Commit Graph

2794 Commits

Author SHA1 Message Date
Tom Eastep
ee2e85c0fb Correct generation of the blacklog chain when disposition is audited
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-10 16:43:38 -07:00
Tom Eastep
186f71fa96 Add NEW_TOS_MATCH capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-09 14:04:16 -07:00
Tom Eastep
477e2bc455 Additional corrections to INLINE action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-09 09:41:43 -07:00
Tom Eastep
273f109daf Correct handling of MACLIST_DISPOSITION=A_xxx when MACLIST_TABLE=mangle
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-09 09:37:12 -07:00
Tom Eastep
50494f667c Implement INLINE action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-08 17:30:00 -07:00
Tom Eastep
183a0a75a1 Implement 'builtin' actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-08 16:14:26 -07:00
Tom Eastep
9e10c38e26 Don't emit 'quantum' calculation unless the qdisc is 'htb'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-03 08:39:18 -07:00
Tom Eastep
ee66a45e2e Correct comments in the Chains module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-02 12:52:10 -07:00
Tom Eastep
c200efa6d7 Revert "Disable script generation while processing TC"
This reverts commit 5b18ff91ca.
2013-04-01 15:23:16 -07:00
Tom Eastep
5b18ff91ca Disable script generation while processing TC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-01 09:05:12 -07:00
Tom Eastep
ef5818ce7e Merge branch '4.5.15' 2013-03-31 07:08:49 -07:00
Tom Eastep
58ef8e0ec3 Correct bounds check in do_dscp()
- "< 0x2f" s/b "< 0x3f"

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-31 07:07:21 -07:00
Tom Eastep
8a84c1c371 Avoid 'echo' failure during 'enable'.
- in the case where the kernel doesn't know about
  /proc/sys/net/ipv6/conf/x/accept_ra

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-31 07:02:11 -07:00
Tom Eastep
1db5741edd Merge branch '4.5.15'
Conflicts:
	Shorewall/Perl/Shorewall/Proc.pm
2013-03-30 18:08:17 -07:00
Tom Eastep
1139e1a09c Establish /proc/sys/net/ipv6/conf/X/forwarding during 'enable'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-30 17:26:50 -07:00
Tom Eastep
d415de1883 Add the accept_ra Shorewall6 interface option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-30 16:44:18 -07:00
Tom Eastep
448d957e48 Fix use of names for DSCP.
- From Thibaut Chèze

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-30 07:20:10 -07:00
Tom Eastep
8fe7963631 Revert another replace->add change.
- Also includes a cosmetic change.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-27 06:57:49 -07:00
Tom Eastep
6334b09653 Add a comment about why the 'id' member of builtin tables is initialized in process_providers()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-26 14:30:42 -07:00
Tom Eastep
e572d6ce50 Use the 'id' member in copy_and_edit_table().
- Also add prohibit and unreachable to the existing blackhole case.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-26 07:38:13 -07:00
Tom Eastep
792a19bf4b Initialize the 'id' member of reserved tables after .conf has been read.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-26 07:36:57 -07:00
Tom Eastep
61e21de41b Revert bad hunk from last change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-26 07:00:16 -07:00
Tom Eastep
43932f2bbd Cleanup of table id/number and 'route replace' erradication
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-25 07:35:30 -07:00
Tom Eastep
6e5f00062c Revert "Use 'replace' rather than 'add' for routes defined in the routes file."
This reverts commit 215fd9e234.

Conflicts:

	Shorewall/Perl/Shorewall/Providers.pm
2013-03-24 14:19:31 -07:00
Tom Eastep
b5ea4067e4 Implement USE_RT_NAMES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-24 10:56:38 -07:00
Tom Eastep
0c30e7c013 Uniform handling of VLSM width.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-23 09:19:26 -07:00
Tom Eastep
536fea27a5 Detect duplicate routes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-22 14:59:35 -07:00
Tom Eastep
215fd9e234 Use 'replace' rather than 'add' for routes defined in the routes file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-22 14:55:27 -07:00
Tom Eastep
4c0a0e0ff8 Don't emit 'qt ' in the undo_x_routing files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-22 13:20:27 -07:00
Tom Eastep
9e5cf92a59 Merge branch '4.5.14' 2013-03-21 12:00:20 -07:00
Tom Eastep
3ac6835650 Handle IPv6 /32 networks correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-21 11:30:59 -07:00
Tom Eastep
1e866eac28 Implement the other forms of NULL routing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-16 08:20:52 -07:00
Tom Eastep
b10218e773 Add a 'UDPLITE Port Redirection' capability.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-10 10:07:52 -07:00
Tom Eastep
8442477224 Add Enhanced Multi-port match capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-10 09:04:47 -07:00
Tom Eastep
fd2fcc996f Don't allow port redirection with UDPLITE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-10 08:32:45 -07:00
Tom Eastep
8c4c856caa Issue a warning if the contents of the DUPLICATE column may be invalid.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-09 07:57:13 -08:00
Tom Eastep
a167e3449e Avoid Perl run-time errors when checking a provider interface.
- Handle case where a provider interface matches a wildcard

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-09 07:56:16 -08:00
Tom Eastep
b871fc689c Merge branch 'FETCH_HEAD' into 4.5.14 2013-03-09 07:11:47 -08:00
Tom Eastep
cfe2bd11b0 Allow 'none' in the COPY column when the DUPLICATE column is empty.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-08 19:18:13 -08:00
Tom Eastep
bd64baa8d9 Require at least one zone for a provider
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-08 13:08:23 -08:00
Tom Eastep
e1f7a9dbf8 Reverse an earlier silly patch.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-08 10:38:13 -08:00
Tom Eastep
4586568649 Merge branch '4.5.14' of ssh://git.code.sf.net/p/shorewall/code 2013-03-08 08:00:43 -08:00
Tom Eastep
b4d4083513 Split large '--ports' lists across multiple rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-08 07:38:23 -08:00
Tom Eastep
91f5a9dec0 Make 'main' work correctly when specified in the routes file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-08 07:26:49 -08:00
Tom Eastep
50030bcc2d Revert "Don't allow routes to be added to non-Provider tables."
This reverts commit 6f9a1ba29d.
2013-03-08 06:55:12 -08:00
Tom Eastep
8eacbe287b Correction to MULTIPORT patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 18:11:59 -08:00
Tom Eastep
6f9a1ba29d Don't allow routes to be added to non-Provider tables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 17:18:57 -08:00
Tom Eastep
6ba02c4a24 Merge branch 'master' into 4.5.14
Conflicts:
	Shorewall/Perl/Shorewall/Providers.pm
2013-03-07 08:29:30 -08:00
Tom Eastep
c4f0be96ac Require that interfaces in the COPY column be known.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 07:32:56 -08:00
Tom Eastep
7da10ff923 Additional change to copy blackhole routes.
- Add 'blackhole' to the outer case statement
- Add RFC1918 blackhole routes before starting providers.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 07:01:58 -08:00