Commit Graph

2120 Commits

Author SHA1 Message Date
teastep
dca0b27564 Fix errors and omissions in shorewall.spec
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2413 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-26 14:09:57 +00:00
teastep
f442002d3b Fix errors and omissions in shorewall.spec
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2412 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-26 14:09:57 +00:00
teastep
2a3353ebe7 Fix errors and omissions in shorewall.spec
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2411 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-26 14:05:23 +00:00
teastep
82e50a632f Fix errors and omissions in shorewall.spec
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2410 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-26 14:02:50 +00:00
teastep
b66929a65e Large merge of function from EXPERIMENTAL to HEAD.
1) Elimination of the "shorewall monitor" command.

2) The /etc/shorewall/ipsec and /etc/shorewall/zones file are combined into
a single /etc/shorewall/zones file. This is done in an upwardly-compatible
way so that current users can continue to use their existing files.

3) Support has been added for the arp_ignore interface option.

4) DROPINVALID has been removed from shorewall.conf. Behavior is as if
DROPINVALID=No was specified.

5) The 'nobogons' option and BOGON_LOG_LEVEL are removed.

6) Error and warning messages have been made easier to spot by using
capitalization (e.g., ERROR: and WARNING:).

7) The /etc/shorewall/policy file now contains a new connection policy and a
policy for ESTABLISHED packets. Useful for users of snort-inline who want to
pass all packets to the QUEUE target.

8) A new 'critical' option has been added to /etc/shorewall/routestopped.
Shorewall insures communication between the firewall and 'critical' hosts
throughout start, restart, stop and clear. Useful for diskless firewall's
with NFS-mounted file systems, LDAP servers, Crossbow, etc.

9) Macros. Macros are very similar to actions but are easier to use, allow
parameter substitution and are more efficient. Almost all of the standard
actions have been converted to macros in the EXPERIMENTAL branch.

10) The default value of ADD_IP_ALIASES in shorewall.conf is changed to No.

11) If you have 'make' installed on your firewall, then when you use
the '-f' option to 'shorewall start' (as happens when you reboot),
if your /etc/shorewall/ directory contains files that were modified
after Shorewall was last restarted then Shorewall is started using
the config files rather than using the saved configuration.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2409 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-25 23:08:09 +00:00
teastep
0d56188e7a Add warning about function use in the 'started' extension script
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2404 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-24 23:44:19 +00:00
teastep
89eaf99906 Pretty up the output of 'show actions'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2403 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-24 16:49:02 +00:00
teastep
aaecd53a29 Add 'shorewall show actions command'
Make it possible for the 'stopped' extension script to save commands in
the 'restore-tail' file by calling 'run_and_save_command' and
'save_command'


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2401 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-24 16:27:21 +00:00
paulgear
d8a471e7b9 Cleaned up additional rules from Debian package. Got rid of versions
and paths in the header comments, since they're just as likely to be
wrong as not.  Changed all service names to port numbers.  eDonkey is a
big one - i wonder whether it isn't too variable for us to consider
providing a default rule.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2395 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-23 03:09:06 +00:00
paulgear
b6649720cb Adding extra actions provided by Debian package
Do not use yet - these need cleaning


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2394 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-22 23:04:36 +00:00
paulgear
cf1e462278 Adding fixed version of recent patches by Cristian & Tom
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2393 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-22 22:43:08 +00:00
teastep
f3ea3c7edb Avoid annoying 'ipset:not found' message
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2392 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-22 22:24:28 +00:00
teastep
fbabd7d6ef Obviate the need for 'loose'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2389 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-21 19:48:33 +00:00
teastep
9e6161cf9d Announce Shorewall 2.4.2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2386 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-21 16:23:08 +00:00
paulgear
d7f9a22d77 How long have these names been hanging around? :-)
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2381 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-20 03:36:31 +00:00
teastep
8e93d3b6ec Some documentation updates
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2380 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-20 03:18:23 +00:00
teastep
ca8e5631d3 Make \!<address> work in the SUBNET column of the masq file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2374 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-20 01:10:28 +00:00
teastep
b0e6e3a893 Given the large number of people shooting themselves in the foot with
poorly-written one-to-one NAT rules, I'm changing the shorewall.conf
file to set ADD_IP_ALIASES=No in shorewall.conf. Hopefully, this will
reduce the amount of whining about routing table modification during
"shorewall [re]start".


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2372 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-19 18:41:05 +00:00
teastep
687704eff2 Add 'loose' provider option; add COPY column to providers file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2370 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 22:40:26 +00:00
judas_iscariote
a6e682a872 add Arch Linux package...thanks JMCg..
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2369 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 21:10:21 +00:00
paulgear
c4bfded36e Hmmm... Looks like i broke the main web site with that - need to be even more specific
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2368 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 10:31:18 +00:00
paulgear
a21550d18f This makes publish work in a group-writable environment (now that we
have multiple people maintaining things).  I hope you weren't depending
on the output from this script!  If you were, feel free to revert it or
hack it further.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2367 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 10:07:49 +00:00
paulgear
3b6aff596f Make the script work outside of shorewall.net
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2366 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 09:54:30 +00:00
paulgear
fdf37a9d09 Fix another typo in my security announcement.
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2365 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 09:50:18 +00:00
teastep
3b6961aced Correct link in MACLIST vulnerability notice
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2364 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 03:28:25 +00:00
paulgear
09aafa7575 Announcement about MACLIST security vulnerability
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2363 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 03:14:27 +00:00
teastep
1b01026e2d Fix for 2.0 MACLIST_DISPOSITION vulnerability
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2362 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 02:25:58 +00:00
teastep
318e204358 Re-implement MACLIST_TTL
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2358 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 22:08:15 +00:00
teastep
c6e3e84352 Disable MACLIST_TTL
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2356 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 16:52:21 +00:00
paulgear
7c0e2c8f77 More disabling until i can get a clean build
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2355 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 11:37:05 +00:00
paulgear
5c01c1e6cd Disabling the Debian-specific stuff until i can get a clean build
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2354 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 06:25:21 +00:00
teastep
b9c0bb72d1 Add link to 'Tom's Involvement' email
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2353 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-16 15:13:42 +00:00
paulgear
9348d90b3e Correct lintian errors:
E: shorewall: no-template-description shorewall/upgrade_to_14
E: shorewall: unknown-field-in-templates _description
...


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2352 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-16 12:25:14 +00:00
paulgear
44e97f75bb That did not work
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2351 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-16 12:18:32 +00:00
paulgear
794c7919a0 Disabled until i get the autobuild worked out
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2350 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-16 12:17:10 +00:00
paulgear
7ac72d4bb3 Slightly modified versions of Lorenzo's Debian control files for autobuild from CVS
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2349 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-16 11:36:42 +00:00
teastep
1b5ac5c7d3 Make /sbin/shorewall issue a warning whenever startup is disabled
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2348 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-15 20:50:01 +00:00
teastep
57b23fc2ba Update hosts file comments to describe use of ipsets
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2340 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-14 16:31:55 +00:00
teastep
3492acc2e1 Correct a couple of typos in the News article on 2.4.1
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2339 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-14 13:55:55 +00:00
teastep
b25b90455a Shorewall 2.4.1 update to web site
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2338 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-14 13:48:59 +00:00
paulgear
7d89d6e17e Spelling correction
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2332 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-13 20:27:32 +00:00
teastep
379b58f628 A better patch to avoid blocking DHCP broadcasts during MAC verification
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2330 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-13 15:26:51 +00:00
teastep
ef9d22b647 Avoid blocking DHCP broadcasts during MAC verification
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2327 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-13 14:29:52 +00:00
teastep
d050552a36 Make TCPFLAGS_LOG_LEVEL=ULOG work with iptables-1.3.2.
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2322 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-12 00:42:08 +00:00
teastep
3c990eca5f Warn that /etc/shorewall/routes may be removed in a future release
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2321 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-11 22:00:08 +00:00
teastep
a7ef153f4e Update 'makeshorewall' so that it uses the EXPERIMENTAL branch when the
release name ends in 'ex'.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2319 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-11 14:27:09 +00:00
teastep
7d924c3b82 A couple of little buglets. 1) detect duplicate tracked interface in providers file; 2) don't permit destination interface in PREROUTING marking rule
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2315 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 23:23:45 +00:00
teastep
d11dc2b58a Apply Cristian's patch for default route after reboot
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2305 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 20:12:49 +00:00
paulgear
750b7c7192 Correct version number in tag
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2293 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 08:20:25 +00:00
paulgear
5a62cce275 Change build script to reflect new CVS structure
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2292 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 08:07:40 +00:00