Tom Eastep
4bd8d9791c
Include -t <table> in debug_restore_input() error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-18 07:28:14 -07:00
Tom Eastep
eb70234c52
Correct some typos in the .conf manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-12 14:50:15 -07:00
Tom Eastep
39b7527cb6
Include rule priority in delete of generated address route rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-10 08:25:59 -07:00
Tom Eastep
08d29edf1a
Include rule priority in delete of generated address route rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-10 08:24:38 -07:00
Tom Eastep
20b10582b4
Moew deprecation of USE_DEFAULT_RT=No
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-10 08:24:12 -07:00
Tom Eastep
093ff580b5
Deprecate USE_DEFAULT_RT=No.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-09 07:48:05 -07:00
Tom Eastep
cea237620a
Change USE_DEFAULT_RT default to 'Yes'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-09 07:42:22 -07:00
Tom Eastep
c9d7370fb4
Merge branch '4.5.21'
...
Conflicts:
Shorewall/manpages/shorewall.conf.xml
Shorewall6/manpages/shorewall6.conf.xml
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-05 09:00:34 -08:00
Tom Eastep
8b4d8bfa16
Finish ADMINISABSENDMINDED change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-05 08:57:03 -08:00
Tom Eastep
caa72fb7d2
Correct routestopped files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-02 10:39:12 -08:00
Tom Eastep
4eadec234a
Revert "Correct the behavior of ADMINISABSENTMINDED"
...
This reverts commit ded747a51a
.
2014-03-02 08:25:05 -08:00
Tom Eastep
2b489993ca
Revert "Correct the behavior of ADMINISABSENTMINDED"
...
This reverts commit df09e0ccc5
.
2014-03-02 08:23:23 -08:00
Tom Eastep
ded747a51a
Correct the behavior of ADMINISABSENTMINDED
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-28 10:14:33 -08:00
Tom Eastep
df09e0ccc5
Correct the behavior of ADMINISABSENTMINDED
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-28 10:14:08 -08:00
Tom Eastep
454e53bcfa
Reformat preceding patch and correct syntax errors.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-25 13:21:23 -08:00
Tom Eastep
66fdc9f6a7
Call directive_callback for directives without '?'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-25 12:48:25 -08:00
Tom Eastep
c74235a200
Correct typos
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-17 14:17:49 -08:00
Tom Eastep
1759fc75b0
Correctly handle alternate specification with ';' in 'update -t'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-17 14:10:17 -08:00
Tom Eastep
3e87efc82b
Document -t option
...
- Also copy compiler directives to the mangle file.
2014-02-17 12:50:59 -08:00
Tom Eastep
a011ad8efe
Add raw matches to the converted mangle file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-16 09:59:13 -08:00
Tom Eastep
0e40a42729
Allow SAVE and RESTORE in the postrouting chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-16 09:50:43 -08:00
Tom Eastep
69fe94ef08
Document the -t option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-16 09:25:58 -08:00
Tom Eastep
669d15e2cf
Implement the -t update option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-15 09:36:13 -08:00
Tom Eastep
708d58da21
Revert "Replace SECTION with ?SECTION in the rules file."
...
This reverts commit 34207fef1a
.
2014-02-13 08:23:34 -08:00
Tom Eastep
34207fef1a
Replace SECTION with ?SECTION in the rules file.
2014-02-12 13:25:36 -08:00
Tom Eastep
2dbcd36a9c
Implement BASIC_FILTERS
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 16:34:03 -08:00
Tom Eastep
0383ca7de6
Correct semantics of ipset lists in tcfilters
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 12:27:46 -08:00
Tom Eastep
7ddc65133e
Support ipset lists in the tcfilters file.
...
- Also document the fact that ipset match options are not available in
the tcfilters file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 12:16:35 -08:00
Tom Eastep
1d4a87a0d0
Excape an opening parehthesis.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 12:15:35 -08:00
Tom Eastep
3b3608ad65
Correct ICMP handling in basic filters.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 07:16:41 -08:00
Tom Eastep
081a387f1d
Fix some bugs in basic filter generation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-03 14:59:27 -08:00
Tom Eastep
fbb03248c4
Correct 'dump' help text
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-02 13:01:42 -08:00
Tom Eastep
033a1a0367
Correct 'dump' help text
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-02 13:00:41 -08:00
Tom Eastep
c08655e0bc
Document ipset use in tcfilters
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-01 09:40:39 -08:00
Tom Eastep
50fb8e3f2f
Use HEX representation for matching IPv6 addresses in basic filters.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-31 12:49:47 -08:00
Tom Eastep
f029f5b483
Correct handling of logging of a non-terminating target
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-29 08:22:31 -08:00
Tom Eastep
86f667afd4
Correct handling of logging of a non-terminating target
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-29 08:19:53 -08:00
Tom Eastep
8a63053c13
Correct defects found in unit testing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-21 20:19:56 -08:00
Tom Eastep
62557cb98e
Correct defects found during testing of ematch.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-21 12:53:33 -08:00
Tom Eastep
9c4089fc99
Initial basic filter implementation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-20 18:40:40 -08:00
Tom Eastep
44e0d48fc5
Add <refmiscinfo>...</refmiscinfo> to remaining manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-16 08:32:57 -08:00
Tom Eastep
5a649dc205
Add <refmiscinfo>...</refmiscinfo>
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-16 07:44:23 -08:00
Tom Eastep
89fd5ced15
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2014-01-12 14:05:48 -08:00
Roberto C. Sanchez
b1a490b50a
Cleanup links in manpages so that hrefs in generated HTML don't take the user to a different server
2014-01-12 16:40:03 -05:00
Tom Eastep
a35b7821bf
Correct stoppedrules manpages re DROP
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:30:09 -08:00
Tom Eastep
fd28a12653
Allow DROP in the stoppedrules file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:19:49 -08:00
Tom Eastep
7e6fc3229d
Correct handling of default chain when a mark range is specified.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:15:51 -08:00
Tom Eastep
42dd8dfee9
Change license to GPLv2+ and update copyrights
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-04 09:48:27 -08:00
Tom Eastep
5a7e458104
Backout ematch stuff for now
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-03 12:01:56 -08:00
Tom Eastep
7e1a310929
Implement ipset matches in tcfilters
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-03 09:35:34 -08:00
Tom Eastep
78ecf9bdc8
Finish up ipset extensions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-03 09:23:14 -08:00
Tom Eastep
1771bb75cf
Finish ipset match option implementation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-02 14:43:55 -08:00
Tom Eastep
b4847d6a01
New IPSET MATCH extensions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-02 09:36:35 -08:00
Tom Eastep
48ceed9ecb
Make tcpflags the default.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 15:10:38 -08:00
Tom Eastep
1083dd8c26
Allow ?COMMENT in the mangle file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 08:02:17 -08:00
Tom Eastep
5e7cd855c2
Correct typo in Tc.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:53:38 -08:00
Tom Eastep
623bdd2ff1
Manpage corrections.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:41:28 -08:00
Tom Eastep
b61ee2d75e
Manpage updates for IP[6]TABLES
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:18:54 -08:00
Tom Eastep
2c2aaf262c
Add IP[6]TABLES support for the conntrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:18:36 -08:00
Tom Eastep
6c990a7253
Logically OR builtin definitions from the actions file if the builtin exists
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:18:00 -08:00
Tom Eastep
f7bbac6ea8
Make tcrules/mangle similar to notrack/conntrack.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:15:56 -08:00
Tom Eastep
4c1b83beef
Tweaks to the Tc.pm module.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-31 11:42:38 -08:00
Tom Eastep
ac6a506e35
Allow logging from the RAW table
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-31 11:04:43 -08:00
Tom Eastep
11e61ec6e5
Add chain information to the builtin_target table.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-31 08:22:58 -08:00
Tom Eastep
5985a6e9b3
Implement IP[6]TABLES in the rules files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 13:46:58 -08:00
Tom Eastep
4cc5ee6b73
Document IP[6]TABLES in the manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 10:13:38 -08:00
Tom Eastep
66a04e4819
Allow inline matches with IP[6]TABLES
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 10:13:00 -08:00
Tom Eastep
1634267faa
Rename JUMP to IP[6]TABLES.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 10:12:33 -08:00
Tom Eastep
c8866ef8bf
Correct handling of columns with embedded spaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 08:56:14 -08:00
Tom Eastep
8f6f0c94a4
Replace tcrules with mangle in the manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 15:35:08 -08:00
Tom Eastep
6fe06c82c8
More switch from tcrules to mangle
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 15:24:05 -08:00
Tom Eastep
543446f8d7
Integrate tcrules and mangle processing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 14:24:36 -08:00
Tom Eastep
a1222d10cb
change 'marks' file to 'mangle'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 10:03:23 -08:00
Tom Eastep
3dba1f5bee
Tested version of the marks file handler
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-27 12:38:22 -08:00
Tom Eastep
3960aaee4c
Consolidate declarations in process_mark_rule().
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-24 09:49:10 -08:00
Tom Eastep
5419109880
Correct syntax errors in new mars handling
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-24 09:04:54 -08:00
Tom Eastep
584b0ac50e
Some small tweaks to the marks file processing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-24 07:25:40 -08:00
Tom Eastep
1d84f27efe
Add shorewall-marks manpage
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-20 14:12:35 -08:00
Tom Eastep
4c840a05a0
Fix issue in the shorewall-tcrules and shorewall6-tcrules manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-19 16:24:50 -08:00
Tom Eastep
6323372ebd
Fix issue in the shorewall-tcrules and shorewall6-tcrules manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-19 16:23:32 -08:00
Tom Eastep
4c2cedb670
Add get_target_param1() that doesn't accept the <action>/<param> syntax
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-19 09:17:11 -08:00
Tom Eastep
f32a777099
Fix INLINE in tcrles
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-18 09:19:35 -08:00
Tom Eastep
cd5be38cfb
Eliminate silly extra loop in accounting processing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-18 09:19:16 -08:00
Tom Eastep
2894bb9656
Move INLINE processing into the Chains module.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-16 12:31:35 -08:00
Tom Eastep
fad3b42bd3
Correct line split in the Accounting module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-16 07:40:41 -08:00
Tom Eastep
4e4e7cac1d
Redefine the -i option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-15 11:23:20 -08:00
Tom Eastep
6d72cb3138
Correct update inline
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-15 09:32:09 -08:00
Tom Eastep
cb74b2d706
Document the -i update option in the manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 20:54:56 -08:00
Tom Eastep
9abe60bc27
Implement the -i option of upgrade
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 17:54:10 -08:00
Tom Eastep
33c5893bdb
Implement INLINE_MATCHES
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 13:35:01 -08:00
Tom Eastep
2bc329aa1d
Add INLINE support to the masq file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-13 15:44:16 -08:00
Tom Eastep
f22dfcaa75
Merge branch '4.5.21'
2013-12-08 09:02:44 -08:00
Tom Eastep
d71c2688dc
Clarify the need to quote/escaape settings with parentheses.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-08 09:02:25 -08:00
Tom Eastep
95abeaea24
Finish INLINE in the tcrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-01 09:25:32 -08:00
Tom Eastep
75258083e3
Cleanup of column splitting change.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-01 09:24:49 -08:00
Tom Eastep
bf44e514e3
Keep parentheses balanced when splitting a line.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-30 14:13:42 -08:00
Tom Eastep
e5d250750b
Correct handling of ?SECTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-27 07:53:33 -08:00
Tom Eastep
d63262a0cb
change ZONE2ZONE default to '-'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-24 08:16:28 -08:00
Tom Eastep
3870157898
Issue warning on bare SECTION headings.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-24 07:58:02 -08:00
Tom Eastep
80d54ec40b
Implement ?SECTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-18 06:57:54 -08:00
Tom Eastep
855cb6e7f4
Correct handling of HFSC classes with DMAX but no UMAX
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-16 08:07:23 -08:00
Tom Eastep
ea21d61f39
Correct Broadcast Actions
...
- Delete --dst-type BROADCAST from IPv6
- Suppress superfluous multicast rule
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-12 08:41:58 -08:00
Tom Eastep
3b5c1ad601
Remove anachronistic text from the tcinterfaces manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-10 08:19:16 -08:00
Tom Eastep
e14d92c5ac
Add DROP support in tcrules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-04 10:50:11 -08:00
Tom Eastep
5f37b5bde6
Correct install scripts
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-25 06:53:51 -07:00
Tom Eastep
b00e20d4d0
Merge branch '4.5.21' of ssh://server.shorewall.net/home/teastep/shorewall/code into 4.5.21
2013-10-24 08:04:07 -07:00
Tom Eastep
6eb2c0cb5f
Add link to the logging page from the policy manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-24 08:01:18 -07:00
Tom Eastep
ca3385d1be
Remove superfluous '[' from character set.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-21 09:28:21 -07:00
Tom Eastep
5823411091
Correct typo in a regular expression.
...
- Re-enable |<mark> in the tctrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-21 07:04:23 -07:00
Tom Eastep
66c2fca2b0
Eradicate the use of 'fgrep'
...
- Busybox on Leaf Bering does not have fgrep
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-14 07:15:08 -07:00
Tom Eastep
b27e3d2fff
Merge branch '4.5.21'
2013-10-08 13:17:41 -07:00
Tom Eastep
5e67808abd
Don't add host route in default table.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 11:27:41 -07:00
Tom Eastep
1659d8ce9f
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2013-10-08 09:52:51 -07:00
Tom Eastep
fa500b9ea2
Correct H323 and netbios-ns handling.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 09:24:52 -07:00
Tom Eastep
b6d7e9ea96
Work around emacs bug
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 09:24:40 -07:00
Tom Eastep
0e61c2f210
Correct H323 and netbios-ns handling.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 09:20:46 -07:00
Tom Eastep
3c9d984835
Correct typo
...
- list_split s/b split_list
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 09:19:07 -07:00
Tom Eastep
4917500f12
Work around emacs bug
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 07:13:01 -07:00
Tom Eastep
50b7a81b13
Correct typo
...
- list_split s/b split_list
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 06:56:16 -07:00
Tom Eastep
8c4bbf0c85
Implement REAP_OPTION capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-07 07:54:52 -07:00
Roberto C. Sanchez
12563c55a8
Add '. /lib/lsb/init-functions' to the Debian-specific init scripts, as recommended by lintian
2013-10-05 16:31:45 -04:00
Tom Eastep
5b515f007b
Fix 'monthdays' in the TIME column.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-30 15:43:17 -07:00
Tom Eastep
24218934f8
Clean up uninstall scripts
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-30 15:42:58 -07:00
Tom Eastep
308aaad8d4
Use insserv on Debian
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-29 09:28:22 -07:00
Tom Eastep
d9c3345a2d
Correct temporal port range in mDNS macros.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-29 08:05:52 -07:00
Tom Eastep
d7cbd1da21
Allow actions to manipulate the current comment from Perl.
...
- Added set_comment()
- moved push/pop_comment() to the :DEFAULT export
2013-09-23 12:21:44 -07:00
Tom Eastep
a389aa01a8
Fix for litedir
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-18 21:05:35 -07:00
Tom Eastep
a5c608e996
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2013-09-18 17:59:49 -07:00
Tom Eastep
e570d91ab1
Document 'hostroute' and 'nohostroute'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-18 17:58:28 -07:00
Tom Eastep
eb75d0eef4
Add 'nohostroute' option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-18 16:49:54 -07:00
Tom Eastep
4524281163
Apply Thomas D's Gentoo support patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-17 08:22:52 -07:00
Tom Eastep
14bd1a9061
Don't require SYSCONFFILE for all products
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-10 08:24:27 -07:00
Tom Eastep
159d677acb
Update manpages to indicate that 'inline' is assumed for REJECT_ACTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-10 08:08:06 -07:00
Tom Eastep
5dbcdd65e2
Force 'inline' for REJECT_ACTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-10 07:37:53 -07:00
Tom Eastep
50411e638c
Report the name of the SysV init file installed.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-09 08:11:45 -07:00
Tom Eastep
dc5c0dc069
Validate default log levels
...
- Name the .conf option involved in error messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-06 16:00:15 -07:00
Tom Eastep
87ae801c15
Use the -w ip[6]tables option when available.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-04 10:16:36 -07:00
Tom Eastep
ae63a0ab77
Correct description of how REJECT is handled:
...
- Add UDP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-02 17:07:58 -07:00
Tom Eastep
dcff4fad37
Add sample action to shorewall.conf manpage.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-01 12:20:44 -07:00
Tom Eastep
67603c5eb3
Implement REJECT_ACTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-01 09:14:10 -07:00
Tom Eastep
1540e50cce
Remove blank line
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-31 10:07:41 -07:00
Tom Eastep
39e348997f
Add SERVICEFILE variable to shoreallrc.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-18 14:27:26 -07:00
Tom Eastep
156ed38b23
Correct installation of $SYSCONFFILE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-18 08:30:11 -07:00
Tom Eastep
a298817201
Improve INITSOURCE handling in the installers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-15 06:51:27 -07:00
Tom Eastep
0a2f6c18cc
Correct typo in prog.footer
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-13 07:03:20 -07:00
Tom Eastep
32763e998b
Make -v work with the status command
...
- Also document exit status
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-13 06:52:46 -07:00
Tom Eastep
fc5c92cabc
Use /etc/os-release to determine build host
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-08 17:44:40 -07:00
Tom Eastep
a10aea280b
Add some abbreviations for common commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-06 07:05:47 -07:00
Tom Eastep
ceffc000eb
Correct Typo
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-05 08:32:17 -07:00
Tom Eastep
6615c1f736
Clarify usage of Interface Option Chains
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-04 09:01:09 -07:00
Tom Eastep
83d1aa6682
Allow OPTIMIZE=All
...
- Remove use of literal 4096 from OPTIMIZATION checks.
- Moved constant declarations to the Config module.
- Documented that level 1 is ignored when level 4 is specified.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-29 10:08:35 -07:00
Tom Eastep
e0a222938a
Merge branch '4.5.19'
2013-07-27 08:14:35 -07:00
Tom Eastep
bf15b859bc
Clarify the relationship between ROUTE_FILTER and routefilter.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-27 08:09:23 -07:00
Tom Eastep
36a4ef1676
Correct typo in action.IfEvent
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-25 06:10:11 -07:00
Tom Eastep
aabb22a50f
Add the TRACK_RULES option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-24 07:22:51 -07:00
Tom Eastep
765b748283
Documentation updates
...
- Add meaningful IDs to some sections in Events.xml
- Correct typos in the accounting manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-22 07:54:45 -07:00
Tom Eastep
7aa33c140d
Add an AutoBL action with helper AutoBLL
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-17 10:19:18 -07:00
Tom Eastep
8c27b027fc
Break <command> into <command>[<optionlist>]
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-14 08:44:01 -07:00
Tom Eastep
891e3e0e1d
Use the --reap option in sticky recent rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 14:46:39 -07:00
Tom Eastep
d6d0cad2f9
Add 'show event[s]' to manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 10:37:27 -07:00
Tom Eastep
5c7500e13e
Display the current time as an integer in 'show event[s]' output
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 09:46:08 -07:00
Tom Eastep
09240da55a
Change the external name of MARK_ANYWHERE to 'Mark in the filter table'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 09:45:20 -07:00
Tom Eastep
2df4aae583
Reword an error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 07:22:28 -07:00
Tom Eastep
89f16bdb37
Include a current time event in /proc/net/xt_recent/
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 07:14:22 -07:00
Tom Eastep
8e30831385
Resolve merge conflicts
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-11 14:20:38 -07:00
Tom Eastep
d2725fcd87
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2013-07-11 14:16:19 -07:00
Tom Eastep
9535a7d7df
Rename 'Trigger' to 'Event' and document
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-11 10:39:21 -07:00
Tom Eastep
3c6df56b57
Implement Triggers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-10 13:27:58 -07:00
Tom Eastep
411ca87ec3
Allow logging rules with more than 15 ports
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-08 15:59:54 -07:00
Tom Eastep
948a7fccc2
Enhance a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-07 12:52:04 -07:00
Tom Eastep
73060a3761
Correct typo in dropBcast()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-06 07:58:21 -07:00
Tom Eastep
cd83d7727c
Restore handle_original_dest().
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-04 14:51:06 -07:00
Tom Eastep
5121634457
Add ihandle_original_dest()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-04 14:37:24 -07:00
Tom Eastep
131c1f432b
Add iverify_source_interface()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-04 14:07:09 -07:00
Tom Eastep
03885f71d3
Create add_expanded_ijump() that breaks long lines
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-03 15:13:48 -07:00
Tom Eastep
b735b93378
Re-factor irule generation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-03 10:59:09 -07:00
Tom Eastep
b639a18eb9
Simplify fix for -q
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-03 08:16:27 -07:00
Tom Eastep
5ce5d5e607
Delete superfluous blank line
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 15:03:50 -07:00
Tom Eastep
3e1ed30f4e
Make initial progress message obey VERBOSITY
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 14:23:27 -07:00
Tom Eastep
00c5985458
Rename clone_rule() to clone_irule()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 12:38:16 -07:00
Tom Eastep
1a44b66656
Cleaner handling of trailing spaces from log_irule_limit.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 12:32:35 -07:00
Tom Eastep
b215cf379a
Generate a warning when Limit is invoked.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 12:31:29 -07:00
Tom Eastep
3ec6745df9
Use log_irule_limit() internally where possible.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 11:48:02 -07:00
Tom Eastep
55be5b0119
Add log_irule_limit() and log_irule() functions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 11:47:19 -07:00
Tom Eastep
42a649d093
Create $globals{LOGILIMIT}
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 09:00:36 -07:00
Tom Eastep
18e7e43b2f
Eliminate globals{STATEMATCH}
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-01 16:01:57 -07:00
Tom Eastep
6803ce5d41
Add constants for %used values.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-01 15:36:16 -07:00
Tom Eastep
565fb74795
Correct bridge detection and 'qt' implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-24 13:07:38 -07:00
Tom Eastep
fc754040d5
Avoid shell error when detecting owner name match
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-24 09:51:32 -07:00
Tom Eastep
cc5a59231b
Make qt() work correctly when tracing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-24 07:17:15 -07:00
Tom Eastep
25f96e6a88
Reword unreachable warning (again)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-20 10:50:28 -07:00
Tom Eastep
71bcd11ab6
Make ?...shell/perl directives case insensitive
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-20 10:39:39 -07:00
Tom Eastep
4bd35a0b93
Allow 'routeback=0'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-16 08:37:53 -07:00
Tom Eastep
cb132e2421
Include the chain name in the 'unreachable' warning.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-11 06:29:07 -07:00
Tom Eastep
53f1cd40df
Add 'unmanaged' option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-10 12:36:18 -07:00
Tom Eastep
c653d9ce83
Only issue one 'unreachable' warning per chain.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-08 10:02:19 -07:00
Tom Eastep
6b67f2698d
Add a Kerberos macro (from James Shubin)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-08 07:37:00 -07:00
Tom Eastep
254d2037ef
Delete unused variable.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-04 15:34:25 -07:00
Tom Eastep
cb8e76b1d2
Add sub get_opttype to emphasize where rule option types are used.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-04 12:49:20 -07:00
Tom Eastep
2b579d2dff
Small efficiency change in helper processing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-04 12:48:22 -07:00
Tom Eastep
fc3e3dbf3c
Cosmetic change.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-03 10:53:33 -07:00
Tom Eastep
81acedd1b3
Reword the 'unreachable' warning.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-02 17:13:41 -07:00
Tom Eastep
d8f53cc0a9
Merge branch '4.5.17'
...
Conflicts:
Shorewall/Perl/Shorewall/Chains.pm
2013-06-02 15:31:45 -07:00
Tom Eastep
481811d29f
Merge NFACCT and EXPENSIVE matches during optimization
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-02 13:29:13 -07:00
Tom Eastep
3867902b27
Use 'NONE' policies for LOOPBACK and LOCAL zones to non-firewall zones.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-02 07:31:32 -07:00
Tom Eastep
adf51d0059
Revise the unreachable warning stuff.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 16:32:46 -07:00
Tom Eastep
7dbd50708b
Clear the current filename after last file is processed.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 13:05:35 -07:00
Tom Eastep
4340bcffb1
Don't optimize away a rule that includes nfacct matches.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 13:05:25 -07:00
Tom Eastep
4a05e56d6d
Disable warning on unreachable rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 13:05:16 -07:00
Tom Eastep
2d8078033c
Clear the current filename after last file is processed.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 13:03:10 -07:00
Tom Eastep
c5f2eeea80
Don't optimize away a rule that includes nfacct matches.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 13:02:39 -07:00
Tom Eastep
5343243f6b
Disable warning on unreachable rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 13:01:55 -07:00
Tom Eastep
4865899018
Avoid a forward jump for local zones.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-30 06:52:09 -07:00
Tom Eastep
9b68204865
Generate an 'unreachable rule(s)' warning.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-30 06:17:22 -07:00
Tom Eastep
a550dd3eed
Issue a warning when a rule is dropped do to terminated chain.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-29 21:01:07 -07:00
Tom Eastep
e9badc1f61
Correct comment in action.Drop
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-29 08:35:15 -07:00
Tom Eastep
f0aa29222f
Correct minor IPv6 TPROXY bug
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-29 07:18:46 -07:00
Tom Eastep
eaf1d0e5c2
Another error check for hosts files and loopback zones.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-28 10:00:07 -07:00
Tom Eastep
446f764d19
Allow config with only local and firewall zones.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-28 08:03:44 -07:00
Tom Eastep
9b0b3d4b70
Correct ICMPV6 type name translation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-28 08:03:19 -07:00
Tom Eastep
a48a4b7a2e
Don't allow fowarding between local zones.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-28 06:14:44 -07:00
Tom Eastep
8743b64e00
Export 'shorewall' from the Config module.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-27 06:52:45 -07:00
Tom Eastep
2de0fbf7d0
Change 'local' to 'loopback' and add 'local' zones that match non-loopback interfaces.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-26 14:06:51 -07:00
Tom Eastep
f89c704d01
Disallow 'virtual' physical interfaces.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-26 08:47:44 -07:00
Tom Eastep
0b5a316cfc
Emit 'expensive' matches last unless there are '-m nfacct' matches in the rule.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-26 08:03:54 -07:00
Tom Eastep
31f9ea5b93
Add progess and warning messages to 'update -D'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-25 16:31:55 -07:00
Tom Eastep
dde1f0a779
Only enable helpers during a 'clear' operation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-25 16:31:27 -07:00
Tom Eastep
60d0a50d9d
Add some warning/progress messages to help understand 'update -D' behavior.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-25 13:20:12 -07:00
Tom Eastep
064f9f974c
Cosmetic change.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-23 09:49:25 -07:00
Tom Eastep
fd11eb7d82
Omit fw->fw jumps when there is a local zone.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-22 09:19:34 -07:00
Tom Eastep
9e77bb5499
Ensure correct match ordering with trivial exclusion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-22 08:46:22 -07:00
Tom Eastep
8df8fe990a
Allow 'local' zone to work with 'destonly'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-22 07:34:04 -07:00
Tom Eastep
ac02c484f5
Change 'local' interface option to a zone type.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-19 15:35:20 -07:00
Tom Eastep
5ec72dad6c
Add routes for standard tables when there are no providers.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-16 15:32:05 -07:00
Tom Eastep
f6a55bbf05
Allow the '-V' option in the CLI programs.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-16 14:29:36 -07:00
Tom Eastep
739f3779f5
Generate warnings for local->non-firewall and non-firewall->local rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-16 07:51:12 -07:00
Tom Eastep
2e293dd356
Make 'local,destonly' work correctly.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-14 14:36:51 -07:00
Tom Eastep
bc6a38ca64
Remove most special handling of 'Auth'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-14 10:44:26 -07:00
Tom Eastep
a5412cff38
Issue a warning when a rule will be optimized away due to 'destonly'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-14 09:30:59 -07:00
Tom Eastep
46a6a7b258
Correct earlier optimization.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-14 07:27:57 -07:00
Tom Eastep
b38f1416aa
Mention "all+' in the "Important" notes at the top
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-13 13:41:12 -07:00
Tom Eastep
105d1db85d
Cosmetic change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-13 11:24:09 -07:00
Tom Eastep
200d347ac8
Small Efficiency Change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-13 10:52:04 -07:00
Tom Eastep
c8133145e6
Add support for "all+" in the policy file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-13 09:01:12 -07:00
Tom Eastep
e3d9b2762d
Add 'destonly' and 'local' to the interface manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-12 12:48:58 -07:00
Tom Eastep
9178ecbab0
Suppress superfluous ACCEPT rule when 'lo' is attached to a 'local' zone.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-12 10:38:44 -07:00
Tom Eastep
d06a7b55b6
Add a 'destonly' option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-12 10:37:40 -07:00
Tom Eastep
2fb01bec8d
Don't assume 'destonly' with 'local'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-12 09:58:37 -07:00
Tom Eastep
6551d67b2e
Call delete_chain_and_references recursively.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-12 09:29:29 -07:00
Tom Eastep
4b76d8c462
Handle optimize level 0 in the IPV6 nat table.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-12 09:28:25 -07:00