4103 Commits

Author	SHA1	Message	Date
Tom Eastep	e8f61e2109	Restate vulnerability ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-06-06 13:19:40 -07:00
Tom Eastep	447d0f0b2d	Don't modify the .conf file installed in configfiles. ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-06-06 09:46:52 -07:00
Tom Eastep	c42c6864b4	Don't modify the .conf file installed in configfiles. ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-06-06 09:46:22 -07:00
Tom Eastep	2803d3ee0b	Merge branch '4.4.20'	2011-06-06 07:02:57 -07:00
Tom Eastep	c2e78bfaf8	Correct address of the FSF ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-06-06 06:55:40 -07:00
Tom Eastep	aabefe91f1	Merge branch '4.4.20'	2011-06-04 08:46:40 -07:00
Tom Eastep	f1cbfab7ac	More blacklist/audit fixes ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-06-04 08:45:23 -07:00
Tom Eastep	653a61a04a	Merge branch '4.4.20'	2011-06-04 07:44:24 -07:00
Tom Eastep	a9c0824a30	Correct BLACKLIST_DISPOSITION=A_xxx with BLACKLIST_LOG_LEVEL ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-06-04 07:44:07 -07:00
Tom Eastep	aa86b65ec3	Merge branch '4.4.20'	2011-06-02 11:44:15 -07:00
Tom Eastep	254e1ed784	Add 'I' STATE to secmarks ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-06-02 11:43:55 -07:00
Tom Eastep	c3b56c1e73	Merge branch '4.4.20'	2011-06-02 10:07:03 -07:00
Tom Eastep	561d461a25	Add 'NI' STATE setting in secmarks. ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-06-02 10:06:27 -07:00
Tom Eastep	169c995940	Fix a typo in the release notes ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-06-02 06:50:10 -07:00
Tom Eastep	1e883c2fdf	Merge branch '4.4.20'	2011-06-02 06:47:09 -07:00
Tom Eastep	086a99ea24	Don't initialize PLAIN ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-06-02 06:23:57 -07:00
Tom Eastep	f9c5b8b0d5	Improve some comments ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-06-02 06:23:37 -07:00
Tom Eastep	36aee407ef	Merge branch '4.4.20'	2011-06-01 13:01:27 -07:00
Tom Eastep	5f08605adc	Delete some cruft ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-06-01 12:26:05 -07:00
Tom Eastep	faff915dd2	Fix a typo in the release notes ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-06-01 06:53:09 -07:00
Tom Eastep	b30d1bfc48	Merge branch '4.4.20'	2011-06-01 06:34:43 -07:00
Tom Eastep	f253bb5a11	Corrections to release notes. ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-06-01 06:31:02 -07:00
Tom Eastep	243a09783c	Merge branch '4.4.20'	2011-05-31 15:45:09 -07:00
Tom Eastep	7bf74bb8c9	Add new builtin targets to %builtin_target ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-31 15:43:42 -07:00
Tom Eastep	21d2c5720b	Clarify 'bridge_nf_call_*'; mention that problems corrected in 4.4.19 dot releases are included ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-31 12:22:45 -07:00
Tom Eastep	468ff6efab	First cut at IPSET/Dynamic-zone support in Shorewall6 ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-31 11:23:43 -07:00
Tom Eastep	8df470b5f5	Version to 4.4.20	2011-05-31 09:30:18 -07:00
Tom Eastep	5ce3a1f4d1	Update release documents ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-31 07:03:56 -07:00
Tom Eastep	2f6c5fd260	Set 'bridge-nf-call-ip6?tables' if bridges are configured. ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-31 06:59:43 -07:00
Tom Eastep	4f296b62ae	Another fix for auditone	2011-05-30 16:37:56 -07:00
Tom Eastep	e6275ba31d	Fix a bug in auditing ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-30 15:28:00 -07:00
Tom Eastep	d89a915f26	Load IPv6 libraries when processing /etc/shorewall6/params ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-30 13:24:36 -07:00
Tom Eastep	2dec3a8ecb	Correct handling of AUDIT_TARGET is both cli libraries. ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-30 11:39:21 -07:00
Tom Eastep	26d08b92c0	Correct use of null value as a hash ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-30 11:38:49 -07:00
Tom Eastep	b0447b8bd3	Remove another MACLIST defect	2011-05-30 08:49:41 -07:00
Tom Eastep	7b560eefe4	Allow compound options in the installers ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-30 08:15:59 -07:00
Tom Eastep	60d33740f6	Fix MACLIST_DISPOSITION defect introduced earlier in this release ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-30 07:59:44 -07:00
Tom Eastep	11c209c55f	Restore access to $Shorewall::Rules::family	2011-05-29 17:22:36 -07:00
Tom Eastep	2852cdeb53	Another attempt at the IPMARK fix	2011-05-29 14:42:23 -07:00
Tom Eastep	a71136fd5a	Rework configuration files for Shorewall and Shorewall6 ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-29 14:34:18 -07:00
Tom Eastep	7404d912bd	Add LOGRATE to */shorewall.conf	2011-05-28 19:12:34 -07:00
Tom Eastep	ec01e39479	Add LOGBURST to */shorewall.conf	2011-05-28 19:03:18 -07:00
Tom Eastep	9dc689dd13	Sort Sample .conf files	2011-05-28 12:38:12 -07:00
Tom Eastep	6d3640dafc	Alphabetize config files and sync files and manpages ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-28 10:34:54 -07:00
Tom Eastep	03ecdc8c06	Clean up shorewall.conf and its documentation ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-28 09:10:46 -07:00
Tom Eastep	243e8f1dbe	Fix check for unreferenced 'sfilter' chain	2011-05-28 08:31:36 -07:00
Tom Eastep	fc34f07a7a	Remove PKTTYPE option ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-28 07:11:48 -07:00
Tom Eastep	a37dbf76dc	Delete 'sfilter' chain if it isn't referenced ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-27 19:56:54 -07:00
Tom Eastep	1a2c9a08e1	Don't include comment in audit chain rules ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-27 19:56:04 -07:00
Tom Eastep	5082b0701a	Get release notes changes for filter->sfilter	2011-05-27 19:43:13 -07:00
Tom Eastep	bac640e731	Get changes from 4.5.0 branch	2011-05-27 19:42:09 -07:00
Tom Eastep	586a3537bf	Delete 'sfiter' chain if it doesn't have referenes	2011-05-27 19:38:03 -07:00
Tom Eastep	790c96c90a	Version to RC 1 ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-27 09:11:47 -07:00
Tom Eastep	c6e9de65f1	Prevent duplicate 'filter' rules when combining two interface chains ... into the same zone forwarding chain. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-27 06:43:47 -07:00
Tom Eastep	8a0dc9f0f6	Clean up release notes. ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-27 06:42:56 -07:00
Tom Eastep	fbfe7b9f93	Don't create 'reject' and AUDIT' in the 'stopped' case. ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-26 14:11:36 -07:00
Tom Eastep	0287d96aa2	Finish filtering implementation ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-26 13:38:44 -07:00
Tom Eastep	6c3163cc27	Routeback corrections ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-25 10:45:57 -07:00
Tom Eastep	e4d667ca6a	Add routeback protection ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-24 17:07:31 -07:00
Tom Eastep	bbe165c3cf	Bump version to Beta 5 ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-24 11:40:11 -07:00
Tom Eastep	0beb327f0a	Rename audited actions and Macros ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-24 11:31:42 -07:00
Tom Eastep	84b844ae79	Implement -T option for compile and check ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-24 10:21:49 -07:00
Tom Eastep	ee98772349	Add -c to the start command ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-24 09:13:02 -07:00
Tom Eastep	021048379f	Additions to the Beta 4 Documentation ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-24 08:54:43 -07:00
Tom Eastep	e6c1de3829	Correct ADrop action ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-24 07:47:42 -07:00
Tom Eastep	d4b2a462a2	Add audited actions to the .spec files ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-24 07:30:46 -07:00
Tom Eastep	704f3fdd55	Document audited default actions ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-24 07:24:15 -07:00
Tom Eastep	c333368243	Create Audited versions of the IPv4 standard default actions ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-24 07:09:15 -07:00
Tom Eastep	f464ec5624	Fixes for AUDIT ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-23 20:59:33 -07:00
Tom Eastep	016f7d9f2a	Yet more shorewall/shorewall6 unification ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-23 16:41:51 -07:00
Tom Eastep	a64d882a36	Apply Ed W's first patch ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-23 14:36:21 -07:00
Tom Eastep	c050b29985	Factor some similar code ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-23 14:20:14 -07:00
Tom Eastep	0a11a0e2ad	Add xt_AUDIT to modules.xtables ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-23 12:08:51 -07:00
Tom Eastep	3ab35c65b0	Correct LEGACY_FASTSTART error messages in shorewall and shorwall6 ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-23 11:24:52 -07:00
Tom Eastep	15e9e3182d	Update copyrights ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-23 10:06:56 -07:00
Tom Eastep	31e74658c8	Update copyrights ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-23 09:51:51 -07:00
Tom Eastep	0704f7ca59	Clarify the problem corrected ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-23 09:25:19 -07:00
Tom Eastep	2d574fff10	Tweak wording ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-23 06:56:54 -07:00
Tom Eastep	7c250cd5b3	Clean up release notes ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-23 06:55:54 -07:00
Tom Eastep	54f9a0e671	Correct and expand the Problems Corrected section of the release notes ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-23 06:43:31 -07:00
Tom Eastep	3b28fcd566	Remove documentation disclaimer from release notes ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-23 06:41:32 -07:00
Tom Eastep	485a7fb29d	Implement 'restart -c' ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-23 06:39:26 -07:00
Tom Eastep	e95003b82a	Add FAKE_AUDIT option	2011-05-22 17:42:50 -07:00
Tom Eastep	5d04c93a16	Implement LEGACY_FASTSTART option ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-22 15:36:29 -07:00
Tom Eastep	981b503fa4	Bump version to Beta 4	2011-05-22 11:05:22 -07:00
Tom Eastep	c56fe3448a	Update release documents	2011-05-22 11:03:57 -07:00
Tom Eastep	529e256856	Assigned unused dev numbers	2011-05-22 10:18:26 -07:00
Tom Eastep	db6091f101	Avoid dependence on 'make'	2011-05-22 09:47:57 -07:00
Tom Eastep	99cb09bd84	Documentation update 1 for AUDIT supportttt ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-21 16:25:38 -07:00
Tom Eastep	83cdf78b18	Replace A_* builtin actions with builtin targets ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-21 15:02:04 -07:00
Tom Eastep	d9b095bdea	Document new features	2011-05-21 12:07:23 -07:00
Tom Eastep	71ef1f48e2	Allow auditing of the builtin actions ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-21 10:38:25 -07:00
Tom Eastep	82d6a00c9e	Implement some extentions to AUDIT ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-21 09:25:58 -07:00
Tom Eastep	61b5dbbb95	Eliminate cruft left over from when Action.pm and Policy.pm were folded into Rules.pm - Phase II ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-20 10:48:28 -07:00
Tom Eastep	f64e171c19	Eliminate cruft left over from when Action.pm and Policy.pm were folded into Rules.pm ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-20 10:46:18 -07:00
Tom Eastep	ac2e9cce64	Shrink process_actions2 further. ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-20 10:28:30 -07:00
Tom Eastep	676af32ebc	Simplify a loop in process_actions2() ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-20 10:11:23 -07:00
Tom Eastep	7cbf113ba0	Simplify an RE ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-20 08:33:36 -07:00
Tom Eastep	d15475efae	Cleanup of AUDIT before Beta 3 ... - Correct merge snafus - Rename the new actions (e.g., ADROP->A_DROP) - Correct MACLIST_DISPOSITION logic	2011-05-20 07:47:35 -07:00
Tom Eastep	e9df13a42b	Resolve merge conflicts	2011-05-19 15:10:22 -07:00
Tom Eastep	2e93b95afe	Clean up release notes ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-19 14:57:16 -07:00
Tom Eastep	5e68dbfa9a	Complete first attempt at AUDIT support ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-19 12:06:43 -07:00
Tom Eastep	814494e277	More AUDIT changes ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-19 08:35:40 -07:00
Tom Eastep	d2ab27c071	More AUDIT changes	2011-05-18 21:25:57 -07:00
Tom Eastep	ce8df2f66c	Revert "Bump version to Beta 3" ... This reverts commit 465e729288.	2011-05-18 17:50:12 -07:00
Tom Eastep	465e729288	Bump version to Beta 3	2011-05-18 17:08:07 -07:00
Tom Eastep	314921f766	Revert "Set quantum in subordinate SFQ class to the MTU for HFSC parents." ... This reverts commit 5ab6f8e0e5.	2011-05-18 11:13:50 -07:00
Tom Eastep	166d27f6d4	Minor tweak to blacklisting ... Reverse order of tests for 'from' and 'src'. Use equivalent logic for generating unknown option error Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-18 11:13:03 -07:00
Tom Eastep	5ab6f8e0e5	Set quantum in subordinate SFQ class to the MTU for HFSC parents. ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-18 10:34:46 -07:00
Tom Eastep	0e59932b8d	Correct known problems	2011-05-18 10:14:20 -07:00
Tom Eastep	568e54b50d	Update version to Beta 2	2011-05-18 09:58:35 -07:00
Tom Eastep	e940f5018e	Implement whitelisting. ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-18 08:30:01 -07:00
Tom Eastep	cec07a6be5	Don't apply HTB quantum to HFSC	2011-05-17 18:34:41 -07:00
Tom Eastep	8d12e13ff1	Improve wording in the change log	2011-05-17 13:55:00 -07:00
Tom Eastep	495aa9b9ac	Implement NFLOG accounting action. ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-17 13:42:13 -07:00
Tom Eastep	fd70e73d34	Add ACCOUNTING_TABLE option ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-17 12:51:33 -07:00
Tom Eastep	680ca519ed	Correct deletion of ipv6 'shorewall' chain	2011-05-17 11:33:56 -07:00
Tom Eastep	11ff245697	Don't generate refresh rules unless the command is 'refresh' ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-16 13:08:32 -07:00
Tom Eastep	ffe7a1b777	Avoid inconsistencies and errors in refresh ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-16 11:34:41 -07:00
Tom Eastep	30f2fbff60	Issue warning on missing IPSET	2011-05-15 11:48:34 -07:00
Tom Eastep	72a330cba2	Don't emit degenerate tcfilters	2011-05-15 10:57:02 -07:00
Tom Eastep	e459fbf997	Don't allow non-leaf default class ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-15 10:56:46 -07:00
Tom Eastep	3f90f00081	Issue warnings and ignore non-leaf class in tcfilters and tcrules ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-15 10:56:31 -07:00
Tom Eastep	7d25f6356b	Augment a comment	2011-05-15 08:45:41 -07:00
Tom Eastep	c247140063	Restore 'our' to a couple of exported variables in the Config module	2011-05-14 14:18:22 -07:00
Tom Eastep	00add745b7	Use -o when copying routing tables	2011-05-14 13:56:39 -07:00
Tom Eastep	05e385a748	Only use 'our' when required	2011-05-14 13:21:31 -07:00
Tom Eastep	0626594cda	Restore accuracy of tcclasses diagram	2011-05-14 09:27:51 -07:00
Tom Eastep	7327c24f14	Document that non-leaf tcrules and tcfilters are ignored ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-14 07:22:20 -07:00
Tom Eastep	5f4d40019e	Update release notes with relative/absolute path behavior. ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-14 06:18:39 -07:00
Tom Eastep	f75961dc63	Ensure absolute path name in LIBEXEC and PERLLIB ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-14 05:31:19 -07:00
Tom Eastep	6d7ebb14b8	Update trunk's release notes and change log with 4.4.19.* corrections ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-13 13:14:29 -07:00
Tom Eastep	9ba9d40b77	More LIBEXEC/PERLLIB fixes ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-12 07:42:09 -07:00
Tom Eastep	0614f61347	Fix PERLLIB	2011-05-11 12:58:57 -07:00
Tom Eastep	63d5171ae9	Correct typo	2011-05-11 12:44:48 -07:00
Tom Eastep	539e42aa2e	Correct earlier patch	2011-05-09 16:34:31 -07:00
Tom Eastep	bbab1c9682	Ensure USER/GROUP is only specified when SOURCE in $FW	2011-05-09 16:33:34 -07:00
Tom Eastep	359de906ca	Refinement to fix for double exclusion ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-09 16:28:53 -07:00
Tom Eastep	1a48dd3eb9	Correct last merged patch ... Signed-off-by: Tom Eastep <teastep@shorewall.net>	2011-05-08 05:51:58 -07:00
Tom Eastep	93d8b538eb	Ensure route to gateway in the main table	2011-05-08 05:43:53 -07:00
Tom Eastep	a1bd664447	Fix issues with 'gawk'	2011-05-08 05:39:07 -07:00
Tom Eastep	afed909e52	Simplify the fix for double exclusion in ipset lists	2011-05-07 06:38:08 -07:00
Tom Eastep	0c59e0231d	Correct double-exclusion fix	2011-05-07 06:37:37 -07:00
Tom Eastep	58c25e8517	Let tcfilters deal correctly with hex device numbers	2011-05-05 10:12:20 -07:00
Tom Eastep	59ea511201	Complain if there is no default class defined	2011-05-05 10:12:14 -07:00
Tom Eastep	91d8f39f2e	Enforce limits on device and class numbers	2011-05-05 10:11:47 -07:00
Tom Eastep	349960294c	Detect double exclusion in ipset expressions	2011-05-05 10:11:30 -07:00
Tom Eastep	368fe46932	Correct Comment	2011-05-05 10:11:22 -07:00
Tom Eastep	d8c2845085	Back out part of TC change	2011-05-05 10:11:13 -07:00
Tom Eastep	9a95bad17e	Don't require '0x' on devnum > 10 in tcclasses	2011-05-05 10:06:55 -07:00