holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity
14,362 Commits 104 Branches 736 Tags 54 MiB
5.0.10
Commit Graph

7092 Commits

Author SHA1 Message Date
Tom Eastep
62a14aab28 Enable compiler logging on reload and restart 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-16 09:37:42 -07:00
Tom Eastep
335f2968f8 Implement ?INFO and ?WARNING 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-16 09:20:09 -07:00
Tom Eastep
32f888a7d4 Add an ENVIRONMENT section to the CLI manpages 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-15 15:41:55 -07:00
Tom Eastep
c725372639 Correct logging of 'reloaded' message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-15 14:46:21 -07:00
Tom Eastep
524838ae47 Implement $SW_LOGGERTAG 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-15 14:29:51 -07:00
Tom Eastep
6aa0ecae4f Re-factor the code for saving/loading ipsets 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-14 15:15:47 -07:00
Tom Eastep
434e042494 Add the deprecated/ directories to the CONFIG_PATH 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-14 14:17:06 -07:00
Tom Eastep
9fa0df2fd1 Move the code that generates zap_ipsets() to after save_ipsets() generation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-14 09:56:48 -07:00
Tom Eastep
074655d1bd Fix AUTOMAKE and the start command 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-14 09:43:21 -07:00
Tom Eastep
216bc715e8 Clean up V4/V5 ipset enforcement 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-14 09:00:38 -07:00
Tom Eastep
dbd42e1d5d More ipset fixes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-12 16:29:13 -07:00
Tuomo Soini
772f88b1fd action.A_Reject: improve comment text 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-12 13:17:56 +03:00
Tuomo Soini
3e0b8c60a2 Reverse the order of ICMP and Broadcast checking in the default actions 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-12 10:12:29 +03:00
Tom Eastep
16afd880b2 Reverse the order of ICMP and Broadcast checking in the default actions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-11 11:16:46 -07:00
Tom Eastep
76a5841fcd Reverse the order of Broadcast and ICMP checking in the default actions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-11 10:47:11 -07:00
Tom Eastep
9758e8cdc5 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2016-04-11 10:41:44 -07:00
Tom Eastep
2cf3706864 Correct handling of a zone with two interfaces 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-11 10:32:26 -07:00
Tom Eastep
3028dafbac Correct DBL 'src-dst' handling 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-11 09:13:17 -07:00
Tom Eastep
16a31c3d29 Make MINIUPNPD work with DOCKER 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-11 09:02:44 -07:00
Tom Eastep
d3f377e915 Don't double-save the dynamic blacklisting ipset 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-11 08:37:39 -07:00
Tuomo Soini
54a5748395 macros: RedisCluster and RedisSentinel 
http://redis.io/topics/sentinel

Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-11 14:39:21 +03:00
Tom Eastep
6c00f72f44 Create ipsets with the 'counters' option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-10 18:09:41 -07:00
Tom Eastep
deaaecdf1c Add 'nodbl' interface option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-10 16:09:39 -07:00
Tom Eastep
05e4049174 Ipset-based blacklisting 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-10 16:07:56 -07:00
Tom Eastep
ef10515a42 Correct FASTACCEPT description 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-10 07:20:45 -07:00
Tom Eastep
5db6cb1b7d Correct load_ipsets() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-09 16:07:10 -07:00
Tom Eastep
76c8917aa7 Add a sixth parameter to Drop and Reject 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-08 09:10:45 -07:00
Tom Eastep
be58d530c4 Document 'logjump' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-08 09:09:59 -07:00
Tom Eastep
321476fd51 Tweak terminating() implementation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-08 08:24:57 -07:00
Tom Eastep
bd6b32eb25 Add a progress message for REJECT_ACTION processing 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-07 10:30:54 -07:00
Tom Eastep
4fdf54eca1 Tweak process_reject_action() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-07 10:02:48 -07:00
Tom Eastep
70bbd21b35 Ensure that the REJECT_ACTION is terminating 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-07 09:34:38 -07:00
Tom Eastep
87a9b95f73 Catch case where a transformed rule jumps to its own chain 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-07 08:58:50 -07:00
Tom Eastep
ecd7261365 Use -g when target is a terminating chain 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-07 08:48:36 -07:00
Tom Eastep
293cd1d66a Always go to the reject chain rather than jump to it 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-06 09:14:06 -07:00
Tom Eastep
436b5d89ce Correct comment 
- The chain will only exist if logging wasn't specified for the same
  disposition.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-06 08:50:29 -07:00
Tom Eastep
26795cf082 Correct setup of $usedactions{A_REJECT} 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-06 08:18:36 -07:00
Tom Eastep
95e4071f34 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2016-04-06 07:42:46 -07:00
Tuomo Soini
20179a5c9d remove completely false README.txt 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-06 10:23:58 +03:00
Tom Eastep
b7e6893f7d Restore DropUPnP behavior in Reject 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-05 20:00:15 -07:00
Tom Eastep
3ac3ae279f Add A_REJECT action 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-05 16:38:39 -07:00
Tom Eastep
54843c617d Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2016-04-05 11:46:42 -07:00
Tom Eastep
e9467326f3 Allow allow REJECT to take a parameter 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-05 11:20:44 -07:00
Tuomo Soini
80bf77e8a8 modules.xtables: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:31:36 +03:00
Tuomo Soini
1e5ebee799 modules.tc: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:31:36 +03:00
Tuomo Soini
74fe7b302e modules.ipset: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:31:36 +03:00
Tuomo Soini
d70e18535b modules.extensions: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:31:36 +03:00
Tuomo Soini
64a6b36918 modules.essential: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:31:36 +03:00
Tuomo Soini
2962809243 action.Untracked: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
23a91d7c26 action.template: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
30b2b2dcb4 action.TCPFlags: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
46a86cfa58 action.SetEvent: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
ad2dfd9eaf action.RST: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
001aabf72c action.ResetEvent: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
7052819a9c action.Related: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
2b1244c110 action.Reject: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
94803b63b1 action.NotSyn: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
5f33cb5d0a action.New: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
deda26c790 action.mangletemplate: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
f9f349a148 action.Invalid: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
2842e897c9 action.IfEvent: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
de44a16094 action.GlusterFS: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
6560e74c2c action.Established: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
f7ddf3008d action.DropSmurfs: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
cb608172d3 action.dropInvalid: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
f806010521 action.Drop: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
205254e043 action.DNSAmp: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
a7efa12fff action.Broadcast: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
95c4f2d7f6 action.AutoBLL: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
89189f7836 action.AutoBL: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
c2e3156e5c action.A_Reject: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
ffe9f88c07 action.allowInvalid: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tuomo Soini
e4c9c83e2b action.A_Drop: reformat to new header style 
Signed-off-by: Tuomo Soini <tis@foobar.fi>
 2016-04-05 20:13:55 +03:00
Tom Eastep
77a93d10a4 Don't pass an argument to DropUPnP out of Drop and Reject 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-04 15:55:48 -07:00
Tom Eastep
75df718865 Reword comment in push_action_params() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-04 09:41:28 -07:00
Tom Eastep
ae8e2f70ea Efficiency change to known_interface() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-03 17:34:02 -07:00
Tom Eastep
39f5b77e5f Fix known_interface() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-03 16:31:45 -07:00
Tom Eastep
cb5a2519f3 Keep hyphens in @chain 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-03 16:30:31 -07:00
Tom Eastep
4151f7c504 Revert change to log_[i]rule_limit 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-03 16:29:52 -07:00
Tom Eastep
054837aeea Use the real chain name in log messages 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-03 13:04:25 -07:00
Tom Eastep
b637d303b9 Correct use of a physical interface name in the hosts file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-02 17:27:20 -07:00
Tom Eastep
0dbf42424d Make physical name a synonym for the correcponding logical name. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-02 10:04:05 -07:00
Tom Eastep
f22e8d6d55 Allow physical interface to work in the ecn file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-01 15:10:49 -07:00
Tom Eastep
d98305c6f4 Correct default for MINIUPNOD 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-01 12:20:42 -07:00
Tom Eastep
3cbfdadb32 Merge branch '5.0.7' 2016-04-01 09:46:53 -07:00
Tom Eastep
81d76e3817 Document + in the MODULESDIR setting. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-01 09:43:06 -07:00
Tom Eastep
df1b1f6768 Add MINIUPNPD option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-01 08:57:08 -07:00
Tom Eastep
3881b38e02 Fix similar INTERFACE column issue in the nat and netmap files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-31 14:16:43 -07:00
Tom Eastep
8a8f3b6f59 Merge branch '5.0.7' 2016-03-31 12:55:16 -07:00
Tom Eastep
b9bed00123 Correct handling of a physical name in a masq rule 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-31 12:52:30 -07:00
Tom Eastep
38aa7797c4 Allow protocol and user lists in actions and macros 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-30 08:34:42 -07:00
Tom Eastep
404540ffe1 Merge branch '5.0.7' 2016-03-30 08:17:19 -07:00
Tom Eastep
dd3c0daa08 Handle inline matches correctly in the mangle file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-29 13:33:47 -07:00
Tom Eastep
4fddfcfba0 More complete fix for inline matches 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-29 13:15:01 -07:00
Tom Eastep
421d5f6043 Move Raw matches to last. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-29 09:31:27 -07:00
Tom Eastep
382ab380a2 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2016-03-29 07:36:49 -07:00
Tuomo Soini
2342c7cd9c Perl/Shorewall/Chains.pm: Fix warning with older perl 2016-03-29 09:58:33 +03:00
Tom Eastep
66ae4975b2 Allow :R with DIVERT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-28 15:52:49 -07:00
Tom Eastep
5b7a9db170 Correct clearing of inline matches 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-28 15:48:59 -07:00
Roberto C. Sánchez
899a317c95 Fix typos 2016-03-26 22:25:30 -04:00