Commit Graph

96 Commits

Author SHA1 Message Date
teastep
20d3f6afdc Error with ESTABLISHED/RELATED rules and FASTACCEPT
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3419 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2006-02-01 23:05:32 +00:00
teastep
bb7bf55a77 Fix typo in shorewall.conf
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3411 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2006-01-31 16:24:23 +00:00
teastep
c137f1992a Rename VERBOSE to VERBOSITY
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3373 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2006-01-24 17:44:19 +00:00
teastep
33cc957521 Repair -v brain damage
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3371 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2006-01-24 16:10:41 +00:00
teastep
cf8344b26d Allow default verbosity to be set in shorewall.conf
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3358 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2006-01-23 17:48:15 +00:00
teastep
248b26a7d8 Re-add dynamic zone capability
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3264 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2006-01-11 23:30:33 +00:00
teastep
1cb2d888e8 Remove dynamic zone capability from development branch
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3196 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-12-24 21:23:10 +00:00
teastep
98f828f1c9 Console-friendly shorewall.conf
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3163 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-12-14 16:18:38 +00:00
teastep
1ed05f0fef Change CLEAR_TC default to 'Yes'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3148 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-12-10 20:11:07 +00:00
teastep
3d0ec74fde Clarifications and minor documentation corrections
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3108 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-12-01 22:27:18 +00:00
teastep
ee433d350d Add upgrade warning to shorewall.conf -- Take 2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3105 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-12-01 21:26:41 +00:00
teastep
d395e177a1 Add upgrade warning to shorewall.conf
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3104 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-12-01 21:11:23 +00:00
teastep
577389464f Improve bridging instructions in config file comments
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3090 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-11-28 15:26:06 +00:00
teastep
532bb3df5e Typo in shorewall.conf
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2874 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-13 18:12:55 +00:00
teastep
2fc9e1590e Clean up MACLIST_TABLE mess in shorewall.conf
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2873 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-13 18:11:48 +00:00
teastep
7d97b536a6 Move MACLIST_TABLE to correct section of shorewall.conf
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2850 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-11 16:49:13 +00:00
teastep
f7e2332fd3 Correct spelling of MACLIST_TABLE in shorewall.conf
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2847 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-10 21:29:24 +00:00
teastep
1af4d541a0 Add TC_ENABLED=Internal
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2836 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-09 15:47:47 +00:00
teastep
d680528283 Replace TC_ENABLED with TC_SCRIPT
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2829 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-07 22:16:03 +00:00
teastep
a510a70124 Incomplete implementation of MACLIST_TABLE
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2815 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-06 20:01:51 +00:00
teastep
7870f16cb7 Bring tc4shorewall code into the firewall script
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2806 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-05 22:51:29 +00:00
teastep
a66d94d609 Fixes for IPP2P -- fix 'shorewall flush' and multi-ISP
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2801 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-05 16:45:50 +00:00
teastep
340053a6bc Require MARK_IN_FORWARD_CHAIN=Yes for multi-ISP
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2792 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-04 17:40:09 +00:00
teastep
2b6a9bb843 Deimplement original 'netnotsyn' handling
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2766 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-10-01 15:55:41 +00:00
teastep
3daf8076ff Add warning about side effects of ADD_SNAT_ALIASES and ADD_IP_ALIASES
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2749 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-29 15:37:15 +00:00
teastep
f6875e9da7 Alchemy -- zone file style
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2623 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-09-02 20:46:53 +00:00
teastep
738b45ad9e Update the version number to 3.0 in all files
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2606 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-31 15:27:22 +00:00
teastep
370d61970a Add FASTACCEPT option to accept ESTABLISHED/RELATED packets early
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2474 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-11 19:53:07 +00:00
teastep
ac1983a5da Large cleanup patch from Tuomo Soini
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2449 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-08-02 16:46:30 +00:00
teastep
0a03598d11 Correct anachronistic reference in /etc/shorewall/shorewall.conf
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2436 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-31 16:26:55 +00:00
teastep
b66929a65e Large merge of function from EXPERIMENTAL to HEAD.
1) Elimination of the "shorewall monitor" command.

2) The /etc/shorewall/ipsec and /etc/shorewall/zones file are combined into
a single /etc/shorewall/zones file. This is done in an upwardly-compatible
way so that current users can continue to use their existing files.

3) Support has been added for the arp_ignore interface option.

4) DROPINVALID has been removed from shorewall.conf. Behavior is as if
DROPINVALID=No was specified.

5) The 'nobogons' option and BOGON_LOG_LEVEL are removed.

6) Error and warning messages have been made easier to spot by using
capitalization (e.g., ERROR: and WARNING:).

7) The /etc/shorewall/policy file now contains a new connection policy and a
policy for ESTABLISHED packets. Useful for users of snort-inline who want to
pass all packets to the QUEUE target.

8) A new 'critical' option has been added to /etc/shorewall/routestopped.
Shorewall insures communication between the firewall and 'critical' hosts
throughout start, restart, stop and clear. Useful for diskless firewall's
with NFS-mounted file systems, LDAP servers, Crossbow, etc.

9) Macros. Macros are very similar to actions but are easier to use, allow
parameter substitution and are more efficient. Almost all of the standard
actions have been converted to macros in the EXPERIMENTAL branch.

10) The default value of ADD_IP_ALIASES in shorewall.conf is changed to No.

11) If you have 'make' installed on your firewall, then when you use
the '-f' option to 'shorewall start' (as happens when you reboot),
if your /etc/shorewall/ directory contains files that were modified
after Shorewall was last restarted then Shorewall is started using
the config files rather than using the saved configuration.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2409 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-25 23:08:09 +00:00
teastep
b0e6e3a893 Given the large number of people shooting themselves in the foot with
poorly-written one-to-one NAT rules, I'm changing the shorewall.conf
file to set ADD_IP_ALIASES=No in shorewall.conf. Hopefully, this will
reduce the amount of whining about routing table modification during
"shorewall [re]start".


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2372 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-19 18:41:05 +00:00
teastep
318e204358 Re-implement MACLIST_TTL
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2358 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 22:08:15 +00:00
teastep
c6e3e84352 Disable MACLIST_TTL
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2356 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 16:52:21 +00:00
paulgear
2a19eb8a5a Copy latest 2.4 version from Shorewall2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2264 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 05:55:29 +00:00
paulgear
90dd62e89e Copy latest 2.2 version from STABLE2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2263 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 05:45:05 +00:00
paulgear
921a7223d4 Copy latest 2.0 code from STABLE2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2262 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 04:45:32 +00:00
teastep
5338cb48b0 Minor updates for 1.4.9
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1070 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-09 20:18:40 +00:00
teastep
795c791669 Remove backquotes from commands in shorewall.conf
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@812 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-08 18:42:25 +00:00
teastep
5466a7f35b Add MODULE_SUFFIX option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@799 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-01 18:37:41 +00:00
teastep
baa82a4697 Add MODULE_SUFFIX option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@798 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-01 18:30:28 +00:00
teastep
f9c596a465 Reword desciption of NEWNOTSYN
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@793 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-11-28 17:39:53 +00:00
teastep
f046ea3ab1 Fix route filtering
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@782 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-30 15:42:45 +00:00
teastep
ee51d49233 Correct Debian lockfile usage comment in shorewall.conf
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@781 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-27 22:36:22 +00:00
teastep
67ad01a56f Added BLACKLISTNEWONLY
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@765 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-11 16:06:00 +00:00
teastep
3d9d913b4b 1.4.6_2003-731 plus idiot-proofing of the policy file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@682 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-01 02:49:12 +00:00
teastep
4c08cc4780 ADMINISABSENTMINDED Option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@681 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-29 23:04:04 +00:00
teastep
fc1cc9b0eb Fix capability report -- Simon Matter
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@622 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-30 14:21:42 +00:00
teastep
06e38b587d SHOREWALL_SHELL parameter
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@621 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-28 15:22:22 +00:00
teastep
7a2cad4d07 Add Conntrack Match Capability
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@618 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-27 21:02:52 +00:00