Tom Eastep
54dadcc546
Ensure that zone-specific rules come before 'all' rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 14:20:30 -08:00
Tom Eastep
952aed225d
Improve handling of 'all' in the conntrack file.
...
- Also added 'all-' to represent all off-firewall zones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 13:07:01 -08:00
Tom Eastep
7bfbf522bc
Document that parameters are allowed in default actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 11:12:55 -08:00
Tom Eastep
1efd47a7e9
Apply Tuomo Soini's fix for RHEL5
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 10:34:00 -08:00
Tom Eastep
c0a2f19500
Add an Audit action.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 10:24:14 -08:00
Tom Eastep
374489c3cf
Revert "Fix RHEL5 issue with route marking."
...
This reverts commit 77f342b0e0
.
2012-11-21 10:19:24 -08:00
Tom Eastep
77f342b0e0
Fix RHEL5 issue with route marking.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 09:08:15 -08:00
Tom Eastep
8f52c9744e
Correct some issues with default action macros.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-21 08:29:35 -08:00
Tom Eastep
1957af04fd
Don't create a _weight file for an optional non-provider interface.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-20 16:10:30 -08:00
Tom Eastep
a0faba2a03
Correct interface/provider handling.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-20 13:27:15 -08:00
Tom Eastep
c798200b20
Another correction to CHECKSUM detection.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-20 10:09:28 -08:00
Tom Eastep
67ae9df0f8
Correct handling of unknown interfaces in TC.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-20 08:07:42 -08:00
Tom Eastep
ebb4e1f6e4
Don't generate start/stop functions for wildcard optional interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-20 07:06:27 -08:00
Tom Eastep
f458e99390
Correct the compiler's CHECKSUM detection
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-20 06:59:40 -08:00
Tom Eastep
5b049d7e9e
Improve readability in Rules module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-20 06:59:13 -08:00
Tom Eastep
3b20c0db54
Allow Macros to be used as Default Actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-19 16:52:10 -08:00
Tom Eastep
0d8931e49f
Don't use ':' as a join character in contatenated macro ACTION expansion.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-19 12:58:29 -08:00
Tom Eastep
47791add99
Fix formatting of a line of code.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-19 12:30:25 -08:00
Tom Eastep
be587726f4
Merge branch '4.5.9'
2012-11-19 08:22:05 -08:00
Tom Eastep
60a509c926
Add new macros and alphabetize the ACTION list in the rules manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-19 08:19:12 -08:00
Tom Eastep
b25ece75de
Don't leave temporary chain in the raw table when LOAD_HELPERS_ONLY=No
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-19 08:18:32 -08:00
Tom Eastep
e9ef03f723
Add a ULOG Macro.
...
- Also remove 'DEFAULT' from NFLOG macro.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-19 07:15:50 -08:00
Tom Eastep
0db7b6c58a
Don't require a parameter with '&'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 15:45:58 -08:00
Tom Eastep
57e913d86e
Merge branch '4.5.9'
2012-11-18 15:02:46 -08:00
Tom Eastep
263f4e57cb
Add an NFLOG Macro
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 14:52:53 -08:00
Tom Eastep
a4294658b6
Add a capability to use log levels as a target.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 14:50:59 -08:00
Tom Eastep
65e1b1c9e7
Allow NFLOG as a target
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 13:15:24 -08:00
Tom Eastep
a07cfb0885
Allow NFLOG as a target
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 13:13:43 -08:00
Tom Eastep
9dac330756
Remove references to USE_ACTIONS
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 13:13:20 -08:00
Tom Eastep
dfd02c932e
Correct typo in shorewall(8) and shorewall6(8).
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 13:12:03 -08:00
Tom Eastep
c6ffdd67e2
Add DROP target to the conntrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 11:35:40 -08:00
Tom Eastep
5265cd5bb7
Add UNTRACKED match to the secmarks file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 11:01:49 -08:00
Tom Eastep
ab381ed95e
Expand the description of enable/disable on optional non-provider interfaces.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 09:01:38 -08:00
Tom Eastep
0277d6628e
Correct typo in shorewall(8) and shorewall6(8).
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-18 08:30:47 -08:00
Tom Eastep
5712438bcb
Eliminate Shell syntax error when a provider and its interface have the same name.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-16 09:50:36 -08:00
Tom Eastep
a2b14c37ed
Treat optional interfaces as pseudo-providers.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-16 09:48:21 -08:00
Tom Eastep
b1ffcd8628
Apply provider mask in 'routemark' chain.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-14 11:20:30 -08:00
Tom Eastep
34e3e4bf82
Merge branch '4.5.9'
2012-11-14 11:17:18 -08:00
Tom Eastep
06a4994488
Make exclusion work correctly with TPROXY.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-14 11:16:52 -08:00
Tom Eastep
391113dfe3
Apply provider mask in 'routemark' chain.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-13 06:55:59 -08:00
Tom Eastep
3c58d2180d
Improve the efficiency of tcrule processing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-13 06:55:35 -08:00
Tom Eastep
32c9e4274f
Rename 'mysplit' to 'split_host_list'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-11 08:42:01 -08:00
Tom Eastep
896d874aab
Set VARLIB in the script's initialize() function.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-09 12:29:19 -08:00
Tom Eastep
5fcdfd779c
Don't default IPSET to 'ipset'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-09 08:54:54 -08:00
Tom Eastep
860ee6de27
Eliminate nonsensical warning message.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-06 07:36:36 -08:00
Tom Eastep
4b6fdf8b72
Update masq manpage to expunge exclusion with an interface name in the SOURCE column.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-04 09:11:37 -08:00
Tom Eastep
ec17ea1dee
Remove superfluous check
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-03 08:19:46 -07:00
Tom Eastep
2e211bc2b6
Correct handling of wildcard interfaces in rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-03 07:24:41 -07:00
Tom Eastep
6e4632663b
Correct heading comments in action.TCPFlags.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-01 07:20:50 -07:00
Tom Eastep
5f0b85b5b9
Replace a couple of more hard-coded directory names.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-30 09:49:53 -07:00
Tom Eastep
86ae74005a
Correct invalid information in shorewall[6]-tcclasses.
...
- Delete part about an interface only appearing once.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-29 12:46:58 -07:00
Tom Eastep
3f1aeb33be
Correct mark range with shifted mask.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-26 12:41:06 -07:00
Tom Eastep
e908473d29
Clean up description of CHECKSUM in the manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-26 11:22:54 -07:00
Tom Eastep
e177916c12
Implement statistical marking in the tcrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-26 07:10:26 -07:00
Tom Eastep
0387b16983
Implement CHECKSUM action in the tcrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-22 15:42:13 -07:00
Tom Eastep
f24e194819
Don't display chains with no matched entries when -b
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-22 14:15:37 -07:00
Paul Gear
59a75512be
Add Teredo macro
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-21 07:20:29 -07:00
Tom Eastep
5a103e8ec5
Make options consistent (add a '-' before 't')
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-20 07:15:44 -07:00
Paul Gear
cf68379c4c
Document brief option for show command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-20 07:11:56 -07:00
Paul Gear
6c06302d2a
Make formatting of interface options consistent
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-20 07:11:48 -07:00
Tom Eastep
b00dc658b2
Correct error messages in action.RST
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-15 07:17:17 -07:00
Tom Eastep
6af16e0cda
Allow quotes in parameter to run_iptables()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-14 13:26:08 -07:00
Tom Eastep
ab7975539c
Correct typo in get_params()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-14 09:30:27 -07:00
Tom Eastep
dfd0692176
Omit IPv6-specific code from checkkernelversion() in IPv4 script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-13 07:28:37 -07:00
Tom Eastep
8b650358d6
Don't shout in compiler directives
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-13 07:14:51 -07:00
Paul Gear
78aab70dfb
Add Puppet macro
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-13 07:04:55 -07:00
Tom Eastep
cc90a06958
Add RESTORE_ROUTEMARKS option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-11 07:34:57 -07:00
Tom Eastep
54e066ec3a
Re-order logic in add_group_to_zone
...
- Need to normalize the address prior to comparing it with ALLIP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-08 08:54:54 -07:00
Tom Eastep
620f88b339
Merge branch '4.5.8'
2012-10-07 17:41:01 -07:00
Tom Eastep
b7e6b1aa41
Allow IP range in the hosts file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 17:40:42 -07:00
Tom Eastep
c84603cdc6
Merge branch '4.5.8'
...
Conflicts:
Shorewall/Perl/Shorewall/Zones.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 17:04:27 -07:00
Tom Eastep
e2b029b0ba
More hosts file corrections.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 17:00:35 -07:00
Tom Eastep
0efc0451c1
Allow IP range in the hosts file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 15:59:30 -07:00
Tom Eastep
9dd66fc6ff
Allow IP range in the hosts file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 15:55:00 -07:00
Tom Eastep
1195661264
Document new Dynamic Zone implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 12:20:36 -07:00
Tom Eastep
0c9cc4a233
Change the 'dynamic' zone option to 'dynamic_shared'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-07 09:18:18 -07:00
Tom Eastep
c228668500
Implement logic associated with 'dynamic' zone option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-06 07:52:06 -07:00
Tom Eastep
afaba46aa3
Add 'dynamic' zone option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-06 07:21:49 -07:00
Tom Eastep
1f38a36acf
Delete extraneous logic
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
Conflicts:
Shorewall/Perl/Shorewall/Zones.pm
2012-10-04 09:45:25 -07:00
Tom Eastep
526f72216a
Correct handling of dash characters in interface/ipset names.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-04 07:34:41 -07:00
Tom Eastep
642ff1be15
Correct handling of dash characters in interface/ipset names.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-02 10:09:23 -07:00
Tom Eastep
92d39dc56d
Expunge the g_perllib variable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-01 06:59:39 -07:00
Tom Eastep
a8e9296473
Expunge the g_sbindir variable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-01 06:55:48 -07:00
Tom Eastep
749e239d15
Expunge the g_libexec variable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-10-01 06:51:36 -07:00
Tom Eastep
30d4ba67cc
Revert "Allow '-' in the interface for dynamic zone."
...
This reverts commit b68b34b820
.
2012-09-30 16:25:35 -07:00
Tom Eastep
4ef81041be
Delete extraneous logic
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-30 16:09:34 -07:00
Tom Eastep
b68b34b820
Allow '-' in the interface for dynamic zone.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-30 16:04:38 -07:00
Tom Eastep
4311dc5ddf
Merge branch '4.5.8'
2012-09-29 09:03:12 -07:00
Tom Eastep
38faa3e071
Correct handling of new ipv6 net syntax in the hosts file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-29 09:01:17 -07:00
Tom Eastep
81f92546d8
Merge branch '4.5.8'
2012-09-29 08:08:00 -07:00
Tom Eastep
91e2c31a58
Correct handling of new ipv6 net syntax in the hosts file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-27 14:51:28 -07:00
Tom Eastep
9c893a0e21
Restore the original calling sequences of validate_[46]net()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-27 07:22:40 -07:00
Tom Eastep
c8c1585dfc
Merge branch '4.5.8'
2012-09-26 15:48:44 -07:00
Tom Eastep
ffcf262de4
Ensure that the 1:1 NAT chain jumps always come last in PREROUTING.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-26 15:46:52 -07:00
Tom Eastep
ca79147db3
Merge branch '4.5.8'
2012-09-25 11:07:49 -07:00
Tom Eastep
bac0f36818
Yet another fix for TTL/HL
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 16:23:15 -07:00
Tom Eastep
a8f324b25c
Ensure that the .service files run the utility in ${SBINDIR}
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 14:32:20 -07:00
Tom Eastep
b451e10dd8
More fixes for HL and TTL
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 14:25:31 -07:00
Togan Muftuoglu
58e277f48b
Systemd service files usrmove
...
On 09/24/2012 10:19 PM, Tom Eastep wrote:
> On 09/24/2012 02:31 AM, Jonathan Underwood wrote:
>> Such a change is something I've been meaning to submit a (trivial) patch
>> for - from a fedora perspective this would be a welcome change.
>
> Okay -- if one of you would send me a patch, I'll apply it. 4.5.8 is
> about to be released, so I would like the patch ASAP if you want it
> included in 4.5.8.
Hope not late and it works, see attached
Togan
>From 3ec45217b6ac93437d002315c56a1b3354160ff2 Mon Sep 17 00:00:00 2001
From: Togan Muftuoglu <toganm@opensuse.org>
Date: Sun, 23 Sep 2012 14:26:07 +0200
Subject: [PATCH] Fix sbin
The service files need to be executed from /usr/sbin not from /sbin
Signed-off-by: Togan Muftuoglu <toganm@opensuse.org>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 14:03:55 -07:00
Tom Eastep
6d0142525c
Merge branch '4.5.8'
2012-09-24 08:44:07 -07:00
Tom Eastep
cf130a7e16
Correct handling of {+-}0 in the TTL and HL tcrule actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 07:14:44 -07:00
Tom Eastep
e1309b06b1
Correct PPTP Macro
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 12:19:41 -07:00
Tom Eastep
70c76f577c
Permit "[<ipv6 address>]/vlsm" in addition to "[<ipv6 address>/vlsm]"
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 12:16:17 -07:00
Tom Eastep
86c35339cd
Merge branch '4.5.8'
2012-09-23 07:07:37 -07:00
Tom Eastep
f23fb1535d
Correct PPTP control port number in conntrack files (1729->1723).
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 07:04:43 -07:00
Tom Eastep
607c93125c
Don't unconditionally detect helpers when LOAD_HELPERS_ONLY=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
Conflicts:
docs/Internals.xml
2012-09-23 06:55:00 -07:00
Tom Eastep
2d01af8256
Correct typos (omma -> comma) in the stoppedrules manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 06:52:32 -07:00
Tom Eastep
83d3d04afb
Correct typos (omma -> comma) in the stoppedrules manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 06:51:56 -07:00
Tom Eastep
88caf5c9df
Correct header in the STOPPEDRULES files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-22 11:51:23 -07:00
Tom Eastep
32f89fa24b
Don't unconditionally detect helpers when LOAD_HELPERS_ONLY=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-22 09:27:13 -07:00
Tom Eastep
8bd5ee355c
Merge branch '4.5.8'
2012-09-21 08:56:19 -07:00
Tom Eastep
af5eb575c2
Add tcfilter example with PRIORITY
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-21 07:40:33 -07:00
Tom Eastep
4aeebb0b15
Merge branch '4.5.8'
2012-09-19 10:07:31 -07:00
Tom Eastep
e14f5e5199
Swicth from postincrement to preincrement when bumping 'filterpri'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-17 10:46:31 -07:00
Tom Eastep
483374d356
Continue development of the Internals document
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-17 07:52:18 -07:00
Tom Eastep
fc361afbc3
Disallow ':' as the only contents of the USER/GROUP column
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-16 16:25:41 -07:00
Tom Eastep
124dafbf52
Delete IPAddrs dependency from Compiler.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-16 15:48:06 -07:00
Tom Eastep
78f3255bf0
Correct getparams.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-16 09:06:32 -07:00
Tom Eastep
adc983bccb
Issue progress messages to display the priority of Shorewall-generated filters
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-15 07:25:16 -07:00
Tom Eastep
0400cedc6c
More TC manpage updates
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-14 08:01:08 -07:00
Tom Eastep
a581958042
Document filter priority algorithm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 16:31:39 -07:00
Tom Eastep
e0f85edab3
Assign sequential priorities to filters
...
- Also remove a redundant 0x prefix from a table number.
Signed-off-by: Tom Eastep <teastep@shorewall.net
2012-09-13 09:30:11 -07:00
Tom Eastep
14073e8943
Change TOS priority offset from 10 to 15
...
- Make it distinct from tcp-ack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 08:25:05 -07:00
Tom Eastep
e02906e4f9
Add TOS to classification priority enumeration
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 07:46:52 -07:00
Tom Eastep
75953a87cb
Optional priority on hfsc classes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 13:39:54 -07:00
Tom Eastep
a223245c01
Don't create classic blacklist chains if no blacklist file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 07:30:34 -07:00
Tom Eastep
89289f95ba
Allow specification of priority for Shorewall-generated tc filters.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 07:22:07 -07:00
Tom Eastep
e431d5ab53
Document changes to filter priorities
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 17:12:59 -07:00
Tom Eastep
8c7b8c9390
Correct missing VARLIB handling in the installers.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 11:12:43 -07:00
Tom Eastep
f6e3107c00
Redefine tc filter priorities
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 10:03:16 -07:00
Tom Eastep
b4098ff5dd
Appease the Fedora 17 version of emacs.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 10:02:47 -07:00
Tom Eastep
9d6e0fd9ed
Add a PRIORITY column to the tcfilters file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 14:48:32 -07:00
Tom Eastep
0e1e38b035
Adjust VARDIR/VARLIB for old shorewallrc files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 13:12:32 -07:00
Tom Eastep
5c62bf297a
Document multiple GID/UIDs in the USER/GROUP column
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 08:18:25 -07:00
Tom Eastep
d7354aca14
Add a warning regarding the blacklist option being deprecated.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-05 07:19:48 -07:00
Tom Eastep
ebc4ad2f1e
Add warning message when an OUTPUT stopped rule is ignored due to ADMINISABSENTMINDED
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-05 07:16:40 -07:00
Tom Eastep
6614239b32
Allow multiple USER/GROUPs in a rule.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 17:03:26 -07:00
Tom Eastep
3993abad4e
Revert routestopped changes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 17:03:02 -07:00
Tom Eastep
5e07ad8caa
Allow a directory to be specified with -e.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 14:05:52 -07:00
Tom Eastep
6aaf06c2e8
Add stoppedrules files to the samples
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 09:06:45 -07:00
Tom Eastep
eb854f1dbe
Only process routestopped when stoppedrules does not exist or is empty
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 08:46:04 -07:00
Tom Eastep
2050d566b8
Handle PRODUCT correctly at run-time.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 07:36:47 -07:00
Tom Eastep
188f05e130
Make ./firewall the default file when compile -e
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 07:35:03 -07:00
Tom Eastep
4260e5f6ba
Correctly handle the product name in export shorewallrc.
...
- Also re-arranged the processing of the shorewallrc file to eliminate
the kludgy shuffling of hashes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 06:59:16 -07:00
Tom Eastep
bdd66e68c9
Have separate hashes for the two shorewallrc files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 20:09:20 -07:00
Tom Eastep
55e3b11a28
Pass both shorewallrc files to the compiler from lib.cli-std
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 15:07:50 -07:00
Tom Eastep
b8e6a812bd
Specify the cwd when compiling or checking for export
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 11:33:58 -07:00
Tom Eastep
09ce6239a7
Install stoppedrules rather than routestopped
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 11:00:22 -07:00
Tom Eastep
afd9875d3a
Update Manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 10:52:22 -07:00
Tom Eastep
5b953cc1dd
Handle different layouts on the admin system and remote firewall(s)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 09:50:07 -07:00
Tom Eastep
8e5bd3637d
Implement stoppedrules file (less manpages)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 08:44:03 -07:00
Tom Eastep
01696e7298
Remove empty paragraph in shorewall-rules(5)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 05:52:40 -07:00
Tom Eastep
b922177769
Handle missing VARDIR
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 15:51:35 -07:00
Tom Eastep
88ab423b2a
Correct 'postcompile' patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 14:55:56 -07:00
Tom Eastep
e66d9e3418
Rename VARDIR to VARLIB in shorewallrc
...
- Done so that existing shorewallrc files are still valid.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 14:36:11 -07:00
Tom Eastep
7279553be4
Revert "Add GROUP zones"
...
This reverts commit 4f2a4c0c6c
.
2012-09-02 11:08:38 -07:00
Tom Eastep
a6740c6c53
Revert "Assign marks to according to GROUP zones"
...
This reverts commit 3fbfafb6e3
.
2012-09-02 11:06:28 -07:00
Tom Eastep
4f54cb34df
Add a postcompile script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 08:28:02 -07:00
Tom Eastep
3fbfafb6e3
Assign marks to according to GROUP zones
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 18:13:49 -07:00
Tom Eastep
34ee00a986
Document the <directory> argument to the 'try' command.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 10:53:35 -07:00
Tom Eastep
353915fc8b
Allow ipsets in the routestopped file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 10:52:37 -07:00
Tom Eastep
02e7d13710
Load iptables_raw in modules.essential
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 08:27:03 -07:00
Tom Eastep
e2c7284529
Correct handling of 'source' with ADMINISABSENTMINDED=No
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 08:26:31 -07:00
Tom Eastep
092c2ef8f7
No longer process the local shorewall.conf when compiling from a directory
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 08:21:45 -07:00
Tom Eastep
4f2a4c0c6c
Add GROUP zones
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-31 17:37:01 -07:00
Tom Eastep
deea614677
Placate the latest Emacs WRT qw/.../
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-31 17:36:38 -07:00
Tom Eastep
1119d64b29
Break SNMP Macro into two macros
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-31 06:53:05 -07:00
Tom Eastep
053797a85e
Merge branch '4.5.7'
2012-08-30 14:27:01 -07:00
Tom Eastep
48706695b6
Make the SNMP bi-directional with traps allowed in the reverse direction
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-30 14:25:51 -07:00
Tom Eastep
9b05146a85
New documents (WIP)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-30 10:06:58 -07:00
Tom Eastep
09a6f8bc16
Revert non-fatal error implementation
...
- In the end, I didn't like the way this worked.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-29 11:35:11 -07:00
Tom Eastep
303dc65d13
Merge branch '4.5.7'
2012-08-28 11:46:04 -07:00
Tom Eastep
d838cf41bf
Allow TTL and HL in the PREROUTING chain.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-28 11:45:32 -07:00
Tom Eastep
84e24325de
Merge branch '4.5.7'
2012-08-27 07:30:21 -07:00
Tom Eastep
3aca90811c
Clear the current comment at the end of the blrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-27 07:29:47 -07:00
Tom Eastep
7b12558249
Merge branch '4.5.7'
2012-08-26 09:18:16 -07:00
Tom Eastep
341dec0711
Another fix for the NOTRACK patch
...
- 3 defects in a two-line patch :-(
2012-08-26 09:17:57 -07:00
Tom Eastep
01b58bf66f
Merge branch '4.5.7'
2012-08-26 08:27:39 -07:00
Tom Eastep
dc21d015da
Clean up white-space in Togan's patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-26 08:27:24 -07:00
Tom Eastep
9e5d1cc1ce
Merge branch '4.5.7'
2012-08-26 08:11:40 -07:00
Tom Eastep
779243094e
Map NOTRACK to 'CT --notrack' if CT_TARGET is available.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-26 08:08:57 -07:00
Togan Muftuoglu
1a324fa37f
Suse specific patches
...
Hi Tom,
I have been patching shorewall packages for the opensuse releases, but I
guess it is better to send them to you . the upstream so it gets
incorporated into shorewall itself and I do not have to patch it ;)
I believe I have incorparted most of my patches in to this one. If you
can review them and if appropriate apply them that would be great
Thanks
Togan
>From 6072c08de753e7d1cc31bb758295dee198197e41 Mon Sep 17 00:00:00 2001
From: Togan Muftuoglu <toganm@opensuse.org>
Date: Fri, 24 Aug 2012 13:17:12 +0200
Subject: [PATCH] suse-specific
Signed-off-by: Togan Muftuoglu <toganm@opensuse.org>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-25 08:45:57 -07:00
Tom Eastep
b45d15eec6
Revert "Apply Togan Muftuoglu's SuSE-specific init patches"
...
This reverts commit 2412998b57
.
2012-08-25 08:45:18 -07:00
Togan Muftuoglu
906795a4d7
Suse specific patches
...
Hi Tom,
I have been patching shorewall packages for the opensuse releases, but I
guess it is better to send them to you . the upstream so it gets
incorporated into shorewall itself and I do not have to patch it ;)
I believe I have incorparted most of my patches in to this one. If you
can review them and if appropriate apply them that would be great
Thanks
Togan
>From 6072c08de753e7d1cc31bb758295dee198197e41 Mon Sep 17 00:00:00 2001
From: Togan Muftuoglu <toganm@opensuse.org>
Date: Fri, 24 Aug 2012 13:17:12 +0200
Subject: [PATCH] suse-specific
Signed-off-by: Togan Muftuoglu <toganm@opensuse.org>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-25 08:41:28 -07:00
Tom Eastep
7208464c68
Change "Compilation aborted..." to "Check aborted ..."
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-25 08:10:12 -07:00
Tom Eastep
519e799ef1
Unify the mode of init files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-24 06:59:11 -07:00
Tom Eastep
e5d63f4212
Merge branch '4.5.7'
2012-08-24 06:56:01 -07:00
Tom Eastep
2412998b57
Apply Togan Muftuoglu's SuSE-specific init patches
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-24 06:32:30 -07:00
Tom Eastep
1067f8a9bb
Use the non-fatal error reporting feature for missing capabilities
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-24 06:25:29 -07:00
Tom Eastep
3006452cea
Unconditionally restore route mark in PREROUTING and OUTPUT.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-23 12:23:29 -07:00
Tom Eastep
e17010018c
Unconditionally restore route mark in PREROUTING and OUTPUT.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-23 12:15:14 -07:00
Tom Eastep
112312f2ee
Add non-fatal error capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-23 05:50:36 -07:00
Tom Eastep
dffd98dff7
Revert change that added CONTINUE as a valid content of the ADDRESSES column
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-21 10:51:01 -07:00
Tom Eastep
64edd30a76
Correct link in shorewall[6].conf manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-21 07:54:51 -07:00
Tom Eastep
c20611b6c0
Add CONTINUE keyword to the masq file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-20 18:09:59 -07:00
Tom Eastep
1fd9e5e95c
Compensate for silly RHEL bug
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-20 07:20:21 -07:00
Tom Eastep
99efb518bd
Add the HELPER column to the rules files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-18 12:05:42 -07:00
Tom Eastep
1b7a7d0fdf
Remove some more hard-coded directory names from the installers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-17 14:24:52 -07:00
Tom Eastep
7ac9e46e1f
Add a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-16 15:49:33 -07:00
Tom Eastep
0a4f26a318
Correct handling of existing notrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-16 14:46:48 -07:00