Tom Eastep
b0733d93ee
Implement a more robust trace
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 13:09:04 -07:00
Tom Eastep
ef4237f5a0
Avoid verbosity overflow/underflow
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 07:27:27 -07:00
Tom Eastep
3e215d0482
Minor cleanup in the Chains module.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-27 08:18:41 -07:00
Tom Eastep
1153ff0c75
Avoid a shell warning when brctl is not installed.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-27 07:33:40 -07:00
Tom Eastep
f30cd7e287
Clarify provisional policy handling.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-26 08:02:49 -07:00
Tom Eastep
5a36606167
Document fix of EXTERNAL handling in proxyarp.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-25 12:13:52 -07:00
Tom Eastep
6cdc1ab7a2
Allow a logical interface name in the EXTERNAL column of the proxyarp file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-25 11:41:06 -07:00
Tom Eastep
a0a5c55a63
Add omitted defect to 4.4.8 problems corrected
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-25 10:14:39 -07:00
Tom Eastep
7d91edc6ec
Remove redundant line of code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-23 12:49:06 -07:00
Tom Eastep
626b28fcd0
Auto-detect bridge when no options specified. Remove extra logic.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-23 09:28:11 -07:00
Tom Eastep
05752dcf0b
Auto-detection of bridges -- release documents.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-23 08:58:44 -07:00
Tom Eastep
5e9aceae68
Detect bridges
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-23 08:38:54 -07:00
Tom Eastep
914d829a49
Don't optimize the 'blacklst' chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-22 06:47:39 -07:00
Tom Eastep
6ac549ef4e
Add a comment explaining why avoiding creation of the blacklst chain
...
and branching to it is a bad idea.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-21 07:24:29 -07:00
Tom Eastep
6fc347b9be
Prepare 4.4.9-Beta1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-20 07:06:47 -07:00
Tom Eastep
9a88156769
Back off on not jumping to the blacklist chain when there are no blacklist entries.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 11:32:22 -07:00
Tom Eastep
fae29bcf6f
Change version to 4.4.8
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 10:17:32 -07:00
Tom Eastep
508475d80b
Avoid panic among the user base by suppressing missing table error messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 10:10:20 -07:00
Tom Eastep
b22b279bd1
Some additional idiot-proofing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 10:01:02 -07:00
Tom Eastep
a71f5df64f
Fix indentation and quoting in TC progress messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 06:59:58 -07:00
Tom Eastep
f44dbcf20b
More copyright updates
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-18 11:13:51 -07:00
Tom Eastep
91bc3b3293
Mark a restored configuration as 'Restored' rather than 'Started'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-17 10:10:56 -07:00
Tom Eastep
1177540fd8
Update version to RC2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 12:39:35 -07:00
Tom Eastep
66c883de2c
Fix UDPLITE handling of source port when no dest port given.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 10:45:31 -07:00
Tom Eastep
b2a56cd542
Copyright update
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 09:53:51 -07:00
Tom Eastep
a01fa345b7
Add support for UDP Lite
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 09:42:50 -07:00
Tom Eastep
5ac2b16936
Correct typo in comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 08:49:17 -07:00
Tom Eastep
16bbe780c7
Try to avoid printing import banners unnecessarily
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 07:23:02 -07:00
Tom Eastep
787cec4fe7
Fix 'uninitialized variable' bug in Config::copy2
...
Bug reported by Tuomo Soini
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 07:12:39 -07:00
Tom Eastep
a2ac726ce9
Add changelog entry
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-11 18:16:31 -08:00
Tom Eastep
196cd5417f
Allow 'default' optimizations to be disabled by specifying optimization 4096.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-11 17:15:44 -08:00
Tom Eastep
57dc5731b2
Add change log entry
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-10 17:31:35 -08:00
Tom Eastep
249f9412f6
Add undocumented OPTIMIZE=-1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-10 17:31:08 -08:00
Tom Eastep
4f32be03d7
Fix typo in comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-08 15:34:38 -08:00
Tom Eastep
93494c6ae3
Eliminate nested function declarations in generate_matrix()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-08 13:11:10 -08:00
Tom Eastep
fb4f7ebd67
Update release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-08 08:18:10 -08:00
Tom Eastep
07cba9e066
Bump version to RC1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-08 08:11:00 -08:00
Tom Eastep
efed2286b0
Move qt1() to lib.common
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-07 11:50:54 -08:00
Tom Eastep
ce8d1cbc59
Change port range in release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-07 08:39:09 -08:00
Tom Eastep
f246f728e7
Flag '-' used as a port range separator
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-07 08:36:26 -08:00
Tom Eastep
4e18414fd7
Uninstall the logrotate scripts
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 09:24:51 -08:00
Tom Eastep
5671a7ae2f
Add new options to online usage info.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 08:45:43 -08:00
Tom Eastep
88447bfc7d
Avoid dropping first line of library source text
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 08:45:21 -08:00
Tom Eastep
2d458b46b4
Update help text in prog.header*
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 08:13:33 -08:00
Tom Eastep
928b162d3c
Fix bug in handling of -p option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 08:12:04 -08:00
Tom Eastep
7557b4b5fb
Update version to 4.4.8 Beta 3
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 07:41:29 -08:00
Tom Eastep
fe089ddc36
Don't copy headers in imported libraries
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 07:40:43 -08:00
Tom Eastep
c8d8d75cae
Cosmetic change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-05 10:40:18 -08:00
Tom Eastep
35974535b2
More removal/relocation of functions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-05 07:29:27 -08:00
Tom Eastep
f8c7a284a5
Remove duplicate/unneeded functions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-05 07:02:00 -08:00
Tom Eastep
8e5114859c
Only load lib.base and lib.cli (lib.base loads lib.common)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-05 06:51:13 -08:00
Tom Eastep
b4d4cedef9
Fix silly bug in 'show dynamic <zone>'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 19:05:47 -08:00
Tom Eastep
abb943bfb7
Do library consolidation on IPv6 and load lib.cli into shorecap.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 13:11:33 -08:00
Tom Eastep
50330f71f6
Move many routines into lib.common.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 12:38:02 -08:00
Tom Eastep
3e4d9b3118
Rename lib.run -> lib.common
2010-03-04 12:13:41 -08:00
Tom Eastep
7757c0bc20
Rename lib.run to lib.common
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:54:56 -08:00
Tom Eastep
41d709b043
Allow 'get_script_version' to correctly handle point releases
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:40:48 -08:00
Tom Eastep
7b52d812ae
Generate correct library path name
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:40:18 -08:00
Tom Eastep
24432a5f76
Back out dumb change to install.sh
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:17:57 -08:00
Tom Eastep
4c081e5998
Add lib.run
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:12:48 -08:00
Tom Eastep
5d87983803
Update change log. Remove anacronistic comment.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 16:14:15 -08:00
Tom Eastep
1d52683af8
Don't display 'Old' capabilities that are not enabled.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 15:28:49 -08:00
Tom Eastep
a963c8f955
Don't export CONFDIR or SHAREDIR
...
Document CONFDIR, SHAREDIR and VARDIR
Add FILEMODE to the old reserved variable names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 11:46:23 -08:00
Tom Eastep
a4414a9695
Delete references to unimplemented functions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 10:53:40 -08:00
Tom Eastep
3f73b3c408
Export *DIR variables
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 10:39:18 -08:00
Tom Eastep
49c1350aa0
Documentation for final cleanup of variable names
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 10:28:09 -08:00
Tom Eastep
c6981de0e5
Complete elimination of globals that are not .conf options
...
Documentation to follow
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 09:50:07 -08:00
Tom Eastep
ee74696747
IPv6 work to only export when necessary
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 08:59:58 -08:00
Tom Eastep
234e4fa754
Update module versions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 08:51:55 -08:00
Tom Eastep
7457f643ee
Don't export globals when the script is 4.4.8 or later
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 08:51:40 -08:00
Tom Eastep
70296b4bd6
Some fixes for -lite changes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 17:16:11 -08:00
Tom Eastep
78a39ccad5
Centralize exporting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 16:03:44 -08:00
Tom Eastep
cce4bf277a
Reduce export usage; Allow PURGE and RESTOREFILE to be specified on the run-line
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 14:49:31 -08:00
Tom Eastep
2656a9b0c7
Eliminate use of PRODUCT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 12:34:36 -08:00
Tom Eastep
5613d0105a
Remove all reliance on HOSTNAME
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 11:59:38 -08:00
Tom Eastep
68f5215f07
Remove Reliance on HOSTNAME in generated programs
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 11:45:35 -08:00
Tom Eastep
3ea6f6792f
Eliminate VERSION reserved variable name
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 08:02:10 -08:00
Tom Eastep
5fc6d58e19
Eliminate STOPPING variable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 07:37:30 -08:00
Tom Eastep
d4936f4bad
Tweak to an RE used in optimization
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 06:58:09 -08:00
Tom Eastep
169f97d76b
Fix typo
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 11:28:54 -08:00
Tom Eastep
8cfcacc862
Update release document with fix for multiple policy matches
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 08:40:20 -08:00
Tom Eastep
f11bfd3890
Eliminate redundate setting of PRODUCT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 08:32:59 -08:00
Tom Eastep
cfa09dce22
Avoid multiple policy matches with OPTIMIZE=7 and not KLUDGEFREE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 08:32:37 -08:00
Tom Eastep
3ba797cb14
Correct several bugs in the VERBOSITY overhaul
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 06:57:04 -08:00
Tom Eastep
53c73bc8e9
Eliminate VERBOSE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 17:58:01 -08:00
Tom Eastep
14f83759ae
Propagate VERBOSITY even though we don't use it yet
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 17:39:35 -08:00
Tom Eastep
546a48543d
Propagate LOG_VERBOSITY
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 17:30:11 -08:00
Tom Eastep
39883aa690
Eliminate LOG_VERBOSE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 16:58:30 -08:00
Tom Eastep
fb55d63eaf
Allow verbosity to be separate from -V
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 16:42:50 -08:00
Tom Eastep
333ac21c2f
Prepare the footers for 4.6.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 15:25:25 -08:00
Tom Eastep
83ed0a401b
I'll eventually get it the way I like it
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 13:45:33 -08:00
Tom Eastep
585711caa8
Even simpler RE for detecting builtins
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 13:29:26 -08:00
Tom Eastep
693d0e5d4c
Make new test in add_jump() a bit safer.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 12:44:29 -08:00
Tom Eastep
91a14b4e82
Make -s the default on Debian; Issue message when installing in a distro-specific way
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 09:15:11 -08:00
Tom Eastep
d2992c21f4
Update version to Beta 2
2010-02-28 09:04:37 -08:00
Tom Eastep
c9c957c5b8
HKP Macro
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 07:37:16 -08:00
Tom Eastep
3c4b41fbe0
Implement -s option in the major installers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-27 11:48:39 -08:00
Tom Eastep
643d4831ab
More all-caps variable elimination
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-26 17:05:35 -08:00
Tom Eastep
061d850c16
Rename RESTOREPATH to g_restorepath
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-26 08:35:50 -08:00
Tom Eastep
c1ac19a81e
Correct a couple of typos
2010-02-25 16:35:19 -08:00
Tom Eastep
8aaddf368b
More reserved variable names documented
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 12:37:22 -08:00
Tom Eastep
e66b8759d6
Document variable name changes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 12:18:41 -08:00
Tom Eastep
7fe7ebc891
Fix Handling of NFQUEUE(queue-num) in policies
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 08:44:28 -08:00
Tom Eastep
4059fe6956
Belatedly update some version numbers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 08:43:32 -08:00
Tom Eastep
4415050fd2
Eliminate another reserved variable name
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-23 17:00:26 -08:00
Tom Eastep
bffb1793d7
More global variable renaming
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-23 07:52:35 -08:00
Tom Eastep
70a246501e
Update version of Tc.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-23 07:08:48 -08:00
Tom Eastep
b2350829b9
Rename 'debugging' to 'g_debugging'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 16:43:38 -08:00
Tom Eastep
3fc10cd94b
Prepend 'SW_' to constructed shell variable names.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 10:27:59 -08:00
Tom Eastep
88d29d2e35
Eliminate a couple of more all-caps variable name restrictions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 08:24:29 -08:00
Tom Eastep
55c9cf3e99
Eliminate some of the reserved all-caps variable names
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 08:05:23 -08:00
Tom Eastep
2a965d42b9
Add a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-21 07:57:34 -08:00
Tom Eastep
e690303937
Modify Roberto's patch for 'show <chain>' error reporting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 19:09:54 -08:00
Tom Eastep
8baa4e60c9
Merge branch 'master' of ssh://teastep@shorewall.git.sourceforge.net/gitroot/shorewall/shorewall
2010-02-20 18:59:17 -08:00
Roberto C. Sanchez
6a3b2b0dee
Clarify error message when user asks shorewall to show a non-existent chain
2010-02-20 21:57:45 -05:00
Tom Eastep
6307653a01
Pick up one fix from 4.4.7.4 regarding CONTINUE rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 09:42:58 -08:00
Tom Eastep
5696742ef3
Update release Document with 4.4.7.5 changes and Debian Init Script Fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 08:34:47 -08:00
Tom Eastep
a83663bf25
Return failure status when a supported command fails.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 08:20:42 -08:00
Tom Eastep
edaf541850
Don't apply rate limiting twice in ACCEPT+ rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-19 14:01:45 -08:00
Tom Eastep
ceff8adc78
Restore duplicate interface detection in tcinterfaces.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 16:11:30 -08:00
Tom Eastep
3a2173ddb4
Some code cleanup in Tc.pm.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 15:56:59 -08:00
Tom Eastep
ea8be87720
Use Hex representation of device numbers > 9 in simple TC.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 12:53:01 -08:00
Tom Eastep
4e0225a4c3
Update Documentation for per-IP rate limiting fixes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 07:12:36 -08:00
Tom Eastep
ea8a6c837f
Document per-IP rate change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 15:41:12 -08:00
Tom Eastep
00b0490cd7
Create a unique hashtable for each instance of a per-IP rate limit
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 15:39:21 -08:00
Tom Eastep
625963a4f0
Final (hopefully) fix for SFQ handle assignment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 09:02:18 -08:00
Tom Eastep
41bb0782a3
Another tweak to SFQ handle assignment.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 08:06:27 -08:00
Tom Eastep
5649dbf9a8
Improve assignment of class ID for SFQ classses
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 07:41:30 -08:00
Tom Eastep
115ce7b87d
Update release documents for bug fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 06:49:13 -08:00
Tom Eastep
eaafeb8c2b
Add --hashlimit-htable-expire if the units are minutes or larger
2010-02-17 06:43:52 -08:00
Tom Eastep
375160d733
Avoid duplicate SFQ class numbers
2010-02-17 06:43:16 -08:00
Tom Eastep
167b29c2c5
Bump module version in Compiler.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 14:24:52 -08:00
Tom Eastep
8aaf4aab3a
Don't create log chain for 'RETURN' rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 14:24:00 -08:00
Tom Eastep
4546394531
Cosmetic changes to Compiler.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 14:07:35 -08:00
Tom Eastep
5d08d51fe5
Add $remote_fs to Required-Start and Required-Stop for Debian
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 08:39:50 -08:00
Tom Eastep
12d3420a5d
Detect FLOW_FILTER when LOAD_HELPERS_ONLY=No
2010-02-14 10:34:19 -08:00
Tom Eastep
0624451537
Fix for OLD_HL_MATCH.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-14 07:22:12 -08:00
Tom Eastep
5e9ecf1491
Update version of Config module
2010-02-13 11:00:34 -08:00
Tom Eastep
50d246c8be
A little cleanup of compiler.pl
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-13 10:03:32 -08:00
Tom Eastep
ec95e5b32c
Document fix for rate limiting of NAT rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-13 09:11:14 -08:00
Tom Eastep
1258149e0e
Don't apply rate limiting twice in NAT rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-13 07:21:27 -08:00
Tom Eastep
ea5a6c79bc
Bump CAPVERSION
2010-02-11 16:22:47 -08:00
Tom Eastep
5a96771e07
Start 4.4.8 Beta 1
2010-02-11 15:46:57 -08:00
Tom Eastep
757fea7467
Update documentation regarding FLOW_FILTER
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-11 14:35:12 -08:00
Tom Eastep
b35f20b403
Avoid CAPVERSION bump to implement FLOW_FILTER detection
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-11 07:29:41 -08:00
Tom Eastep
b8c195f570
Accurately detect 'flow' availability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-10 14:50:26 -08:00
Tom Eastep
b1c64913b4
Reformat column header in tcinterfaces
2010-02-10 12:00:17 -08:00
Tom Eastep
433fc385bc
'bridge' implies 'routeback'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-09 14:04:36 -08:00
Tom Eastep
21d4c8ba21
Document workaround for lack of 'flow'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-08 10:03:10 -08:00
Tom Eastep
46e2afcf16
Ignore TYPE if old distro
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-08 07:13:20 -08:00
Tom Eastep
b45a70f98a
Make 'nosmurfs' work correctly on IPv6 with Address Type Match
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-08 07:12:58 -08:00
Tom Eastep
18d03a61f5
Make 'nosmurfs' work with Address Type Match on IPv6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-07 08:43:31 -08:00
Tom Eastep
11a2ec9f7c
Update version to 4.4.7
2010-02-05 16:40:48 -08:00
Tom Eastep
e64af57cae
Give smurf logging chain a fixed name.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-03 16:04:59 -08:00
Tom Eastep
f4e175f149
Fix IPv6 'nosmurfs'. Make 'nosmurfs' logging more efficient.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-03 15:03:15 -08:00
Tom Eastep
97f3e5b8de
Clear known problems.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-03 07:18:55 -08:00
Tom Eastep
52880a8822
Clean up generate_matrix() fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-03 06:57:51 -08:00
Tom Eastep
9d288241da
Fix issues in generate_matrix().
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 19:42:54 -08:00
Tom Eastep
096fb29203
DEBUG and PURGE -- take 2.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 13:57:50 -08:00
Tom Eastep
1d8a7ad09f
Clear DEBUG and PURGE shell variables
...
Delete a blank line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 13:55:29 -08:00
Tom Eastep
753eb97667
Update version to 4.4.7 RC2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 10:30:53 -08:00
Tom Eastep
ede17e2da0
Set ADD_IP_ALIASES=No in all shorewall.conf files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 08:16:41 -08:00
Tom Eastep
dd60f04a9f
Work around lack of MARK Target support
2010-02-01 16:22:57 -08:00
Tom Eastep
58f6e57286
Update known problems
2010-02-01 16:19:36 -08:00
Tom Eastep
d354560863
Finish last change.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-01 14:25:51 -08:00
Tom Eastep
f0d101605b
Don't try to combine nat chains that include '-s'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-01 14:24:07 -08:00
Tom Eastep
1981372c94
Make search for "-j ACCEPT" a little tighter
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-31 08:27:30 -08:00
Tom Eastep
f2709dd525
Correct release notes to match implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-30 20:31:39 -08:00
Tom Eastep
3d39a47582
Set $have_ipsec after completing parse of the hosts file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-30 07:26:35 -08:00
Tom Eastep
659f774451
Sort %detect_capability for easier verification.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-29 13:09:53 -08:00
Tom Eastep
9d2decd26d
Modify determine_capabilities to use detect_capability()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-29 10:38:22 -08:00
Tom Eastep
b8ec2be516
Clean up handling of %detect_capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-28 16:39:45 -08:00
Tom Eastep
ecc7861115
Validate LOAD_HELPERS_ONLY before detecting capabilities.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-28 08:05:24 -08:00
Tom Eastep
ebd847ef70
Don't display capabilties if they have not been determined
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-28 08:04:54 -08:00
Tom Eastep
05f2bb4b3a
Correction to last patch.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 17:52:27 -08:00
Tom Eastep
103a1660bc
Update release notes for RC 1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 12:57:47 -08:00
Tom Eastep
9d25318d80
Fix detection of HASHLIMIT_MATCH on old kernels.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 12:53:31 -08:00
Tom Eastep
be117f6638
Remove traffic shaping modules from 'helpers'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 10:37:42 -08:00
Tom Eastep
2069855e44
Restore module loader to lib.base (it is needed by shorecap).
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 10:09:12 -08:00
Tom Eastep
846715b009
Remove module loading code from lib.base
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 09:58:14 -08:00
Tom Eastep
54456de888
Update module versions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 09:01:00 -08:00
Tom Eastep
c05c1a6f50
Update version to 4.4.7 RC1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 06:58:44 -08:00
Tom Eastep
1556002b54
A couple of tweaks to the LOAD_HELPERS_ONLY optimization change.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-25 15:59:31 -08:00
Tom Eastep
fb007bc1c7
Bump version to Beta 4
2010-01-25 12:25:01 -08:00
Tom Eastep
9408a114c6
Don't load unused modules when LOAD_HELPERS_ONLY=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-25 10:50:49 -08:00
Tom Eastep
d933aa602b
Eliminate 'ORIGINAL_POLICY_MATCH'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-25 08:13:22 -08:00
Tom Eastep
90b68a05de
Don't export %capabilities
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-25 07:56:16 -08:00
Tom Eastep
bfdc6719c1
Fix DropBcasts()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-24 12:16:15 -08:00
Tom Eastep
e14d48c2cf
Bump version to 4.4.7-Beta3
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-22 16:46:29 -08:00
Tom Eastep
0d63182ab4
Fix ambiguous syntax in Config.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-22 16:44:45 -08:00
Tom Eastep
199a50e1c7
Update version to 4.4.7 Beta 2
...
Add problems corrected to the release notes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-22 10:35:27 -08:00
Tom Eastep
8def4d03c3
Document LOAD_HELPERS_ONLY=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 20:17:25 -08:00
Tom Eastep
8f85c75264
Implement LOAD_HELPERS_ONLY for IPv6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 15:49:44 -08:00
Tom Eastep
efc43b1b24
Add implementation of LOAD_HELPERS_ONLY
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 15:49:35 -08:00
Tom Eastep
a248acb4d4
Add LOAD_HELPERS_ONLY Option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 15:49:23 -08:00
Tom Eastep
4303ad0a3e
Add Module Helpers File
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 15:48:24 -08:00
Tom Eastep
10fe25050f
Add TC_PRIOMAP fix to change log
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 10:39:40 -08:00
Tom Eastep
a7d4207bf5
Add TC_PRIOMAP to shorewall*.conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 10:38:32 -08:00
Tom Eastep
6b9afd6a82
Remove "-common" from installer messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-19 08:28:08 -08:00
Tom Eastep
9788e057bf
Correct filenames in install.sh -- Take 2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-18 09:29:14 -08:00
Tom Eastep
1716995d75
Correct filenames in install.sh
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-18 09:20:09 -08:00
Tom Eastep
5cc2edf15a
Add the new tc files to the repository
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-18 09:03:05 -08:00
Tom Eastep
8798d3cdb4
Install tcinterfaces and tcpri
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-18 07:39:36 -08:00
Tom Eastep
4453bb7dc8
More updates from 4.5
2010-01-17 16:18:44 -08:00
Tom Eastep
eb790c6d89
Add IPMARK and TPROXY modules to load list
2010-01-17 15:51:19 -08:00
Tom Eastep
e119037dea
Make 'is_isable()' work with 'lo'
2010-01-17 15:38:20 -08:00
Tom Eastep
f072c10b18
Set version to 4.4.7 Beta1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-17 09:10:48 -08:00
Tom Eastep
957de4b057
Add new options to shorewall[6].conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-17 08:50:32 -08:00
Tom Eastep
146a738e4c
Document TPROXY
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-17 08:20:15 -08:00
Tom Eastep
f4102417ff
Shorewall::Config changes for TPROXY from 4.5
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-17 08:15:14 -08:00
Tom Eastep
07cdb8ca82
Backport TPROXY from 4.5
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-17 08:12:44 -08:00
Tom Eastep
47007c5dbd
Allow protocol to be expressed in octal or hex
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 14:20:47 -08:00
Tom Eastep
aad8ea837a
Allow port numbers to be specified in Hex
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 14:00:47 -08:00
Tom Eastep
5ec7759d81
Don't pass an undefined value to fatal_error when numeric conversion fails.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 12:35:18 -08:00
Tom Eastep
fddb85189e
Update release documents for functionality backported from 4.5.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 11:32:50 -08:00
Tom Eastep
4bf0b8e1dd
Add new configuration options and optimization changes from 4.5
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 09:53:53 -08:00
Tom Eastep
d5cc302ad9
Start 4.4.7
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 08:11:13 -08:00
Tom Eastep
45d975cb45
Final editing of release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-14 08:25:32 -08:00
Tom Eastep
6e998edd48
Correct typo -- TC_EXPORT -> TC_EXPERT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-14 07:48:19 -08:00
Tom Eastep
ebf1e55609
Version to 4.4.6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 15:38:19 -08:00
Tom Eastep
1f1812b786
Document mDNS change in the release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 13:24:24 -08:00
Tom Eastep
bffe8ce4c6
Add multicast address to mDNS macro
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 13:20:07 -08:00
Tom Eastep
79f8031267
Add IGMP to the mDNS macro.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 13:03:34 -08:00
Tom Eastep
b8b7555ff9
Add "[ <device> ]" to "show tc" usage syntax
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 12:28:20 -08:00
Tom Eastep
880cd269c7
More mark geometry misses
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 12:16:40 -08:00
Tom Eastep
72de96760f
One more 0xFF -> $globals{TC_MASK} fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 12:11:00 -08:00
Tom Eastep
890cbfbd5d
Document TRACK_PROVIDERS change in the release notes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 10:59:34 -08:00
Tom Eastep
10c5630786
A few more instances of TC_MASK
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 10:50:14 -08:00
Tom Eastep
555133fa3c
Bump version to 4.4.6-Beta2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 10:14:31 -08:00
Tom Eastep
b4b6dce7c8
Add some comments
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 08:12:00 -08:00
Tom Eastep
4821d5e8b7
Change quantum to 1875 for simple TC SFQ.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 08:11:49 -08:00
Tom Eastep
55e41483de
Update Release Documents
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 20:12:31 -08:00
Tom Eastep
db2a1fe749
Add lib.cli changes to 4.4.6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 18:57:04 -08:00
Tom Eastep
f69a741691
Port Simplified TC to 4.4.6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 17:01:20 -08:00
Tom Eastep
7e183e8eb4
Change version to 4.4.6-Beta1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 15:57:55 -08:00
Tom Eastep
57672d096c
Don't invoke 4.5 optimization under 4.4.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 15:47:14 -08:00
Tom Eastep
ae31a09e8b
Move code and add comments:
...
- Declare all of the 'preview' helpers together in Chains.pm
- Add some clarifying comments in the compiler.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 15:32:59 -08:00
Tom Eastep
4420eed8d7
Allow users to preview the generated ruleset.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 15:32:50 -08:00
Tom Eastep
818dfb6295
Document 'show macro' in the release docs.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 13:46:14 -08:00
Tom Eastep
6c62f14749
Add 'show macro' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 13:40:25 -08:00
Tom Eastep
4464094773
Update release documents for DHCPfwd
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 07:51:20 -08:00
Tom Eastep
b6a7723c05
Add DHCPfwd macro
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 07:48:55 -08:00
Tom Eastep
baa893773d
Apply Macro changes from Tuomo Soini
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 07:35:41 -08:00
Tom Eastep
6b085b7897
Update module versions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 18:54:23 -08:00
Tom Eastep
5b4e9eb8e6
Revert change with migration issue
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 15:30:33 -08:00
Tom Eastep
0b549c7a15
Suppress mark geometry output
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 14:55:42 -08:00
Tom Eastep
fc8bfdcbf9
Update release documents
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 14:49:45 -08:00
Tom Eastep
1a74dbf93e
Add mark geometry changes to Shorewall::Chains and Shorewall::Compiler
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 14:39:22 -08:00
Tom Eastep
01293427f5
Add Mark Geometry changes to Shorewall::Tc
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 14:29:34 -08:00
Tom Eastep
4f5bb5e90b
Add new mark geometry changes to Shorewall::Providers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 14:22:01 -08:00