Tom Eastep
f25b9e1967
Allow :<port> in tcfilters
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 09:26:29 -07:00
Tom Eastep
2fa16f6d08
Enable blacklist rule promotion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 08:36:59 -07:00
Tom Eastep
578fc6c521
Correct Chains::promote_blacklist_rules()
...
- Interate through chains that jump to 'blacklst' until no rule is promoted
This is required to promote jumps past exclusion chains
- Correct reference counting; the first cut was horribly wrong
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 08:36:35 -07:00
Tom Eastep
fd6ff1849a
Promote 'in' blacklist rules to the head of the interface chain
...
- Added Chains::promote_blacklist_rules()
- Called the function from Rules::generate_matrix()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 07:37:42 -07:00
Tom Eastep
9946fbd3b5
Update release docs
2010-09-17 17:37:07 -07:00
Tom Eastep
580c561a51
Clear raw table on 'clear'
2010-09-17 17:12:34 -07:00
Tom Eastep
a42576aef8
Fix blacklisting vs vservers
2010-09-17 16:38:34 -07:00
Tom Eastep
79bb47582a
Zero out {frozen} in a deleted chain entry
2010-09-17 16:00:36 -07:00
Tom Eastep
596d207dfc
Simplify a test
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 15:43:56 -07:00
Tom Eastep
8cdbe5f88d
Fix an optimization bug with the new blacklisting code
2010-09-17 15:43:47 -07:00
Tom Eastep
402b3b929e
Restore trace output in move_rules()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 15:43:03 -07:00
Tom Eastep
3d0f8e962e
Simplify move_rules()
2010-09-17 13:49:32 -07:00
Tom Eastep
ab78aac3a4
Disallow mss and blacklist on firewall and vserver zones
2010-09-17 12:46:38 -07:00
Tom Eastep
330afe1701
Emit clearer error messages
2010-09-17 12:35:34 -07:00
Tom Eastep
239b4a2356
Be sure that {frozen} is defined
2010-09-17 12:08:48 -07:00
Tom Eastep
65de1e4e6e
Re-add OPTIONS column to blacklist templates
2010-09-17 11:56:47 -07:00
Tom Eastep
07930fc535
Revert versions on Rules and Zones modules
2010-09-17 11:06:32 -07:00
Tom Eastep
5357f4c347
Eliminate a parameter to add_jump()
2010-09-17 11:05:35 -07:00
Tom Eastep
c7373ada46
Add advice about SAVE/RESTORE
2010-09-17 09:22:48 -07:00
Tom Eastep
af24baaecd
Update version to RC1 (one more time)
2010-09-17 09:14:56 -07:00
Tom Eastep
e61230a3db
Update version to Beta 6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 08:23:24 -07:00
Tom Eastep
8e2c8e5a8f
Document use of state match for NOTRACK
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 08:21:16 -07:00
Tom Eastep
882970a598
Use state match for UNTRACKED
2010-09-17 07:58:21 -07:00
Tom Eastep
2ce3c8aa88
Ensure that blacklist rules are before the other interface-oriented rules
2010-09-16 18:19:16 -07:00
Tom Eastep
27c445381e
Treat 'blacklist' uniformly in hosts and zones
2010-09-16 15:48:12 -07:00
Tom Eastep
67b9ae0d2c
Update release documents
2010-09-16 15:47:05 -07:00
Tom Eastep
1c870b532a
Preserve dynamic blacklist during stop/clear/restore
2010-09-16 12:17:04 -07:00
Tom Eastep
44665775b2
Documentation corrections to the blacklist files
2010-09-16 09:46:46 -07:00
Tom Eastep
a8c9fc1859
Implement new Blacklisting Scheme
2010-09-16 09:40:28 -07:00
Tom Eastep
3c1cff0794
First steps toward zone-based blacklisting
2010-09-16 06:55:48 -07:00
Tom Eastep
1d650b41cd
Remove blacklisting by destination IP address support
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 15:24:58 -07:00
Tom Eastep
bea4ce4ca6
Add tc-tbf link to tcinterfaces manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 14:07:42 -07:00
Tom Eastep
3ad3f0d9e0
Allow floating point numbers in tcinterfaces fields other than <rate>
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 14:07:21 -07:00
Tom Eastep
ba89ec39b5
Add :<burst> to /etc/shorewall/tcdevices
2010-09-15 11:56:14 -07:00
Tom Eastep
69a2fa1907
Replace to/from with dst/src
2010-09-15 11:25:46 -07:00
Tom Eastep
8147671eb2
Document JUMP
2010-09-15 09:49:37 -07:00
Tom Eastep
f925b335ef
Ignore the 'blacklist' host option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 08:10:57 -07:00
Tom Eastep
373fc87165
More blacklisting wrapup
...
- Deprecate 'blacklist' in the hosts file
- Base blacklisting on interfaces alone
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 07:38:20 -07:00
Tom Eastep
4d0e8d129b
Add dup blacklist message
2010-09-14 18:04:27 -07:00
Tom Eastep
10a9ae496a
More manpage updates for 4.4.13
2010-09-14 16:47:45 -07:00
Tom Eastep
94cdc73ec2
Restore setpolicy() to prog.header*
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-14 13:50:22 -07:00
Tom Eastep
c4a40d8c7b
Set version to RC1 (again)
2010-09-14 13:09:50 -07:00
Tom Eastep
2ff06f5f0a
Update simple TC doc
2010-09-14 07:59:01 -07:00
Tom Eastep
c6960f1ac2
Edit release notes
2010-09-14 07:36:29 -07:00
Tom Eastep
1f2691b052
Another fix for blacklisting; correct composition of $hosts1
2010-09-14 06:47:29 -07:00
Tom Eastep
0f913fca2f
Don't create blackout unnecessarily
2010-09-13 18:15:50 -07:00
Tom Eastep
82bccf16b5
Avoid internal error when there are no 'to' entries
2010-09-13 17:55:20 -07:00
Tom Eastep
bb38ed16b0
Document ipset creation fix
2010-09-13 15:54:44 -07:00
Tom Eastep
b1e9bff382
Create new ipsets on 'start'
2010-09-13 15:46:04 -07:00
Tom Eastep
a6194fabd2
Delete blank line
2010-09-13 14:15:47 -07:00