Commit Graph

6525 Commits

Author SHA1 Message Date
Tom Eastep
bebb41674a Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-04-25 12:57:04 -07:00
Tom Eastep
42f75f7ba2 Correct SetEvent and ResetEvent
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-25 12:56:36 -07:00
Tuomo Soini
2c9b7fbb07 macro.JabberSecure: use of Jabber SSL is deprecated. Note user. 2015-04-23 10:03:07 +03:00
Tuomo Soini
119299421f macro.JabberPlain: deprecate the macro in favor of macro.Jabber 2015-04-23 09:39:23 +03:00
Tuomo Soini
aef019e16d macro.Jabber: use of jabber has changed from Plain+SSL to STARTTLS 2015-04-23 09:38:40 +03:00
Tom Eastep
3ae243b882 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-04-22 20:34:03 -07:00
Tuomo Soini
0fc58f81cc macro.QUIC: added support for QUIC
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-04-22 16:29:17 +03:00
Tom Eastep
0e8b427778 Remove false comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-18 14:31:07 -07:00
Tom Eastep
6cb3004a39 Clarify helper module loading
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-17 09:51:25 -07:00
Tom Eastep
f5aa0373cb Correct interfaces example 4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-12 08:38:55 -07:00
Tom Eastep
b128c30813 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
Get Tuomo Soini's fix for serviced startup
2015-04-11 07:33:15 -07:00
Tuomo Soini
194252afd3 systemd: fix shorewall startup by adding Wants=network-online.target
Before shorewall failed to load if there were interfaces which were required
but there wasn't any other service which wanted network-online.target.
By adding Wants=network-online.target we make sure shorewall[6]* startup
won't fail if there are required interfaces

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-04-11 10:50:54 +03:00
Tom Eastep
16e3cb1b43 More manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-07 10:14:42 -07:00
Tom Eastep
27c1ffc5fb Include full syntax in lists of CLI commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-07 09:23:58 -07:00
Tom Eastep
0e54a86e82 Add descriptions of 'list' and 'ls' to the CLI manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-06 09:39:41 -07:00
Tom Eastep
4fd8aa692d Add comment to setting of TCPMSS_TARGET with old caps file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-04 09:34:23 -07:00
Tom Eastep
8c3dda80a3 Simplify previous change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-03 16:35:50 -07:00
Tom Eastep
9f96f58a0d Default TCPMSS_TARGET to 1 in old capabilities files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-03 14:46:50 -07:00
Tom Eastep
77165326f2 Merge branch '4.6.8'
Conflicts:
	Shorewall6/uninstall.sh
2015-04-03 14:02:21 -07:00
Tom Eastep
eb3a162560 Apply Matt Darfeuille's fix for fatal_error()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-02 13:26:51 -07:00
Tom Eastep
44142ed457 Apply Matt Darfeuille's uninstall fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-02 07:28:21 -07:00
Tom Eastep
659e9d550c Apply Matt Darfeuille's uninstall fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-02 07:27:57 -07:00
Tom Eastep
7442c2189d Implement TCPMSS_TARGET capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-31 15:53:05 -07:00
Tom Eastep
468167f9e5 Apply nfw's fix for IP[6]TABLES in the conntrack file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-24 09:23:15 -07:00
Tom Eastep
b00a7af619 Allow a comma-separated list in the rtrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-18 15:16:25 -07:00
Tom Eastep
0c11870e46 Implement the 'savesets' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-17 10:03:12 -07:00
Tom Eastep
c5ef3fd905 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-14 08:55:40 -07:00
Tom Eastep
86d6d6900e Improve 'close' and 'show opens' commands
- close accepts a rule number
- list opens displays rule numbers

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-14 08:54:30 -07:00
Tom Eastep
9a5cc5e51c Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-07 07:57:26 -08:00
Tom Eastep
d7a1ca41f9 Another attempt to correct the formatting of the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-07 07:56:34 -08:00
Tom Eastep
d3552346b0 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-06 15:38:48 -08:00
Tom Eastep
1e6c266b51 Formatting fix (I hope)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 15:37:56 -08:00
Tom Eastep
d6f8cda2d5 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-06 14:10:13 -08:00
Tom Eastep
4cc866cd81 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-06 14:09:11 -08:00
Tom Eastep
095e523c9f Add 'show opens' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 13:10:23 -08:00
Tom Eastep
2817060edb Improvements to the 'open' and 'close' commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 08:13:44 -08:00
Tom Eastep
30e750608b Fix broken links
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-05 16:23:49 -08:00
Tom Eastep
a85fdc45ac Implement 'open' and 'close' commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-05 16:20:54 -08:00
Roberto C. Sánchez
e9bb447537 Fix typo 2015-03-02 09:58:09 -05:00
Tom Eastep
cdc2d52208 Implement ADD and DEL in the mangle file.
- Also document the parameter to SAME

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-18 12:04:01 -08:00
Tom Eastep
18c8f1f835 Remove blank line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-17 20:10:25 -08:00
Tom Eastep
aff8623a44 Allow TTL to be specified in the SAME action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-17 19:11:28 -08:00
Tom Eastep
b14e7c54f9 Merge branch '4.6.6' 2015-02-07 08:29:44 -08:00
Tom Eastep
30a5f508be Change samples to specify MODULE_SUFFIX="ko ko.xz"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-06 12:56:35 -08:00
Orion Poplawski
9ad0b297e2 Supporting xz compressed kernel modules
- I've attached a patch that adds xz support to the default MODULE_SUFFIX.
- I'm wondering it wouldn't be better to not have MODULE_SUFFX=ko in various
sample configs so that the default value is used instead:

./Shorewall/configfiles/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/Universal/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/three-interfaces/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/two-interfaces/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/one-interface/shorewall.conf:MODULE_SUFFIX=ko
./docs/MultiISP.xml:MODULE_SUFFIX=ko
./docs/MyNetwork.xml:MODULE_SUFFIX=ko
./Shorewall6/configfiles/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/Universal/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/three-interfaces/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/two-interfaces/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/one-interface/shorewall6.conf:MODULE_SUFFIX=ko

- Is:

MODULE_SUFFIX=

sufficient to use the default value or does it need to be commented out?

Thanks,

  Orion

--
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion@nwra.com
Boulder, CO 80301                   http://www.nwra.com

>From f13edf8fc07c7b62825408b8665b10d6014d368d Mon Sep 17 00:00:00 2001
From: Orion Poplawski <orion@cora.nwra.com>
Date: Mon, 26 Jan 2015 09:48:48 -0700
Subject: [PATCH] Support xz compressed modules

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-06 12:51:00 -08:00
Tom Eastep
40104d0c86 Correct handling of +set[n]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-26 07:53:41 -08:00
Tom Eastep
5d110616a5 Merge branch '4.6.6' 2015-01-24 18:16:47 -08:00
Tom Eastep
a2b8069ee3 Clarify Zone exclusion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-24 18:15:10 -08:00
Tom Eastep
c7cd0060f0 Merge branch '4.6.6' 2015-01-23 09:07:28 -08:00
Tom Eastep
e3b96862ef Propagate the LOCKFILE setting to the generated script.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-23 08:18:30 -08:00
Tom Eastep
a060f683cc Correct file name in mangle 'split_line' error messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:34:47 -08:00
Tom Eastep
01220d58ea Change the installation default value of INLINE_MATCHES to 'No'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:34:39 -08:00
Tom Eastep
c2b6d974e7 Protect 'enable' and 'disable' with mutex
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:34:28 -08:00
Tom Eastep
7ab055e61e Correct file name in mangle 'split_line' error messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:31:51 -08:00
Tom Eastep
758f3cf955 Change the installation default value of INLINE_MATCHES to 'No'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:30:50 -08:00
Tom Eastep
08a184d95b Protect 'enable' and 'disable' with mutex
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:30:05 -08:00
Tom Eastep
50a0103e89 Merge branch '4.6.6' 2015-01-20 08:11:07 -08:00
Tom Eastep
6f2308e0fa Correct syntax of the SAVE and RESTORE actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-20 08:09:55 -08:00
Tom Eastep
a7cacdfee3 Allow SAVE and RESTORE in the INPUT chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-20 08:09:09 -08:00
Tom Eastep
28ac76bde4 Add tinc tunnel support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-13 13:28:37 -08:00
Tom Eastep
83431514fb Add Tinc macro
- From Răzvan Sandu
2015-01-13 07:05:15 -08:00
Tom Eastep
111c454193 Make leading SHELL case-sensitive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-13 07:04:20 -08:00
Tuomo Soini
b06ba536e9 macro.Zabbix: This macro handles Zabbix monitoring software server traffic to agent
and trap traffic from agent to zabbix server.

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-01-13 13:51:00 +02:00
Tom Eastep
97846e14de Correct handling of ipsets in one of the PORTS columns
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-09 09:28:08 -08:00
Tom Eastep
07c21b8968 Add 'primary' provider option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-06 09:06:27 -08:00
Tom Eastep
668759edad Catch parameter problems with TARPIT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 11:09:39 -08:00
Tom Eastep
0f1f54b57b Tweak loopback change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 11:00:02 -08:00
Tom Eastep
60d5a177a3 Use the 'Iface Match' capability for loopback traffic.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 09:46:39 -08:00
Tom Eastep
3ed5ced581 Correct syntax error introduced in Beta 2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 08:35:33 -08:00
Tom Eastep
086f8b6073 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-01-03 13:23:00 -08:00
Tom Eastep
fa377df9dc Fix installer's use of the DIGEST environmental variable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-03 13:22:06 -08:00
Tom Eastep
7dd9ccd06b Add the 'loopback' interface option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-03 09:22:40 -08:00
Tom Eastep
33e2e19193 Always set IP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 09:28:50 -08:00
Tom Eastep
4a4bfe77ce Implement IFACE_MATCH capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 09:05:06 -08:00
Tom Eastep
3890b8a884 Infrastructure for detecting loopback interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 08:49:38 -08:00
Tom Eastep
551a16d18f Document TARPIT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-01 09:14:00 -08:00
Tom Eastep
d1b597394f Correct typo (TARPIT_MATCH -> TARPIT_TARGET)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-30 10:22:33 -08:00
Tom Eastep
15a2fd14f9 Implement TARPIT target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-28 15:23:30 -08:00
Tom Eastep
f96baca780 Use the readable representation of the SHA1 digest in the chain table
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-27 11:13:10 -08:00
Tom Eastep
1b5f439609 Rewrite 'process_actions'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-27 09:28:02 -08:00
Tom Eastep
1655054de2 Rename 'externalize' to 'external_name'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-27 09:19:00 -08:00
Tom Eastep
89877ed3f7 Rename 'policy_rules' to 'add_policy_rules'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 15:58:13 -08:00
Tom Eastep
9649107a8e Rename 'apply_policy_rules' to 'complete_policy_chains'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 15:53:50 -08:00
Tom Eastep
33eb47a48a Reorder parameters and change identifiers in set_policy_chain()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 15:47:50 -08:00
Tom Eastep
93285e2798 Cleanup of preceding fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 14:05:43 -08:00
Tom Eastep
2430796495 Document the -c option of 'show routing'
Correct choice in show commands to 'req'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 12:15:28 -08:00
Tom Eastep
06ef7596cd Document the -c 'dump' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 11:57:24 -08:00
Tom Eastep
227db0cfa7 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2014-12-23 15:37:38 -08:00
Tom Eastep
c0f7d0e65d Start firewall after the network-online target has been reached
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-23 15:37:22 -08:00
Tom Eastep
ba806379f4 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2014-12-23 15:36:56 -08:00
Tom Eastep
6a15cead52 Cosmetic/commentary changes to the Config Module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-23 15:25:20 -08:00
Tom Eastep
f925358872 Minor Compiler Reorganization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-23 12:27:37 -08:00
Tom Eastep
52d2e62274 Convert two macros to Format 2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-22 08:36:34 -08:00
Tom Eastep
56e8068f3d Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2014-12-20 15:12:44 -08:00
Tom Eastep
35fc7b34b8 Minor code tweak
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-20 15:09:21 -08:00
Tom Eastep
fdf513fba6 Correct font in mangle manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-19 14:26:20 -08:00
Tom Eastep
79430673b8 Correct handling of duplicate states in the mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-16 19:08:25 -08:00
Tom Eastep
695db284c0 Improve Mark Range Implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-15 11:19:23 -08:00
Tom Eastep
807b9ca627 Revert "Improve handling of mark ranges"
This reverts commit 62f480897e.
2014-12-15 09:39:24 -08:00
Tom Eastep
62f480897e Improve handling of mark ranges
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-14 09:13:41 -08:00
Tom Eastep
2d7025dcc3 Correct mark range handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-13 08:31:31 -08:00
Tom Eastep
a833815b31 Correct IPv6 handling of LOG_BACKEND=LOG
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 08:56:42 -08:00
Thomas D
664e3bb0a8 Installer: $INITDIR already starts with a "/", so no need for, "$DESTDIR/$INITDIR"
Hi,

before the patch (DESTDIR = "/tmp/shorewall-4.6.5"; INITDIR =
"/etc/init.d"),

> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5//etc/init.d/shorewall-lite

after the patch

> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5/etc/init.d/shorewall-lite

-Thomas

From e7a192397323bb6cb66d08a6f24e7edfee044f31 Mon Sep 17 00:00:00 2001
From: Thomas D <whissi@whissi.de>
Date: Sat, 15 Nov 2014 16:38:05 +0100
Subject: [PATCH] $INITDIR already starts with a "/", so no need for
 "$DESTDIR/$INITDIR"

Before the patch (DESTDIR = "/tmp/shorewall-4.6.5"; INITDIR = "/etc/init.d"),

  > [...]
  > SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5//etc/init.d/shorewall-lite

after the patch

  > [...]
  > SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5/etc/init.d/shorewall-lite

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 07:55:14 -08:00
Tom Eastep
9241552c52 Make emacs sh-mode work better with lib.core
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-14 16:28:44 -08:00
Tom Eastep
16c1809ef2 Apply Alan Barrett's dhclient patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-14 13:39:23 -08:00
Tom Eastep
7100af5380 Correct .service files
- Make them match earlier versions

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-11 18:05:04 -08:00
Tom Eastep
c4171a92f6 Change spacing in shorewall[6] usage output
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-10 07:38:58 -08:00
Thomas D
a5b2886ae9 Patches for shorewall manpage
Hi,

I corrected some errors in the manpages. I started with "shorewall".

Tom, please tell me if you like this format and the patches at all.
If you like them, I can send you a similar patch set for shorewall6, too.

-Thomas

From 2aaeaa4f2da7aae92177ced0530f1deff86f44a9 Mon Sep 17 00:00:00 2001
From: Thomas D <whissi@whissi.de>
Date: Sun, 9 Nov 2014 15:45:29 +0100
Subject: [PATCH 11/14] The "-i" option from the "reload" command wasn't marked
 as an option.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-09 07:40:59 -08:00
Tom Eastep
9a6047b3c4 Correct reversed naming of SHA chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-06 08:18:52 -08:00
Tom Eastep
6f5de7ef3f Add now logging modules to the modules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-05 16:19:30 -08:00
Tom Eastep
5b4e3bc07c Accomodate new module names for LOG_BACKEND
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-05 12:51:24 -08:00
Tom Eastep
dc3f163e71 Change the names of the sha1 chains for uniqueness
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-04 17:54:38 -08:00
Tom Eastep
2f545012a6 More documentation updates for -C
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 09:25:58 -08:00
Tom Eastep
c97226c46c Correct behavior of 'start -fC'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 09:25:23 -08:00
Tom Eastep
8c0c1bd1e0 Omit the 'shorewall' chain from .ip[6]tables-restore-input
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 08:16:47 -08:00
Tom Eastep
8b825c4c4c Avoid failure of ip[6]tables-restore.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 07:56:05 -08:00
Tom Eastep
4493b2ab6b Correct typo in 'rules' manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 06:50:40 -08:00
Tom Eastep
9598ac6fad Correct a couple of problems with -C
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-01 10:09:04 -07:00
Tom Eastep
8fb73026c8 Replace SAVE_COUNTERS with the -C command option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-01 09:37:57 -07:00
Tom Eastep
4546cbaff7 Use chains with names derived from a digest to identify ruleset
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-31 11:36:53 -07:00
Tom Eastep
a83c146636 Cleanup
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 20:27:06 -07:00
Tom Eastep
2ffc97867c Correct syntax error in the generated script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 19:59:20 -07:00
Tom Eastep
f08803e293 Preserve counts on 'restart' without compilation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 18:38:45 -07:00
Tom Eastep
b7ab82dba4 Implement -f option in the -lite products' start command
- Remove 'recover' command

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 10:42:39 -07:00
Tom Eastep
113f95c11e Provide STARTOPTIONS and RESTARTOPTIONS in all cases
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 10:22:39 -07:00
Tom Eastep
3454e10525 Add SAVE_COUNTERS option.
- Also implement recover command

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 08:57:56 -07:00
Tom Eastep
edc30fcc8d Process the params file with SHOREWALL_SHELL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-29 12:22:00 -07:00
Tom Eastep
85e5669fc7 Rename function interface_up() to interface_enabled()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-27 18:38:22 -07:00
Tom Eastep
055fceb82f Update policy manpages for duel limits
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-22 12:27:27 -07:00
Tom Eastep
f5bdc9e7f4 Allow two limits in the RATE LIMIT columns
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-22 11:21:43 -07:00
Tom Eastep
b60d6dd6e5 Avoid duplicate module loads
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-20 10:42:53 -07:00
Tom Eastep
2784e93307 Load xt_LOG in both helpers files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-19 08:28:36 -07:00
Tom Eastep
90d1e41dcb Correct IPv4 Helpers file
- Change xt_ULOG to ipt_ULOG

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-19 08:28:29 -07:00
Tom Eastep
49218a4d28 ipt_LOG in helpers file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-15 18:07:09 -07:00
Tom Eastep
e3b10343a5 Change SYSTEMDDIR to SERVICEDIR
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-13 11:56:26 -07:00
Tom Eastep
286bc50bb3 Remove 'optional' from the Universal interfaces file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-13 08:07:14 -07:00
Tom Eastep
42363da458 Add new .service files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-09 10:00:53 -07:00
Tom Eastep
c5074bddb2 Rename the .service files to .service.214
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-09 09:45:52 -07:00
Tom Eastep
12458d111a Adjust the .service files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-08 17:28:22 -07:00
Tom Eastep
815e93e80c Rename SYSTEMD to SYSTEMDDIR
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-07 16:46:16 -07:00
Tom Eastep
3bae6e61cf Eliminate syntax errors in the generated script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-07 07:53:26 -07:00
Tom Eastep
5204cbc95f Suppress 'No ipsets were saved' warning when SAVE_IPSETS=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-07 07:50:12 -07:00
Tom Eastep
ea1b8ac63a Correct handling of empty LOG_BACKEND
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-07 07:34:55 -07:00
Tom Eastep
3206021278 Another round of uninstall fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 13:50:39 -07:00
Tom Eastep
8571e0dca0 Another round of uninstall fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 13:29:51 -07:00
Tom Eastep
9dc2bba025 More uninstall corrections.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 09:39:03 -07:00
Tom Eastep
2fce05b3ab Correct a couple of errors
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 09:11:29 -07:00
Tom Eastep
00b0489047 Implement SANDBOX variable in the installers/uninstallers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 07:50:30 -07:00
Tom Eastep
f9a21bd90e Add -n option to the uninstallers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-03 17:10:36 -07:00
Tom Eastep
8a5e71a56f Implement the -n option in the installers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-03 07:59:41 -07:00
Tom Eastep
483ea3e437 Create INITDIR in -lite installs.
- Also don't link the init script if it isn't installed.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-02 17:42:08 -07:00
Tom Eastep
2ec3adcc44 Don't link the init script if SYSTEMD is set.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-02 16:23:26 -07:00
Tom Eastep
820c769499 Correct silly bug in last change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-29 07:08:39 -07:00
Tom Eastep
e6b0666ac9 Save ipsets during normal stop (duh)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 18:43:11 -07:00
Tom Eastep
2a463e06aa More documentation changes regarding SAVE_IPSETS.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 17:10:45 -07:00
Tom Eastep
3174454300 Correct SAVE_IPSETS logic in Config.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 14:38:01 -07:00
Tom Eastep
ce1c367d1d Re-commit the fix that saves only the appropriate family
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 14:09:20 -07:00
Tom Eastep
3e2c903a41 Revert "Only save ipsets of the proper family"
This reverts commit b053cab630.
2014-09-28 13:32:32 -07:00
Tom Eastep
b053cab630 Only save ipsets of the proper family
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 12:58:52 -07:00
Tom Eastep
6f7d063921 Remove the target file before saving ipsets in the savesets command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 11:53:52 -07:00
Tom Eastep
3858683e94 Allow saving a specified list of ipsets
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 11:19:41 -07:00
Tom Eastep
38a18ac9ac Allow indefinite alternative to 'yes' and 'no'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-27 15:06:18 -07:00
Tom Eastep
a09484356c Support 'yes', 'no, <other> values for simple config options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-27 07:57:46 -07:00
Tom Eastep
bc8588a68e Fix rule numbers in trace output
- Don't increment $number needlessly when not tracing

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-27 07:57:09 -07:00
Tom Eastep
10df9d31c4 Correct typo in the actions manpages (4.6.5 s/b 4.6.4).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-25 14:47:27 -07:00
Tom Eastep
4989f694cd Correct trace output
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-25 14:47:00 -07:00
Tom Eastep
053df2a5fb Go back to original insert_irule() fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-25 09:21:20 -07:00
Tom Eastep
976a1f3deb Merge branch '4.6.3'
Conflicts:
	Shorewall/Perl/Shorewall/Misc.pm
2014-09-25 08:06:16 -07:00
Tom Eastep
ea40068c10 Fix ADMINISABSENTMINDED=No used with stoppedrules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-25 08:03:35 -07:00
Tom Eastep
56649e2183 Don't compile routestopped during check if there is stoppedrules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 19:24:13 -07:00
Tom Eastep
520d21c056 Another tweak to LOG_BACKEND
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 17:12:05 -07:00
Tom Eastep
540eff24aa Correctons to LOG_BACKEND implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 16:35:41 -07:00
Tom Eastep
580e00dabd Implement LOG_BACKEND option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 15:26:13 -07:00
Tom Eastep
4815f7eba3 Correct warning message in stoppedrules processing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 11:05:15 -07:00
Tom Eastep
a7b57ad32c Clarify iptrace logging.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 09:14:38 -07:00
Tom Eastep
ba7f88c912 Re-apply 'terminating' changes to the actions manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-23 09:33:57 -07:00
Tom Eastep
7481514a97 Implement the 'terminating' action option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-23 09:29:13 -07:00
Tom Eastep
20c68dddf2 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2014-09-23 09:24:44 -07:00
Tom Eastep
35e60aa10c Fix actions manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-23 09:24:32 -07:00
Tom Eastep
1f5439257a Revert "Implement the 'terminating' action option"
This reverts commit 6851744cb7.
2014-09-23 07:39:25 -07:00
Tom Eastep
4495ed687b Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2014-09-23 07:10:46 -07:00
Tom Eastep
d97d45f4ad Merge branch '4.6.3' 2014-09-23 07:10:17 -07:00
Tuomo Soini
a03f00bf0f systemd services: multi-user is not same as old runlevel 3 so use basic
add conflicts to obviously conflicting services
remove old version number from init files
remove legacy syslog.target which is not needed on modern systems
fix formatting of email address onold Copyright text

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2014-09-23 16:44:03 +03:00
Tuomo Soini
8f05d0f16d install.sh: support install on centos7 and foobar7
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2014-09-23 13:19:09 +03:00
Tom Eastep
f9d98b74a2 Merge branch '4.6.2' into 4.6.3
Conflicts:
	Shorewall/Perl/Shorewall/Providers.pm

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-16 08:09:20 -07:00
Tom Eastep
0d23b9c542 Don't verify required interfaces during 'stop' or 'clear'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-14 09:29:04 -07:00
Tom Eastep
a7bdfcc47b Refine the rule reduction fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-11 20:58:01 -07:00
Tom Eastep
988ee64621 Eliminate Redundant Rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-11 10:17:01 -07:00
Tom Eastep
9947f4d968 Re-enable SECTION PREROUTING in the accounting file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-10 12:53:08 -07:00
Tom Eastep
9e039e30e5 Issue warning message when /etc/iproute2/rt_tables is not writeable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-02 08:11:33 -07:00
Tom Eastep
771e487b02 Merge branch '4.6.3' 2014-09-01 09:10:55 -07:00
Tom Eastep
0b66c475a7 Make <command> replacable in the run synopsis
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 09:10:03 -07:00
Tom Eastep
8727a6f1d8 Correct 'run' command synopsis in the shorewall[6] manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:52:09 -07:00
Tom Eastep
f9a62e1650 Correct builtin example in the actions manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:29:29 -07:00
Tom Eastep
6851744cb7 Implement the 'terminating' action option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:16:42 -07:00
Tom Eastep
f963adccf5 Correct silly typo in Chains.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-31 16:57:24 -07:00
Tom Eastep
48549b35ac Correct inaccuracy in default.debian
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-30 08:25:58 -07:00
Tom Eastep
9001643996 Merge branch 'master' into 4.6.3 2014-08-30 07:18:55 -07:00
Tom Eastep
4bacfced82 Another attempt to fix formatting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 11:59:51 -07:00
Tom Eastep
7c1bbd4dc7 Fix formatting in shorewall[6]-rules(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 11:29:44 -07:00