Commit Graph

258 Commits

Author SHA1 Message Date
Tom Eastep
6b5889177b
Correct startup_error() inadvertent change
- Switch ensure_root() back to calling startup_error()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-30 09:24:21 -08:00
Tom Eastep
d8a22d13dd
Allow non-root to run many 'show' commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-28 10:49:09 -08:00
Tom Eastep
c907748b52
Correct typo in 'dump'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-11-30 14:31:33 -08:00
Tom Eastep
f1975ae9b0
More robust detection of empty SPD entries.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-10-15 08:26:27 -07:00
Tom Eastep
7b9f7c095d
Don't dump SPD entries for the other address family
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-10-14 13:39:00 -07:00
Tom Eastep
108b169d8d
Treat LOG_TARGET like all other capabilities
- Previous implementation could generate unworkable script when
  LOAD_HELPERS_ONLY=Yes

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-10-06 08:01:52 -07:00
Tom Eastep
a9fbaa57ed
Pass -$g_family to 'ip xfrm' commands
- This currently doesn't work correctly, but maybe it will in the future

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-10-06 08:00:29 -07:00
Tom Eastep
317f12041b
Strengthen the test for empty SPD entries
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-09-30 15:43:17 -07:00
Tom Eastep
ef1353790e
Correct VLSM editing in the 'ipcalc' command.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-09-12 10:53:41 -07:00
Tom Eastep
7e3521e221
RESTORE_WAIT_OPTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-08-13 18:56:40 -07:00
Tom Eastep
b4a06e9656
NFLOG_SIZE capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-06-25 13:44:26 -07:00
Tom Eastep
d4c016d9c5
'reload' documentation corrections
- Add command synopsis to the manpage
- Correct command synopsis in help output

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-09 12:50:30 -08:00
Tom Eastep
6966270822
Allow 'show action' on buitin actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-19 13:43:23 -08:00
Tom Eastep
4c97c58981
Apply Tuomo's fix for CLI run with no command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 10:25:20 -08:00
Tom Eastep
d111e4f186
Handle built-in actions in 'show action'
- Remove a couple of non-actions from IPv4 actions.std

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-22 15:40:36 -08:00
Tom Eastep
4a01e910ff
Delete unused iptablesbug() function
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-21 14:42:24 -08:00
Tom Eastep
2a010f827b
Add 'show action' command.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-19 15:58:18 -08:00
Tom Eastep
b36b07b567
Correct 'show macros'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-12 08:35:03 -08:00
Tom Eastep
0b3d1b1d36
Revert code that assumed no CLI symlinks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-04 17:12:20 -08:00
Tom Eastep
5174fe0161
Avoid echo options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-28 11:09:08 -08:00
Tom Eastep
638c7c5bca
Implement NETMAP_TARGET capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-27 08:26:51 -08:00
Tom Eastep
c4bbb46e3f
Eliminate rawpost table support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-26 14:20:08 -08:00
Tom Eastep
1b97783c23
Implement 'show ipsec'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-23 10:01:40 -08:00
Tom Eastep
1a95db73e9
Revert idiotic change to lib.cli
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-20 08:39:26 -08:00
Tom Eastep
089ff4eb33
Establish default product based on $0
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-18 11:18:07 -08:00
Tom Eastep
7ce5c31c68
Use 'ip -s xfrm' to dump the SPD and SAD
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-17 14:43:16 -08:00
Tom Eastep
eea9882953
Implement CPU Fanout for NFQUEUE.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-09 10:46:39 -08:00
Tom Eastep
4a410c7b4c
Correct 'restore' exit status
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-02 09:32:00 -08:00
Tom Eastep
38c9165c39
More shorewall(8) documentation updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-21 13:57:06 -08:00
Tom Eastep
bd2df4836d
Break lib.base into two libraries
- Allows separation of default product determination and
  establishment of the product environment

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-21 13:25:57 -08:00
Tom Eastep
875c352473
Unify the CLI
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-21 10:00:55 -08:00
Tom Eastep
de553e7b18
Add the -l option
- Update shorewall(8)

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-20 09:16:16 -08:00
Tom Eastep
36517cdb1e
Rename setup_environment to setup_product_environment
- Default to first detected product
- Verify that specified product is installed

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-20 08:48:18 -08:00
Tom Eastep
8b99fe20b5
Pave the way for unifying the CLI
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-19 21:17:35 -08:00
Tom Eastep
137b051e52
Centralize setting of product-dependent g_* variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-19 17:17:03 -08:00
Tom Eastep
9eb390403b
Implement -p option to disable PAGER
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-17 10:58:10 -08:00
Tom Eastep
ab9f340c55
use $PAGER in the 'show macro' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-17 10:57:39 -08:00
Tom Eastep
cecfe54ef6
Avoid shell errors when /proc/net/xt_recent/ is empty.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-03 21:29:01 -07:00
Tom Eastep
5b26f1939b
Correct 'sed' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-22 09:56:59 -07:00
Tom Eastep
49fae96b09
Update the manpages for 'blacklist' verbosity
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-10 19:45:42 -07:00
Tom Eastep
b3e59322b6
Clean up the output of 'blacklist'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-10 13:26:01 -07:00
Tom Eastep
eb6ae5e186
Correct handling of DYNAMIC_BLACKLIST options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 16:56:29 -07:00
Tom Eastep
ca7ca4bdfe
Add a 'timeout' option to DYNAMIC_BLACKLIST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 12:56:47 -07:00
Tom Eastep
c19e732e42
Correct typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-04 10:00:00 -07:00
Tom Eastep
8d731c81e4
Add 'disconnect' option to ipset-based dynamic blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-04 09:09:45 -07:00
Tom Eastep
1b032f7524
Correct permissions of files created by the 'save' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-01 13:49:35 -07:00
Tom Eastep
e81a4788c6
Implement DEFAULT_PAGER in shorewallrc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-21 10:20:48 -07:00
Tom Eastep
4a6338d857
Correct/complete Scott Sumate's LOGFILE enhancement
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-15 14:25:02 -07:00
Scott Shumate
55ee0113ea Added support for systemd logging by configuring LOGFILE=systemd 2016-07-15 13:40:23 -05:00
Tom Eastep
56b6db1a3d
Make the allow command work with both ipset and chain dynamic blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-14 13:42:20 -07:00