Tom Eastep
|
70a395892f
|
Make BLACKLIST work correctly in the blrules file
- Add the 'section' action option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-23 15:03:02 -08:00 |
|
Tom Eastep
|
2bbb5c8c1e
|
Add hack to distinguish between the BLACKLIST macro and action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-23 09:23:26 -08:00 |
|
Tom Eastep
|
33b4ee4d31
|
Don't quote variable values in ERROR/WARNING/INFO directives
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-23 09:00:18 -08:00 |
|
Tom Eastep
|
71dd5d016b
|
Add ?REQUIRE compiler directive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-22 14:48:18 -08:00 |
|
Tom Eastep
|
9c3a82f628
|
Add BLACKLIST action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-19 14:08:15 -08:00 |
|
Tom Eastep
|
e6933f4c8d
|
Add BLACKLIST policy
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-18 10:55:15 -08:00 |
|
Tom Eastep
|
cc3b8793e0
|
Make BALANCE_PROVIDERS default the setting of USE_DEFAULT_RT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-17 15:02:16 -08:00 |
|
Tom Eastep
|
ac5fd195ec
|
Correct provider/routefilter check wrt optional interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-17 09:34:13 -08:00 |
|
Tom Eastep
|
45b9ddf188
|
Add BALANCE_PROVIDERS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-17 08:58:09 -08:00 |
|
Tom Eastep
|
2d16fac9ed
|
Revert "Implement USE_DEFAULT_RT=Exact"
This reverts commit 2ca1ae734a .
|
2017-01-17 08:25:33 -08:00 |
|
Tom Eastep
|
f23970b4f7
|
Include LOG_MARTIANS in test for setting log_martians with routefilter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-14 13:03:24 -08:00 |
|
Tom Eastep
|
04112647d3
|
Correct provider/routefilter checking
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-14 12:40:39 -08:00 |
|
Tom Eastep
|
2ca1ae734a
|
Implement USE_DEFAULT_RT=Exact
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-14 08:14:08 -08:00 |
|
Tom Eastep
|
64c249a174
|
Set logmartians along with routefilter.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-11 15:53:55 -08:00 |
|
Tom Eastep
|
0019ca53e5
|
Include ROUTE_FILTER in routefilter/provider checks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-11 15:39:13 -08:00 |
|
Tom Eastep
|
0d2a5089a9
|
Merge branch '5.1.0'
|
2017-01-11 12:29:57 -08:00 |
|
Tom Eastep
|
50d09e76cb
|
Catch 'routefilter' with provider interfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-11 11:47:10 -08:00 |
|
Tom Eastep
|
568f461763
|
Propogate PAGER to -lite systems
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-11 11:18:57 -08:00 |
|
Tom Eastep
|
cb150f9c09
|
Allow compact IPv6 addresses in IP6TABLES() rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-07 10:01:03 -08:00 |
|
Tom Eastep
|
19ce2093d8
|
Correct splitting of IP(6)TABLES options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-07 10:00:37 -08:00 |
|
Tom Eastep
|
b8c322a05f
|
Ignore SUBSYSLOCK when $SERVICEDIR is non-empty
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-06 15:50:26 -08:00 |
|
Tom Eastep
|
f68d3fd9fa
|
Revert "Remove SUBSYSLOCK"
This reverts commit 386b137e9b .
|
2017-01-06 09:49:40 -08:00 |
|
Tom Eastep
|
386b137e9b
|
Remove SUBSYSLOCK
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-01-05 10:03:03 -08:00 |
|
Tom Eastep
|
638c7c5bca
|
Implement NETMAP_TARGET capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-12-27 08:26:51 -08:00 |
|
Tom Eastep
|
c4bbb46e3f
|
Eliminate rawpost table support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-12-26 14:20:08 -08:00 |
|
Tom Eastep
|
541291b729
|
Add do_condition() call in process_mangle_rule1()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-12-21 08:46:16 -08:00 |
|
Tom Eastep
|
9dcac6012b
|
Remove redundent test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-12-20 14:41:29 -08:00 |
|
Tom Eastep
|
4af278338f
|
Correct intra-zone handling in policies
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-12-19 09:11:41 -08:00 |
|
Tom Eastep
|
a9583aaf3a
|
Correct merge compatibility change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-12-18 19:00:37 -08:00 |
|
Tom Eastep
|
c2c2dc0b22
|
Exercise care when merging rules including -m multiport
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-12-18 18:39:19 -08:00 |
|
Tom Eastep
|
095c9212f4
|
Fatal error for empty action file
- Issue error if a file with the name of the action exists on the
CONFIG_PATH
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-12-12 16:31:46 -08:00 |
|
Tom Eastep
|
eea9882953
|
Implement CPU Fanout for NFQUEUE.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-12-09 10:46:39 -08:00 |
|
Tom Eastep
|
cc937ffaba
|
NFQUEUE should be non-terminating
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-12-09 09:49:23 -08:00 |
|
Tom Eastep
|
5ea3334a66
|
Support a richer SOURCE and DEST syntax
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-12-09 09:43:10 -08:00 |
|
Tom Eastep
|
53adfbe863
|
Normalize parameters by removing trailing omitted args
- Avoids needless duplicate action chains
|
2016-12-03 11:34:02 -08:00 |
|
Tom Eastep
|
4a0a906510
|
Correct progress message in optimize_level4()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-12-03 08:28:14 -08:00 |
|
Tom Eastep
|
7ceb0228e9
|
Merge branch 'master' into 5.1.0
|
2016-12-02 15:27:16 -08:00 |
|
Tom Eastep
|
f537e3e15c
|
Fix optimization bug in merge_rules()
- Reset the simple member if a unique option is merged
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-12-02 14:47:03 -08:00 |
|
Tom Eastep
|
5ae062317f
|
Merge branch 'master' into 5.1.0
|
2016-12-01 19:35:14 -08:00 |
|
Tom Eastep
|
a1981823f4
|
Correct typo (syntax error!)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-12-01 15:21:25 -08:00 |
|
Tom Eastep
|
77e83f0afd
|
Eliminate the CHAIN_SCRIPTS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-29 16:33:23 -08:00 |
|
Tom Eastep
|
a45fe692cc
|
Add a SWITCH column to the mangle files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-29 16:13:44 -08:00 |
|
Tom Eastep
|
799b17210c
|
Enhanced syntax for SOURCE and DEST columns in the rules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-25 15:10:14 -08:00 |
|
Tom Eastep
|
963dea54c5
|
Modify update defaults for LOGPREFIX and LOGLIMIT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-23 14:30:07 -08:00 |
|
Tom Eastep
|
ccab75e69a
|
Avoid unnecessary change in the generated script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-20 09:17:39 -08:00 |
|
Tom Eastep
|
36517cdb1e
|
Rename setup_environment to setup_product_environment
- Default to first detected product
- Verify that specified product is installed
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-20 08:48:18 -08:00 |
|
Tom Eastep
|
bb5c3a50f5
|
Avoid unnecessary change in the generated script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-19 21:39:49 -08:00 |
|
Tom Eastep
|
8b99fe20b5
|
Pave the way for unifying the CLI
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-19 21:17:35 -08:00 |
|
Tom Eastep
|
88284ed568
|
Delete version from the heading of compiler.pl
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-16 13:03:00 -08:00 |
|
Tom Eastep
|
481afef2c3
|
Don't insist that route deletion succeeds
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-12 08:38:09 -08:00 |
|
Tom Eastep
|
6b38b3a515
|
Revert "More IPv6 routing cleanup"
This reverts commit 1e7f63834c .
|
2016-11-12 08:25:38 -08:00 |
|
Tom Eastep
|
80951d23c2
|
add/delete multi-nexthop IPv6 routes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-12 08:24:46 -08:00 |
|
Tom Eastep
|
1e7f63834c
|
More IPv6 routing cleanup
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-09 10:34:19 -08:00 |
|
Tom Eastep
|
74b94f71f8
|
Always return $omitting from process_compiler_directive()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-09 08:07:17 -08:00 |
|
Tom Eastep
|
ef4ab62dd3
|
Disable directive callbacks after file conversion.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-09 07:47:19 -08:00 |
|
Tom Eastep
|
42c1c2a205
|
Don't copy link-level address routes into provider tables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-08 14:42:44 -08:00 |
|
Tom Eastep
|
d989241712
|
Retain shell variables during routestopped and blacklist conversions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-07 11:26:17 -08:00 |
|
Tom Eastep
|
652bc75448
|
Omit Shorewall version from converted files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-07 11:12:36 -08:00 |
|
Tom Eastep
|
d105da3964
|
Preserve shell variables when converting tos->mangle
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-06 17:25:35 -08:00 |
|
Tom Eastep
|
c5b393a074
|
Preserve shell variables when converting tcrules->mangle
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-06 17:25:01 -08:00 |
|
Tom Eastep
|
1b82dedb77
|
Preserve shell variables when converting masq -> snat
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-06 13:53:05 -08:00 |
|
Tom Eastep
|
6398756647
|
Add a routine to split the raw current line image
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-06 08:44:24 -08:00 |
|
Tom Eastep
|
daa2440d9a
|
Ensure that $directive_callback->() gets an unaltered image
- pass omitted lines to that function as well
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-06 08:03:31 -08:00 |
|
Tom Eastep
|
8441ac5c5f
|
Handle another issue with ADD_SNAT_ALIASES=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-03 15:06:38 -07:00 |
|
Tom Eastep
|
01a6881f4f
|
Catch total lack of address/port in SNAT argument
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-02 19:30:55 -07:00 |
|
Tom Eastep
|
f917670fbd
|
Tighten editing of SNAT/MASQ port ranges.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-02 19:30:18 -07:00 |
|
Tom Eastep
|
c376740329
|
Detect degenerate addr:port[-range] in SNAT rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-02 15:28:00 -07:00 |
|
Tom Eastep
|
4169520d63
|
Handle exceptionrule correctly with MASQUERADE.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-02 14:36:51 -07:00 |
|
Tom Eastep
|
53d97bbcc8
|
Correct handling of masquerade port range when ADD_SNAT_ALIASES=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-02 12:28:00 -07:00 |
|
Tom Eastep
|
9ae36e1989
|
Correct error message when multiple SNAT addresses are present.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-02 12:27:32 -07:00 |
|
Tom Eastep
|
60619fb3cb
|
Correct part of a recent patch to Nat.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-02 09:00:19 -07:00 |
|
Tom Eastep
|
41ecee356b
|
Correct earlier faulty patch to Nat.pm.
- Similar Rules.pm patch was okay.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-01 19:39:52 -07:00 |
|
Tom Eastep
|
e188bde6c4
|
Fix additional masq/snat issues.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-01 18:42:16 -07:00 |
|
Tom Eastep
|
d37967f32f
|
Replace --to-ports <ports> with --to-source :<ports>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-01 16:52:08 -07:00 |
|
Tom Eastep
|
10c1ad245a
|
Handle omitted port[-range] in SNAT correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-01 12:59:44 -07:00 |
|
Tom Eastep
|
032a16eb43
|
Detect incorrect port-range separator in SNAT(...)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-01 11:28:19 -07:00 |
|
Tom Eastep
|
3f68814a38
|
Disallow more than one address[-range] in SNAT rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-31 15:15:35 -07:00 |
|
Tom Eastep
|
95a1e65016
|
Clear target modifiers in interface loop
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-30 16:25:17 -07:00 |
|
Tom Eastep
|
282253022e
|
Correct handling of address variables out of the Providers module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-29 14:59:34 -07:00 |
|
Tom Eastep
|
4d77d673e8
|
Be sure NAT is enabled before processing an snat file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-28 09:30:17 -07:00 |
|
Tom Eastep
|
e4e424bbdc
|
Disallow '+' in inline SNAT action bodies
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-28 08:58:47 -07:00 |
|
Tom Eastep
|
71fb1a8cbd
|
Correct error message ( s/\*/+/ )
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-27 14:32:43 -07:00 |
|
Tom Eastep
|
de3b05ea41
|
Correctly translate +INLINE(...)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-27 12:21:07 -07:00 |
|
Tom Eastep
|
ae9b57d854
|
Correct NONAT translation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-26 16:06:28 -07:00 |
|
Tom Eastep
|
579910fdb8
|
Fix MASQUERADE+ Handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-26 14:40:16 -07:00 |
|
Tom Eastep
|
21877d5fcb
|
Force a reload when enabling an interface whose IP address has changed
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-26 13:39:50 -07:00 |
|
Tom Eastep
|
0b9387f09c
|
Force address Detection on optional interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-25 14:42:03 -07:00 |
|
Tom Eastep
|
fdfd8b919b
|
Merge branch '5.0.13'
|
2016-10-24 12:52:01 -07:00 |
|
Tom Eastep
|
3d3ae81bce
|
Restore old wording for Version 4 ipset creation message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-24 12:51:43 -07:00 |
|
Tom Eastep
|
3b6b89336e
|
Eliminate superfluous test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-24 11:57:56 -07:00 |
|
Tom Eastep
|
fc0ad7cd2e
|
Be sure that the 'restriction' member exists for the FORWARD chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-24 11:37:40 -07:00 |
|
Tom Eastep
|
c9b1b7684c
|
Correct handling of dest IPSET.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-24 09:06:05 -07:00 |
|
Tom Eastep
|
b8ec460a1a
|
Correct grammar in the ipset creation message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-24 08:49:51 -07:00 |
|
Tom Eastep
|
46b8e2e957
|
Avoid exception when validating 'occurs' in TC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-24 08:14:12 -07:00 |
|
Tom Eastep
|
0ed813972b
|
Auto-create ipsets used in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-23 16:44:07 -07:00 |
|
Tom Eastep
|
f9cfde91e5
|
Correctly handle ipset in tcfilter DEST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-23 16:43:49 -07:00 |
|
Tom Eastep
|
3df488e710
|
Correct handling of ipsets in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-23 16:28:36 -07:00 |
|
Tom Eastep
|
0efc7a4899
|
Correct restriction and chain number handling in the mangle files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-23 15:36:04 -07:00 |
|
Tom Eastep
|
d241421630
|
Merge branch '5.0.13'
|
2016-10-23 08:34:47 -07:00 |
|
Tom Eastep
|
e0203bca87
|
Correct nill address check in handling of 'origdest=detect'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-23 08:34:24 -07:00 |
|