Commit Graph

9342 Commits

Author SHA1 Message Date
Tom Eastep
f25b9e1967 Allow :<port> in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 09:26:29 -07:00
Tom Eastep
2fa16f6d08 Enable blacklist rule promotion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 08:36:59 -07:00
Tom Eastep
578fc6c521 Correct Chains::promote_blacklist_rules()
- Interate through chains that jump to 'blacklst' until no rule is promoted
  This is required to promote jumps past exclusion chains
- Correct reference counting; the first cut was horribly wrong

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 08:36:35 -07:00
Tom Eastep
fd6ff1849a Promote 'in' blacklist rules to the head of the interface chain
- Added Chains::promote_blacklist_rules()
- Called the function from Rules::generate_matrix()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 07:37:42 -07:00
Tom Eastep
9946fbd3b5 Update release docs 2010-09-17 17:37:07 -07:00
Tom Eastep
580c561a51 Clear raw table on 'clear' 2010-09-17 17:12:34 -07:00
Tom Eastep
a42576aef8 Fix blacklisting vs vservers 2010-09-17 16:38:34 -07:00
Tom Eastep
79bb47582a Zero out {frozen} in a deleted chain entry 2010-09-17 16:00:36 -07:00
Tom Eastep
596d207dfc Simplify a test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 15:43:56 -07:00
Tom Eastep
8cdbe5f88d Fix an optimization bug with the new blacklisting code 2010-09-17 15:43:47 -07:00
Tom Eastep
402b3b929e Restore trace output in move_rules()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 15:43:03 -07:00
Tom Eastep
3d0f8e962e Simplify move_rules() 2010-09-17 13:49:32 -07:00
Tom Eastep
ab78aac3a4 Disallow mss and blacklist on firewall and vserver zones 2010-09-17 12:46:38 -07:00
Tom Eastep
330afe1701 Emit clearer error messages 2010-09-17 12:35:34 -07:00
Tom Eastep
239b4a2356 Be sure that {frozen} is defined 2010-09-17 12:08:48 -07:00
Tom Eastep
65de1e4e6e Re-add OPTIONS column to blacklist templates 2010-09-17 11:56:47 -07:00
Tom Eastep
07930fc535 Revert versions on Rules and Zones modules 2010-09-17 11:06:32 -07:00
Tom Eastep
5357f4c347 Eliminate a parameter to add_jump() 2010-09-17 11:05:35 -07:00
Tom Eastep
c7373ada46 Add advice about SAVE/RESTORE 2010-09-17 09:22:48 -07:00
Tom Eastep
af24baaecd Update version to RC1 (one more time) 2010-09-17 09:14:56 -07:00
Tom Eastep
e61230a3db Update version to Beta 6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 08:23:24 -07:00
Tom Eastep
8e2c8e5a8f Document use of state match for NOTRACK
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 08:21:16 -07:00
Tom Eastep
882970a598 Use state match for UNTRACKED 2010-09-17 07:58:21 -07:00
Tom Eastep
2ce3c8aa88 Ensure that blacklist rules are before the other interface-oriented rules 2010-09-16 18:19:16 -07:00
Tom Eastep
27c445381e Treat 'blacklist' uniformly in hosts and zones 2010-09-16 15:48:12 -07:00
Tom Eastep
67b9ae0d2c Update release documents 2010-09-16 15:47:05 -07:00
Tom Eastep
1c870b532a Preserve dynamic blacklist during stop/clear/restore 2010-09-16 12:17:04 -07:00
Tom Eastep
44665775b2 Documentation corrections to the blacklist files 2010-09-16 09:46:46 -07:00
Tom Eastep
a8c9fc1859 Implement new Blacklisting Scheme 2010-09-16 09:40:28 -07:00
Tom Eastep
3c1cff0794 First steps toward zone-based blacklisting 2010-09-16 06:55:48 -07:00
Tom Eastep
1d650b41cd Remove blacklisting by destination IP address support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 15:24:58 -07:00
Tom Eastep
bea4ce4ca6 Add tc-tbf link to tcinterfaces manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 14:07:42 -07:00
Tom Eastep
3ad3f0d9e0 Allow floating point numbers in tcinterfaces fields other than <rate>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 14:07:21 -07:00
Tom Eastep
ba89ec39b5 Add :<burst> to /etc/shorewall/tcdevices 2010-09-15 11:56:14 -07:00
Tom Eastep
69a2fa1907 Replace to/from with dst/src 2010-09-15 11:25:46 -07:00
Tom Eastep
8147671eb2 Document JUMP 2010-09-15 09:49:37 -07:00
Tom Eastep
f925b335ef Ignore the 'blacklist' host option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 08:10:57 -07:00
Tom Eastep
373fc87165 More blacklisting wrapup
- Deprecate 'blacklist' in the hosts file
- Base blacklisting on interfaces alone

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 07:38:20 -07:00
Tom Eastep
4d0e8d129b Add dup blacklist message 2010-09-14 18:04:27 -07:00
Tom Eastep
10a9ae496a More manpage updates for 4.4.13 2010-09-14 16:47:45 -07:00
Tom Eastep
94cdc73ec2 Restore setpolicy() to prog.header*
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-14 13:50:22 -07:00
Tom Eastep
c4a40d8c7b Set version to RC1 (again) 2010-09-14 13:09:50 -07:00
Tom Eastep
2ff06f5f0a Update simple TC doc 2010-09-14 07:59:01 -07:00
Tom Eastep
c6960f1ac2 Edit release notes 2010-09-14 07:36:29 -07:00
Tom Eastep
1f2691b052 Another fix for blacklisting; correct composition of $hosts1 2010-09-14 06:47:29 -07:00
Tom Eastep
0f913fca2f Don't create blackout unnecessarily 2010-09-13 18:15:50 -07:00
Tom Eastep
82bccf16b5 Avoid internal error when there are no 'to' entries 2010-09-13 17:55:20 -07:00
Tom Eastep
bb38ed16b0 Document ipset creation fix 2010-09-13 15:54:44 -07:00
Tom Eastep
b1e9bff382 Create new ipsets on 'start' 2010-09-13 15:46:04 -07:00
Tom Eastep
a6194fabd2 Delete blank line 2010-09-13 14:15:47 -07:00