Commit Graph

216 Commits

Author SHA1 Message Date
Tom Eastep
67603c5eb3 Implement REJECT_ACTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-01 09:14:10 -07:00
Tom Eastep
aabb22a50f Add the TRACK_RULES option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-24 07:22:51 -07:00
Tom Eastep
5ad69aa650 Add CHAIN_SCRIPTS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-21 07:30:31 -07:00
Tom Eastep
b5ea4067e4 Implement USE_RT_NAMES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-24 10:56:38 -07:00
Tom Eastep
f44becdee1 Rename BLACKLIST_LOGLEVEL to BLACKLIST_LOG_LEVEL for consistent naming.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-12 07:47:02 -08:00
Tom Eastep
fc73c3934b Replace BLACKLISTNEWONLY with BLACKLIST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 08:00:47 -08:00
Tom Eastep
6403f4959d Implement UNTRACKED SECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 15:42:01 -08:00
Tom Eastep
c2bc74cdfe Add INVALID section to the rules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 08:33:59 -08:00
Tom Eastep
a03e793907 Added OUT-BANDWIDTH to the tcinterfaces column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-22 16:33:57 -08:00
Tom Eastep
c26db29244 Implement DEFER_DNS_RESOLUTION 2013-01-13 13:23:38 -08:00
Tom Eastep
38657d9f98 Support for arptables.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-04 09:17:57 -08:00
Tom Eastep
ebe4267c49 Rename IGNOREOLDCAPVERSIONS to WARNOLDCAPVERSION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:58:45 -08:00
Tom Eastep
8bb6f81dc5 Rename IGNOREOLDCAPS to IGNOREOLDCAPVERSIONS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 08:54:22 -08:00
Tom Eastep
ef0102e9f1 Add the 'IGNOREOLDCAPS' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 15:48:08 -08:00
Tom Eastep
dbd55acba2 Update samples, standard Actions and Macros to use ?FORMAT 2012-12-21 15:51:14 -08:00
Tom Eastep
3fbe3aad09 Merge branch '4.5.10' 2012-12-14 06:34:45 -08:00
Tom Eastep
7c6fcfccd5 Fix typo on line 21 on the conntrack file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-14 06:33:54 -08:00
Tom Eastep
1cbeaa6a9f Apply Tuomo Soini's tabs patches for the rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-13 09:26:09 -08:00
Tom Eastep
8a0abab4cc Rename 'ALLOWUNKNOWNVARIABLES' to 'IGNOREUNKNOWNVARIABLES'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-12 11:51:31 -08:00
Tom Eastep
88d4814209 Merge branch '4.5.10'
Conflicts:
	Shorewall/Perl/Shorewall/Config.pm
2012-12-08 20:54:33 -08:00
Tom Eastep
4d064d6713 Replace spaces with tabs in rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-07 16:48:55 -08:00
Tom Eastep
02cbd72a91 Merge branch '4.5.10' 2012-12-04 10:56:09 -08:00
Tom Eastep
60012d1208 Add additional space for the OPTIONS column
- actions and actions.std problem

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 10:54:32 -08:00
Tom Eastep
903e25a91a Add ALLOWUNKNOWNVARIABLES to the sample configurations.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 09:04:34 -08:00
Tom Eastep
8cbe26e32c Ignore 'inline' for certain actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 07:54:42 -08:00
Tom Eastep
6bf996d4b8 Implement inline actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-27 10:32:48 -08:00
Tom Eastep
30de211bda Implement format-3 conntrack files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 20:56:56 -08:00
Tom Eastep
3040156981 Add SWITCH column to the conntrack file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 14:20:56 -08:00
Tom Eastep
cc90a06958 Add RESTORE_ROUTEMARKS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-11 07:34:57 -07:00
Tom Eastep
86c35339cd Merge branch '4.5.8' 2012-09-23 07:07:37 -07:00
Tom Eastep
f23fb1535d Correct PPTP control port number in conntrack files (1729->1723).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 07:04:43 -07:00
Tom Eastep
88caf5c9df Correct header in the STOPPEDRULES files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-22 11:51:23 -07:00
Tom Eastep
9d6e0fd9ed Add a PRIORITY column to the tcfilters file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 14:48:32 -07:00
Tom Eastep
bdd66e68c9 Have separate hashes for the two shorewallrc files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 20:09:20 -07:00
Tom Eastep
8e5bd3637d Implement stoppedrules file (less manpages)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 08:44:03 -07:00
Tom Eastep
99efb518bd Add the HELPER column to the rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-18 12:05:42 -07:00
Tom Eastep
1f59e4f449 Update case in conditionals.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-14 11:42:46 -07:00
Tom Eastep
50bd1d6398 Add AUTOHELPER option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-12 07:25:11 -07:00
Tom Eastep
e00616a1fe Don't release blacklist files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-07 07:56:16 -07:00
Tom Eastep
56caf3687f Factor out the ?IF __CT_TARGET tests in the conntrack files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-06 09:26:14 -07:00
Tom Eastep
72307df6d2 Replace the AUTOHELPERS option with the HELPERS option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-03 10:53:20 -07:00
Tom Eastep
21770a89d6 Detect which matches are available.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 15:38:23 -07:00
Tom Eastep
223ed5b3a3 More additions to the helper table and to the conntrack files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 13:25:44 -07:00
Tom Eastep
2ae59bb3cd Add COMMENT directives to conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:58:00 -07:00
Tom Eastep
07e56d129a Add AUTOHELPERS option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:09:18 -07:00
Tom Eastep
62d6d2558e Rename AUTO_COMMENT to AUTOCOMMENT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:06:41 -07:00
Tom Eastep
833e54c9c3 Rename the notrack file to conntrack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:02:17 -07:00
Tom Eastep
735b7c2cf5 Add support for nfacct
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-28 11:21:16 -07:00
Tom Eastep
1db79a91eb 'rpfilter' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-15 10:05:32 -07:00
Tom Eastep
5c176c64b7 Add an ORIGINAL DEST column to /etc/shorewall/masq
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-29 15:32:01 -07:00
Tom Eastep
5b891f1072 Remove quotes from GEOIPDIR setting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-25 07:05:38 -07:00
Tom Eastep
d8ec051114 Load the geoip cc's dynamically.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 08:59:59 -07:00
Tom Eastep
3d541f50c8 Use "(S)" consistently in column headings.
- add synonyms so both the singular and plural forms are accepted.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 12:42:04 -07:00
Tom Eastep
9e743451f6 Add FORMAT 2 to tcrules files. Initialize $format in Tc.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 07:08:06 -07:00
Tom Eastep
097ab853db Apply Tuomo Soini's tunnels patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-04 06:18:22 -07:00
Tom Eastep
bd30d59f3d Fix annotated interfaces files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-03 14:09:49 -07:00
Tom Eastep
e4c4900b32 Add recent changes to a couple of config files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-03 12:32:47 -07:00
Tom Eastep
0f53c3cc7d Convert all interfaces files to format-2 only
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-24 10:53:09 -07:00
Tom Eastep
805166a354 Ressurect LOCKFILE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-16 07:21:06 -07:00
Tom Eastep
bb6e17fd3e Many changes involved in getting a relocated installations to work
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-01 10:47:24 -07:00
Tom Eastep
15ca0fd1f0 Add IPSET_WARNINGS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-18 19:30:04 -07:00
Tom Eastep
b7465262ca Rename MARK/CLASSIFY column to ACTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-16 10:09:13 -07:00
Tom Eastep
48570227ba Big cleanup of TOS handling
- Validate settings/matches
- Allow setting in the tcrules file.
- Deprecate /etc/shorewall[6]/tos
2012-03-09 16:16:25 -08:00
Tom Eastep
d5af9c360d Implement FORMAT-2 interfaces file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-21 11:23:58 -08:00
Tom Eastep
a1ec1dc178 Add DSCP match support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-20 08:47:48 -08:00
Tom Eastep
59fea1a05d Add a SWITCH column to /etc/shorewall/masq
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-18 08:17:14 -08:00
Tom Eastep
4c2df6fea7 Rename route_rules to rtrules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-09 06:38:55 -08:00
Tom Eastep
6f5ab698b4 Add a PROBABILITY column to the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-06 12:54:37 -08:00
Tom Eastep
53451bdaa6 Remove BLACKLIST section from rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 15:32:49 -08:00
Tom Eastep
c03fe0a076 Implement USE_LOGICAL_NAMES.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-20 16:03:56 -08:00
Tom Eastep
3e72442954 Convert sample notrack files to FORMAT 2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-20 14:38:44 -08:00
Tom Eastep
439af55312 Implement RELATED_DISPOSITION and RELATED_LOG_LEVEL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-05 16:08:17 -08:00
Tom Eastep
86c51f24d9 Deprecate the old mark layout options.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 17:14:05 -08:00
Tom Eastep
0adc82f469 Add the mark layout options to shorewall.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 15:29:07 -08:00
Tom Eastep
d053faadde Allow convertion of a legacy blacklist configuration
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-08 12:59:40 -08:00
Tom Eastep
6108a9cad8 Delete BLACKLISTSECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-06 14:46:14 -08:00
Tom Eastep
da7516d401 Update config files and manpages for BLACKLISTSECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-06 12:05:07 -08:00
Tom Eastep
54ba4ed879 Add MARK column to route_rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-23 07:56:53 -07:00
Tom Eastep
835a056eb8 Implement BLACKLIST section in the rules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-03 16:02:01 -07:00
Tom Eastep
caddd65412 Rename condition->switch and add more documentation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-09-23 12:33:55 -07:00
Tom Eastep
75b4540d26 Add support for condition match in the rules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-09-21 15:20:50 -07:00
Tom Eastep
6ae184ccc7 Update the released netmap file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-09-06 15:36:33 -07:00
Tom Eastep
bc706324e9 Add an ALL section to the rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-08-15 15:32:24 -07:00
Tom Eastep
35457f4e95 Remove she-bang from lib.*
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-08-03 07:54:46 -07:00
Tom Eastep
bd1d7d6f92 Don't quote the empty setting of LOGLIMIT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 15:55:45 -07:00
Tom Eastep
f96c32634c Make config file quoting more consistent with update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 15:55:27 -07:00
Tom Eastep
6f2cc31dde Implement .conf file upgrade
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 13:03:55 -07:00
Tom Eastep
10ae91b600 Delete deprecated options from the .conf files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-12 13:46:26 -07:00
Tom Eastep
785bd7c987 Apply Tuomo Soini's patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-12 07:22:26 -07:00
Tom Eastep
7404d912bd Add LOGRATE to */shorewall.conf 2011-05-28 19:12:34 -07:00
Tom Eastep
ec01e39479 Add LOGBURST to */shorewall.conf 2011-05-28 19:03:18 -07:00
Tom Eastep
9dc689dd13 Sort Sample .conf files 2011-05-28 12:38:12 -07:00
Tom Eastep
6d3640dafc Alphabetize config files and sync files and manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 10:34:54 -07:00
Tom Eastep
03ecdc8c06 Clean up shorewall.conf and its documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 09:10:46 -07:00
Tom Eastep
fc34f07a7a Remove PKTTYPE option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 07:11:48 -07:00
Tom Eastep
0287d96aa2 Finish filtering implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-26 13:38:44 -07:00
Tom Eastep
e4d667ca6a Add routeback protection
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 17:07:31 -07:00
Tom Eastep
5d04c93a16 Implement LEGACY_FASTSTART option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-22 15:36:29 -07:00
Tom Eastep
83cdf78b18 Replace A_* builtin actions with builtin targets
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-21 15:02:04 -07:00
Tom Eastep
fd70e73d34 Add ACCOUNTING_TABLE option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-17 12:51:33 -07:00