Commit Graph

501 Commits

Author SHA1 Message Date
Tom Eastep
4493b2ab6b Correct typo in 'rules' manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 06:50:40 -08:00
Tom Eastep
8fb73026c8 Replace SAVE_COUNTERS with the -C command option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-01 09:37:57 -07:00
Tom Eastep
b7ab82dba4 Implement -f option in the -lite products' start command
- Remove 'recover' command

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 10:42:39 -07:00
Tom Eastep
3454e10525 Add SAVE_COUNTERS option.
- Also implement recover command

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 08:57:56 -07:00
Tom Eastep
055fceb82f Update policy manpages for duel limits
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-22 12:27:27 -07:00
Tom Eastep
f5bdc9e7f4 Allow two limits in the RATE LIMIT columns
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-22 11:21:43 -07:00
Tom Eastep
2a463e06aa More documentation changes regarding SAVE_IPSETS.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 17:10:45 -07:00
Tom Eastep
3e2c903a41 Revert "Only save ipsets of the proper family"
This reverts commit b053cab630.
2014-09-28 13:32:32 -07:00
Tom Eastep
b053cab630 Only save ipsets of the proper family
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 12:58:52 -07:00
Tom Eastep
3858683e94 Allow saving a specified list of ipsets
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 11:19:41 -07:00
Tom Eastep
10df9d31c4 Correct typo in the actions manpages (4.6.5 s/b 4.6.4).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-25 14:47:27 -07:00
Tom Eastep
976a1f3deb Merge branch '4.6.3'
Conflicts:
	Shorewall/Perl/Shorewall/Misc.pm
2014-09-25 08:06:16 -07:00
Tom Eastep
ea40068c10 Fix ADMINISABSENTMINDED=No used with stoppedrules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-25 08:03:35 -07:00
Tom Eastep
580e00dabd Implement LOG_BACKEND option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 15:26:13 -07:00
Tom Eastep
a7b57ad32c Clarify iptrace logging.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 09:14:38 -07:00
Tom Eastep
ba7f88c912 Re-apply 'terminating' changes to the actions manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-23 09:33:57 -07:00
Tom Eastep
7481514a97 Implement the 'terminating' action option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-23 09:29:13 -07:00
Tom Eastep
20c68dddf2 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2014-09-23 09:24:44 -07:00
Tom Eastep
35e60aa10c Fix actions manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-23 09:24:32 -07:00
Tom Eastep
1f5439257a Revert "Implement the 'terminating' action option"
This reverts commit 6851744cb7.
2014-09-23 07:39:25 -07:00
Tom Eastep
771e487b02 Merge branch '4.6.3' 2014-09-01 09:10:55 -07:00
Tom Eastep
0b66c475a7 Make <command> replacable in the run synopsis
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 09:10:03 -07:00
Tom Eastep
8727a6f1d8 Correct 'run' command synopsis in the shorewall[6] manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:52:09 -07:00
Tom Eastep
f9a62e1650 Correct builtin example in the actions manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:29:29 -07:00
Tom Eastep
6851744cb7 Implement the 'terminating' action option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:16:42 -07:00
Tom Eastep
4bacfced82 Another attempt to fix formatting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 11:59:51 -07:00
Tom Eastep
7c1bbd4dc7 Fix formatting in shorewall[6]-rules(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 11:29:44 -07:00
Tom Eastep
4347190f82 Clarify REJECT handling in IP[6]TABLE rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 09:10:10 -07:00
Tom Eastep
e49832f4b5 Run the 'init' script in the 'run' command.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-30 10:25:00 -07:00
Tom Eastep
31e5aeeaea Refine the 'run' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-29 10:30:07 -07:00
Tom Eastep
eb5026d3b7 Merge branch '4.6.2' 2014-07-28 14:47:23 -07:00
Tom Eastep
a799d74901 Correct typo and link in the shorewall-mangle manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-28 08:39:07 -07:00
Tom Eastep
a7b18ca875 Implement 'run' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-28 07:04:56 -07:00
Tom Eastep
848078873d Update tcfilters manpages to mention BASIC_FILTERS=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-22 07:19:10 -07:00
Tom Eastep
29e6bc9379 Merge branch '4.6.2' of ssh://server.shorewall.net/home/teastep/shorewall/code into 4.6.2 2014-07-18 15:15:33 -07:00
Tom Eastep
4b3196b959 Add refmiscinfo to the shorewall-tcrules manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-18 13:49:30 -07:00
Tom Eastep
a97e2fd3d9 Update manpages regarding 'status -i'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-12 19:37:05 -07:00
Tom Eastep
2ed523101c Allow specification of the MAC address of a gateway
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-06 09:54:53 -07:00
Tom Eastep
8bfff55ed2 Add a TIME column to the mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-04 08:01:14 -07:00
Tom Eastep
b1a6ec7f03 Merge branch '4.6.1' 2014-07-02 21:41:27 -07:00
Tom Eastep
7fdc398a5e Revert "Revert "Revert "Add a TIME column to the mangle file"""
This reverts commit 1165b2689c.
2014-06-27 08:23:04 -07:00
Tom Eastep
1165b2689c Revert "Revert "Add a TIME column to the mangle file""
This reverts commit 9c7fcd09fd.
2014-06-27 08:14:28 -07:00
Tom Eastep
9c7fcd09fd Revert "Add a TIME column to the mangle file"
This reverts commit 824b14b714.
2014-06-25 07:33:42 -07:00
Tom Eastep
80c09c4747 Merge branch '4.6.1' 2014-06-25 07:31:36 -07:00
Tom Eastep
824b14b714 Add a TIME column to the mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-25 07:05:12 -07:00
Tom Eastep
6ad9b95351 Implement 'show bl'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 13:27:25 -07:00
Tom Eastep
ac4bf15606 Implement 'status -i'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 11:07:37 -07:00
Tom Eastep
4e5d24fd9b Currect masq manpages
Describe the SOURCE column as optional

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-16 07:27:05 -07:00
Tom Eastep
24721e01b6 Document nat vs. subzone restriction.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-25 10:07:07 -07:00
Tom Eastep
89c5d5080b A couple more tweaks to the masq manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-22 11:14:46 -07:00
Tom Eastep
66b3d9aeb5 Correct the heading of the SOURCE masq column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-22 09:07:00 -07:00
Tom Eastep
eb70234c52 Correct some typos in the .conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-12 14:50:15 -07:00
Tom Eastep
20b10582b4 Moew deprecation of USE_DEFAULT_RT=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-10 08:24:12 -07:00
Tom Eastep
cea237620a Change USE_DEFAULT_RT default to 'Yes'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-09 07:42:22 -07:00
Tom Eastep
c9d7370fb4 Merge branch '4.5.21'
Conflicts:
	Shorewall/manpages/shorewall.conf.xml
	Shorewall6/manpages/shorewall6.conf.xml

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-05 09:00:34 -08:00
Tom Eastep
8b4d8bfa16 Finish ADMINISABSENDMINDED change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-05 08:57:03 -08:00
Tom Eastep
caa72fb7d2 Correct routestopped files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-02 10:39:12 -08:00
Tom Eastep
3e87efc82b Document -t option
- Also copy compiler directives to the mangle file.
2014-02-17 12:50:59 -08:00
Tom Eastep
69fe94ef08 Document the -t option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-16 09:25:58 -08:00
Tom Eastep
2dbcd36a9c Implement BASIC_FILTERS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 16:34:03 -08:00
Tom Eastep
7ddc65133e Support ipset lists in the tcfilters file.
- Also document the fact that ipset match options are not available in
  the tcfilters file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 12:16:35 -08:00
Tom Eastep
c08655e0bc Document ipset use in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-01 09:40:39 -08:00
Tom Eastep
44e0d48fc5 Add <refmiscinfo>...</refmiscinfo> to remaining manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-16 08:32:57 -08:00
Tom Eastep
5a649dc205 Add <refmiscinfo>...</refmiscinfo>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-16 07:44:23 -08:00
Tom Eastep
89fd5ced15 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2014-01-12 14:05:48 -08:00
Roberto C. Sanchez
b1a490b50a Cleanup links in manpages so that hrefs in generated HTML don't take the user to a different server 2014-01-12 16:40:03 -05:00
Tom Eastep
a35b7821bf Correct stoppedrules manpages re DROP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:30:09 -08:00
Tom Eastep
fd28a12653 Allow DROP in the stoppedrules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:19:49 -08:00
Tom Eastep
78ecf9bdc8 Finish up ipset extensions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-03 09:23:14 -08:00
Tom Eastep
1771bb75cf Finish ipset match option implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-02 14:43:55 -08:00
Tom Eastep
48ceed9ecb Make tcpflags the default.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 15:10:38 -08:00
Tom Eastep
623bdd2ff1 Manpage corrections.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:41:28 -08:00
Tom Eastep
b61ee2d75e Manpage updates for IP[6]TABLES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:18:54 -08:00
Tom Eastep
ac6a506e35 Allow logging from the RAW table
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-31 11:04:43 -08:00
Tom Eastep
4cc5ee6b73 Document IP[6]TABLES in the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 10:13:38 -08:00
Tom Eastep
8f6f0c94a4 Replace tcrules with mangle in the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 15:35:08 -08:00
Tom Eastep
a1222d10cb change 'marks' file to 'mangle'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 10:03:23 -08:00
Tom Eastep
584b0ac50e Some small tweaks to the marks file processing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-24 07:25:40 -08:00
Tom Eastep
1d84f27efe Add shorewall-marks manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-20 14:12:35 -08:00
Tom Eastep
4c840a05a0 Fix issue in the shorewall-tcrules and shorewall6-tcrules manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-19 16:24:50 -08:00
Tom Eastep
6323372ebd Fix issue in the shorewall-tcrules and shorewall6-tcrules manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-19 16:23:32 -08:00
Tom Eastep
4e4e7cac1d Redefine the -i option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-15 11:23:20 -08:00
Tom Eastep
cb74b2d706 Document the -i update option in the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 20:54:56 -08:00
Tom Eastep
33c5893bdb Implement INLINE_MATCHES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 13:35:01 -08:00
Tom Eastep
2bc329aa1d Add INLINE support to the masq file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-13 15:44:16 -08:00
Tom Eastep
f22dfcaa75 Merge branch '4.5.21' 2013-12-08 09:02:44 -08:00
Tom Eastep
d71c2688dc Clarify the need to quote/escaape settings with parentheses.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-08 09:02:25 -08:00
Tom Eastep
95abeaea24 Finish INLINE in the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-01 09:25:32 -08:00
Tom Eastep
d63262a0cb change ZONE2ZONE default to '-'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-24 08:16:28 -08:00
Tom Eastep
3870157898 Issue warning on bare SECTION headings.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-24 07:58:02 -08:00
Tom Eastep
3b5c1ad601 Remove anachronistic text from the tcinterfaces manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-10 08:19:16 -08:00
Tom Eastep
e14d92c5ac Add DROP support in tcrules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-04 10:50:11 -08:00
Tom Eastep
6eb2c0cb5f Add link to the logging page from the policy manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-24 08:01:18 -07:00
Tom Eastep
e570d91ab1 Document 'hostroute' and 'nohostroute'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-18 17:58:28 -07:00
Tom Eastep
159d677acb Update manpages to indicate that 'inline' is assumed for REJECT_ACTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-10 08:08:06 -07:00
Tom Eastep
ae63a0ab77 Correct description of how REJECT is handled:
- Add UDP

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-02 17:07:58 -07:00
Tom Eastep
dcff4fad37 Add sample action to shorewall.conf manpage.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-01 12:20:44 -07:00
Tom Eastep
67603c5eb3 Implement REJECT_ACTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-01 09:14:10 -07:00
Tom Eastep
32763e998b Make -v work with the status command
- Also document exit status

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-13 06:52:46 -07:00
Tom Eastep
a10aea280b Add some abbreviations for common commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-06 07:05:47 -07:00
Tom Eastep
83d1aa6682 Allow OPTIMIZE=All
- Remove use of literal 4096 from OPTIMIZATION checks.
- Moved constant declarations to the Config module.
- Documented that level 1 is ignored when level 4 is specified.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-29 10:08:35 -07:00
Tom Eastep
e0a222938a Merge branch '4.5.19' 2013-07-27 08:14:35 -07:00
Tom Eastep
bf15b859bc Clarify the relationship between ROUTE_FILTER and routefilter.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-27 08:09:23 -07:00
Tom Eastep
aabb22a50f Add the TRACK_RULES option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-24 07:22:51 -07:00
Tom Eastep
765b748283 Documentation updates
- Add meaningful IDs to some sections in Events.xml
- Correct typos in the accounting manpages

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-22 07:54:45 -07:00
Tom Eastep
d6d0cad2f9 Add 'show event[s]' to manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 10:37:27 -07:00
Tom Eastep
4bd35a0b93 Allow 'routeback=0'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-16 08:37:53 -07:00
Tom Eastep
53f1cd40df Add 'unmanaged' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-10 12:36:18 -07:00
Tom Eastep
a48a4b7a2e Don't allow fowarding between local zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-28 06:14:44 -07:00
Tom Eastep
2de0fbf7d0 Change 'local' to 'loopback' and add 'local' zones that match non-loopback interfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-26 14:06:51 -07:00
Tom Eastep
fd11eb7d82 Omit fw->fw jumps when there is a local zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-22 09:19:34 -07:00
Tom Eastep
ac02c484f5 Change 'local' interface option to a zone type.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-19 15:35:20 -07:00
Tom Eastep
b38f1416aa Mention "all+' in the "Important" notes at the top
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-13 13:41:12 -07:00
Tom Eastep
c8133145e6 Add support for "all+" in the policy file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-13 09:01:12 -07:00
Tom Eastep
e3d9b2762d Add 'destonly' and 'local' to the interface manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-12 12:48:58 -07:00
Tom Eastep
7215b61aa4 Document changes introduced by Mr-4.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-07 10:16:38 -07:00
Tom Eastep
577db69719 Support conditional compilation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-07 09:36:02 -07:00
Roberto C. Sanchez
a0228e9d3b Fix typos in manpages 2013-05-03 12:19:45 -04:00
Tom Eastep
8bb03a741d Update blrules manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-24 08:17:10 -07:00
Tom Eastep
f543c3bd1e Finish Mr-4's NFACCT patch
- Correct indentation
- Remove '$type' argument to split_nfacct_list
- Update manpages.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-23 06:55:30 -07:00
Tom Eastep
5ad69aa650 Add CHAIN_SCRIPTS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-21 07:30:31 -07:00
Tom Eastep
a56dcc745d Clarify <chain>:COUNT in the accounting files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-20 17:11:46 -07:00
Tom Eastep
1b9fd642bb Add INLINE to the accounting file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-20 08:02:02 -07:00
Tom Eastep
1fd62e1612 Restore order in the NFACCT target.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 11:11:37 -07:00
Tom Eastep
6c2679ce75 Allow incrementing an nfacct object when an ipset matches.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 10:44:57 -07:00
Tom Eastep
91c4dd2e56 Document multiple nfacct objects in one rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 06:38:02 -07:00
Tom Eastep
8ef11a376b Document 'HELPERS=none'.
- Also make 'check -u' work correctly regarding HELPERS=

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-18 11:30:47 -07:00
Tom Eastep
ef01748dc9 Update manpages for INLINE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-17 07:34:00 -07:00
Tom Eastep
b5ea4067e4 Implement USE_RT_NAMES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-24 10:56:38 -07:00
Tom Eastep
1e866eac28 Implement the other forms of NULL routing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-16 08:20:52 -07:00
Tom Eastep
6e9fc77f73 Remove nonsensical comment from the stoppedrules manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-09 08:15:13 -08:00
Tom Eastep
fe6533943c Correct 'routes' manpages.
- change 4.5.15 with 4.5.14 for the availability of blackhole routes
- Add 'main' to the legal providers.
2013-03-08 08:26:08 -08:00
Tom Eastep
06e7f297f7 Allow addition of blackhole routes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 11:48:09 -08:00
Tom Eastep
6ffedae4fb Document '=' in the SOURCE PORT(S) column of shorewall-tcrules(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-05 08:39:14 -08:00
Tom Eastep
631c1ac843 Mention the multiport match requirement for '='
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-04 12:53:00 -08:00
Tom Eastep
49918b654e Support '=' in SOURCE PORT(S) columns
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-04 09:56:10 -08:00
Tom Eastep
524d6242b0 More SNAT/DNAT manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-19 12:42:09 -08:00
Tom Eastep
010c44d07a Correct description of the 'sourceroute' interface option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-18 11:33:19 -08:00
Tom Eastep
f44becdee1 Rename BLACKLIST_LOGLEVEL to BLACKLIST_LOG_LEVEL for consistent naming.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-12 07:47:02 -08:00
Tom Eastep
61c219ed3a Clarify the CHAIN column in the accounting manpage. Also mention ipset support.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-03 08:00:24 -08:00
Tom Eastep
f407068d20 Update shorewall[6]-actions(5) regarding inline for some standard actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 08:27:30 -08:00
Tom Eastep
fc73c3934b Replace BLACKLISTNEWONLY with BLACKLIST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-30 08:00:47 -08:00
Tom Eastep
519861d7b2 Add CONTINUE as a possible setting for RELATED_DISPOSITION.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:58:03 -08:00
Tom Eastep
c958329d14 More manpage updates for RELATED and UNTRACKED rules sections.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 19:24:01 -08:00
Tom Eastep
575673a8f5 Correct broken links in the .conf manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 15:42:20 -08:00
Tom Eastep
6403f4959d Implement UNTRACKED SECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 15:42:01 -08:00
Tom Eastep
c2bc74cdfe Add INVALID section to the rules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 08:33:59 -08:00
Tom Eastep
17eae4adee Update the description of BLACKLISTNEWONLY to match the implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-22 09:11:15 -08:00
Tom Eastep
ea0325a1f5 Clarify IPv6 again.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-17 11:29:36 -08:00
Tom Eastep
066c159b4d Provide instructions for changing DISABLE_IPV6 from Yes to No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-17 10:21:08 -08:00
Tom Eastep
89a09f0256 Implement DEFER_DNS_RESOLUTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-13 17:00:14 -08:00
Tom Eastep
f41b2fbffc Clarify the LENGTH column of the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-09 16:22:38 -08:00
Tom Eastep
5883bc3f50 Correct typo (DNAC -> DNATC) in shorewall-arptables(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 18:33:27 -08:00
Tom Eastep
414a74d23c Support protocol lists in most files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 16:06:54 -08:00
Tom Eastep
d4c9885c09 Change interpretation of the log tag when LOGTAGONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-06 13:10:18 -08:00
Tom Eastep
38657d9f98 Support for arptables.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-04 09:17:57 -08:00
Tom Eastep
115081dda5 Tweak fq_codel documentation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 11:20:16 -08:00
Tom Eastep
6d9cca1cff fq_codel
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 10:58:11 -08:00
Tom Eastep
643f419264 Merge branch '4.5.11'
Conflicts:
	Shorewall/Perl/Shorewall/Rules.pm

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-28 09:02:33 -08:00
Tom Eastep
ebe4267c49 Rename IGNOREOLDCAPVERSIONS to WARNOLDCAPVERSION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:58:45 -08:00
Tom Eastep
f96bc7cc2d Cosmetic cleanup of the .conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:01:37 -08:00
Tom Eastep
8bb6f81dc5 Rename IGNOREOLDCAPS to IGNOREOLDCAPVERSIONS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 08:54:22 -08:00
Tom Eastep
ef0102e9f1 Add the 'IGNOREOLDCAPS' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 15:48:08 -08:00
Tom Eastep
62406e261d Correct typo in shorewall-masq(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 07:43:06 -08:00
Tom Eastep
4d2379f542 Implement update -D
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-23 10:50:31 -08:00
Tom Eastep
c9eccaf3b8 Implement ?COMMENT directive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-23 10:49:32 -08:00
Tom Eastep
96b61ea05c Update documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-21 16:13:23 -08:00
Tom Eastep
8a0abab4cc Rename 'ALLOWUNKNOWNVARIABLES' to 'IGNOREUNKNOWNVARIABLES'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-12 11:51:31 -08:00
Tom Eastep
56d7b6248b Begin Action Documentaiton Update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-05 19:07:42 -08:00
Tom Eastep
8f1e8bf475 Add 'ALLOWUNKNOWNVARIABLES' to the manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 08:50:23 -08:00
Tom Eastep
cd5e9be467 Carefully suppress duplicate rules in all tables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-02 12:20:24 -08:00
Tom Eastep
f358a78eca Revise the description of 'noinline' to match the changed implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 09:33:38 -08:00
Tom Eastep
8cbe26e32c Ignore 'inline' for certain actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 07:54:42 -08:00
Tom Eastep
15121e0743 Also substitute the chain name for '@0' in SWITCH names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-29 08:05:49 -08:00
Tom Eastep
9c0d8a2533 Use '@{0}' as the chain name surrogate in SWITCH columns
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-29 07:17:13 -08:00
Tom Eastep
bff91cd325 Allow overriding 'inline' on some standard actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-28 15:03:08 -08:00
Tom Eastep
8006d150f1 Allow switch initialization.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-27 16:17:43 -08:00
Tom Eastep
d7096ae52e Back out default-action macros and document in-line actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-27 10:53:18 -08:00
Tom Eastep
7673b1ac4b Support multiple parameters in macros.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 11:04:19 -08:00
Tom Eastep
fc87576005 Back out silly change for output interfaces in the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 09:47:42 -08:00
Tom Eastep
21c2963691 Correct Format-3 syntax for the SOURCE column of the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-26 07:48:43 -08:00
Tom Eastep
e7dee420ee Allow interfaces in the DEST column of the conntrack file when the chain is OUTPUT.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 18:37:23 -08:00
Tom Eastep
642f192b3d Disallow destination interface in the OUTPUT chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 15:37:53 -08:00
Tom Eastep
fb3194d96b Correct handling of default-action macro when specified as "macro.Name"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 10:16:43 -08:00
Tom Eastep
629717f7cc Correct policy manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 09:33:46 -08:00
Tom Eastep
8c2db40783 Correct errors in the conntrack manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 08:52:51 -08:00
Tom Eastep
dbfc805707 Add 'IU' state in secmarks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-25 08:10:53 -08:00
Tom Eastep
748d532175 Correct the explaination of ULOG and NFLOG in the manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-24 09:11:28 -08:00
Tom Eastep
30de211bda Implement format-3 conntrack files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 20:56:56 -08:00
Tom Eastep
8a744de906 Document semantic change to 'all' handling in the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 09:10:07 -08:00
Tom Eastep
df7ce1a7d1 Add the AUDIT built-in and delete the Audit action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-22 08:24:33 -08:00
Tom Eastep
3040156981 Add SWITCH column to the conntrack file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 14:20:56 -08:00
Tom Eastep
952aed225d Improve handling of 'all' in the conntrack file.
- Also added 'all-' to represent all off-firewall zones.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 13:07:01 -08:00
Tom Eastep
7bfbf522bc Document that parameters are allowed in default actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 11:12:55 -08:00
Tom Eastep
3b20c0db54 Allow Macros to be used as Default Actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-19 16:52:10 -08:00
Tom Eastep
60a509c926 Add new macros and alphabetize the ACTION list in the rules manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-19 08:19:12 -08:00
Tom Eastep
9dac330756 Remove references to USE_ACTIONS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 13:13:20 -08:00
Tom Eastep
c6ffdd67e2 Add DROP target to the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 11:35:40 -08:00
Tom Eastep
5265cd5bb7 Add UNTRACKED match to the secmarks file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 11:01:49 -08:00
Tom Eastep
ab381ed95e Expand the description of enable/disable on optional non-provider interfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 09:01:38 -08:00
Tom Eastep
0277d6628e Correct typo in shorewall(8) and shorewall6(8).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 08:30:47 -08:00
Tom Eastep
a2b14c37ed Treat optional interfaces as pseudo-providers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-16 09:48:21 -08:00
Tom Eastep
4b6fdf8b72 Update masq manpage to expunge exclusion with an interface name in the SOURCE column.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-04 09:11:37 -08:00
Tom Eastep
86ae74005a Correct invalid information in shorewall[6]-tcclasses.
- Delete part about an interface only appearing once.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-29 12:46:58 -07:00
Tom Eastep
e908473d29 Clean up description of CHECKSUM in the manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-26 11:22:54 -07:00
Tom Eastep
e177916c12 Implement statistical marking in the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-26 07:10:26 -07:00
Tom Eastep
0387b16983 Implement CHECKSUM action in the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-22 15:42:13 -07:00
Tom Eastep
f24e194819 Don't display chains with no matched entries when -b
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-22 14:15:37 -07:00
Tom Eastep
5a103e8ec5 Make options consistent (add a '-' before 't')
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-20 07:15:44 -07:00
Paul Gear
cf68379c4c Document brief option for show command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-20 07:11:56 -07:00
Paul Gear
6c06302d2a Make formatting of interface options consistent
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-20 07:11:48 -07:00
Tom Eastep
cc90a06958 Add RESTORE_ROUTEMARKS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-11 07:34:57 -07:00
Tom Eastep
1195661264 Document new Dynamic Zone implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 12:20:36 -07:00
Tom Eastep
83d3d04afb Correct typos (omma -> comma) in the stoppedrules manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 06:51:56 -07:00
Tom Eastep
32f89fa24b Don't unconditionally detect helpers when LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-22 09:27:13 -07:00
Tom Eastep
af5eb575c2 Add tcfilter example with PRIORITY
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-21 07:40:33 -07:00
Tom Eastep
e14f5e5199 Swicth from postincrement to preincrement when bumping 'filterpri'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-17 10:46:31 -07:00
Tom Eastep
0400cedc6c More TC manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-14 08:01:08 -07:00
Tom Eastep
a581958042 Document filter priority algorithm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 16:31:39 -07:00
Tom Eastep
14073e8943 Change TOS priority offset from 10 to 15
- Make it distinct from tcp-ack

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 08:25:05 -07:00
Tom Eastep
e02906e4f9 Add TOS to classification priority enumeration
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 07:46:52 -07:00
Tom Eastep
75953a87cb Optional priority on hfsc classes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 13:39:54 -07:00
Tom Eastep
e431d5ab53 Document changes to filter priorities
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 17:12:59 -07:00
Tom Eastep
f6e3107c00 Redefine tc filter priorities
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 10:03:16 -07:00
Tom Eastep
9d6e0fd9ed Add a PRIORITY column to the tcfilters file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 14:48:32 -07:00
Tom Eastep
5c62bf297a Document multiple GID/UIDs in the USER/GROUP column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 08:18:25 -07:00
Tom Eastep
afd9875d3a Update Manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 10:52:22 -07:00
Tom Eastep
01696e7298 Remove empty paragraph in shorewall-rules(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 05:52:40 -07:00
Tom Eastep
34ee00a986 Document the <directory> argument to the 'try' command.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 10:53:35 -07:00
Tom Eastep
d838cf41bf Allow TTL and HL in the PREROUTING chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-28 11:45:32 -07:00
Tom Eastep
64edd30a76 Correct link in shorewall[6].conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-21 07:54:51 -07:00
Tom Eastep
fdc45a990d Arrange for HELPER to match in the RELATED section.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-13 15:44:19 -07:00
Tom Eastep
44a550870c Add HELPER action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-13 13:23:38 -07:00
Tom Eastep
f1fbb95d48 Update documentation for content merged from the 4.5.8 (master) path
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-13 08:16:36 -07:00
Tom Eastep
50bd1d6398 Add AUTOHELPER option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-12 07:25:11 -07:00
Tom Eastep
e00616a1fe Don't release blacklist files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-07 07:56:16 -07:00
Tom Eastep
b4c812b676 Correct helper parsing in the Raw module.
- Require (...) around multiple ctevents
- Detect invalid options

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-05 08:09:17 -07:00
Tom Eastep
093985dd93 Use HELPERS to enable/disable helper association.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-03 19:26:02 -07:00
Tom Eastep
72307df6d2 Replace the AUTOHELPERS option with the HELPERS option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-03 10:53:20 -07:00
Tom Eastep
7689b1e84b Remove the 'zone' helper option for now.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-03 06:39:58 -07:00
Tom Eastep
21770a89d6 Detect which matches are available.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 15:38:23 -07:00
Tom Eastep
07e56d129a Add AUTOHELPERS option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:09:18 -07:00
Tom Eastep
62d6d2558e Rename AUTO_COMMENT to AUTOCOMMENT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:06:41 -07:00
Tom Eastep
833e54c9c3 Rename the notrack file to conntrack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-02 11:02:17 -07:00
Tom Eastep
ac6e67e371 Correct typo in rules manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-30 07:23:40 -07:00
Tom Eastep
735b7c2cf5 Add support for nfacct
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-28 11:21:16 -07:00
Tom Eastep
c0e4d4093c Clarify TOS value
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-16 15:53:22 -07:00
Tom Eastep
1db79a91eb 'rpfilter' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-07-15 10:05:32 -07:00
Tom Eastep
5c176c64b7 Add an ORIGINAL DEST column to /etc/shorewall/masq
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-29 15:32:01 -07:00
Tom Eastep
17d22fb5b8 Prevent multiple 'tproxy' providers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-23 17:26:18 -07:00