Tom Eastep
5e190f4e4e
Implement '_i' equivalents of all do_ functions.
...
Also implements handling of long port lists in new-format rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-22 06:22:52 -07:00
Tom Eastep
0791ea6698
Make 'KLUDGEFREE' a global to make it faster to test.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-21 12:57:20 -07:00
Tom Eastep
4eeb233d95
A little reorg to prepare for moving long port list remediation to the new chain structure.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-20 18:52:20 -07:00
Tom Eastep
705ffbca49
Fix for LOGMARK(<list>)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-20 17:33:31 -07:00
Tom Eastep
a7ab53e135
Trap '!' in port columns.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-20 15:55:18 -07:00
Tom Eastep
32a8b254a0
Some optimizations in the new rule infrastructure
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-20 15:53:00 -07:00
Tom Eastep
ca655a6f52
Use add_ijump for all jump 'irules'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-20 07:30:49 -07:00
Tom Eastep
12b5aa687b
More conversion to new rule interface
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-19 11:58:10 -07:00
Tom Eastep
f8be76f471
Make LOGMARK work without a parameter.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-19 11:57:12 -07:00
Tom Eastep
8b56e16bf9
Fix LOGMARK
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-19 06:54:41 -07:00
Tom Eastep
58de3dd3c1
Fix :persistent and :random in /etc/shorewall/masq
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-18 15:35:07 -07:00
Tom Eastep
346df62cc6
Support long-form iptables options.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-18 13:47:52 -07:00
Tom Eastep
796f3b6668
Correct cmdlevel settings in irules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-18 10:05:39 -07:00
Tom Eastep
1e89074bf8
Correct tracing of nested rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-18 09:46:41 -07:00
Tom Eastep
a80b04bd74
Correct formatting of empty arguments to add_commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-18 09:45:59 -07:00
Tom Eastep
bfd69c33c7
Correctly format empty arguments to add_commands()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-18 09:19:52 -07:00
Tom Eastep
043fb8757c
Convert Rules.pm infrastructure to use the new rule interface
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-18 08:29:42 -07:00
Tom Eastep
7aa7cd54c2
Convert Providers.pm to use the new rules interface.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-18 07:43:25 -07:00
Tom Eastep
3c60f107b7
Convert generate_matrix() to use the new rules interface
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-18 07:24:21 -07:00
Tom Eastep
2efa2796d3
More new rule interface calls in the Misc module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-17 15:12:58 -07:00
Tom Eastep
b2305ca9cf
Convert Tunnels file to use irules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-17 11:33:01 -07:00
Tom Eastep
a211f8fd0f
Infrastructure for new rule interface
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-17 10:37:15 -07:00
Tom Eastep
f3f535abac
POC of new rule interface
...
Also removed FAKE_AUDIT option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-17 08:35:09 -07:00
Tom Eastep
950c32d46b
Convert add_commands() calls to the equivalent add_rule() calls.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-16 16:31:29 -07:00
Tom Eastep
03913019d8
Mark DHCP rules for the convenience of move_rules().
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-16 15:34:57 -07:00
Tom Eastep
27621fa0f9
Impose some structure on setting rule options
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-16 14:46:34 -07:00
Tom Eastep
0f742187ae
Implement intermediate rule representation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-16 09:41:53 -07:00
Tom Eastep
d1b8d7b953
Make perl modules version-neutral
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-10 15:10:27 -07:00
Tom Eastep
11c580de54
Fix exclusion in IPv6 hosts file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 17:27:09 -07:00
Tom Eastep
e21ff03339
Fix ipsets in IPv6 hosts file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 16:17:35 -07:00
Tom Eastep
fbeddca6a4
Another IPv6 ipset issue (z:!+set in the DEST column)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 15:40:18 -07:00
Tom Eastep
a998476d00
Correct Accounting module version
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 07:08:47 -07:00
Tom Eastep
6c802d3353
Tighten up source and dest checking in expand_rule()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 07:08:39 -07:00
Tom Eastep
1f30976790
Correct change that tightened editing of IPv6 addresses
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 18:34:33 -07:00
Tom Eastep
22f1d1ba89
Another fix for IPv6 and IPSETs
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 16:31:35 -07:00
Tom Eastep
a8daff0008
Correct handling of <interface>:+<ipset> in Shorewall6.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 15:57:08 -07:00
Tom Eastep
7fa59706c5
Correct TPROXY/IPv6 address fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-07 14:50:44 -07:00
Tom Eastep
3f903fe3f1
Allow IPv6 Address as the third argument to TPROXY
...
- also update the manpages to describe TPROXY
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-07 06:43:16 -07:00
Tom Eastep
e1d8d71348
Version to 4.4.22 Beta 1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-04 09:36:54 -07:00
Tom Eastep
6be8c08673
Create action chain without leading % when possible
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-04 07:48:52 -07:00
Tom Eastep
1536ff4b92
Corrections to dropBcast/allowBcast
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 15:58:19 -07:00
Tom Eastep
24deabb03f
Merge branch '4.4.21'
2011-07-03 08:48:27 -07:00
Tom Eastep
9691a8ceb3
Don't collapse '-' and '--' in @actparms
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 08:47:53 -07:00
Tom Eastep
029ac610fe
Merge branch '4.4.21'
2011-07-03 07:23:09 -07:00
Tom Eastep
d31e2d67ba
DEFAULTS directive enforces max number of parameters
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 07:22:29 -07:00
Tom Eastep
62c62441bb
Eliminate duplicate function definitions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 07:04:52 -07:00
Tom Eastep
d99090978d
Merge branch '4.4.21'
2011-07-03 06:40:08 -07:00
Tom Eastep
5b06e88b3d
Push/Pop comment during action processing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 06:37:41 -07:00
Tom Eastep
7e3f97c154
Prepare for more parameterized actions
...
- Export add_commands, incr_cmd_level and decr_cmd_level by default
- Move ensure_audit_chain and require_audit from Rules.pm to Chains.pm
- Add get_action_logging() function
- Export require_capability and have_capability by default
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 06:22:51 -07:00
Tom Eastep
ad71faacaa
Correct push_action_params()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-02 17:02:39 -07:00
Tom Eastep
42aa3724af
Trace system calls when debugging
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-02 08:37:57 -07:00
Tom Eastep
4ea8a65cd9
Trace system calls when debugging
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-02 08:27:17 -07:00
Tom Eastep
afa5ea3fd2
Minor tweaks to Config.pm
...
- Look for unprintable gunk in lines processed by split_line1()
- Modify a comment
- replace awkward close/assert statement
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-02 08:10:43 -07:00
Tom Eastep
bd9bf3d43a
Rename & export get_actionchain() -> get_action_chain()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-02 07:02:18 -07:00
Tom Eastep
c309ca3075
Revert "Simplify push_action_params()"
...
This reverts commit 89ee25dde2
.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-01 16:23:39 -07:00
Tom Eastep
8ab45b4de3
Save current action chain along with params. Add get_action_chain()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-01 16:21:36 -07:00
Tom Eastep
89ee25dde2
Simplify push_action_params()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-01 15:38:39 -07:00
Tom Eastep
ea22d79aeb
Update the version of Providers.pm
2011-06-30 18:40:48 -07:00
Tom Eastep
6ff02dbaa3
Make 'fallback' and 'balance' mutually exclusive
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-30 10:00:01 -07:00
Tom Eastep
f09d286738
Correct script generation problem with TPROXY
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-29 20:05:27 -07:00
Tom Eastep
cbeebb6bf8
Bump version to 4.4.21.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-29 11:36:04 -07:00
Tom Eastep
ea038bcecb
Correct regular expression in process_shorewall_conf()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-28 06:42:41 -07:00
Tom Eastep
05103bacd0
Don't expand single-quoted .conf option values
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-26 07:45:09 -07:00
Tom Eastep
0b431aa8c1
Minor tweaks to Config.pm
...
- Add/revise comments
- Rename $line -> $lineref in expand_variables()
- Collapse 3 lines into one in process_shorewall_conf()
2011-06-26 06:50:22 -07:00
Tom Eastep
7507c81882
Remove some whitespace
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-25 21:55:49 -07:00
Tom Eastep
9f37f09b28
Clean up variable expansion:
...
1) Centralize code in function expand_variables()
2) Eliminate %rawconfig
3) Correct logic in update_config_file() - the defect was not observable
but the code was clearly silly
2011-06-25 21:08:32 -07:00
Tom Eastep
47c759d93c
Convert %actparms to an array
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-25 11:39:13 -07:00
Tom Eastep
5740b69dc6
Fix another empty parameter list issue
2011-06-25 09:46:58 -07:00
Tom Eastep
19c1f388a7
Modify Debian test in update
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-24 15:01:25 -07:00
Tom Eastep
fb2085b0c3
Support 'update' on Debian
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-24 13:40:32 -07:00
Tom Eastep
ca9276fd7e
Add quotes on deprecated and obsolete options if appropriate
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-24 11:47:34 -07:00
Tom Eastep
129d1739d1
Cosmetic changes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-24 07:58:46 -07:00
Tom Eastep
7583a5c7a3
Use updated values in configuration verification
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-24 07:22:41 -07:00
Tom Eastep
11b847f3a4
Correct spelling in an error message (FOREWARD -> FORWARD)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-24 06:22:16 -07:00
Tom Eastep
6f68ed5508
Initiate 4.4.21 RC 1
2011-06-23 16:23:52 -07:00
Tom Eastep
ba9a0016a8
Move update_config_file() to before process_shorewall_conf()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-23 06:37:21 -07:00
Tom Eastep
de7d95e7ff
Rename 'ipset v4' -> 'ipset v5'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-23 06:36:35 -07:00
Tom Eastep
04d551d8ca
Detect ipset V4 and use its syntax
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-22 16:43:42 -07:00
Tom Eastep
7ef7490cd6
Change the compiler's default for LEGACY_FASTSTART
...
- No visible effect since the compiler doesn't use this option
2011-06-22 13:56:17 -07:00
Tom Eastep
1b3d7947b8
Update the .conf file before validating ('update' command)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-22 12:31:58 -07:00
Tom Eastep
ba7d5fd720
Avoid two-stage processing of shorewall.conf when not updating.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-22 10:56:25 -07:00
Tom Eastep
106ba52362
Change signature of get_action_params
...
- Accepts a number of parameters rather than a list
- Change action.Drop and action.Reject accordingly
- Define correct number of parameter variables in action.Drop and action.Reject
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-22 08:27:01 -07:00
Tom Eastep
62a75cb98d
Fix parameterization of standard default actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-22 07:51:42 -07:00
Tom Eastep
b43bee2c62
Streamline PERL in action.Drop and action.Reject
...
- Rename read_action_param => get_action_params
- Allow it to accept a list of indexes and to return a list
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-22 06:53:15 -07:00
Tom Eastep
bbf853bd1d
Cleaner handling of DEFAULTS in a non-action context
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-22 06:11:20 -07:00
Tom Eastep
ece598288f
Disallow DEFAULTS in the rules file
2011-06-21 21:00:08 -07:00
Tom Eastep
d51ca478bd
Reverse one hunk from empty-parameter fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-21 11:45:32 -07:00
Tom Eastep
063e21e69f
Allow an empty parameter list in an action (e.g., "Action()")
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 19:45:01 -07:00
Tom Eastep
71d88b93a0
Make IPv6 Dynamic Zone set names unique
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 17:22:34 -07:00
Tom Eastep
39e74911d8
Improve generated code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 14:34:26 -07:00
Tom Eastep
44cbfd8f27
Correct defects found while unit testing IPv6 Dynamic Zones
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 13:33:25 -07:00
Tom Eastep
119d38c92b
Enable dynamic zones for IPv6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 10:41:29 -07:00
Tom Eastep
785de281b5
More IPv6 ipset fixes
...
- use 'family inet6' rather than 'family ipv6'
- Correct one more case of 'iphash' vs 'hash:ip family inet6'
- Encapsulate ipset -N into an 'ensure_ipset()' function
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 07:43:32 -07:00
Tom Eastep
4c2f12e645
Some whitespace changes
2011-06-19 19:08:32 -07:00
Tom Eastep
e4bcc12301
Use 'here documents' rather than single quotes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 18:33:10 -07:00
Tom Eastep
2097d0f4a0
Accomodate new syntax of ipset saved commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 14:06:42 -07:00
Tom Eastep
46d64e39d1
Use correct syntax to create IPv6 ipsets.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 14:04:53 -07:00
Tom Eastep
be6b08f835
Be sure to detect IPSET_MATCH before OLD_IPSET_MATCH.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 13:29:10 -07:00
Tom Eastep
7753f798b0
Bump Version to Beta 3
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 10:09:53 -07:00
Tom Eastep
c264aaae6b
Update module versions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 07:41:26 -07:00
Tom Eastep
4916610033
Rename upgrade => update
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 07:14:27 -07:00
Tom Eastep
55242d1ed6
Add a few comments
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 16:55:00 -07:00
Tom Eastep
d66c7d478e
Eliminate expansion of shell variables in the upgraded config file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 16:33:41 -07:00
Tom Eastep
380443f26d
Eliminate %defaults
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 15:44:07 -07:00
Tom Eastep
faeb2da2ba
Corrections to Defaults
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 15:38:08 -07:00
Tom Eastep
f93ac02bfc
Provide default values for added entries
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 14:50:07 -07:00
Tom Eastep
96f6dc3558
More defined => supplied changes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 13:08:26 -07:00
Tom Eastep
6f2cc31dde
Implement .conf file upgrade
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 13:03:55 -07:00
Tom Eastep
d23f932ebe
Don't generate INPUT hairpin rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 06:21:36 -07:00
Tom Eastep
f9ee8c494d
Exempt wildcard interfaces from sfilter
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-14 06:45:22 -07:00
Tom Eastep
9aedd407cc
Quell compiler warnings from Perl 5.14.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-13 06:40:03 -07:00
Tom Eastep
9ab901927f
Use supplied() where appropriate
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 16:14:31 -07:00
Tom Eastep
774aac1228
Add a supplied() function
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 15:40:55 -07:00
Tom Eastep
a60fe6e665
Allow parameters to be specified to Default Actions in the policy file
...
and in shorewall.conf.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 14:58:54 -07:00
Tom Eastep
3dd363677c
Implement set_action_param
...
Export both set_action_params and read_action_param by default
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 08:33:21 -07:00
Tom Eastep
8b6a7a7053
Implement read_action_param()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 07:49:57 -07:00
Tom Eastep
f278d05637
Rename action param functions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 07:46:54 -07:00
Tom Eastep
2549982528
Fix DEFAULTS
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 07:23:41 -07:00
Tom Eastep
6e6be468a9
Support for DEFAULT statements in actions
2011-06-10 17:05:09 -07:00
Tom Eastep
32c7d36cd0
Make zones with multiple interfaces complex
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-10 15:37:26 -07:00
Tom Eastep
dbd30f981c
Set the interface routeback option if there are any IP host groups with 'routeback'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-10 15:37:09 -07:00
Tom Eastep
8a7ad569e4
Don't leave unused sfilter chains in the config
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 17:22:48 -07:00
Tom Eastep
3e9a54d404
Couple of tweaks
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 17:22:34 -07:00
Tom Eastep
a0b0c5bdac
Jump (don't go) to sfilter1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 14:24:44 -07:00
Tom Eastep
1399a8ffde
Don't move rules from a chain with references
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 14:24:38 -07:00
Tom Eastep
9555a552c2
Fix FORWARD with ipsec dest
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 14:24:08 -07:00
Tom Eastep
71177c3ca3
Exempt ipsec from sfilter
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 07:27:06 -07:00
Tom Eastep
fa2746d469
Apply sfilter to INPUT as well as FORWARD
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-08 09:40:28 -07:00
Tom Eastep
35d1586672
Correct sfq handle assignment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-07 13:58:45 -07:00
Tom Eastep
a3968beb7e
Add fix inadvertently dropped from 4.4.19.4
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-07 13:57:52 -07:00
Tom Eastep
0e839f3d7b
Initiate 4.4.21
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-07 09:54:35 -07:00
Tom Eastep
9c2c562bf5
Correct autorepeat wart
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-07 06:45:50 -07:00
Tom Eastep
cf0275a049
Make FAKE_AUDIT work again
2011-06-06 16:08:29 -07:00
Tom Eastep
642319d706
Change annotated documentation default
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-06 15:40:21 -07:00
Tom Eastep
cfb3d6a801
Merge branch '4.4.20'
2011-06-06 14:09:26 -07:00
Tom Eastep
6136e986cf
Update version to 4.4.20.1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-06 14:08:25 -07:00
Tom Eastep
aabefe91f1
Merge branch '4.4.20'
2011-06-04 08:46:40 -07:00
Tom Eastep
f1cbfab7ac
More blacklist/audit fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-04 08:45:23 -07:00
Tom Eastep
653a61a04a
Merge branch '4.4.20'
2011-06-04 07:44:24 -07:00
Tom Eastep
a9c0824a30
Correct BLACKLIST_DISPOSITION=A_xxx with BLACKLIST_LOG_LEVEL
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-04 07:44:07 -07:00
Tom Eastep
aa86b65ec3
Merge branch '4.4.20'
2011-06-02 11:44:15 -07:00
Tom Eastep
254e1ed784
Add 'I' STATE to secmarks
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-02 11:43:55 -07:00
Tom Eastep
c3b56c1e73
Merge branch '4.4.20'
2011-06-02 10:07:03 -07:00
Tom Eastep
561d461a25
Add 'NI' STATE setting in secmarks.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-02 10:06:27 -07:00
Tom Eastep
1e883c2fdf
Merge branch '4.4.20'
2011-06-02 06:47:09 -07:00
Tom Eastep
f9c5b8b0d5
Improve some comments
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-02 06:23:37 -07:00
Tom Eastep
36aee407ef
Merge branch '4.4.20'
2011-06-01 13:01:27 -07:00
Tom Eastep
5f08605adc
Delete some cruft
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-01 12:26:05 -07:00
Tom Eastep
243a09783c
Merge branch '4.4.20'
2011-05-31 15:45:09 -07:00
Tom Eastep
7bf74bb8c9
Add new builtin targets to %builtin_target
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-31 15:43:42 -07:00
Tom Eastep
468ff6efab
First cut at IPSET/Dynamic-zone support in Shorewall6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-31 11:23:43 -07:00
Tom Eastep
8df470b5f5
Version to 4.4.20
2011-05-31 09:30:18 -07:00
Tom Eastep
2f6c5fd260
Set 'bridge-nf-call-ip6?tables' if bridges are configured.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-31 06:59:43 -07:00
Tom Eastep
4f296b62ae
Another fix for auditone
2011-05-30 16:37:56 -07:00
Tom Eastep
e6275ba31d
Fix a bug in auditing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 15:28:00 -07:00
Tom Eastep
d89a915f26
Load IPv6 libraries when processing /etc/shorewall6/params
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 13:24:36 -07:00
Tom Eastep
26d08b92c0
Correct use of null value as a hash
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 11:38:49 -07:00
Tom Eastep
b0447b8bd3
Remove another MACLIST defect
2011-05-30 08:49:41 -07:00
Tom Eastep
60d33740f6
Fix MACLIST_DISPOSITION defect introduced earlier in this release
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 07:59:44 -07:00
Tom Eastep
11c209c55f
Restore access to $Shorewall::Rules::family
2011-05-29 17:22:36 -07:00
Tom Eastep
2852cdeb53
Another attempt at the IPMARK fix
2011-05-29 14:42:23 -07:00
Tom Eastep
a71136fd5a
Rework configuration files for Shorewall and Shorewall6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-29 14:34:18 -07:00
Tom Eastep
243e8f1dbe
Fix check for unreferenced 'sfilter' chain
2011-05-28 08:31:36 -07:00
Tom Eastep
a37dbf76dc
Delete 'sfilter' chain if it isn't referenced
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 19:56:54 -07:00
Tom Eastep
1a2c9a08e1
Don't include comment in audit chain rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 19:56:04 -07:00
Tom Eastep
bac640e731
Get changes from 4.5.0 branch
2011-05-27 19:42:09 -07:00
Tom Eastep
586a3537bf
Delete 'sfiter' chain if it doesn't have referenes
2011-05-27 19:38:03 -07:00
Tom Eastep
790c96c90a
Version to RC 1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 09:11:47 -07:00
Tom Eastep
c6e9de65f1
Prevent duplicate 'filter' rules when combining two interface chains
...
into the same zone forwarding chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 06:43:47 -07:00
Tom Eastep
fbfe7b9f93
Don't create 'reject' and AUDIT' in the 'stopped' case.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-26 14:11:36 -07:00
Tom Eastep
0287d96aa2
Finish filtering implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-26 13:38:44 -07:00
Tom Eastep
6c3163cc27
Routeback corrections
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-25 10:45:57 -07:00
Tom Eastep
e4d667ca6a
Add routeback protection
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 17:07:31 -07:00
Tom Eastep
bbe165c3cf
Bump version to Beta 5
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 11:40:11 -07:00
Tom Eastep
84b844ae79
Implement -T option for compile and check
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 10:21:49 -07:00
Tom Eastep
ee98772349
Add -c to the start command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 09:13:02 -07:00
Tom Eastep
f464ec5624
Fixes for AUDIT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 20:59:33 -07:00
Tom Eastep
c050b29985
Factor some similar code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 14:20:14 -07:00
Tom Eastep
15e9e3182d
Update copyrights
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 10:06:56 -07:00
Tom Eastep
e95003b82a
Add FAKE_AUDIT option
2011-05-22 17:42:50 -07:00
Tom Eastep
5d04c93a16
Implement LEGACY_FASTSTART option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-22 15:36:29 -07:00
Tom Eastep
981b503fa4
Bump version to Beta 4
2011-05-22 11:05:22 -07:00
Tom Eastep
529e256856
Assigned unused dev numbers
2011-05-22 10:18:26 -07:00
Tom Eastep
83cdf78b18
Replace A_* builtin actions with builtin targets
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-21 15:02:04 -07:00
Tom Eastep
71ef1f48e2
Allow auditing of the builtin actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-21 10:38:25 -07:00
Tom Eastep
82d6a00c9e
Implement some extentions to AUDIT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-21 09:25:58 -07:00
Tom Eastep
61b5dbbb95
Eliminate cruft left over from when Action.pm and Policy.pm were folded into Rules.pm - Phase II
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 10:48:28 -07:00
Tom Eastep
f64e171c19
Eliminate cruft left over from when Action.pm and Policy.pm were folded into Rules.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 10:46:18 -07:00
Tom Eastep
ac2e9cce64
Shrink process_actions2 further.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 10:28:30 -07:00
Tom Eastep
676af32ebc
Simplify a loop in process_actions2()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 10:11:23 -07:00
Tom Eastep
7cbf113ba0
Simplify an RE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 08:33:36 -07:00
Tom Eastep
d15475efae
Cleanup of AUDIT before Beta 3
...
- Correct merge snafus
- Rename the new actions (e.g., ADROP->A_DROP)
- Correct MACLIST_DISPOSITION logic
2011-05-20 07:47:35 -07:00
Tom Eastep
e9df13a42b
Resolve merge conflicts
2011-05-19 15:10:22 -07:00
Tom Eastep
5e68dbfa9a
Complete first attempt at AUDIT support
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-19 12:06:43 -07:00
Tom Eastep
814494e277
More AUDIT changes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-19 08:35:40 -07:00
Tom Eastep
d2ab27c071
More AUDIT changes
2011-05-18 21:25:57 -07:00
Tom Eastep
ce8df2f66c
Revert "Bump version to Beta 3"
...
This reverts commit 465e729288
.
2011-05-18 17:50:12 -07:00
Tom Eastep
465e729288
Bump version to Beta 3
2011-05-18 17:08:07 -07:00
Tom Eastep
314921f766
Revert "Set quantum in subordinate SFQ class to the MTU for HFSC parents."
...
This reverts commit 5ab6f8e0e5
.
2011-05-18 11:13:50 -07:00
Tom Eastep
166d27f6d4
Minor tweak to blacklisting
...
Reverse order of tests for 'from' and 'src'.
Use equivalent logic for generating unknown option error
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-18 11:13:03 -07:00
Tom Eastep
5ab6f8e0e5
Set quantum in subordinate SFQ class to the MTU for HFSC parents.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-18 10:34:46 -07:00
Tom Eastep
568e54b50d
Update version to Beta 2
2011-05-18 09:58:35 -07:00
Tom Eastep
e940f5018e
Implement whitelisting.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-18 08:30:01 -07:00
Tom Eastep
cec07a6be5
Don't apply HTB quantum to HFSC
2011-05-17 18:34:41 -07:00
Tom Eastep
495aa9b9ac
Implement NFLOG accounting action.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-17 13:42:13 -07:00
Tom Eastep
fd70e73d34
Add ACCOUNTING_TABLE option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-17 12:51:33 -07:00
Tom Eastep
680ca519ed
Correct deletion of ipv6 'shorewall' chain
2011-05-17 11:33:56 -07:00
Tom Eastep
11ff245697
Don't generate refresh rules unless the command is 'refresh'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-16 13:08:32 -07:00
Tom Eastep
ffe7a1b777
Avoid inconsistencies and errors in refresh
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-16 11:34:41 -07:00
Tom Eastep
30f2fbff60
Issue warning on missing IPSET
2011-05-15 11:48:34 -07:00
Tom Eastep
72a330cba2
Don't emit degenerate tcfilters
2011-05-15 10:57:02 -07:00
Tom Eastep
e459fbf997
Don't allow non-leaf default class
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-15 10:56:46 -07:00
Tom Eastep
3f90f00081
Issue warnings and ignore non-leaf class in tcfilters and tcrules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-15 10:56:31 -07:00
Tom Eastep
7d25f6356b
Augment a comment
2011-05-15 08:45:41 -07:00
Tom Eastep
c247140063
Restore 'our' to a couple of exported variables in the Config module
2011-05-14 14:18:22 -07:00
Tom Eastep
00add745b7
Use -o when copying routing tables
2011-05-14 13:56:39 -07:00
Tom Eastep
05e385a748
Only use 'our' when required
2011-05-14 13:21:31 -07:00
Tom Eastep
0626594cda
Restore accuracy of tcclasses diagram
2011-05-14 09:27:51 -07:00
Tom Eastep
539e42aa2e
Correct earlier patch
2011-05-09 16:34:31 -07:00
Tom Eastep
bbab1c9682
Ensure USER/GROUP is only specified when SOURCE in $FW
2011-05-09 16:33:34 -07:00
Tom Eastep
359de906ca
Refinement to fix for double exclusion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-09 16:28:53 -07:00
Tom Eastep
1a48dd3eb9
Correct last merged patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-08 05:51:58 -07:00
Tom Eastep
93d8b538eb
Ensure route to gateway in the main table
2011-05-08 05:43:53 -07:00
Tom Eastep
a1bd664447
Fix issues with 'gawk'
2011-05-08 05:39:07 -07:00
Tom Eastep
afed909e52
Simplify the fix for double exclusion in ipset lists
2011-05-07 06:38:08 -07:00
Tom Eastep
0c59e0231d
Correct double-exclusion fix
2011-05-07 06:37:37 -07:00
Tom Eastep
58c25e8517
Let tcfilters deal correctly with hex device numbers
2011-05-05 10:12:20 -07:00
Tom Eastep
59ea511201
Complain if there is no default class defined
2011-05-05 10:12:14 -07:00
Tom Eastep
91d8f39f2e
Enforce limits on device and class numbers
2011-05-05 10:11:47 -07:00
Tom Eastep
349960294c
Detect double exclusion in ipset expressions
2011-05-05 10:11:30 -07:00
Tom Eastep
368fe46932
Correct Comment
2011-05-05 10:11:22 -07:00
Tom Eastep
d8c2845085
Back out part of TC change
2011-05-05 10:11:13 -07:00
Tom Eastep
9a95bad17e
Don't require '0x' on devnum > 10 in tcclasses
2011-05-05 10:06:55 -07:00
Tom Eastep
4300ef3ee2
Fix another couple of bugs with device numbers > 9
2011-05-05 10:06:41 -07:00
Tom Eastep
222c5dbf46
Normalize hex numbers before using them in string comparisons
2011-05-02 10:08:36 -07:00
Tom Eastep
e66d491f11
Correct patch for > 9 interfaces with tcfilters
2011-05-02 10:08:19 -07:00
Tom Eastep
bf10e104b7
Fix bug in tcfilters with device numbers > 9
2011-05-02 07:25:21 -07:00
Tom Eastep
d2407cb7a0
Don't allow IFB classes in tcrules
2011-05-02 07:23:28 -07:00
Tom Eastep
a0b00b4bd6
More fixes for TC
2011-05-01 21:24:52 -07:00
Tom Eastep
61c654634b
Correct some TC issues
2011-05-01 06:40:14 -07:00
Tom Eastep
e2b1069c1c
Support ipsets in the ORIGINAL DEST column for DNAT and REDIRECT rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-28 12:22:26 -07:00
Tom Eastep
59024ff49d
Delete some blank lines
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-24 08:29:28 -07:00
Tom Eastep
67e920eb53
Use del/add for provider ipv6 routes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-19 10:56:59 -07:00
Tom Eastep
1bcba8bbc7
Update version of changed Perl modules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-19 10:02:29 -07:00
Tom Eastep
ec8bb8049a
Delete/Add routes for NDP rather than replace
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-19 09:40:24 -07:00
Tom Eastep
1a0388080f
Initiate 4.4.20
...
Update versions
Update release documents
Apply Togan Muftuoglu's change to increase installation flexibility
2011-04-16 08:31:46 -07:00
Tom Eastep
4f5970b5f2
Use 'ip route list' rather than 'ip route ls' for busybox compatability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-15 11:15:32 -07:00
Tom Eastep
d42a65fd11
Correct one more default route save/restore defect
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-15 07:09:34 -07:00
Tom Eastep
dff405683c
Correct default route save/restore
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-14 12:25:33 -07:00
Tom Eastep
96af7bfed6
Fix the prior commit
2011-04-13 17:56:15 -07:00
Tom Eastep
9a8f411531
Update version to 4.4.19.1 and document corrected problems
2011-04-13 17:22:07 -07:00
Tom Eastep
9008cd960c
Fix a silly masq bug
2011-04-13 17:01:22 -07:00
Tom Eastep
16276b9900
Don't assume that all nexthop routes are default routes
2011-04-13 13:57:22 -07:00
Tom Eastep
a0b16e2803
Delete duplicate rule
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-13 06:56:17 -07:00
Tom Eastep
5919c234f4
Update version of IPAddrs.pm
2011-04-12 07:21:24 -07:00
Tom Eastep
53571043c0
Fix another proto editing defect
2011-04-11 17:18:39 -07:00
Tom Eastep
18f4b11b09
Don't allow '\!0' in the PROTO column
2011-04-11 16:25:19 -07:00
Tom Eastep
73754521b1
Correct Perl module versions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-04-11 15:05:18 -07:00
Tom Eastep
ca46052410
Fix file name in split_line error message for proxyndp file
2011-04-10 13:19:42 -07:00
Tom Eastep
512008170d
Revert "Fold some long lines"
...
This reverts commit 3674cfd387
.
2011-04-10 11:20:50 -07:00
Tom Eastep
3674cfd387
Fold some long lines
2011-04-10 10:10:00 -07:00
Tom Eastep
8abc78331b
Two minor cosmetic changes
2011-04-10 09:52:00 -07:00
Tom Eastep
1be89edb49
Version to 4.4.19
2011-04-09 07:58:13 -07:00
Tom Eastep
92611d6789
A couple of tweaks before releasing RC1
2011-04-08 07:50:54 -07:00
Tom Eastep
7ab55f4217
Ensure that the PREROUTING->dnat jump is added when a wildcard interface is present
2011-04-06 15:14:39 -07:00
Tom Eastep
755c3cfd80
Quote param values that include shell metacharacters
2011-04-06 14:52:32 -07:00
Tom Eastep
6626ef06fb
Fix yet another optimizer bug
2011-04-06 10:10:42 -07:00
Tom Eastep
159c871f18
Make simple TC work with both IPv4 and IPv6
2011-04-04 09:55:45 -07:00
Tom Eastep
7466895919
Revert tcpri change
2011-04-04 09:14:46 -07:00
Tom Eastep
3b0da84b8d
Exit POSTROUTING early if a mark is restored
2011-04-04 08:19:58 -07:00
Tom Eastep
c1160ec076
Version to RC1
2011-04-03 15:54:36 -07:00
Tom Eastep
8609c97d1c
Version to Beta 5
2011-04-03 10:30:33 -07:00
Tom Eastep
86f4d3bad6
Revert "Set version RC1"
...
This reverts commit ae9558c7c6
.
2011-04-03 10:28:20 -07:00
Tom Eastep
ae9558c7c6
Set version RC1
2011-04-03 10:04:53 -07:00
Tom Eastep
cc633c5bd9
Shorewall 4.4.19 Changes
2011-04-03 09:56:30 -07:00
Tom Eastep
26e7f86c87
Fix icmp u32 match with type/code
2011-03-19 14:29:03 -07:00
Tom Eastep
742aa95660
Tighten editing of TC_PRIOMAP value
2011-03-17 11:50:13 -07:00
Tom Eastep
965ab0257f
Correct fix for Tuomo's problem
2011-03-13 15:24:48 -07:00
Tom Eastep
f5d06024fc
Bump version to 4.4.18.1
2011-03-13 07:56:12 -07:00
Tom Eastep
8383a6e75a
Eliminate extra newline in WARNING message
2011-03-13 07:52:25 -07:00
Tom Eastep
68b15c9544
Fix for Tuomo's params issue
2011-03-13 07:47:06 -07:00
Tom Eastep
57f1a0fa34
Accomodate tcfilters entries for non-present interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-03-03 07:44:12 -08:00
Tom Eastep
0283a8eeec
Fix for previous commit
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-03-03 07:43:37 -08:00
Tom Eastep
87240b00c9
Update version of the Tc module
2011-03-02 07:52:38 -08:00
Tom Eastep
1bbd963c3f
Bump version to 4.4.18
2011-03-02 07:43:03 -08:00
Tom Eastep
329655cc66
Make burst in tcdevices IN-BANDWIDTH column work
2011-03-02 07:34:55 -08:00
Tom Eastep
e4e574605e
Fix an edit about duplicate device:class
2011-03-01 20:48:40 -08:00
Tom Eastep
f92349edba
Correct handling of IPv6 address used in a net context
2011-03-01 13:49:19 -08:00
Tom Eastep
428e898bfe
Update version to RC1
2011-02-28 15:24:04 -08:00
Tom Eastep
9decf354d5
Update the version of the Config module
2011-02-24 16:50:48 -08:00
Tom Eastep
de7a0df550
Cosmetic changes to the Chains module
2011-02-24 15:56:50 -08:00
Tom Eastep
951f641a6c
Cleanup of Rules file
2011-02-21 08:13:46 -08:00
Tom Eastep
fcebdc3ec2
Correct typo in Chains module
2011-02-21 08:09:33 -08:00
Tom Eastep
cf60752988
Move section processing to the Rules module where it belongs
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-02-20 15:35:58 -08:00
Tom Eastep
c03caf7c2f
Combine the Policy and Rules modules
2011-02-20 11:28:47 -08:00
Tom Eastep
052bc87bd5
Set version to Beta 4
2011-02-20 09:20:43 -08:00
Tom Eastep
b90ea8a9e0
Change default for MODULE_PREFIX
2011-02-20 08:52:07 -08:00
Tom Eastep
685de1c588
Cosmetic changes to the Accounting module"
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-02-19 15:50:18 -08:00
Tom Eastep
f44b643038
Fix another bug with tri-value
2011-02-19 15:46:06 -08:00
Tom Eastep
e69de13eff
Fix common-rule/action2 processing order
2011-02-19 15:44:39 -08:00
Tom Eastep
59ac90d717
Couple of minor issues in the Chains module
2011-02-19 09:08:43 -08:00
Tom Eastep
30768a03d1
Bump version to Beta 3
2011-02-19 08:55:28 -08:00
Tom Eastep
974a542585
Improve MARK column validation
2011-02-19 08:18:21 -08:00
Tom Eastep
9173b22b58
Disallow USER/GROUP anywhere but in the OUTPUT section
2011-02-19 08:00:00 -08:00
Tom Eastep
cf2d4e154f
Add a comment
2011-02-18 21:05:44 -08:00
Tom Eastep
d8c36da069
Make reserved name illegal for Actions -- take 2
2011-02-18 17:46:41 -08:00
Tom Eastep
011c90e6b8
Make reserved name illegal for Actions
2011-02-18 17:44:14 -08:00
Tom Eastep
b4946dcf65
Enforce a couple of accounting restrictions
2011-02-18 16:47:12 -08:00
Tom Eastep
e47cb61c33
Introduce 'accountfwd' chain for forwarded accounting in sectioned configuration
2011-02-18 15:44:55 -08:00
Tom Eastep
2e2472a15a
Tighen up an RE
2011-02-17 17:56:29 -08:00
Tom Eastep
58e480b502
Correct defects in the prior commit
2011-02-17 17:35:56 -08:00
Tom Eastep
993bdc740d
Make it invalid to to use a config file name as a chain name
2011-02-17 16:31:22 -08:00
Tom Eastep
b06630091d
Make procedure to delete a chain plus references to it; make exclusion chains begin with '~'
2011-02-17 14:53:39 -08:00
Tom Eastep
6f00f2127c
Delete optimize_okay() and add a couple of assertions
2011-02-17 10:48:46 -08:00
Tom Eastep
5634b08e22
Don't clear dont_optimize flag in accounting in sectioned configuration
2011-02-17 10:47:57 -08:00
Tom Eastep
300d931922
Assert correctness in decrement_reference_count()
2011-02-16 13:16:42 -08:00
Tom Eastep
fa8c8f5850
Dont optimize chains with RETURN
2011-02-16 13:15:29 -08:00
Tom Eastep
030839e4a4
Remove recursive_delete_references
2011-02-16 12:49:04 -08:00
Tom Eastep
2974167f06
Finally fix issue with copy_rules()
2011-02-16 10:08:11 -08:00
Tom Eastep
b03e3b94ef
More optimization fixes
2011-02-15 19:24:14 -08:00
Tom Eastep
99f38bfca1
Make the source-net and dest-match routines more readable
2011-02-14 20:11:38 -08:00
Tom Eastep
32f341c279
Correct optimization fix
2011-02-14 16:54:27 -08:00
Tom Eastep
6a9ca303d1
Remove masking declaration
2011-02-14 15:56:02 -08:00
Tom Eastep
4ad9a83996
Centralize handling of MACs in the Chains module
2011-02-14 15:34:11 -08:00
Tom Eastep
0fa027802f
Don't allow accounting or manual changes to have the name of a builtin target
2011-02-14 10:50:04 -08:00
Tom Eastep
3b7232a5fa
Fix a bug in the optimizer
2011-02-14 10:00:28 -08:00
Tom Eastep
59e361e93e
Split the 'restriction' member into two members
2011-02-14 09:22:27 -08:00
Tom Eastep
e64070f9e1
Restore loop detection in sectioned accounting rules
2011-02-13 16:38:01 -08:00
Tom Eastep
dd81eedb42
Fix another accounting sectioning bug
2011-02-13 14:32:11 -08:00
Tom Eastep
46a99a7cd9
Correct Config.pm version again
2011-02-13 11:46:56 -08:00
Tom Eastep
567824b7e2
Correct Config.pm version
2011-02-13 11:45:46 -08:00
Tom Eastep
95f8100696
Cosmetic change
2011-02-13 11:34:53 -08:00
Tom Eastep
b1abb3f554
Don't do unref/loop detection when accounting file is sectioned
2011-02-13 11:13:43 -08:00
Tom Eastep
a1eefea224
Fix FORWARD chain jumps with sectioning
2011-02-13 08:23:48 -08:00
Tom Eastep
1438332bbe
Remove hard-coded 0.0.0.0/0 from Providers.pm
2011-02-13 08:13:22 -08:00
Tom Eastep
5c0b592934
Section the accounting file
2011-02-12 12:47:15 -08:00
Tom Eastep
195903444d
Insist that SECTION headers have exactly two columns
2011-02-12 07:54:20 -08:00
Tom Eastep
677bd08d5d
Add more targets
2011-02-11 17:13:48 -08:00
Tom Eastep
4acdc5314a
Add 'NG' value for ACCOUNTING
2011-02-11 17:01:10 -08:00
Tom Eastep
9e921beb49
Fix a tri-value bug
2011-02-11 16:53:49 -08:00
Tom Eastep
af363888ab
Alphabetize the builtin target list
2011-02-10 16:55:04 -08:00
Tom Eastep
64614b7464
Add CLASSIFY to the builtin targets
2011-02-10 16:46:44 -08:00
Tom Eastep
2885081d86
Add more keywords to %builtin_targets
2011-02-10 13:11:58 -08:00
Tom Eastep
a3232516bb
Detect loops in accounting chain jumps
2011-02-09 15:43:19 -08:00
Tom Eastep
88244dc132
Don't allow MAC addresses in the accounting file
2011-02-07 17:12:43 -08:00
Tom Eastep
b4b59119ef
Don't allow non-accounting chain in the CHAIN accounting column
2011-02-07 16:32:38 -08:00
Tom Eastep
6e66736d28
Make IPv6 logic safer; cosmetic improvements in the generated script
2011-02-06 08:57:48 -08:00
Tom Eastep
2c2fdab0fe
Rename USE_LOCAL_MODULES to EXPORTMODULES
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-02-06 08:42:35 -08:00
Tom Eastep
2b8579c090
Tweak USE_LOCAL_MODULES change
...
Make the "Other than /usr/share" test dependent on export
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-02-06 08:28:10 -08:00
Tom Eastep
106f23634c
Make use of USE_LOCAL_MODULES independent of export
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-02-06 08:15:16 -08:00
Tom Eastep
88bce4100a
Initiate 4.4.18
2011-02-05 16:41:34 -08:00
Tom Eastep
c557ec3740
Bump version of Tc module
2011-02-04 07:46:35 -08:00
Tom Eastep
ea2c72d1b1
Prepare for 4.4.17
2011-02-04 06:44:02 -08:00
Tom Eastep
838c7ac57b
Change a comment
2011-02-03 17:22:04 -08:00
Tom Eastep
23eef3b215
Normalize IPv6 addresses in decompose_net
2011-02-03 09:57:47 -08:00
Tom Eastep
4ed4443abb
Do a fancier job of comparing networks
2011-02-03 09:44:46 -08:00
Tom Eastep
27684908c4
Catch mis-matched nets in per-IP accounting rules
2011-02-03 09:25:13 -08:00
Tom Eastep
d68d40ee1c
Correct an optimization bug involving empty/unreferenced chains
2011-02-03 09:12:50 -08:00
Tom Eastep
98ad7e15b0
Don't optimize the accounting chain
2011-02-03 08:45:54 -08:00
Tom Eastep
953c0b48de
Fix several issues with IPv6 tcfilters
2011-02-03 08:28:00 -08:00
Tom Eastep
207db033b8
Disallow '.' in accounting and manual chain names
2011-02-01 12:58:05 -08:00
Tom Eastep
4e7f656a5b
Better ACCOUNT(...) parsing
2011-01-31 20:17:56 -08:00
Tom Eastep
f8e6c80ca0
Tighen up editing of ACCOUNT(...)
2011-01-31 10:14:10 -08:00
Tom Eastep
fbdd4b5ede
Ensure that accounting and manual chains aren't too long
2011-01-31 06:56:38 -08:00
Tom Eastep
5f76de3bda
Fix Config version
2011-01-30 12:35:31 -08:00
Tom Eastep
303afe8c7e
Some accounting fixes (code and docs)
2011-01-30 09:39:14 -08:00
Tom Eastep
b1f6895a1f
Correct a couple of versions
2011-01-30 08:41:33 -08:00
Tom Eastep
70fc8bdfb6
Add support for per-IP accounting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-01-30 07:20:05 -08:00
Tom Eastep
4cc8e5422d
Add ACCOUNT target detection
2011-01-30 07:14:08 -08:00
Tom Eastep
1c48a9dbd3
Fix a couple of defects in module loading
2011-01-29 12:42:22 -08:00
Tom Eastep
7555a0953d
Add conditional logic for optional run-time address variables
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-01-29 12:15:34 -08:00
Tom Eastep
1b87405d96
Fix silly bug in expand_rule()
2011-01-29 08:45:20 -08:00
Tom Eastep
7421a679ba
Bump version of the Nat module
2011-01-28 16:46:36 -08:00
Tom Eastep
f3aedcf805
Allow runtime address variables in the ADDRESS column of the masq file
2011-01-28 16:32:53 -08:00
Tom Eastep
156b04c380
Implement Run-time Address Variables
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-01-26 09:08:48 -08:00
Tom Eastep
82913abeca
Specify 'mpu' when creating TBF
2011-01-23 09:23:17 -08:00
Tom Eastep
a2b440b093
Add USE_LOCAL_MODULES option
2011-01-22 08:13:17 -08:00
Tom Eastep
c0d5a32d11
Fix typo in alignment patch
2011-01-21 06:56:30 -08:00
Tom Eastep
3a5d664305
Fix 'check -r' output when OPTIMIZE=8 or OPTIMIZE=9
2011-01-21 06:52:58 -08:00
Tom Eastep
20cd9848f6
Align some assignments in the Config Module
2011-01-21 06:51:35 -08:00
Tom Eastep
24412c9498
Fix empty variable handling when /bin/sh is bash
2011-01-20 08:19:42 -08:00
Tom Eastep
9d06125129
Bump Version to Beta 2
2011-01-19 15:38:51 -08:00
Tom Eastep
d5f3b31032
Handle lines containing only 'INCLUDE'
2011-01-18 14:58:56 -08:00
Tom Eastep
eaa08ab76f
Fix typo that broke ULOG
2011-01-16 09:45:49 -08:00
Tom Eastep
3074d3009f
Tom being anal
2011-01-15 20:59:59 -08:00
Tom Eastep
4ea02a5e72
Eliminate silly duplication
2011-01-15 19:20:24 -08:00
Tom Eastep
370cd04408
Remove unneeded line of code in export_params()
2011-01-15 15:56:37 -08:00
Tom Eastep
265ca85d02
Allow INCLUDE in extension scripts
2011-01-15 15:43:45 -08:00
Tom Eastep
5c4da0b581
Use open_file()/close_file() in copy1
2011-01-15 14:33:16 -08:00
Tom Eastep
978e8e3849
Only issue 'done.' progress message on success
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-01-14 11:46:38 -08:00
Tom Eastep
12eaf81dcc
Add some comments
2011-01-13 19:59:17 -08:00
Tom Eastep
8da9f4183a
Tweaks to 4.4.17
2011-01-10 19:35:45 -08:00
Tom Eastep
2be63c9406
Delete unneeded exports
2011-01-10 19:30:38 -08:00
Tom Eastep
10ae1c7dde
Don't export read_a_line1()
2011-01-10 19:14:10 -08:00
Tom Eastep
a04e854f21
Simplify exception processing in process_rules1()
2011-01-10 17:02:12 -08:00
Tom Eastep
fd6afa7742
Minor fixes to comments
2011-01-09 15:56:01 -08:00
Tom Eastep
3392312cef
Automate the maintenance of the hash of compiler-defined entries in %params
2011-01-09 13:12:36 -08:00
Tom Eastep
0dc4cd7937
Don't quote param values unnecessarily; add a comment to the emitted params
2011-01-09 12:14:48 -08:00
Tom Eastep
3bb67423c3
Tweak release notes
2011-01-09 11:31:38 -08:00
Tom Eastep
08f09d7de0
Deprecate EXPORTPARAMS
2011-01-09 10:12:36 -08:00
Tom Eastep
14c4bd99aa
Don't lookup standard target if target is an action, macro, or chain
2011-01-09 10:10:27 -08:00
Tom Eastep
97bba29c07
Add lookup hash for standard targets
2011-01-08 15:29:10 -08:00
Tom Eastep
8dc60e788f
Avoid early return in process_action()
2011-01-08 14:05:27 -08:00
Tom Eastep
6143c7ddbd
Improve readability of logging logic in expand_rule()
2011-01-08 09:07:32 -08:00
Tom Eastep
bdbc9ab29d
Initiate 4.4.17
2011-01-08 08:00:56 -08:00
Tom Eastep
ad57272c7f
Fix tag handling in Limit()
2011-01-05 17:21:50 -08:00
Tom Eastep
974aeb9e39
Reword a comment
2011-01-03 18:48:09 -08:00
Tom Eastep
e3c16b8233
Different way to catch empty parameter lists
2011-01-03 17:56:07 -08:00
Tom Eastep
014d0eb607
Don't recognize an empty param list
2011-01-03 17:06:54 -08:00
Tom Eastep
b7a9a48508
Handle COUNT:<level> correctly
2011-01-03 14:29:10 -08:00
Tom Eastep
8400a2ab31
Handle ':' in a param
2011-01-03 12:18:04 -08:00
Tom Eastep
33b54e4ebe
Version to 4.4.16
2011-01-03 09:00:39 -08:00
Tom Eastep
fe86964fd6
Move and reword an error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-01-02 08:42:09 -08:00
Tom Eastep
f6228ca31b
Two error messages:
...
- Disallow server port in ACTION rule.
- Add server IP address in message re: REDIRECT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-01-02 08:20:28 -08:00
Tom Eastep
b3598f3766
Validate action names
2011-01-02 07:09:42 -08:00
Tom Eastep
cb372cf2cd
Change a couple of comments
2011-01-01 16:13:38 -08:00
Tom Eastep
d64edf3470
Clone a small function
2011-01-01 11:19:53 -08:00
Tom Eastep
8f0d0ac5a7
Use external representation in recursive call message
2011-01-01 09:18:10 -08:00
Tom Eastep
d71c11791f
Report normalized action names in recursive call message
2011-01-01 09:06:11 -08:00
Tom Eastep
4da682365d
Restore ability to detect recursive action invocations
2011-01-01 08:58:00 -08:00
Tom Eastep
ed3b336a81
Correct prototype
2011-01-01 06:55:10 -08:00
Tom Eastep
fc2d76aa7a
Move a function; don't export %policy_actions
2010-12-31 16:58:06 -08:00
Tom Eastep
e1b4e345fb
Add Eclipse files to project
2010-12-31 15:19:56 -08:00
Tom Eastep
8e6fdceeb5
Back out useless change
2010-12-31 14:30:31 -08:00
Tom Eastep
b36ad0d065
Change several more compiler progress messages
2010-12-31 14:19:31 -08:00
Tom Eastep
f8e04b4110
Change a couple of compiler progress messages
2010-12-31 14:12:57 -08:00
Tom Eastep
e0d2eb997d
Restore the name 'process_rule1'
2010-12-31 12:41:01 -08:00
Tom Eastep
1bdaf862d3
Populate %targets out of new_action()
2010-12-31 10:36:07 -08:00
Tom Eastep
6c14c76ab5
Another comment
2010-12-31 08:37:56 -08:00
Tom Eastep
aa6754cb40
Add a comment
2010-12-31 07:51:15 -08:00
Tom Eastep
d4d1bb7b41
Bump version of the Zones module
2010-12-30 13:14:07 -08:00
Tom Eastep
33ff6db6bc
Whitespace changes
2010-12-30 12:25:22 -08:00
Tom Eastep
cd7f94dbdb
Merge branch 'master' into 4.4.16
2010-12-30 10:37:15 -08:00
Tom Eastep
746c2a5163
Correct comment about the action member of the chain structure
2010-12-30 10:36:03 -08:00
Tom Eastep
cb751bd225
Remove extraneous change log entries
2010-12-30 10:02:39 -08:00
Tom Eastep
91227b6d13
Don't log jumps to NAT actions
2010-12-30 09:56:44 -08:00
Tom Eastep
d8541e4a58
Update problems corrected
2010-12-30 08:05:04 -08:00
Tom Eastep
e3d1032ab3
Set version to Beta 8
2010-12-30 07:32:30 -08:00
Tom Eastep
3c4cddeeeb
Eliminate process_action3()
2010-12-30 06:56:21 -08:00
Tom Eastep
d767d9fea3
Better Editing of BLACKLIST_DISPOSITION
2010-12-29 18:43:14 -08:00
Tom Eastep
1c55143524
Allow parameterized Limit to use log tags
2010-12-29 12:20:18 -08:00
Tom Eastep
230d284980
Correct a couple of comments
2010-12-29 11:36:59 -08:00
Tom Eastep
b7d936dd8e
Merge levels in process_action2()
2010-12-29 08:23:44 -08:00
Tom Eastep
a4bf11c7d5
Some cosmetic cleanup
2010-12-28 17:18:43 -08:00
Tom Eastep
d90d56161c
Improve readability
2010-12-28 16:42:28 -08:00
Tom Eastep
7d41e4b38c
Restore level merge behavior with nested actions
2010-12-28 16:04:55 -08:00
Tom Eastep
17ed14a895
Update comments in the Rules module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-28 16:02:10 -08:00
Tom Eastep
17a3ca62d5
Eliminate the Actions module
2010-12-28 13:51:45 -08:00
Tom Eastep
3d4aaad0eb
Remove a couple of superfluous tests
2010-12-28 12:53:16 -08:00
Tom Eastep
4a8f724f9b
Handle duplicate chain name for action chain
2010-12-28 12:18:42 -08:00