Commit Graph

11080 Commits

Author SHA1 Message Date
Tom Eastep
97354c8ce8 Detect CT_TARGET when LOAD_HELPERS_ONLY=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 11:59:51 -08:00
Tom Eastep
e8c7ec38dc Allow netstat output to appear in dumps on Fedora
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 11:59:19 -08:00
Tom Eastep
b58ad8e758 Be sure to delete fooX chain on errors in determine_capabilities()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 10:55:08 -08:00
Tom Eastep
0e3ad6ff91 Omit the chain designator from an error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 07:51:12 -08:00
Tom Eastep
1c535ee0f9 Correct handling of a chain designator in CLASSIFY rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 07:44:16 -08:00
Tom Eastep
3081ab1da1 Correct RELATED_DISPOSITION error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-22 15:51:50 -08:00
Tom Eastep
ce735e9415 Allow a chain designator in CLASSIFY rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-22 15:41:16 -08:00
Tom Eastep
e93dbdcb99 Stop generation of superfluous routing rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-21 08:01:25 -08:00
Tom Eastep
ea8efd1c44 Correct 'show ipa'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-21 07:25:20 -08:00
Tom Eastep
c03fe0a076 Implement USE_LOGICAL_NAMES.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-20 16:03:56 -08:00
Tom Eastep
3e72442954 Convert sample notrack files to FORMAT 2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-20 14:38:44 -08:00
Tom Eastep
0d4a6c1c28 Replace SHOREWALL_DIR with g_shorewalldir
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-20 08:19:57 -08:00
Tom Eastep
74cee48bc0 Change /sbin/shorewall6 back into a file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-19 15:52:42 -08:00
Tom Eastep
075d7ca68b Rename $nolock to $g_nolock
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-19 06:29:05 -08:00
Tom Eastep
6b90c09c04 Correct 'show raw'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-18 15:11:56 -08:00
Tom Eastep
1c8f6d3856 Eliminate a variable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-18 15:05:03 -08:00
Tom Eastep
c00068e08d Another correction to the 'CT' target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-18 07:21:32 -08:00
Tom Eastep
a80b46be81 Allow a port number to be appended to a helper name
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-17 17:08:24 -08:00
Tom Eastep
1f051314b3 Update network diagram 2011-12-17 14:11:56 -08:00
Tom Eastep
ec848ebc01 Parenthesize qa/.../ in embedded Perl
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-17 10:09:23 -08:00
Tom Eastep
ba5db8753e Fix CT helpers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-17 08:59:27 -08:00
Tom Eastep
57d0550311 Document use of .conf options as variables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-17 07:40:43 -08:00
Tom Eastep
9d66f34932 Allow config options to be used as shell variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-15 12:52:22 -08:00
Tom Eastep
10d10b1c16 Remove a redundant capability test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-15 12:52:06 -08:00
Tom Eastep
6194eceaa4 Restore text of 'Provider "..." compiled' message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-15 12:51:39 -08:00
Tom Eastep
4abd626b32 New IPv6 network diagram
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-12 10:35:03 -08:00
Tom Eastep
8ac5f6c086 use specified tool for capabilities detection 2011-12-11 16:28:40 -08:00
Tom Eastep
cc78073ce7 Merge lib.cli-lite into lib.cli
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-11 13:15:30 -08:00
Tom Eastep
4cf564e7c9 Move startup_error() to lib.cli, plus cosmetic changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-08 22:00:48 -08:00
Tom Eastep
eec8a4edaf Cosmetic cleanup
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-07 13:04:20 -08:00
Tom Eastep
40f3c48a2c Remove dead code in lib.cli-lite
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 19:06:46 -08:00
Tom Eastep
eaad3d836c Correct library name in header comments
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 19:05:55 -08:00
Tom Eastep
2142baca4f Avoid inappropriate RELATED,ESTABLISHED rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 19:04:43 -08:00
Tom Eastep
645e8dfea0 Straighten out LITEDIR
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 15:39:18 -08:00
Tom Eastep
004d0bcc38 Allow rules in the RELATED section when there are non-default settions of
the new RELATED_* options.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 13:38:11 -08:00
Tom Eastep
43913915f9 Combine the CLIs into a single 'shorewall' file.
Add lib.cli-lite and lib.cli-std to contain the functions that are different
between the full products and the lite ones.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 12:54:51 -08:00
Tom Eastep
c724e238e6 Move the bulk of command processing to lib.cli
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 07:47:34 -08:00
Tom Eastep
e762998f1e Allow spaces in the argument to the iprange command.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 06:44:15 -08:00
Tom Eastep
d4957696d1 Update man pages and sample files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-05 17:45:09 -08:00
Tom Eastep
439af55312 Implement RELATED_DISPOSITION and RELATED_LOG_LEVEL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-05 16:08:17 -08:00
Tom Eastep
320cc822fe Flesh out CT description in the man pages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-05 13:51:18 -08:00
Tom Eastep
febe9e5222 Apply Chris Boot's fix for TC_ENABLED=Shared
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-05 12:22:48 -08:00
Tom Eastep
b27e2517b4 Unify capabilities detection
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-05 12:00:36 -08:00
Tom Eastep
94b8d07645 Correct fix for dynamic blacklisting (chain_exists())
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-05 07:01:16 -08:00
Tom Eastep
f56b56a59f Update 'notrack' man pages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-05 06:56:23 -08:00
Tom Eastep
7fcdfd6655 Fix chain_exists() from IPv4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-05 06:54:03 -08:00
Tom Eastep
2cffae738f Initial implementation of CT target support in the 'notrack' file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-04 17:15:58 -08:00
Tom Eastep
a794027f63 Implement CT capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-04 14:35:53 -08:00
Tom Eastep
749b893a46 Move lib modification from installation to build
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-04 12:04:03 -08:00
Tom Eastep
299701e466 Make /sbin/shorewall6 a symbolic link
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-04 10:21:33 -08:00