Tom Eastep
46f1074422
Reduce the cost of optimization substantially.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-29 11:54:39 -07:00
Tom Eastep
8017f603a0
Add progress message for each optimization pass.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 12:20:35 -07:00
Tom Eastep
6171d938f7
Correction to last change -- move two declarations to an outer block.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 12:20:06 -07:00
Tom Eastep
48c3200a5a
Issue error message when required file is missing or has zero size.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 11:22:47 -07:00
Tom Eastep
68f537ac5b
Bypass processing logic when an optional config file is absent.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 10:48:44 -07:00
Tom Eastep
47fbc83419
Don't add trailing whitespace to DNAT/REDIRECT target
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 09:27:42 -07:00
Tom Eastep
468c918121
Correct grammar in FAQ 92
2010-09-28 08:05:18 -07:00
Tom Eastep
a7be406fb9
Add FAQ 92
2010-09-28 08:04:02 -07:00
Tom Eastep
91aabfc078
Revise fix for extraneous progress messages
2010-09-27 16:18:11 -07:00
Tom Eastep
0109b8113a
Prevent random progress messages during compilation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 15:56:22 -07:00
Tom Eastep
75d50d126c
Make zones with 'mss' complex.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 13:57:56 -07:00
Tom Eastep
489364a1a0
Correct zone manpages re: blacklist vs zone type
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 13:57:03 -07:00
Tom Eastep
f7eb3c3d8c
Periodic elimination of trailing white space
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 11:16:18 -07:00
Tom Eastep
f33912d5f7
Correct/update release notes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 09:11:17 -07:00
Tom Eastep
ac646930a3
Tighter validation of ipset names in the hosts file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-26 08:36:27 -07:00
Tom Eastep
066c772fcd
Correct minor issue with previous error message improvement change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-26 08:28:25 -07:00
Tom Eastep
0becb39202
Bump version to Beta 3
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-26 08:15:32 -07:00
Tom Eastep
2828b65326
Improve error message generated when a token beginning with '+' reaches validate_net()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-26 07:56:55 -07:00
Tom Eastep
74f1cb2443
Mention maclist file in shorewall-ipsets(5)
2010-09-25 16:07:56 -07:00
Tom Eastep
f07ec1e9d3
Clean up untidiness where Shorewall6 tries to start on a system with an old kernel
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-25 08:46:14 -07:00
Tom Eastep
a79a8d4acc
Document that ipset multi-match may not be used in the hosts file
2010-09-24 15:44:44 -07:00
Tom Eastep
e018ee6adc
Don't create <zone>_frwd when unnecessary
...
- Set the zone {complex} flag based on ipsec options rather than the presense of any options.
- Generate forwarding blacklist rules in lieu of creating<zone>_frwd
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-24 15:25:57 -07:00
Tom Eastep
b5fdb089bc
Fix syntax error in blacklist fix
2010-09-24 13:42:05 -07:00
Tom Eastep
0768235278
Correct blacklisting in simple configurations
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-24 13:41:54 -07:00
Tom Eastep
03161ed57d
Bump version to 4.4.14 Beta 2
2010-09-23 19:33:37 -07:00
Tom Eastep
0f4d8eb929
Use 'conntrack' for 'show connections'
2010-09-23 19:08:40 -07:00
Tom Eastep
611c33e052
Add rule order warning to secmark manpages
2010-09-23 11:31:56 -07:00
Tom Eastep
6702fbbd40
Make timestamps in log uniform
2010-09-23 07:40:27 -07:00
Tom Eastep
2c7b1b5d7b
Add more comments
2010-09-22 15:26:01 -07:00
Tom Eastep
9d5642aedd
Update Version to 4.4.14-Beta1
2010-09-21 11:34:26 -07:00
Tom Eastep
26ec7cee1d
Update ipset doc with multiple match syntax
2010-09-21 06:59:55 -07:00
Tom Eastep
dbd7914ee6
More fiddling with move_rules()
...
- Assert that the chain being moved has no blacklist jumps
- delete duplicate rules in case the destination chain has such a jump
2010-09-20 18:00:39 -07:00
Tom Eastep
c21a4d786d
add ipset manpage to the index
2010-09-20 16:00:19 -07:00
Tom Eastep
6069d8d509
Add shorewall-ipsets(5) to See Also
2010-09-20 15:37:42 -07:00
Tom Eastep
b44a35edbd
Add shorewall-ipsets manpage
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-20 15:34:04 -07:00
Tom Eastep
271154ed60
Rename DESTIFAC_DISALLOW -> DESTIFACE_DISALLOW
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-20 09:45:48 -07:00
Tom Eastep
bde0a297f9
Misc cleanup for 4.4.13
...
1. Replace statement with equivalent function call in promote_blacklist_rules()
2. Bump version of Tunnels.pm
3. Fix typo in comment in Zones.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-20 09:45:38 -07:00
Tom Eastep
7baa1839cf
Tighen up parsing of bracketed lists -- Take 2
2010-09-20 07:24:22 -07:00
Tom Eastep
f64993fe40
Tighen up parsing of bracketed lists
2010-09-20 07:05:23 -07:00
Tom Eastep
0ed33a0552
Document fix for '*' in interface names
2010-09-19 15:55:09 -07:00
Tom Eastep
9335ef5745
Don't allow '*' in interface names
2010-09-19 15:10:21 -07:00
Tom Eastep
25ca73ca54
Support alternative syntax for ipet lists
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-19 13:22:12 -07:00
Tom Eastep
0c6882c3a8
Merge branch '4.4.13'
2010-09-19 12:55:08 -07:00
Tom Eastep
c7fc4ce1f5
Correct order of release note entries
2010-09-19 12:54:54 -07:00
Tom Eastep
9111540a7f
Support ipset lists
2010-09-19 12:36:20 -07:00
Tom Eastep
35a686eaa1
Add delete_reference() function.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-19 08:28:29 -07:00
Tom Eastep
9ba82bec1f
Add warning about redundant 'blacklist' option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-19 08:28:05 -07:00
Tom Eastep
e06ca34298
Add redundancy warning re 'blacklst'
2010-09-19 08:03:01 -07:00
Tom Eastep
b3d6ae78ba
Add redundancy warning re 'blacklst'
2010-09-19 07:57:36 -07:00
Tom Eastep
940ccf2c34
Document for tcfilter port ranges
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 15:11:41 -07:00