Tom Eastep
|
7fe7ebc891
|
Fix Handling of NFQUEUE(queue-num) in policies
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-25 08:44:28 -08:00 |
|
Tom Eastep
|
70a246501e
|
Update version of Tc.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-23 07:08:48 -08:00 |
|
Tom Eastep
|
3fc10cd94b
|
Prepend 'SW_' to constructed shell variable names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-22 10:27:59 -08:00 |
|
Tom Eastep
|
2a965d42b9
|
Add a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-21 07:57:34 -08:00 |
|
Tom Eastep
|
6307653a01
|
Pick up one fix from 4.4.7.4 regarding CONTINUE rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-20 09:42:58 -08:00 |
|
Tom Eastep
|
edaf541850
|
Don't apply rate limiting twice in ACCEPT+ rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-19 14:01:45 -08:00 |
|
Tom Eastep
|
ceff8adc78
|
Restore duplicate interface detection in tcinterfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-18 16:11:30 -08:00 |
|
Tom Eastep
|
3a2173ddb4
|
Some code cleanup in Tc.pm.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-18 15:56:59 -08:00 |
|
Tom Eastep
|
ea8be87720
|
Use Hex representation of device numbers > 9 in simple TC.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-18 12:53:01 -08:00 |
|
Tom Eastep
|
00b0490cd7
|
Create a unique hashtable for each instance of a per-IP rate limit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-17 15:39:21 -08:00 |
|
Tom Eastep
|
625963a4f0
|
Final (hopefully) fix for SFQ handle assignment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-17 09:02:18 -08:00 |
|
Tom Eastep
|
41bb0782a3
|
Another tweak to SFQ handle assignment.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-17 08:06:27 -08:00 |
|
Tom Eastep
|
5649dbf9a8
|
Improve assignment of class ID for SFQ classses
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-17 07:41:30 -08:00 |
|
Tom Eastep
|
eaafeb8c2b
|
Add --hashlimit-htable-expire if the units are minutes or larger
|
2010-02-17 06:43:52 -08:00 |
|
Tom Eastep
|
375160d733
|
Avoid duplicate SFQ class numbers
|
2010-02-17 06:43:16 -08:00 |
|
Tom Eastep
|
167b29c2c5
|
Bump module version in Compiler.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-15 14:24:52 -08:00 |
|
Tom Eastep
|
8aaf4aab3a
|
Don't create log chain for 'RETURN' rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-15 14:24:00 -08:00 |
|
Tom Eastep
|
4546394531
|
Cosmetic changes to Compiler.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-15 14:07:35 -08:00 |
|
Tom Eastep
|
12d3420a5d
|
Detect FLOW_FILTER when LOAD_HELPERS_ONLY=No
|
2010-02-14 10:34:19 -08:00 |
|
Tom Eastep
|
5e9ecf1491
|
Update version of Config module
|
2010-02-13 11:00:34 -08:00 |
|
Tom Eastep
|
50d246c8be
|
A little cleanup of compiler.pl
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-13 10:03:32 -08:00 |
|
Tom Eastep
|
1258149e0e
|
Don't apply rate limiting twice in NAT rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-13 07:21:27 -08:00 |
|
Tom Eastep
|
ea5a6c79bc
|
Bump CAPVERSION
|
2010-02-11 16:22:47 -08:00 |
|
Tom Eastep
|
5a96771e07
|
Start 4.4.8 Beta 1
|
2010-02-11 15:46:57 -08:00 |
|
Tom Eastep
|
b35f20b403
|
Avoid CAPVERSION bump to implement FLOW_FILTER detection
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-11 07:29:41 -08:00 |
|
Tom Eastep
|
b8c195f570
|
Accurately detect 'flow' availability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-10 14:50:26 -08:00 |
|
Tom Eastep
|
433fc385bc
|
'bridge' implies 'routeback'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-09 14:04:36 -08:00 |
|
Tom Eastep
|
46e2afcf16
|
Ignore TYPE if old distro
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-08 07:13:20 -08:00 |
|
Tom Eastep
|
b45a70f98a
|
Make 'nosmurfs' work correctly on IPv6 with Address Type Match
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-08 07:12:58 -08:00 |
|
Tom Eastep
|
18d03a61f5
|
Make 'nosmurfs' work with Address Type Match on IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-07 08:43:31 -08:00 |
|
Tom Eastep
|
11a2ec9f7c
|
Update version to 4.4.7
|
2010-02-05 16:40:48 -08:00 |
|
Tom Eastep
|
e64af57cae
|
Give smurf logging chain a fixed name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-03 16:04:59 -08:00 |
|
Tom Eastep
|
f4e175f149
|
Fix IPv6 'nosmurfs'. Make 'nosmurfs' logging more efficient.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-03 15:03:15 -08:00 |
|
Tom Eastep
|
52880a8822
|
Clean up generate_matrix() fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-03 06:57:51 -08:00 |
|
Tom Eastep
|
9d288241da
|
Fix issues in generate_matrix().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-02 19:42:54 -08:00 |
|
Tom Eastep
|
1d8a7ad09f
|
Clear DEBUG and PURGE shell variables
Delete a blank line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-02 13:55:29 -08:00 |
|
Tom Eastep
|
753eb97667
|
Update version to 4.4.7 RC2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-02 10:30:53 -08:00 |
|
Tom Eastep
|
dd60f04a9f
|
Work around lack of MARK Target support
|
2010-02-01 16:22:57 -08:00 |
|
Tom Eastep
|
d354560863
|
Finish last change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-01 14:25:51 -08:00 |
|
Tom Eastep
|
f0d101605b
|
Don't try to combine nat chains that include '-s'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-02-01 14:24:07 -08:00 |
|
Tom Eastep
|
1981372c94
|
Make search for "-j ACCEPT" a little tighter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-31 08:27:30 -08:00 |
|
Tom Eastep
|
3d39a47582
|
Set $have_ipsec after completing parse of the hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-30 07:26:35 -08:00 |
|
Tom Eastep
|
659f774451
|
Sort %detect_capability for easier verification.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-29 13:09:53 -08:00 |
|
Tom Eastep
|
9d2decd26d
|
Modify determine_capabilities to use detect_capability()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-29 10:38:22 -08:00 |
|
Tom Eastep
|
b8ec2be516
|
Clean up handling of %detect_capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-28 16:39:45 -08:00 |
|
Tom Eastep
|
ecc7861115
|
Validate LOAD_HELPERS_ONLY before detecting capabilities.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-28 08:05:24 -08:00 |
|
Tom Eastep
|
ebd847ef70
|
Don't display capabilties if they have not been determined
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-28 08:04:54 -08:00 |
|
Tom Eastep
|
05f2bb4b3a
|
Correction to last patch.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-27 17:52:27 -08:00 |
|
Tom Eastep
|
9d25318d80
|
Fix detection of HASHLIMIT_MATCH on old kernels.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-27 12:53:31 -08:00 |
|
Tom Eastep
|
54456de888
|
Update module versions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-01-27 09:01:00 -08:00 |
|