Commit Graph

3016 Commits

Author SHA1 Message Date
Tom Eastep
226eb6ca3e Cleanup of optimization fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 09:56:14 -07:00
Tom Eastep
5bd1bac70d Document fix for optimization bug
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 09:13:52 -07:00
Tom Eastep
e29d6d080d Restore -a functionality to the version command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 08:59:45 -07:00
Tom Eastep
50ce5bab68 Fix Optimization Bug
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 08:58:16 -07:00
Tom Eastep
d58480943a Bump version to 4.4.10 RC 1 2010-05-27 17:21:11 -07:00
Tom Eastep
3125a4d0d3 Restore RPM RedHat compatibility
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-27 06:49:49 -07:00
Tom Eastep
cc269d5d19 Make RPM SuSE-only 2010-05-26 18:49:33 -07:00
Tom Eastep
e627e0ea76 Bump version to 4.4.10-Beta4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-26 16:47:49 -07:00
Tom Eastep
84909de8b9 Fixes for Debian
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-25 16:02:57 -07:00
Tom Eastep
cdcb42ce9c Increment version to 4.4.10-Beta3.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-25 07:17:57 -07:00
Tom Eastep
3db31f2f65 Add SAFESTOP setting to /etc/default/shorewall*.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-25 07:16:02 -07:00
Tom Eastep
2d19cd1ebb Add options to readlink
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-24 06:37:02 -07:00
Tom Eastep
9c0564831a Fix syntax error in generated shell script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-24 06:23:45 -07:00
Tom Eastep
620f5cf76b More build fixes 2010-05-23 17:12:42 -07:00
Tom Eastep
0f7b4cf7f4 Fix logrotate issue 2010-05-23 17:01:31 -07:00
Tom Eastep
0ef4cd1653 Allow Debian install with PREFIX
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-23 16:10:36 -07:00
Tom Eastep
60c751b98f First stage rework of Shorewall install script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-23 16:02:28 -07:00
Tom Eastep
d32ed01cf0 Use readlink(1) where appropriate
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-23 13:37:26 -07:00
Tom Eastep
1d87fc0102 Update .spec files with virtual requires/provides
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-21 10:12:37 -07:00
Tom Eastep
eaad566978 Update documents for Shorewall-lite 2010-05-20 17:06:53 -07:00
Tom Eastep
4264524448 Bump Version to 4.4.10-Beta2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-20 14:13:38 -07:00
Tom Eastep
2a870088d8 Remove 'close' from CLI programs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-20 14:09:40 -07:00
Tom Eastep
182f433772 Add note about supported distributions to release notes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-20 06:32:34 -07:00
Tom Eastep
50dc02da07 Implement the 'REQUIRE_INTERFACE' option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-19 07:32:02 -07:00
Tom Eastep
06a17c8973 Adjust manpage specifications in spec file 2010-05-18 20:59:24 -07:00
Tom Eastep
4e748f9255 Add Shorewall-init manpage and update release notes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 20:40:03 -07:00
Tom Eastep
4690075ed8 Start firewall on up event for optional interface.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 20:29:03 -07:00
Tom Eastep
1eb5e5b081 Fail the install on unknown distros.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 15:30:53 -07:00
Tom Eastep
9c5fb89b4c Improve documentation in the release notes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 14:55:16 -07:00
Tom Eastep
0c9a0150d2 Document Shorewall-init; delete old auto-stop code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 14:42:39 -07:00
Tom Eastep
5b2affbd01 Changes to make RedHat work with NetworkManager
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 13:41:01 -07:00
Tom Eastep
f9d187c288 Correct issues found in Fedora Testing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 10:27:12 -07:00
Tom Eastep
499b0cddaa Log the text from startup errors.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-17 07:02:30 -07:00
Tom Eastep
a534bca914 Fix an existing bug in Shorewall6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-16 19:28:49 -07:00
Tom Eastep
a501222194 Fix some bugs in the Shorewall-init implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-16 17:41:09 -07:00
Tom Eastep
4f428d8135 De-implement 'close'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-16 15:31:41 -07:00
Tom Eastep
749d6be64e Add 'optional' interfaces to updown processing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 17:06:00 -07:00
Tom Eastep
a3589dc6e9 Implement the 'up' and 'down' script commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 12:48:04 -07:00
Tom Eastep
ff388ca5c4 Detect the 'closed' state in the status command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 12:46:47 -07:00
Tom Eastep
88188202cc Add 'wait' interface option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 09:52:46 -07:00
Tom Eastep
16e451a7d8 Add 'required' interface option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 09:04:32 -07:00
Tom Eastep
a2758421ed Bump version to 4.4.10-Beta1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-13 17:03:14 -07:00
Tom Eastep
529f9a07b4 Update Rules.pm version to 4.4.10 2010-05-13 16:39:52 -07:00
Tom Eastep
a04d8126e1 Finish implementing 'close'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-13 16:39:01 -07:00
Tom Eastep
1d0b8b1cec Correct syntax error in generated code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-13 16:32:42 -07:00
Tom Eastep
449ca038ba Implement 'close' command 2010-05-13 16:29:25 -07:00
Tom Eastep
74c515016e Add back stuff merged earlier: 2010-05-08 16:32:03 -07:00
Tom Eastep
679ad6cf04 Allow OS X to be an Administrative System
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-06 09:07:16 -07:00
Tom Eastep
65a5d34276 Update Module Versions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 12:46:29 -07:00
Tom Eastep
96bef5bd49 Assume 'routeback' in routestopped based on interface config.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 12:31:11 -07:00
Tom Eastep
fca404eeaf Update version to 4.4.9
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 10:02:02 -07:00
Tom Eastep
c7848be266 Back out the rest of the original change for dup / -[psiod]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 09:59:25 -07:00
Tom Eastep
70c6a2cdf3 Update version to 4.4.9-RC2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-02 07:25:50 -07:00
Tom Eastep
7d2df848c9 Tighten up the new mDNS rule 2010-05-01 12:13:02 -07:00
Tom Eastep
9bcd9fd12b Allow for mDNS multicast responses 2010-05-01 12:01:58 -07:00
Tom Eastep
639b3ea57d Simplify checking for /! -[piosd] /
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 09:13:16 -07:00
Tom Eastep
311372013d More fixes to optimization
Only disallow / ! -[piosd] / if the target is a chain

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 08:58:41 -07:00
Tom Eastep
518416ec2e Add a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 08:08:39 -07:00
Tom Eastep
94c6b37e8e Avoid leaving an orphan '!' behind.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 07:51:24 -07:00
Tom Eastep
219b2e0761 A more comprehensive solution to multiple -[piosd] matches.
- eliminate duplicate -[piosd] matches in merged rules
- avoid tracing !* unconditionally

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 07:26:25 -07:00
Tom Eastep
16161d9cfc Add new trace types.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 06:43:09 -07:00
Tom Eastep
1173518d78 More minor cleanup of first code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-30 07:22:09 -07:00
Tom Eastep
2864841a9e Correct release notes
update version to RC1
correct typo

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-29 11:21:31 -07:00
Tom Eastep
076da4bd5c Couple of tweaks to my earliest code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-29 11:19:50 -07:00
Tom Eastep
a997d6507d Update release notes with more common example of failure.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-28 08:09:10 -07:00
Tom Eastep
039668b333 Update release notes to reflect reality.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-28 06:57:45 -07:00
Tom Eastep
2c1cede54e Revise addressless bridge change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 15:23:38 -07:00
Tom Eastep
d8b0f496df Allow simple configuration of a bridge with no IP address
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 12:26:58 -07:00
Tom Eastep
988f7c4d7e More fixes for bad NAT optimization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:50:18 -07:00
Tom Eastep
f49848bd5b Document rare optimization fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:32:53 -07:00
Tom Eastep
0e4698d57c Fix rare optimization bug
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:19:58 -07:00
Tom Eastep
6d61e962eb Use -m conntrack if available in place of -m state
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-25 13:35:41 -07:00
Tom Eastep
21e0c68ef2 Bump version to 4.4.9 RC1 2010-04-25 09:37:17 -07:00
Tom Eastep
fb2ddcee7b Bump Version to 4.4.9 Beta 5 2010-04-24 21:53:12 -07:00
Tom Eastep
6053352f8c A better fix for find_first_interface_address()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-23 20:06:45 -07:00
Tom Eastep
2cb3bac946 Document fix for find_first_interface_address() 2010-04-23 12:18:51 -07:00
Tom Eastep
232fc21fe2 Allow find_first_interface_address[_if_any] to work properly in the params file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-23 11:54:36 -07:00
Tom Eastep
b821bdcdfd One more pass at improving regex's for target isolation and matching
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 14:45:34 -07:00
Tom Eastep
64bf772594 Set OUTPUT policy to ACCEPT when optimize_chain deletes all of its rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 13:38:38 -07:00
Tom Eastep
b0b39cfc39 Document optimization level 2 fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 11:55:13 -07:00
Tom Eastep
fb754b3a2e Don't remove a lone ACCEPT rule from the OUTPUT chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 11:35:14 -07:00
Tom Eastep
0dde75d345 Fix install scripts (again)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-19 13:08:03 -07:00
Tom Eastep
a0abb11f67 Extend 'show log <ipaddr>' to search for a regular expression.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-19 13:02:21 -07:00
Tom Eastep
8c09f21e5d Implement 'show log <token>'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-19 10:20:28 -07:00
Tom Eastep
a1a78cf09b Abandon the fantesy that multiple optimize 8 passes will achieve anything.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 17:12:08 -07:00
Tom Eastep
938cfd7ba4 Don't create fw-><bport> chains and rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 12:29:51 -07:00
Tom Eastep
c52a3dcd14 Don't generate policy chains for fw to bridgeport zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:56:11 -07:00
Tom Eastep
1030c852f9 Simplify a test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:21:30 -07:00
Tom Eastep
e7a4aaafc1 Modify optimization 8 loop to continue until no chains are combined.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:17:57 -07:00
Tom Eastep
8e1284f74c Document OPTIMIZE=15
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:17:12 -07:00
Tom Eastep
4f00de0c57 Make additional optimize 8 passes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 08:42:25 -07:00
Tom Eastep
21b44ac42b Change version to 4.4.9-Beta4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 07:25:53 -07:00
Tom Eastep
82d6ba511f Unify the REs that look for '-[jg] <chain>'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 18:02:31 -07:00
Tom Eastep
cec59360f6 Use '-j' rather than '-g' when jumping to tcpre, just to be safe
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 14:14:13 -07:00
Tom Eastep
46d207a86f Restore original amount of whitespace in maclist rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 14:13:37 -07:00
Tom Eastep
e9a94b0cfb Unify reference count adjustment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 14:12:48 -07:00
Tom Eastep
cf59d9ec68 Fix an optimize 8 bug.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 12:45:00 -07:00
Tom Eastep
dde540c42d Update release notes for optimize 4 problems.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 12:44:37 -07:00
Tom Eastep
c1bcf360ee Fix another 'add_rule' that should have been an 'add_jump'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 09:59:57 -07:00
Tom Eastep
f7e48a94da Fix install scripts.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 09:39:21 -07:00