastep
f2ca9e25c9 Make find_hosts_by_option() work with options specified on the interface 2010-07-02 07:19:52 -07:00
Tom Eastep
db8dba66db Correct defect in the handling of 'trace' and 'debug' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-07-01 15:56:57 -07:00
Tom Eastep
338c021272 Fix refression in handling of mss= 2010-07-01 09:05:25 -07:00
Tom Eastep
64decb25fe Bump version to 4.4.11-Beta2 2010-07-01 07:08:11 -07:00
Tom Eastep
9f15ccb24f Update Raw.pm version. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-30 20:40:26 -07:00
Tom Eastep
e4afc15370 Finish Vserver Implementation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-30 20:35:46 -07:00
Tom Eastep
9e37fe1ffa Deimplement flawed rate limiting with simple TC 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-26 07:42:08 -07:00
Tom Eastep
fc95cb8dc6 Run insserv when installed on Debian 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-26 07:34:34 -07:00
Tom Eastep
914d752f1d Fix latency parsing 2010-06-25 16:10:26 -07:00
Tom Eastep
fe27554fd0 Document undefined value issue 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-24 14:18:48 -07:00
Tom Eastep
2909b6fd92 Quiet down the Perl interpreter on some boxen 2010-06-24 13:58:46 -07:00
Tom Eastep
cc376ab72e Update release documents for REQUIRE_INTERFACE 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-23 13:00:00 -07:00
Tom Eastep
3cda3d0315 Add REQUIRE_INTERFACE to shorewall*.conf 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-23 12:58:35 -07:00
Tom Eastep
1cb22d0bcf First feeble steps toward vserver zones 2010-06-22 16:42:20 -07:00
Tom Eastep
d5aaa97d4e Update release documents for changes ported from the 4.4.10 branch 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-22 08:40:07 -07:00
Tom Eastep
efa4cfa921 Update release documents for 4.4.11 Beta 1 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-18 12:09:43 -07:00
Tom Eastep
dbbe6b264d Fix the IPSET fix 2010-06-18 12:06:12 -07:00
Tom Eastep
e7340dabc0 Fix IPSET issue 2010-06-18 12:05:44 -07:00
Tom Eastep
503b1cf795 Update release note version banner 2010-06-16 16:46:56 -07:00
Tom Eastep
32d8a9d996 Allow patch from Gabriel 2010-06-12 14:10:40 -07:00
Tom Eastep
d58127e51c Allow networks to be specified in a NETMAP rule 2010-06-12 13:50:58 -07:00
Tom Eastep
9acec39898 Fix a couple of issues with Simple TC 2010-06-12 13:50:11 -07:00
Tom Eastep
625f254d02 Add tcfilters to manpage index 2010-06-10 06:15:15 -07:00
Tom Eastep
6040f02bb0 Don't set variables needlessly 2010-06-08 16:33:54 -07:00
Tom Eastep
32d575a8c8 Remove extra logic 2010-06-08 16:18:23 -07:00
Tom Eastep
dcd64cd096 Move ipset-load code to Chains.pm. Better there than in Compiler.pm 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-08 16:18:14 -07:00
Tom Eastep
a5816c23d4 Move save_dynamic_chains to Chains.pm where it belongs. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-08 16:17:57 -07:00
Tom Eastep
6537c1e55a Improve readability 2010-06-08 16:16:23 -07:00
Tom Eastep
52a80e69a9 More tweaks to saving/restoring dynamic chains 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-08 11:27:09 -07:00
Tom Eastep
ec3fdbde98 More changes having to do with with dynamic chains 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-08 11:26:53 -07:00
Tom Eastep
aa4b0f71af Much cleaner implementation of save_dynamic_chains() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-07 10:11:33 -07:00
Tom Eastep
0978f3d41a More periodic removal of trailing white space 2010-06-07 09:16:56 -07:00
Tom Eastep
3467969c26 Periodic removal of trailing white space 2010-06-07 07:30:56 -07:00
Tom Eastep
04de6fac6d Make dynamic chain saving work with IPv6 
Also, use hidden files to save the chain contents.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-07 07:18:21 -07:00
Tom Eastep
b741ff2a81 Document first 4.4.11 features 2010-06-06 20:40:39 -07:00
Tom Eastep
db138edbd1 Update versions of modified modules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-06 13:49:26 -07:00
Tom Eastep
b3370dfd78 Initiate 4.4.11 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-06 13:36:45 -07:00
Tom Eastep
17b6e370af Purge saved dynamic blacklist if the chain doesn't exist 2010-06-06 13:24:09 -07:00
Tom Eastep
25c0e3c7b3 Retain UPnP and dynamic blacklist over 'restart' 2010-06-06 13:23:49 -07:00
Tom Eastep
ca7d145746 Don't enter command mode for upnpclient rule for non-optional interface 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-06 08:05:19 -07:00
Tom Eastep
99a0226a43 Slight improvement of regular expression used to insert chain name into rules after '-A' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-06 08:04:28 -07:00
Tom Eastep
fdc3b698a9 Version to 4.4.10 (again) 2010-06-05 15:58:23 -07:00
Tom Eastep
d388b29d70 Let Zones.pm export chain_base rather than Chains.pm 2010-06-05 08:40:00 -07:00
Tom Eastep
0e995d65ac Version to 4.4.10-RC2 2010-06-04 16:19:15 -07:00
Tom Eastep
742a3b2eef Make wait and required work on wildcard interfaces 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-04 10:35:45 -07:00
Tom Eastep
82a74d7534 Resolve Optional/Required interfaces with wildcard names 
Optional is allowed
Required is not

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-04 08:46:29 -07:00
Tom Eastep
165535cd8b Disallow wildcard optional/required interfaces 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-04 07:18:55 -07:00
Tom Eastep
7625b4069b Delete references to prenet subsystem locks. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-03 12:31:39 -07:00
Tom Eastep
43afd03b9b Bump version to 4.4.10 2010-06-03 11:18:02 -07:00
Tom Eastep
f29b06ec07 Update .spec files to use DESTDIR 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-01 07:18:37 -07:00
Tom Eastep
91840acb18 Remove unused RUNLEVELS variable from the install scripts. 
Add some documentation

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-01 07:12:19 -07:00
Tom Eastep
fe55fa0f31 Rename PREFIX->DESTDIR 
If DESTDIR is not supplied, look for PREFIX

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-06-01 06:42:11 -07:00
Tom Eastep
c52d0c4d9f Update release notes for 'version -a' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-31 08:05:33 -07:00
Tom Eastep
858a422da3 Extend 'version -a' behavior to all CLIs 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-31 07:32:17 -07:00
Tom Eastep
47c4cbd85a Remove extra step in DSL modem access 2010-05-30 11:31:41 -07:00
Tom Eastep
347757a190 Yet more updates for build on the Mac 2010-05-29 10:57:27 -07:00
Tom Eastep
58ad0bc9e0 More updates for build on the Mac 2010-05-29 10:50:39 -07:00
Tom Eastep
226eb6ca3e Cleanup of optimization fix 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-29 09:56:14 -07:00
Tom Eastep
5bd1bac70d Document fix for optimization bug 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-29 09:13:52 -07:00
Tom Eastep
e29d6d080d Restore -a functionality to the version command 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-29 08:59:45 -07:00
Tom Eastep
50ce5bab68 Fix Optimization Bug 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-29 08:58:16 -07:00
Tom Eastep
d58480943a Bump version to 4.4.10 RC 1 2010-05-27 17:21:11 -07:00
Tom Eastep
3125a4d0d3 Restore RPM RedHat compatibility 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-27 06:49:49 -07:00
Tom Eastep
cc269d5d19 Make RPM SuSE-only 2010-05-26 18:49:33 -07:00
Tom Eastep
e627e0ea76 Bump version to 4.4.10-Beta4 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-26 16:47:49 -07:00
Tom Eastep
84909de8b9 Fixes for Debian 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-25 16:02:57 -07:00
Tom Eastep
cdcb42ce9c Increment version to 4.4.10-Beta3. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-25 07:17:57 -07:00
Tom Eastep
3db31f2f65 Add SAFESTOP setting to /etc/default/shorewall*. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-25 07:16:02 -07:00
Tom Eastep
2d19cd1ebb Add options to readlink 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-24 06:37:02 -07:00
Tom Eastep
9c0564831a Fix syntax error in generated shell script 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-24 06:23:45 -07:00
Tom Eastep
620f5cf76b More build fixes 2010-05-23 17:12:42 -07:00
Tom Eastep
0f7b4cf7f4 Fix logrotate issue 2010-05-23 17:01:31 -07:00
Tom Eastep
0ef4cd1653 Allow Debian install with PREFIX 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-23 16:10:36 -07:00
Tom Eastep
60c751b98f First stage rework of Shorewall install script 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-23 16:02:28 -07:00
Tom Eastep
d32ed01cf0 Use readlink(1) where appropriate 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-23 13:37:26 -07:00
Tom Eastep
1d87fc0102 Update .spec files with virtual requires/provides 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-21 10:12:37 -07:00
Tom Eastep
eaad566978 Update documents for Shorewall-lite 2010-05-20 17:06:53 -07:00
Tom Eastep
4264524448 Bump Version to 4.4.10-Beta2 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-20 14:13:38 -07:00
Tom Eastep
2a870088d8 Remove 'close' from CLI programs 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-20 14:09:40 -07:00
Tom Eastep
182f433772 Add note about supported distributions to release notes. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-20 06:32:34 -07:00
Tom Eastep
50dc02da07 Implement the 'REQUIRE_INTERFACE' option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-19 07:32:02 -07:00
Tom Eastep
06a17c8973 Adjust manpage specifications in spec file 2010-05-18 20:59:24 -07:00
Tom Eastep
4e748f9255 Add Shorewall-init manpage and update release notes. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-18 20:40:03 -07:00
Tom Eastep
4690075ed8 Start firewall on up event for optional interface. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-18 20:29:03 -07:00
Tom Eastep
1eb5e5b081 Fail the install on unknown distros. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-18 15:30:53 -07:00
Tom Eastep
9c5fb89b4c Improve documentation in the release notes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-18 14:55:16 -07:00
Tom Eastep
0c9a0150d2 Document Shorewall-init; delete old auto-stop code 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-18 14:42:39 -07:00
Tom Eastep
5b2affbd01 Changes to make RedHat work with NetworkManager 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-18 13:41:01 -07:00
Tom Eastep
f9d187c288 Correct issues found in Fedora Testing 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-18 10:27:12 -07:00
Tom Eastep
499b0cddaa Log the text from startup errors. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-17 07:02:30 -07:00
Tom Eastep
a534bca914 Fix an existing bug in Shorewall6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-16 19:28:49 -07:00
Tom Eastep
a501222194 Fix some bugs in the Shorewall-init implementation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-16 17:41:09 -07:00
Tom Eastep
4f428d8135 De-implement 'close' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-16 15:31:41 -07:00
Tom Eastep
749d6be64e Add 'optional' interfaces to updown processing. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-15 17:06:00 -07:00
Tom Eastep
a3589dc6e9 Implement the 'up' and 'down' script commands 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-15 12:48:04 -07:00
Tom Eastep
ff388ca5c4 Detect the 'closed' state in the status command 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-15 12:46:47 -07:00
Tom Eastep
88188202cc Add 'wait' interface option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-15 09:52:46 -07:00
Tom Eastep
16e451a7d8 Add 'required' interface option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-15 09:04:32 -07:00
Tom Eastep
a2758421ed Bump version to 4.4.10-Beta1 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-13 17:03:14 -07:00
Tom Eastep
529f9a07b4 Update Rules.pm version to 4.4.10 2010-05-13 16:39:52 -07:00
Tom Eastep
a04d8126e1 Finish implementing 'close' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-13 16:39:01 -07:00
Tom Eastep
1d0b8b1cec Correct syntax error in generated code 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-13 16:32:42 -07:00
Tom Eastep
449ca038ba Implement 'close' command 2010-05-13 16:29:25 -07:00
Tom Eastep
74c515016e Add back stuff merged earlier: 2010-05-08 16:32:03 -07:00
Tom Eastep
679ad6cf04 Allow OS X to be an Administrative System 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-06 09:07:16 -07:00
Tom Eastep
65a5d34276 Update Module Versions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-03 12:46:29 -07:00
Tom Eastep
96bef5bd49 Assume 'routeback' in routestopped based on interface config. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-03 12:31:11 -07:00
Tom Eastep
fca404eeaf Update version to 4.4.9 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-03 10:02:02 -07:00
Tom Eastep
c7848be266 Back out the rest of the original change for dup / -[psiod] 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-03 09:59:25 -07:00
Tom Eastep
70c6a2cdf3 Update version to 4.4.9-RC2 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-02 07:25:50 -07:00
Tom Eastep
7d2df848c9 Tighten up the new mDNS rule 2010-05-01 12:13:02 -07:00
Tom Eastep
9bcd9fd12b Allow for mDNS multicast responses 2010-05-01 12:01:58 -07:00
Tom Eastep
639b3ea57d Simplify checking for /! -[piosd] / 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-01 09:13:16 -07:00
Tom Eastep
311372013d More fixes to optimization 
Only disallow / ! -[piosd] / if the target is a chain

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-01 08:58:41 -07:00
Tom Eastep
518416ec2e Add a comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-01 08:08:39 -07:00
Tom Eastep
94c6b37e8e Avoid leaving an orphan '!' behind. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-01 07:51:24 -07:00
Tom Eastep
219b2e0761 A more comprehensive solution to multiple -[piosd] matches. 
- eliminate duplicate -[piosd] matches in merged rules
- avoid tracing !* unconditionally

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-01 07:26:25 -07:00
Tom Eastep
16161d9cfc Add new trace types. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-05-01 06:43:09 -07:00
Tom Eastep
1173518d78 More minor cleanup of first code 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-30 07:22:09 -07:00
Tom Eastep
2864841a9e Correct release notes 
update version to RC1
correct typo

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-29 11:21:31 -07:00
Tom Eastep
076da4bd5c Couple of tweaks to my earliest code 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-29 11:19:50 -07:00
Tom Eastep
a997d6507d Update release notes with more common example of failure. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-28 08:09:10 -07:00
Tom Eastep
039668b333 Update release notes to reflect reality. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-28 06:57:45 -07:00
Tom Eastep
2c1cede54e Revise addressless bridge change 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-27 15:23:38 -07:00
Tom Eastep
d8b0f496df Allow simple configuration of a bridge with no IP address 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-27 12:26:58 -07:00
Tom Eastep
988f7c4d7e More fixes for bad NAT optimization 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-26 16:50:18 -07:00
Tom Eastep
f49848bd5b Document rare optimization fix. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-26 16:32:53 -07:00
Tom Eastep
0e4698d57c Fix rare optimization bug 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-26 16:19:58 -07:00
Tom Eastep
6d61e962eb Use -m conntrack if available in place of -m state 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-25 13:35:41 -07:00
Tom Eastep
21e0c68ef2 Bump version to 4.4.9 RC1 2010-04-25 09:37:17 -07:00
Tom Eastep
fb2ddcee7b Bump Version to 4.4.9 Beta 5 2010-04-24 21:53:12 -07:00
Tom Eastep
6053352f8c A better fix for find_first_interface_address() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-23 20:06:45 -07:00
Tom Eastep
2cb3bac946 Document fix for find_first_interface_address() 2010-04-23 12:18:51 -07:00
Tom Eastep
232fc21fe2 Allow find_first_interface_address[_if_any] to work properly in the params file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-23 11:54:36 -07:00
Tom Eastep
b821bdcdfd One more pass at improving regex's for target isolation and matching 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-22 14:45:34 -07:00
Tom Eastep
64bf772594 Set OUTPUT policy to ACCEPT when optimize_chain deletes all of its rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-22 13:38:38 -07:00
Tom Eastep
b0b39cfc39 Document optimization level 2 fix. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-22 11:55:13 -07:00
Tom Eastep
fb754b3a2e Don't remove a lone ACCEPT rule from the OUTPUT chain 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-22 11:35:14 -07:00
Tom Eastep
0dde75d345 Fix install scripts (again) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-19 13:08:03 -07:00
Tom Eastep
a0abb11f67 Extend 'show log <ipaddr>' to search for a regular expression. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-19 13:02:21 -07:00
Tom Eastep
8c09f21e5d Implement 'show log <token>' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-19 10:20:28 -07:00
Tom Eastep
a1a78cf09b Abandon the fantesy that multiple optimize 8 passes will achieve anything. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-16 17:12:08 -07:00
Tom Eastep
938cfd7ba4 Don't create fw-><bport> chains and rules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-16 12:29:51 -07:00
Tom Eastep
c52a3dcd14 Don't generate policy chains for fw to bridgeport zones. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-16 09:56:11 -07:00
Tom Eastep
1030c852f9 Simplify a test 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-16 09:21:30 -07:00
Tom Eastep
e7a4aaafc1 Modify optimization 8 loop to continue until no chains are combined. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-16 09:17:57 -07:00
Tom Eastep
8e1284f74c Document OPTIMIZE=15 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-16 09:17:12 -07:00
Tom Eastep
4f00de0c57 Make additional optimize 8 passes. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-16 08:42:25 -07:00
Tom Eastep
21b44ac42b Change version to 4.4.9-Beta4 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-16 07:25:53 -07:00
Tom Eastep
82d6ba511f Unify the REs that look for '-[jg] <chain>' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-15 18:02:31 -07:00
Tom Eastep
cec59360f6 Use '-j' rather than '-g' when jumping to tcpre, just to be safe 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-15 14:14:13 -07:00
Tom Eastep
46d207a86f Restore original amount of whitespace in maclist rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-15 14:13:37 -07:00
Tom Eastep
e9a94b0cfb Unify reference count adjustment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-15 14:12:48 -07:00
Tom Eastep
cf59d9ec68 Fix an optimize 8 bug. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-15 12:45:00 -07:00
Tom Eastep
dde540c42d Update release notes for optimize 4 problems. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-15 12:44:37 -07:00
Tom Eastep
c1bcf360ee Fix another 'add_rule' that should have been an 'add_jump' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-15 09:59:57 -07:00
Tom Eastep
f7e48a94da Fix install scripts. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-15 09:39:21 -07:00
Tom Eastep
96d69bd8c3 Centralize message generation; optimize optimization-8 loop 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-15 09:29:37 -07:00
Tom Eastep
9ad5ee1818 Add correct release id. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-15 07:25:35 -07:00
Tom Eastep
aeb90969f7 Optimize 8 Documentation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-14 17:12:25 -07:00
Tom Eastep
cff6f0010f Remove chain name after '-A' (again). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-14 17:05:03 -07:00
Tom Eastep
f8bacb54ef Optimize 8 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-14 13:21:10 -07:00
Tom Eastep
4137961169 Speed up the replace_references* functions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-11 09:00:24 -07:00
Tom Eastep
715ea9ef32 Speed up delete_jumps() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-11 08:38:14 -07:00
Tom Eastep
91a711b34f Document startup log fix. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-10 11:54:54 -07:00
Tom Eastep
4365b83b15 Rationalize init logs 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-10 11:46:50 -07:00
Tom Eastep
76b9ef7005 Use unshift rather than splice for readability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-10 09:25:29 -07:00
Tom Eastep
2e443df8e3 Adjust references in move_rules() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-04-10 09:09:46 -07:00