Commit Graph

6251 Commits

Author SHA1 Message Date
Tom Eastep
4bd8d9791c Include -t <table> in debug_restore_input() error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-18 07:28:14 -07:00
Tom Eastep
eb70234c52 Correct some typos in the .conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-12 14:50:15 -07:00
Tom Eastep
39b7527cb6 Include rule priority in delete of generated address route rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-10 08:25:59 -07:00
Tom Eastep
08d29edf1a Include rule priority in delete of generated address route rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-10 08:24:38 -07:00
Tom Eastep
20b10582b4 Moew deprecation of USE_DEFAULT_RT=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-10 08:24:12 -07:00
Tom Eastep
093ff580b5 Deprecate USE_DEFAULT_RT=No.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-09 07:48:05 -07:00
Tom Eastep
cea237620a Change USE_DEFAULT_RT default to 'Yes'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-09 07:42:22 -07:00
Tom Eastep
c9d7370fb4 Merge branch '4.5.21'
Conflicts:
	Shorewall/manpages/shorewall.conf.xml
	Shorewall6/manpages/shorewall6.conf.xml

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-05 09:00:34 -08:00
Tom Eastep
8b4d8bfa16 Finish ADMINISABSENDMINDED change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-05 08:57:03 -08:00
Tom Eastep
caa72fb7d2 Correct routestopped files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-02 10:39:12 -08:00
Tom Eastep
4eadec234a Revert "Correct the behavior of ADMINISABSENTMINDED"
This reverts commit ded747a51a.
2014-03-02 08:25:05 -08:00
Tom Eastep
2b489993ca Revert "Correct the behavior of ADMINISABSENTMINDED"
This reverts commit df09e0ccc5.
2014-03-02 08:23:23 -08:00
Tom Eastep
ded747a51a Correct the behavior of ADMINISABSENTMINDED
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-28 10:14:33 -08:00
Tom Eastep
df09e0ccc5 Correct the behavior of ADMINISABSENTMINDED
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-28 10:14:08 -08:00
Tom Eastep
454e53bcfa Reformat preceding patch and correct syntax errors.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-25 13:21:23 -08:00
Tom Eastep
66fdc9f6a7 Call directive_callback for directives without '?'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-25 12:48:25 -08:00
Tom Eastep
c74235a200 Correct typos
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-17 14:17:49 -08:00
Tom Eastep
1759fc75b0 Correctly handle alternate specification with ';' in 'update -t'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-17 14:10:17 -08:00
Tom Eastep
3e87efc82b Document -t option
- Also copy compiler directives to the mangle file.
2014-02-17 12:50:59 -08:00
Tom Eastep
a011ad8efe Add raw matches to the converted mangle file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-16 09:59:13 -08:00
Tom Eastep
0e40a42729 Allow SAVE and RESTORE in the postrouting chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-16 09:50:43 -08:00
Tom Eastep
69fe94ef08 Document the -t option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-16 09:25:58 -08:00
Tom Eastep
669d15e2cf Implement the -t update option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-15 09:36:13 -08:00
Tom Eastep
708d58da21 Revert "Replace SECTION with ?SECTION in the rules file."
This reverts commit 34207fef1a.
2014-02-13 08:23:34 -08:00
Tom Eastep
34207fef1a Replace SECTION with ?SECTION in the rules file. 2014-02-12 13:25:36 -08:00
Tom Eastep
2dbcd36a9c Implement BASIC_FILTERS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 16:34:03 -08:00
Tom Eastep
0383ca7de6 Correct semantics of ipset lists in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 12:27:46 -08:00
Tom Eastep
7ddc65133e Support ipset lists in the tcfilters file.
- Also document the fact that ipset match options are not available in
  the tcfilters file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 12:16:35 -08:00
Tom Eastep
1d4a87a0d0 Excape an opening parehthesis.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 12:15:35 -08:00
Tom Eastep
3b3608ad65 Correct ICMP handling in basic filters.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 07:16:41 -08:00
Tom Eastep
081a387f1d Fix some bugs in basic filter generation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-03 14:59:27 -08:00
Tom Eastep
fbb03248c4 Correct 'dump' help text
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-02 13:01:42 -08:00
Tom Eastep
033a1a0367 Correct 'dump' help text
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-02 13:00:41 -08:00
Tom Eastep
c08655e0bc Document ipset use in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-01 09:40:39 -08:00
Tom Eastep
50fb8e3f2f Use HEX representation for matching IPv6 addresses in basic filters.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-31 12:49:47 -08:00
Tom Eastep
f029f5b483 Correct handling of logging of a non-terminating target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-29 08:22:31 -08:00
Tom Eastep
86f667afd4 Correct handling of logging of a non-terminating target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-29 08:19:53 -08:00
Tom Eastep
8a63053c13 Correct defects found in unit testing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-21 20:19:56 -08:00
Tom Eastep
62557cb98e Correct defects found during testing of ematch.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-21 12:53:33 -08:00
Tom Eastep
9c4089fc99 Initial basic filter implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-20 18:40:40 -08:00
Tom Eastep
44e0d48fc5 Add <refmiscinfo>...</refmiscinfo> to remaining manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-16 08:32:57 -08:00
Tom Eastep
5a649dc205 Add <refmiscinfo>...</refmiscinfo>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-16 07:44:23 -08:00
Tom Eastep
89fd5ced15 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2014-01-12 14:05:48 -08:00
Roberto C. Sanchez
b1a490b50a Cleanup links in manpages so that hrefs in generated HTML don't take the user to a different server 2014-01-12 16:40:03 -05:00
Tom Eastep
a35b7821bf Correct stoppedrules manpages re DROP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:30:09 -08:00
Tom Eastep
fd28a12653 Allow DROP in the stoppedrules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:19:49 -08:00
Tom Eastep
7e6fc3229d Correct handling of default chain when a mark range is specified.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:15:51 -08:00
Tom Eastep
42dd8dfee9 Change license to GPLv2+ and update copyrights
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-04 09:48:27 -08:00
Tom Eastep
5a7e458104 Backout ematch stuff for now
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-03 12:01:56 -08:00
Tom Eastep
7e1a310929 Implement ipset matches in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-03 09:35:34 -08:00
Tom Eastep
78ecf9bdc8 Finish up ipset extensions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-03 09:23:14 -08:00
Tom Eastep
1771bb75cf Finish ipset match option implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-02 14:43:55 -08:00
Tom Eastep
b4847d6a01 New IPSET MATCH extensions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-02 09:36:35 -08:00
Tom Eastep
48ceed9ecb Make tcpflags the default.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 15:10:38 -08:00
Tom Eastep
1083dd8c26 Allow ?COMMENT in the mangle file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 08:02:17 -08:00
Tom Eastep
5e7cd855c2 Correct typo in Tc.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:53:38 -08:00
Tom Eastep
623bdd2ff1 Manpage corrections.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:41:28 -08:00
Tom Eastep
b61ee2d75e Manpage updates for IP[6]TABLES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:18:54 -08:00
Tom Eastep
2c2aaf262c Add IP[6]TABLES support for the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:18:36 -08:00
Tom Eastep
6c990a7253 Logically OR builtin definitions from the actions file if the builtin exists
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:18:00 -08:00
Tom Eastep
f7bbac6ea8 Make tcrules/mangle similar to notrack/conntrack.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:15:56 -08:00
Tom Eastep
4c1b83beef Tweaks to the Tc.pm module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-31 11:42:38 -08:00
Tom Eastep
ac6a506e35 Allow logging from the RAW table
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-31 11:04:43 -08:00
Tom Eastep
11e61ec6e5 Add chain information to the builtin_target table.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-31 08:22:58 -08:00
Tom Eastep
5985a6e9b3 Implement IP[6]TABLES in the rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 13:46:58 -08:00
Tom Eastep
4cc5ee6b73 Document IP[6]TABLES in the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 10:13:38 -08:00
Tom Eastep
66a04e4819 Allow inline matches with IP[6]TABLES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 10:13:00 -08:00
Tom Eastep
1634267faa Rename JUMP to IP[6]TABLES.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 10:12:33 -08:00
Tom Eastep
c8866ef8bf Correct handling of columns with embedded spaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 08:56:14 -08:00
Tom Eastep
8f6f0c94a4 Replace tcrules with mangle in the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 15:35:08 -08:00
Tom Eastep
6fe06c82c8 More switch from tcrules to mangle
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 15:24:05 -08:00
Tom Eastep
543446f8d7 Integrate tcrules and mangle processing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 14:24:36 -08:00
Tom Eastep
a1222d10cb change 'marks' file to 'mangle'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 10:03:23 -08:00
Tom Eastep
3dba1f5bee Tested version of the marks file handler
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-27 12:38:22 -08:00
Tom Eastep
3960aaee4c Consolidate declarations in process_mark_rule().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-24 09:49:10 -08:00
Tom Eastep
5419109880 Correct syntax errors in new mars handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-24 09:04:54 -08:00
Tom Eastep
584b0ac50e Some small tweaks to the marks file processing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-24 07:25:40 -08:00
Tom Eastep
1d84f27efe Add shorewall-marks manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-20 14:12:35 -08:00
Tom Eastep
4c840a05a0 Fix issue in the shorewall-tcrules and shorewall6-tcrules manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-19 16:24:50 -08:00
Tom Eastep
6323372ebd Fix issue in the shorewall-tcrules and shorewall6-tcrules manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-19 16:23:32 -08:00
Tom Eastep
4c2cedb670 Add get_target_param1() that doesn't accept the <action>/<param> syntax
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-19 09:17:11 -08:00
Tom Eastep
f32a777099 Fix INLINE in tcrles
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-18 09:19:35 -08:00
Tom Eastep
cd5be38cfb Eliminate silly extra loop in accounting processing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-18 09:19:16 -08:00
Tom Eastep
2894bb9656 Move INLINE processing into the Chains module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-16 12:31:35 -08:00
Tom Eastep
fad3b42bd3 Correct line split in the Accounting module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-16 07:40:41 -08:00
Tom Eastep
4e4e7cac1d Redefine the -i option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-15 11:23:20 -08:00
Tom Eastep
6d72cb3138 Correct update inline
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-15 09:32:09 -08:00
Tom Eastep
cb74b2d706 Document the -i update option in the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 20:54:56 -08:00
Tom Eastep
9abe60bc27 Implement the -i option of upgrade
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 17:54:10 -08:00
Tom Eastep
33c5893bdb Implement INLINE_MATCHES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 13:35:01 -08:00
Tom Eastep
2bc329aa1d Add INLINE support to the masq file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-13 15:44:16 -08:00
Tom Eastep
f22dfcaa75 Merge branch '4.5.21' 2013-12-08 09:02:44 -08:00
Tom Eastep
d71c2688dc Clarify the need to quote/escaape settings with parentheses.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-08 09:02:25 -08:00
Tom Eastep
95abeaea24 Finish INLINE in the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-01 09:25:32 -08:00
Tom Eastep
75258083e3 Cleanup of column splitting change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-01 09:24:49 -08:00
Tom Eastep
bf44e514e3 Keep parentheses balanced when splitting a line.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-30 14:13:42 -08:00
Tom Eastep
e5d250750b Correct handling of ?SECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-27 07:53:33 -08:00
Tom Eastep
d63262a0cb change ZONE2ZONE default to '-'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-24 08:16:28 -08:00
Tom Eastep
3870157898 Issue warning on bare SECTION headings.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-24 07:58:02 -08:00
Tom Eastep
80d54ec40b Implement ?SECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-18 06:57:54 -08:00
Tom Eastep
855cb6e7f4 Correct handling of HFSC classes with DMAX but no UMAX
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-16 08:07:23 -08:00
Tom Eastep
ea21d61f39 Correct Broadcast Actions
- Delete --dst-type BROADCAST from IPv6
- Suppress superfluous multicast rule

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-12 08:41:58 -08:00
Tom Eastep
3b5c1ad601 Remove anachronistic text from the tcinterfaces manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-10 08:19:16 -08:00
Tom Eastep
e14d92c5ac Add DROP support in tcrules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-04 10:50:11 -08:00
Tom Eastep
5f37b5bde6 Correct install scripts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-25 06:53:51 -07:00
Tom Eastep
b00e20d4d0 Merge branch '4.5.21' of ssh://server.shorewall.net/home/teastep/shorewall/code into 4.5.21 2013-10-24 08:04:07 -07:00
Tom Eastep
6eb2c0cb5f Add link to the logging page from the policy manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-24 08:01:18 -07:00
Tom Eastep
ca3385d1be Remove superfluous '[' from character set.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-21 09:28:21 -07:00
Tom Eastep
5823411091 Correct typo in a regular expression.
- Re-enable |<mark> in the tctrules file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-21 07:04:23 -07:00
Tom Eastep
66c2fca2b0 Eradicate the use of 'fgrep'
- Busybox on Leaf Bering does not have fgrep

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-14 07:15:08 -07:00
Tom Eastep
b27e3d2fff Merge branch '4.5.21' 2013-10-08 13:17:41 -07:00
Tom Eastep
5e67808abd Don't add host route in default table.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 11:27:41 -07:00
Tom Eastep
1659d8ce9f Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2013-10-08 09:52:51 -07:00
Tom Eastep
fa500b9ea2 Correct H323 and netbios-ns handling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 09:24:52 -07:00
Tom Eastep
b6d7e9ea96 Work around emacs bug
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 09:24:40 -07:00
Tom Eastep
0e61c2f210 Correct H323 and netbios-ns handling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 09:20:46 -07:00
Tom Eastep
3c9d984835 Correct typo
- list_split s/b split_list

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 09:19:07 -07:00
Tom Eastep
4917500f12 Work around emacs bug
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 07:13:01 -07:00
Tom Eastep
50b7a81b13 Correct typo
- list_split s/b split_list

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 06:56:16 -07:00
Tom Eastep
8c4bbf0c85 Implement REAP_OPTION capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-07 07:54:52 -07:00
Roberto C. Sanchez
12563c55a8 Add '. /lib/lsb/init-functions' to the Debian-specific init scripts, as recommended by lintian 2013-10-05 16:31:45 -04:00
Tom Eastep
5b515f007b Fix 'monthdays' in the TIME column.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-30 15:43:17 -07:00
Tom Eastep
24218934f8 Clean up uninstall scripts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-30 15:42:58 -07:00
Tom Eastep
308aaad8d4 Use insserv on Debian
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-29 09:28:22 -07:00
Tom Eastep
d9c3345a2d Correct temporal port range in mDNS macros.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-29 08:05:52 -07:00
Tom Eastep
d7cbd1da21 Allow actions to manipulate the current comment from Perl.
- Added set_comment()
- moved push/pop_comment() to the :DEFAULT export
2013-09-23 12:21:44 -07:00
Tom Eastep
a389aa01a8 Fix for litedir
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-18 21:05:35 -07:00
Tom Eastep
a5c608e996 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2013-09-18 17:59:49 -07:00
Tom Eastep
e570d91ab1 Document 'hostroute' and 'nohostroute'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-18 17:58:28 -07:00
Tom Eastep
eb75d0eef4 Add 'nohostroute' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-18 16:49:54 -07:00
Tom Eastep
4524281163 Apply Thomas D's Gentoo support patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-17 08:22:52 -07:00
Tom Eastep
14bd1a9061 Don't require SYSCONFFILE for all products
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-10 08:24:27 -07:00
Tom Eastep
159d677acb Update manpages to indicate that 'inline' is assumed for REJECT_ACTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-10 08:08:06 -07:00
Tom Eastep
5dbcdd65e2 Force 'inline' for REJECT_ACTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-10 07:37:53 -07:00
Tom Eastep
50411e638c Report the name of the SysV init file installed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-09 08:11:45 -07:00
Tom Eastep
dc5c0dc069 Validate default log levels
- Name the .conf option involved in error messages

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-06 16:00:15 -07:00
Tom Eastep
87ae801c15 Use the -w ip[6]tables option when available.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-04 10:16:36 -07:00
Tom Eastep
ae63a0ab77 Correct description of how REJECT is handled:
- Add UDP

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-02 17:07:58 -07:00
Tom Eastep
dcff4fad37 Add sample action to shorewall.conf manpage.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-01 12:20:44 -07:00
Tom Eastep
67603c5eb3 Implement REJECT_ACTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-01 09:14:10 -07:00
Tom Eastep
1540e50cce Remove blank line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-31 10:07:41 -07:00
Tom Eastep
39e348997f Add SERVICEFILE variable to shoreallrc.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-18 14:27:26 -07:00
Tom Eastep
156ed38b23 Correct installation of $SYSCONFFILE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-18 08:30:11 -07:00
Tom Eastep
a298817201 Improve INITSOURCE handling in the installers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-15 06:51:27 -07:00
Tom Eastep
0a2f6c18cc Correct typo in prog.footer
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-13 07:03:20 -07:00
Tom Eastep
32763e998b Make -v work with the status command
- Also document exit status

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-13 06:52:46 -07:00
Tom Eastep
fc5c92cabc Use /etc/os-release to determine build host
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-08 17:44:40 -07:00
Tom Eastep
a10aea280b Add some abbreviations for common commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-06 07:05:47 -07:00
Tom Eastep
ceffc000eb Correct Typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-05 08:32:17 -07:00
Tom Eastep
6615c1f736 Clarify usage of Interface Option Chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-04 09:01:09 -07:00
Tom Eastep
83d1aa6682 Allow OPTIMIZE=All
- Remove use of literal 4096 from OPTIMIZATION checks.
- Moved constant declarations to the Config module.
- Documented that level 1 is ignored when level 4 is specified.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-29 10:08:35 -07:00
Tom Eastep
e0a222938a Merge branch '4.5.19' 2013-07-27 08:14:35 -07:00
Tom Eastep
bf15b859bc Clarify the relationship between ROUTE_FILTER and routefilter.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-27 08:09:23 -07:00
Tom Eastep
36a4ef1676 Correct typo in action.IfEvent
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-25 06:10:11 -07:00
Tom Eastep
aabb22a50f Add the TRACK_RULES option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-24 07:22:51 -07:00
Tom Eastep
765b748283 Documentation updates
- Add meaningful IDs to some sections in Events.xml
- Correct typos in the accounting manpages

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-22 07:54:45 -07:00
Tom Eastep
7aa33c140d Add an AutoBL action with helper AutoBLL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-17 10:19:18 -07:00
Tom Eastep
8c27b027fc Break <command> into <command>[<optionlist>]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-14 08:44:01 -07:00
Tom Eastep
891e3e0e1d Use the --reap option in sticky recent rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 14:46:39 -07:00
Tom Eastep
d6d0cad2f9 Add 'show event[s]' to manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 10:37:27 -07:00
Tom Eastep
5c7500e13e Display the current time as an integer in 'show event[s]' output
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 09:46:08 -07:00
Tom Eastep
09240da55a Change the external name of MARK_ANYWHERE to 'Mark in the filter table'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 09:45:20 -07:00
Tom Eastep
2df4aae583 Reword an error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 07:22:28 -07:00
Tom Eastep
89f16bdb37 Include a current time event in /proc/net/xt_recent/
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 07:14:22 -07:00
Tom Eastep
8e30831385 Resolve merge conflicts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-11 14:20:38 -07:00
Tom Eastep
d2725fcd87 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2013-07-11 14:16:19 -07:00
Tom Eastep
9535a7d7df Rename 'Trigger' to 'Event' and document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-11 10:39:21 -07:00
Tom Eastep
3c6df56b57 Implement Triggers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-10 13:27:58 -07:00
Tom Eastep
411ca87ec3 Allow logging rules with more than 15 ports
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-08 15:59:54 -07:00
Tom Eastep
948a7fccc2 Enhance a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-07 12:52:04 -07:00
Tom Eastep
73060a3761 Correct typo in dropBcast()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-06 07:58:21 -07:00
Tom Eastep
cd83d7727c Restore handle_original_dest().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-04 14:51:06 -07:00
Tom Eastep
5121634457 Add ihandle_original_dest()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-04 14:37:24 -07:00
Tom Eastep
131c1f432b Add iverify_source_interface()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-04 14:07:09 -07:00
Tom Eastep
03885f71d3 Create add_expanded_ijump() that breaks long lines
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-03 15:13:48 -07:00
Tom Eastep
b735b93378 Re-factor irule generation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-03 10:59:09 -07:00
Tom Eastep
b639a18eb9 Simplify fix for -q
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-03 08:16:27 -07:00
Tom Eastep
5ce5d5e607 Delete superfluous blank line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 15:03:50 -07:00
Tom Eastep
3e1ed30f4e Make initial progress message obey VERBOSITY
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 14:23:27 -07:00
Tom Eastep
00c5985458 Rename clone_rule() to clone_irule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 12:38:16 -07:00
Tom Eastep
1a44b66656 Cleaner handling of trailing spaces from log_irule_limit.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 12:32:35 -07:00
Tom Eastep
b215cf379a Generate a warning when Limit is invoked.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 12:31:29 -07:00
Tom Eastep
3ec6745df9 Use log_irule_limit() internally where possible.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 11:48:02 -07:00
Tom Eastep
55be5b0119 Add log_irule_limit() and log_irule() functions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 11:47:19 -07:00
Tom Eastep
42a649d093 Create $globals{LOGILIMIT}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 09:00:36 -07:00
Tom Eastep
18e7e43b2f Eliminate globals{STATEMATCH}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-01 16:01:57 -07:00
Tom Eastep
6803ce5d41 Add constants for %used values.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-01 15:36:16 -07:00
Tom Eastep
565fb74795 Correct bridge detection and 'qt' implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-24 13:07:38 -07:00
Tom Eastep
fc754040d5 Avoid shell error when detecting owner name match
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-24 09:51:32 -07:00
Tom Eastep
cc5a59231b Make qt() work correctly when tracing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-24 07:17:15 -07:00
Tom Eastep
25f96e6a88 Reword unreachable warning (again)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-20 10:50:28 -07:00
Tom Eastep
71bcd11ab6 Make ?...shell/perl directives case insensitive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-20 10:39:39 -07:00
Tom Eastep
4bd35a0b93 Allow 'routeback=0'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-16 08:37:53 -07:00
Tom Eastep
cb132e2421 Include the chain name in the 'unreachable' warning.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-11 06:29:07 -07:00
Tom Eastep
53f1cd40df Add 'unmanaged' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-10 12:36:18 -07:00
Tom Eastep
c653d9ce83 Only issue one 'unreachable' warning per chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-08 10:02:19 -07:00
Tom Eastep
6b67f2698d Add a Kerberos macro (from James Shubin)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-08 07:37:00 -07:00
Tom Eastep
254d2037ef Delete unused variable.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-04 15:34:25 -07:00
Tom Eastep
cb8e76b1d2 Add sub get_opttype to emphasize where rule option types are used.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-04 12:49:20 -07:00
Tom Eastep
2b579d2dff Small efficiency change in helper processing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-04 12:48:22 -07:00
Tom Eastep
fc3e3dbf3c Cosmetic change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-03 10:53:33 -07:00
Tom Eastep
81acedd1b3 Reword the 'unreachable' warning.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-02 17:13:41 -07:00
Tom Eastep
d8f53cc0a9 Merge branch '4.5.17'
Conflicts:
	Shorewall/Perl/Shorewall/Chains.pm
2013-06-02 15:31:45 -07:00
Tom Eastep
481811d29f Merge NFACCT and EXPENSIVE matches during optimization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-02 13:29:13 -07:00
Tom Eastep
3867902b27 Use 'NONE' policies for LOOPBACK and LOCAL zones to non-firewall zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-02 07:31:32 -07:00
Tom Eastep
adf51d0059 Revise the unreachable warning stuff.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 16:32:46 -07:00
Tom Eastep
7dbd50708b Clear the current filename after last file is processed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 13:05:35 -07:00
Tom Eastep
4340bcffb1 Don't optimize away a rule that includes nfacct matches.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 13:05:25 -07:00
Tom Eastep
4a05e56d6d Disable warning on unreachable rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 13:05:16 -07:00
Tom Eastep
2d8078033c Clear the current filename after last file is processed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 13:03:10 -07:00
Tom Eastep
c5f2eeea80 Don't optimize away a rule that includes nfacct matches.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 13:02:39 -07:00
Tom Eastep
5343243f6b Disable warning on unreachable rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-06-01 13:01:55 -07:00
Tom Eastep
4865899018 Avoid a forward jump for local zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-30 06:52:09 -07:00
Tom Eastep
9b68204865 Generate an 'unreachable rule(s)' warning.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-30 06:17:22 -07:00
Tom Eastep
a550dd3eed Issue a warning when a rule is dropped do to terminated chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-29 21:01:07 -07:00
Tom Eastep
e9badc1f61 Correct comment in action.Drop
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-29 08:35:15 -07:00
Tom Eastep
f0aa29222f Correct minor IPv6 TPROXY bug
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-29 07:18:46 -07:00
Tom Eastep
eaf1d0e5c2 Another error check for hosts files and loopback zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-28 10:00:07 -07:00
Tom Eastep
446f764d19 Allow config with only local and firewall zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-28 08:03:44 -07:00
Tom Eastep
9b0b3d4b70 Correct ICMPV6 type name translation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-28 08:03:19 -07:00
Tom Eastep
a48a4b7a2e Don't allow fowarding between local zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-28 06:14:44 -07:00
Tom Eastep
8743b64e00 Export 'shorewall' from the Config module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-27 06:52:45 -07:00
Tom Eastep
2de0fbf7d0 Change 'local' to 'loopback' and add 'local' zones that match non-loopback interfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-26 14:06:51 -07:00
Tom Eastep
f89c704d01 Disallow 'virtual' physical interfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-26 08:47:44 -07:00
Tom Eastep
0b5a316cfc Emit 'expensive' matches last unless there are '-m nfacct' matches in the rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-26 08:03:54 -07:00
Tom Eastep
31f9ea5b93 Add progess and warning messages to 'update -D'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-25 16:31:55 -07:00
Tom Eastep
dde1f0a779 Only enable helpers during a 'clear' operation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-25 16:31:27 -07:00
Tom Eastep
60d0a50d9d Add some warning/progress messages to help understand 'update -D' behavior.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-25 13:20:12 -07:00
Tom Eastep
064f9f974c Cosmetic change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-23 09:49:25 -07:00
Tom Eastep
fd11eb7d82 Omit fw->fw jumps when there is a local zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-22 09:19:34 -07:00
Tom Eastep
9e77bb5499 Ensure correct match ordering with trivial exclusion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-22 08:46:22 -07:00
Tom Eastep
8df8fe990a Allow 'local' zone to work with 'destonly'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-22 07:34:04 -07:00
Tom Eastep
ac02c484f5 Change 'local' interface option to a zone type.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-19 15:35:20 -07:00
Tom Eastep
5ec72dad6c Add routes for standard tables when there are no providers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-16 15:32:05 -07:00
Tom Eastep
f6a55bbf05 Allow the '-V' option in the CLI programs.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-16 14:29:36 -07:00
Tom Eastep
739f3779f5 Generate warnings for local->non-firewall and non-firewall->local rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-16 07:51:12 -07:00
Tom Eastep
2e293dd356 Make 'local,destonly' work correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-14 14:36:51 -07:00
Tom Eastep
bc6a38ca64 Remove most special handling of 'Auth'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-14 10:44:26 -07:00
Tom Eastep
a5412cff38 Issue a warning when a rule will be optimized away due to 'destonly'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-14 09:30:59 -07:00
Tom Eastep
46a6a7b258 Correct earlier optimization.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-14 07:27:57 -07:00
Tom Eastep
b38f1416aa Mention "all+' in the "Important" notes at the top
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-13 13:41:12 -07:00
Tom Eastep
105d1db85d Cosmetic change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-13 11:24:09 -07:00
Tom Eastep
200d347ac8 Small Efficiency Change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-13 10:52:04 -07:00
Tom Eastep
c8133145e6 Add support for "all+" in the policy file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-13 09:01:12 -07:00
Tom Eastep
e3d9b2762d Add 'destonly' and 'local' to the interface manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-12 12:48:58 -07:00
Tom Eastep
9178ecbab0 Suppress superfluous ACCEPT rule when 'lo' is attached to a 'local' zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-12 10:38:44 -07:00
Tom Eastep
d06a7b55b6 Add a 'destonly' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-12 10:37:40 -07:00
Tom Eastep
2fb01bec8d Don't assume 'destonly' with 'local'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-12 09:58:37 -07:00
Tom Eastep
6551d67b2e Call delete_chain_and_references recursively.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-12 09:29:29 -07:00
Tom Eastep
4b76d8c462 Handle optimize level 0 in the IPV6 nat table.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-05-12 09:28:25 -07:00