Tom Eastep
ee2e85c0fb
Correct generation of the blacklog chain when disposition is audited
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-10 16:43:38 -07:00
Tom Eastep
186f71fa96
Add NEW_TOS_MATCH capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-09 14:04:16 -07:00
Tom Eastep
477e2bc455
Additional corrections to INLINE action.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-09 09:41:43 -07:00
Tom Eastep
273f109daf
Correct handling of MACLIST_DISPOSITION=A_xxx when MACLIST_TABLE=mangle
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-09 09:37:12 -07:00
Tom Eastep
50494f667c
Implement INLINE action
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-08 17:30:00 -07:00
Tom Eastep
183a0a75a1
Implement 'builtin' actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-08 16:14:26 -07:00
Tom Eastep
9e10c38e26
Don't emit 'quantum' calculation unless the qdisc is 'htb'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-03 08:39:18 -07:00
Tom Eastep
ee66a45e2e
Correct comments in the Chains module.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-02 12:52:10 -07:00
Tom Eastep
c200efa6d7
Revert "Disable script generation while processing TC"
...
This reverts commit 5b18ff91ca
.
2013-04-01 15:23:16 -07:00
Tom Eastep
5b18ff91ca
Disable script generation while processing TC
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-01 09:05:12 -07:00
Tom Eastep
ef5818ce7e
Merge branch '4.5.15'
2013-03-31 07:08:49 -07:00
Tom Eastep
58ef8e0ec3
Correct bounds check in do_dscp()
...
- "< 0x2f" s/b "< 0x3f"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-31 07:07:21 -07:00
Tom Eastep
8a84c1c371
Avoid 'echo' failure during 'enable'.
...
- in the case where the kernel doesn't know about
/proc/sys/net/ipv6/conf/x/accept_ra
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-31 07:02:11 -07:00
Tom Eastep
1db5741edd
Merge branch '4.5.15'
...
Conflicts:
Shorewall/Perl/Shorewall/Proc.pm
2013-03-30 18:08:17 -07:00
Tom Eastep
1139e1a09c
Establish /proc/sys/net/ipv6/conf/X/forwarding during 'enable'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-30 17:26:50 -07:00
Tom Eastep
d415de1883
Add the accept_ra Shorewall6 interface option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-30 16:44:18 -07:00
Tom Eastep
448d957e48
Fix use of names for DSCP.
...
- From Thibaut Chèze
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-30 07:20:10 -07:00
Tom Eastep
8fe7963631
Revert another replace->add change.
...
- Also includes a cosmetic change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-27 06:57:49 -07:00
Tom Eastep
6334b09653
Add a comment about why the 'id' member of builtin tables is initialized in process_providers()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-26 14:30:42 -07:00
Tom Eastep
e572d6ce50
Use the 'id' member in copy_and_edit_table().
...
- Also add prohibit and unreachable to the existing blackhole case.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-26 07:38:13 -07:00
Tom Eastep
792a19bf4b
Initialize the 'id' member of reserved tables after .conf has been read.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-26 07:36:57 -07:00
Tom Eastep
61e21de41b
Revert bad hunk from last change.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-26 07:00:16 -07:00
Tom Eastep
43932f2bbd
Cleanup of table id/number and 'route replace' erradication
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-25 07:35:30 -07:00
Tom Eastep
6e5f00062c
Revert "Use 'replace' rather than 'add' for routes defined in the routes file."
...
This reverts commit 215fd9e234
.
Conflicts:
Shorewall/Perl/Shorewall/Providers.pm
2013-03-24 14:19:31 -07:00
Tom Eastep
b5ea4067e4
Implement USE_RT_NAMES
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-24 10:56:38 -07:00
Tom Eastep
0c30e7c013
Uniform handling of VLSM width.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-23 09:19:26 -07:00
Tom Eastep
536fea27a5
Detect duplicate routes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-22 14:59:35 -07:00
Tom Eastep
215fd9e234
Use 'replace' rather than 'add' for routes defined in the routes file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-22 14:55:27 -07:00
Tom Eastep
4c0a0e0ff8
Don't emit 'qt ' in the undo_x_routing files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-22 13:20:27 -07:00
Tom Eastep
9e5cf92a59
Merge branch '4.5.14'
2013-03-21 12:00:20 -07:00
Tom Eastep
3ac6835650
Handle IPv6 /32 networks correctly.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-21 11:30:59 -07:00
Tom Eastep
1e866eac28
Implement the other forms of NULL routing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-16 08:20:52 -07:00
Tom Eastep
b10218e773
Add a 'UDPLITE Port Redirection' capability.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-10 10:07:52 -07:00
Tom Eastep
8442477224
Add Enhanced Multi-port match capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-10 09:04:47 -07:00
Tom Eastep
fd2fcc996f
Don't allow port redirection with UDPLITE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-10 08:32:45 -07:00
Tom Eastep
8c4c856caa
Issue a warning if the contents of the DUPLICATE column may be invalid.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-09 07:57:13 -08:00
Tom Eastep
a167e3449e
Avoid Perl run-time errors when checking a provider interface.
...
- Handle case where a provider interface matches a wildcard
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-09 07:56:16 -08:00
Tom Eastep
b871fc689c
Merge branch 'FETCH_HEAD' into 4.5.14
2013-03-09 07:11:47 -08:00
Tom Eastep
cfe2bd11b0
Allow 'none' in the COPY column when the DUPLICATE column is empty.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-08 19:18:13 -08:00
Tom Eastep
bd64baa8d9
Require at least one zone for a provider
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-08 13:08:23 -08:00
Tom Eastep
e1f7a9dbf8
Reverse an earlier silly patch.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-08 10:38:13 -08:00
Tom Eastep
4586568649
Merge branch '4.5.14' of ssh://git.code.sf.net/p/shorewall/code
2013-03-08 08:00:43 -08:00
Tom Eastep
b4d4083513
Split large '--ports' lists across multiple rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-08 07:38:23 -08:00
Tom Eastep
91f5a9dec0
Make 'main' work correctly when specified in the routes file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-08 07:26:49 -08:00
Tom Eastep
50030bcc2d
Revert "Don't allow routes to be added to non-Provider tables."
...
This reverts commit 6f9a1ba29d
.
2013-03-08 06:55:12 -08:00
Tom Eastep
8eacbe287b
Correction to MULTIPORT patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 18:11:59 -08:00
Tom Eastep
6f9a1ba29d
Don't allow routes to be added to non-Provider tables.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 17:18:57 -08:00
Tom Eastep
6ba02c4a24
Merge branch 'master' into 4.5.14
...
Conflicts:
Shorewall/Perl/Shorewall/Providers.pm
2013-03-07 08:29:30 -08:00
Tom Eastep
c4f0be96ac
Require that interfaces in the COPY column be known.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 07:32:56 -08:00
Tom Eastep
7da10ff923
Additional change to copy blackhole routes.
...
- Add 'blackhole' to the outer case statement
- Add RFC1918 blackhole routes before starting providers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 07:01:58 -08:00