extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-11-15 04:04:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
12,566 Commits 104 Branches 736 Tags 55 MiB
f6a55bbf05
Commit Graph

2854 Commits

Author SHA1 Message Date
Tom Eastep
f6a55bbf05 Allow the '-V' option in the CLI programs. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-16 14:29:36 -07:00
Tom Eastep
739f3779f5 Generate warnings for local->non-firewall and non-firewall->local rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-16 07:51:12 -07:00
Tom Eastep
2e293dd356 Make 'local,destonly' work correctly. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-14 14:36:51 -07:00
Tom Eastep
a5412cff38 Issue a warning when a rule will be optimized away due to 'destonly'. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-14 09:30:59 -07:00
Tom Eastep
46a6a7b258 Correct earlier optimization. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-14 07:27:57 -07:00
Tom Eastep
105d1db85d Cosmetic change 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-13 11:24:09 -07:00
Tom Eastep
200d347ac8 Small Efficiency Change 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-13 10:52:04 -07:00
Tom Eastep
c8133145e6 Add support for "all+" in the policy file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-13 09:01:12 -07:00
Tom Eastep
9178ecbab0 Suppress superfluous ACCEPT rule when 'lo' is attached to a 'local' zone. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-12 10:38:44 -07:00
Tom Eastep
d06a7b55b6 Add a 'destonly' option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-12 10:37:40 -07:00
Tom Eastep
2fb01bec8d Don't assume 'destonly' with 'local'. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-12 09:58:37 -07:00
Tom Eastep
6551d67b2e Call delete_chain_and_references recursively. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-12 09:29:29 -07:00
Tom Eastep
4b76d8c462 Handle optimize level 0 in the IPV6 nat table. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-12 09:28:25 -07:00
Tom Eastep
1bb5b89ee1 Add the 'local' interface option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-12 09:27:12 -07:00
Tom Eastep
c3901f1161 Release mutex on error. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-09 09:57:09 -07:00
Tom Eastep
56318e6cc8 Try to ensure that cp doesn't copy the firewall script to itself. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-06 09:22:16 -07:00
Tom Eastep
13c90e2aef Correct my update to Mr-4's bup patch. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-04 18:40:14 -07:00
Tom Eastep
fdfdb49951 Apply Mr-4's priority->perf patch 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-04 14:05:03 -07:00
Tom Eastep
61cb105c02 Apply Mr-4's noautosrc patch (modified) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-04 14:00:25 -07:00
Tom Eastep
4621dccd53 Apply Mr-4's special route handling in COPY (modified). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-04 13:27:34 -07:00
Tom Eastep
b83ca4812b Include trailing space in a regular expression. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-03 08:36:38 -07:00
Tom Eastep
80efd095a8 Correct handling of INLINE without '-j' in the tcrules file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-01 14:52:48 -07:00
Tom Eastep
d6961c4c3b Clean up the temporary chains sooner. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-01 14:48:27 -07:00
Tom Eastep
54f5aaca63 Fix handling of CT_TARGET 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-05-01 11:15:36 -07:00
Tom Eastep
1012251957 Apply Mr-4's 4a patch (modified) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-27 07:04:40 -07:00
Tom Eastep
20d38e8b52 Centralize the validation of nfacct object names. 
- Also correct a missing ' ' from the output generated by INLINE
  freeform input.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-26 09:09:08 -07:00
Tom Eastep
52f5ae15d1 Apply Mr-4's cosmetic patch 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-25 17:29:41 -07:00
Tom Eastep
7e830e5df4 Allow special characters in nfacct names. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-25 10:07:49 -07:00
Tom Eastep
f543c3bd1e Finish Mr-4's NFACCT patch 
- Correct indentation
- Remove '$type' argument to split_nfacct_list
- Update manpages.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-23 06:55:30 -07:00
Dash Four
68c7782e7d Shorewall 4.5.16 Beta 6 
Tom Eastep wrote:
> On 4/22/13 5:07 PM, "Dash Four" <mr.dash.four@googlemail.com> wrote:
>
>
>> Anyway, I've just implemented individual "!" in the NFACCT statement by
>> hacking your Accounting.pm - I can attach a small patch for
>> review/inclusion if you are interested, but be aware that it does change
>> the syntax slightly in a sense that "!" needs to be specified for each
>> object within NFACCT() - "NFACCT(...)!" is no longer allowed.
>>
>
> Sure -- send it along.
>
Attached - the above caveat applies though.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-22 21:17:59 -07:00
Tom Eastep
4faf3728f2 Implement INLINE in the tcrules file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-22 19:00:29 -07:00
Tom Eastep
ad70240347 Remove a blank line 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-22 09:36:25 -07:00
Tom Eastep
739013f248 Handle nfacct object lists in parens following an ipset name. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-22 07:56:56 -07:00
Tom Eastep
6d57e7a0ce Mark a rule as complex if an option value is a reference. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-21 14:44:30 -07:00
Tom Eastep
5ad69aa650 Add CHAIN_SCRIPTS option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-21 07:30:31 -07:00
Tom Eastep
1b9fd642bb Add INLINE to the accounting file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-20 08:02:02 -07:00
Tom Eastep
7c8f1ae020 Correct HELPERS handling 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-19 16:35:19 -07:00
Tom Eastep
1fd62e1612 Restore order in the NFACCT target. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-19 11:11:37 -07:00
Tom Eastep
6c2679ce75 Allow incrementing an nfacct object when an ipset matches. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-19 10:44:57 -07:00
Tom Eastep
610bdf1aac Correct merge_rules() for LAST matches. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-19 08:40:01 -07:00
Tom Eastep
cbdca08fea Fix for multiple nfacct patch. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-18 16:37:54 -07:00
Tom Eastep
b87b4b61d8 Allow multiple nfacct matches in one accounting rule. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-18 16:14:57 -07:00
Tom Eastep
9c010691a3 Always place 'nfacct' last 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-18 15:26:34 -07:00
Tom Eastep
8ef11a376b Document 'HELPERS=none'. 
- Also make 'check -u' work correctly regarding HELPERS=

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-18 11:30:47 -07:00
Tom Eastep
4d686e873b Implement 'HELPERS=none' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-18 10:30:56 -07:00
Tom Eastep
f55e34dd8b Don't allow options on targets that don't accept them. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-17 17:18:01 -07:00
Tom Eastep
668bd4a1a4 Accept complex log levels with INLINE 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-17 16:59:14 -07:00
Tom Eastep
5d5f168f25 Don't clone rule unconditionally in format_rule() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-17 13:35:32 -07:00
Tom Eastep
938bd72844 Better handling of the matches rule member. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-17 10:39:32 -07:00
Tom Eastep
8b91575c9e Maintain order when multiple instances of a match are separated. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-04-17 06:52:32 -07:00