extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 12:14:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
11,617 Commits 104 Branches 736 Tags 55 MiB
ee28638604
Commit Graph

2264 Commits

Author SHA1 Message Date
Tom Eastep
ee28638604 Add HELPERS to rules file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-08 07:23:20 -07:00
Tom Eastep
ccf517307e Handle raw table zones from VSERVERS 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-07 14:51:58 -07:00
Tom Eastep
c007f847a0 Handle disabled helpers in pre-3.5 kernels. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-06 15:54:45 -07:00
Tom Eastep
b4c812b676 Correct helper parsing in the Raw module. 
- Require (...) around multiple ctevents
- Detect invalid options

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-05 08:09:17 -07:00
Tom Eastep
9a0d53194a Correct Helper detection in the compiler. 
Use CT_MATCH when available.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-05 08:08:20 -07:00
Tom Eastep
093985dd93 Use HELPERS to enable/disable helper association. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-03 19:26:02 -07:00
Tom Eastep
72307df6d2 Replace the AUTOHELPERS option with the HELPERS option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-03 10:53:20 -07:00
Tom Eastep
7689b1e84b Remove the 'zone' helper option for now. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-03 06:39:58 -07:00
Tom Eastep
82c057d1ed Fix *VERSION handling. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 16:44:02 -07:00
Tom Eastep
21770a89d6 Detect which matches are available. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 15:38:23 -07:00
Tom Eastep
223ed5b3a3 More additions to the helper table and to the conntrack files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 13:25:44 -07:00
Tom Eastep
9ba0c07956 Redesign the CT:helper feature. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 11:10:08 -07:00
Tom Eastep
7d32258e6e Correct Helpers Module 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 11:09:34 -07:00
Tom Eastep
07e56d129a Add AUTOHELPERS option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 11:09:18 -07:00
Tom Eastep
62d6d2558e Rename AUTO_COMMENT to AUTOCOMMENT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 11:06:41 -07:00
Tom Eastep
833e54c9c3 Rename the notrack file to conntrack 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 11:02:17 -07:00
Tom Eastep
f2dd43855e Correct typo in warning message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-01 13:13:18 -07:00
Tom Eastep
eaf238fa66 Merge branch '4.5.6' 2012-08-01 10:37:45 -07:00
Tom Eastep
542f279544 Don't allow a source interface in a DNAT/REDIRECT rule with source == firewall 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-01 10:01:08 -07:00
Tom Eastep
735b7c2cf5 Add support for nfacct 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-28 11:21:16 -07:00
Tom Eastep
87c0f934aa Add NFacct Match capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-28 08:19:05 -07:00
Tom Eastep
55b527d065 Eliminate a local variable. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-15 20:22:19 -07:00
Tom Eastep
e1e7ab42c1 Make 'routefilter' and 'sfilter' mutually exclusive 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-15 10:37:56 -07:00
Tom Eastep
65b16a1acf Compensate for bugs in the latest CPerl emacs extension 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-15 10:07:06 -07:00
Tom Eastep
1db79a91eb 'rpfilter' option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-15 10:05:32 -07:00
Tom Eastep
e7cd84a72c Implement rpfilter match capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-15 07:54:46 -07:00
Tom Eastep
2cce81cfc1 Revert 83a8c7eda3 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-09 10:58:15 -07:00
Tom Eastep
9f4ca3ebc5 Additional simplification of evaluate_expression() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-08 07:48:27 -07:00
Tom Eastep
3c2385de06 Merge branch '4.5.6' 2012-07-08 07:36:15 -07:00
Tom Eastep
6ce3d0180e Ensure a defined value for __IPV[46] 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-07 09:47:10 -07:00
Tom Eastep
83a8c7eda3 When TC_ENABLED=No, require providers to process tcrules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-07 08:02:57 -07:00
Tom Eastep
83df8a4e39 Avoid a call to eval() for simple expressions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-06 07:26:54 -07:00
Tom Eastep
e9d8228b6f Simplify handling of __IPVn in conditional directives. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-06 06:43:15 -07:00
Tom Eastep
65d8341c6c Correct a comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-05 15:43:20 -07:00
Tom Eastep
61a9584433 Only require MANGLE_ENABLED to process the tcrules file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-04 14:45:24 -07:00
Tom Eastep
000cc6978a Add missing 'sleep' when waiting for wildcard interface to come up 
- Also reverse the order of test and sleep when waiting for a regular
  interface to come up.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-03 08:06:30 -07:00
Tom Eastep
e4d66fb5fc Back out redundant part of recent patch 
- setup_traffic_shaping is only called when there are tc devices so the
  test of @tcdevices in that function is redundant.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-03 06:33:46 -07:00
Tom Eastep
537f6c157c Allow the compiler version to be tested in ?IF/?ELSIF 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-02 11:53:32 -07:00
Tom Eastep
a5b637b2a7 Use the correct filename in ?IF/?ELSIF exec call. 
- Also extend a comment in the TC module

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-02 11:53:01 -07:00
Tom Eastep
09c00cf425 Don't print phoney progress message 
- The 'Setting up Traffic Shaping' progress message was being issued when
  traffic shaping was not enabled.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-01 08:27:07 -07:00
Tom Eastep
6ddaa0190e Improve USER/GROUP validation. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-30 14:46:50 -07:00
Tom Eastep
5c176c64b7 Add an ORIGINAL DEST column to /etc/shorewall/masq 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-29 15:32:01 -07:00
Tom Eastep
b195884b1f Insure that the correct filename/linenumber are printed in error messages out of process_conditional() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-29 09:01:26 -07:00
Tom Eastep
56d5ae2d41 Ensure that exclusion chains have DONT_MOVE 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-27 18:06:38 -07:00
Tom Eastep
0bf2753472 Re-implement conditional inclusion 
- Correct defects
- Add ?ELSIF support
- Allow Perl-compatible expressions in ?IF
 2012-06-27 15:15:44 -07:00
Tom Eastep
c90006ecf8 Correct another logical name bug -- this time in TC 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-27 11:34:19 -07:00
Tom Eastep
af302900c6 Prevent multiple 'tproxy' providers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-23 17:09:46 -07:00
Tom Eastep
9aa78656ec Add TPROXY_MARK to the output of 'shorewall show marks' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-23 07:57:39 -07:00
Tom Eastep
9d3766b77f Allow fwmarks with 'classify' interfaces 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-20 14:04:48 -07:00
Tom Eastep
24ddae6ede Don't use '--ctmark' when saving marks 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-20 13:30:27 -07:00