Tom Eastep
db96f6ead2
Reject long CC lists.
...
- include offending CC in 'Invalid or Unknown' error
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 12:44:24 -07:00
Tom Eastep
f0a3e1652a
Bracket non-trivial cc lists with [...]
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 09:39:49 -07:00
Tom Eastep
56b8a9b9fa
Some code cleanup:
...
- Store config value in a local rather than repeatedly referencing the
%config hash.
- Centralize generation of the valid table array
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 09:02:44 -07:00
Tom Eastep
231c5dbca0
Eliminate need to call optimize_policy_chains() when OPTIMIZE 4 is selected
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 08:15:20 -07:00
Tom Eastep
1a9789a3da
Optimization tracing
...
- Correct tracing in optimize_chain()
- Add tracing to new level 4 optimization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 07:54:50 -07:00
Tom Eastep
f15e6d3995
Additional optimization in level 4.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-18 16:50:08 -07:00
Tom Eastep
3f42350a7b
Don't overwrite empty mark geometry settings.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-18 11:37:49 -07:00
Tom Eastep
e8648c993d
Use blackhole routes rather than unreachable.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-18 10:50:13 -07:00
Tom Eastep
55c88e8e81
Replace curly brace enclosure with a preceding caret to avoid ambiguity.
...
- {...} is used to enclose a set of column/value pairs and it is certain
that the two will become confused.
2012-05-17 15:26:16 -07:00
Tom Eastep
f5f80d2ccc
Re-arrange enforcement of restrictions on geoip.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-17 13:59:56 -07:00
Tom Eastep
d220d3d9d5
Abandon action.GeoIP in favor of extended syntax in the SOURCE and DEST columns.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-17 10:44:02 -07:00
Tom Eastep
6148c909f2
fix multiple ipsets in an imatch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-16 19:52:41 -07:00
Tom Eastep
2eb25f3f6a
Correct the grammar in an error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-16 07:52:42 -07:00
Tom Eastep
43d882db2b
Cosmetic cleanup
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-15 16:44:35 -07:00
Tom Eastep
78af118b9a
Quote original list when a translated list is ill-formed.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-15 16:39:46 -07:00
Tom Eastep
85f58d6906
Avoid funny-looking ERROR: messages out of Embedded Perl.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-15 16:38:56 -07:00
Tom Eastep
ac2ed505bb
Add GeoIP support
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-14 17:12:46 -07:00
Tom Eastep
926e589414
Exit the tcpost chain if a connection mark is restored
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-14 10:35:42 -07:00
Tom Eastep
cd150af790
Update .status file on disable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-12 07:44:46 -07:00
Tom Eastep
cd98266396
Correct add of default IPv6 route when no gateway specified
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-12 07:15:24 -07:00
Tom Eastep
3d541f50c8
Use "(S)" consistently in column headings.
...
- add synonyms so both the singular and plural forms are accepted.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 12:42:04 -07:00
Tom Eastep
f77b350a7b
Clear the 'balance' table if no balanced providers.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 11:28:06 -07:00
Tom Eastep
bed4457e0e
Delete jump to 'tproxy'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 09:00:09 -07:00
Tom Eastep
2d5269be7b
Fix another conditional compilation bug.
...
?IF $false
?IF $false
...
?ENDIF
foo <------- This line is not omitted!
?ENDIF
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 07:44:46 -07:00
Tom Eastep
a05b3afd7f
Eliminate the 'tproxy' chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 07:42:44 -07:00
Tom Eastep
9e743451f6
Add FORMAT 2 to tcrules files. Initialize $format in Tc.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 07:08:06 -07:00
Tom Eastep
cb7fc31f0b
Restore 4.5.3 compatibility
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-10 14:23:33 -07:00
Tom Eastep
69d735ea0a
Make TPROXY actually work!
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-10 11:19:23 -07:00
Tom Eastep
4d4fc315e0
More TPROXY changes
...
- Combine identical DIVERT chains.
- Add --transparent to -m socket
- Reserve a TPROXY bit in the fwmark
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-10 07:25:07 -07:00
Tom Eastep
820c965b72
Allow Shorewall::Config::in_hex() to accept an argument already expressed in hex.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-09 13:51:49 -07:00
Tom Eastep
605ef6ef86
Tweak to DIVERT plus correct TPROXY in man pages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-09 13:10:51 -07:00
Tom Eastep
2eb7af23dc
Merge branch 'master' into 4.5.3
2012-05-09 10:03:43 -07:00
Tom Eastep
582d025f58
Add DIVERT action to tcrules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-09 09:41:58 -07:00
Tom Eastep
b55d8c04e4
Do logical->physical mapping in rtrules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-08 14:52:18 -07:00
Tom Eastep
3b6f5b2d8a
Finish alternative balancing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-08 13:55:13 -07:00
Tom Eastep
6639b3534e
Close all input files in Shorewall::Config::cleanup()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-08 08:58:14 -07:00
Tom Eastep
59bf343521
Leave first filename and linenumber on the same line as error text.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-08 08:55:24 -07:00
Tom Eastep
1d6e6b65db
Finish a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 17:06:35 -07:00
Tom Eastep
2224fdbc65
Correct help text in compiler.pl
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 16:55:51 -07:00
Tom Eastep
fd1d6cf935
Handle default shorewallrc location
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 16:55:17 -07:00
Tom Eastep
5d7442e9e9
Correct typo in converted blrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 12:13:26 -07:00
Tom Eastep
ef90006334
Avoid reference to unitialized variable on bogus FORMAT in interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 12:00:21 -07:00
Tom Eastep
2cbf1e86ad
Allow synonyms for column names in alternate specification formats
...
- gateway and gateways in the tunnels file
- mark and action in the tcrules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 11:59:47 -07:00
Tom Eastep
dd8e9ff09d
Fix 'COMMENT' along in the tunnels file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 11:58:37 -07:00
Tom Eastep
4320150dc4
Add alternate specification in tunnels file ('gateways')
...
- Make similar change in tcrules file with 'action'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 07:43:11 -07:00
Tom Eastep
003daec41c
Remove a couple of hard-coded '/usr/share' in Shorewall::Config
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-06 17:30:17 -07:00
Tom Eastep
aac00c3cc7
Pop open stack in run_user_exit1 and run_user_exit2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-05 10:31:55 -07:00
Tom Eastep
af228806fc
Allow manual changes to be used in macros.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-05 08:56:26 -07:00
Tom Eastep
1d90ee174c
Cleanup of ERROR/WARNING message enhancement.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-04 07:01:08 -07:00
Tom Eastep
3e37f47fb5
Print out the include/open stack in WARNING and ERROR messages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-03 17:17:55 -07:00
Tom Eastep
894931731b
Merge branch 'master' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall
2012-05-02 07:04:30 -07:00
Tom Eastep
731b310359
Use --hashlimit-upto when available.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-30 13:45:09 -07:00
Tom Eastep
35c08c109e
Fix IPv4 'reset'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-30 07:54:40 -07:00
Tom Eastep
766771d812
Remove absurd test
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-30 07:48:07 -07:00
Tom Eastep
b9e6349994
Add some comments
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-29 09:07:34 -07:00
Tom Eastep
c9b4d3d8c8
Add/improve comments.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-25 09:44:08 -07:00
Tom Eastep
d904a2de86
Search and destroy trailing whitespace
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-24 14:52:57 -07:00
Tom Eastep
f860cd037d
Change a comment in generate_matrix() to acknowledge 'KLUDGEFREE'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-24 13:34:56 -07:00
Tom Eastep
3bdf703522
Allow TC experts to SAVE/RESTORE all parts of the packet mark
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-24 09:19:38 -07:00
Tom Eastep
34f5838365
Allow multiple GATEWAYS to be listed in the tunnels file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-18 09:28:37 -07:00
Tom Eastep
2b7e5dd9d8
Suppress duplicate option when not KLUDGEFREE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-17 07:35:37 -07:00
Tom Eastep
44c8ef2ede
Correct ill-advised change to push_matches()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-17 07:30:17 -07:00
Tom Eastep
aaab505006
Improve the debuggability of failed assertions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-14 17:57:49 -07:00
Tom Eastep
63a2a32b4b
Suppress trailing whitespace.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-14 13:50:59 -07:00
Tom Eastep
31752d9ee1
Move macro.BLACKLIST to where it belongs
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-14 08:14:45 -07:00
Tom Eastep
24e2fe4a04
Make options argument to read_a_line manditory
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-14 08:04:28 -07:00
Tom Eastep
42950e53cd
Use logical add rather than arithmetic add for uniformity
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-11 14:28:09 -07:00
Tom Eastep
ae9f538ef8
Simplify an assertion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-11 14:27:48 -07:00
Tom Eastep
e880d2fd84
Remove some whitespace
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-11 08:03:02 -07:00
Tom Eastep
e791a63671
Merge branch '4.5.2'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-11 07:13:40 -07:00
Tom Eastep
e263a3c27d
Remove redundant logic
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-11 07:11:05 -07:00
Tom Eastep
0b5e30aa7b
Fix INCLUDE inside an ?IF ... ?ENDIF
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-10 17:27:47 -07:00
Tom Eastep
07ff3f294d
Fix INCLUDE inside an ?IF ... ?ENDIF
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-10 17:27:23 -07:00
Tom Eastep
6ba69c9540
Eliminate read_a_line1()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-10 17:01:38 -07:00
Tom Eastep
5ee554708c
Control the proliferation of arguments to read_a_line() by using
...
a bit-mapped single argument.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-10 13:51:25 -07:00
Tom Eastep
623e545f09
Don't allow accounting chains to be altered when OPTIMIZE_ACCOUNTING=No
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-09 21:44:44 -07:00
Tom Eastep
2545322163
Cleanup of read_a_line()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-09 16:00:26 -07:00
Tom Eastep
7b511f449f
Don't strip comments until after embedded Perl or Shell have been handled.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-09 15:12:13 -07:00
Tom Eastep
94097e2561
Add newlines to embedded multi-line shell and perl
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-08 12:17:00 -07:00
Tom Eastep
50405f57ba
Don't suppress whitespace in embedded Perl and Shell
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-08 07:54:03 -07:00
Tom Eastep
860141127a
Re-enable '#' in quoted strings within embedded shell and perl
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-08 07:30:46 -07:00
Tom Eastep
a2abad3f68
Modify getparams to use the installed shorewallrc file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-07 09:07:07 -07:00
Tom Eastep
c5f44d8737
Move read_a_line() prototype before first use.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-07 07:42:27 -07:00
Tom Eastep
25bca70ff2
Merge branch 'master' into 4.5.2
2012-04-07 07:39:14 -07:00
Tom Eastep
7204220991
Some more fixes to conditional inclusion.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-07 07:16:17 -07:00
Tom Eastep
97cc4930cf
Deimplement option leading ? in embedded directives
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-06 16:26:05 -07:00
Tom Eastep
5688dc77a3
Make ?BEGIN PERL end ?END PERL work.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-06 15:58:21 -07:00
Tom Eastep
9dd6f86c55
Use read_a_line() in the embedded_shell() and embedded_perl() functions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-06 15:46:01 -07:00
Tom Eastep
53395e788d
Add a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-06 11:49:59 -07:00
Tom Eastep
24e115d0f9
Move a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-06 08:00:20 -07:00
Tom Eastep
24d30275fa
Correct syntax errors in the generated script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-03 17:08:14 -07:00
Tom Eastep
fb428bf564
Don't modify CONFDIR and SHAREDIR in the shell code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-02 12:39:49 -07:00
Tom Eastep
348c99c7d0
Compiler changes for Shorewall[6]-lite relocation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-02 07:46:38 -07:00
Tom Eastep
85fce606dc
Give all config files access to shorewallrc variables.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-01 13:19:38 -07:00
Tom Eastep
bb6e17fd3e
Many changes involved in getting a relocated installations to work
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-04-01 10:47:24 -07:00
Tom Eastep
cf176474ac
Merge branch '4.5.2'
...
Conflicts:
Shorewall/Perl/Shorewall/Chains.pm
2012-03-31 09:44:36 -07:00
Tom Eastep
6ed207aba0
Fix 'dhcp' with 'nets'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-31 09:30:29 -07:00
Tom Eastep
924ec49d09
Add OWNER_NAME_MATCH to do_user
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-30 16:58:38 -07:00
Tom Eastep
a4097b7a02
Correct Typo in setup_null_routing()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-30 16:57:26 -07:00
Tom Eastep
e38fcb2bfc
Correct ipset creation and add a WARNING when creating an ipset
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-30 16:56:43 -07:00