Commit Graph

11376 Commits

Author SHA1 Message Date
Tom Eastep
17e25932f0 Fixes for GeoIP
- Correct check for valid ACTION
- Add to Shorewall6/actions.std
- Only use geoip once per invocation

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-15 11:14:28 -07:00
Tom Eastep
63ae00e4a4 Fix bug in 'interface_is_usable'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-15 06:58:03 -07:00
Tom Eastep
ac2ed505bb Add GeoIP support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-14 17:12:46 -07:00
Tom Eastep
926e589414 Exit the tcpost chain if a connection mark is restored
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-14 10:35:42 -07:00
Tom Eastep
9f1c920a39 Don't allow RSTs to be REJECTed 2012-05-14 10:34:11 -07:00
Tom Eastep
9ea233d55f Split a couple of functions with address-family dependent logic.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-13 15:53:02 -07:00
Tom Eastep
60bde6231a Improve interface_is_usable()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-13 13:49:59 -07:00
Tom Eastep
3d575a45bd Re-code interface_is_usable()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-13 11:56:52 -07:00
Tom Eastep
1f621002b7 Ignore 'isusable' on 'enable'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-12 19:38:18 -07:00
Tom Eastep
cd150af790 Update .status file on disable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-12 07:44:46 -07:00
Tom Eastep
cd98266396 Correct add of default IPv6 route when no gateway specified
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-12 07:15:24 -07:00
Tom Eastep
3d541f50c8 Use "(S)" consistently in column headings.
- add synonyms so both the singular and plural forms are accepted.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 12:42:04 -07:00
Tom Eastep
bad8b9bddb Improve TPROXY documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 11:39:15 -07:00
Tom Eastep
f77b350a7b Clear the 'balance' table if no balanced providers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 11:28:06 -07:00
Tom Eastep
bed4457e0e Delete jump to 'tproxy'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 09:00:09 -07:00
Tom Eastep
2d5269be7b Fix another conditional compilation bug.
?IF $false
   ?IF $false
      ...
   ?ENDIF
   foo <------- This line is not omitted!
?ENDIF

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 07:44:46 -07:00
Tom Eastep
a05b3afd7f Eliminate the 'tproxy' chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 07:42:44 -07:00
Tom Eastep
9e743451f6 Add FORMAT 2 to tcrules files. Initialize $format in Tc.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 07:08:06 -07:00
Tom Eastep
cb7fc31f0b Restore 4.5.3 compatibility
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-10 14:23:33 -07:00
Tom Eastep
69d735ea0a Make TPROXY actually work!
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-10 11:19:23 -07:00
Tom Eastep
4d4fc315e0 More TPROXY changes
- Combine identical DIVERT chains.
- Add --transparent to -m socket
- Reserve a TPROXY bit in the fwmark

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-10 07:25:07 -07:00
Tom Eastep
820c965b72 Allow Shorewall::Config::in_hex() to accept an argument already expressed in hex.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-09 13:51:49 -07:00
Tom Eastep
605ef6ef86 Tweak to DIVERT plus correct TPROXY in man pages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-09 13:10:51 -07:00
Tom Eastep
2eb7af23dc Merge branch 'master' into 4.5.3 2012-05-09 10:03:43 -07:00
Tom Eastep
582d025f58 Add DIVERT action to tcrules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-09 09:41:58 -07:00
Tom Eastep
b55d8c04e4 Do logical->physical mapping in rtrules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-08 14:52:18 -07:00
Tom Eastep
3b6f5b2d8a Finish alternative balancing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-08 13:55:13 -07:00
Tom Eastep
6639b3534e Close all input files in Shorewall::Config::cleanup()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-08 08:58:14 -07:00
Tom Eastep
59bf343521 Leave first filename and linenumber on the same line as error text.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-08 08:55:24 -07:00
Tom Eastep
089d980dae Document the --shorewallrc parameter to compiler.pl
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-08 07:59:22 -07:00
Tom Eastep
1d6e6b65db Finish a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 17:06:35 -07:00
Tom Eastep
2224fdbc65 Correct help text in compiler.pl
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 16:55:51 -07:00
Tom Eastep
fd1d6cf935 Handle default shorewallrc location
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 16:55:17 -07:00
Tom Eastep
5d7442e9e9 Correct typo in converted blrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 12:13:26 -07:00
Tom Eastep
ef90006334 Avoid reference to unitialized variable on bogus FORMAT in interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 12:00:21 -07:00
Tom Eastep
2cbf1e86ad Allow synonyms for column names in alternate specification formats
- gateway and gateways in the tunnels file
- mark and action in the tcrules file

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 11:59:47 -07:00
Tom Eastep
dd8e9ff09d Fix 'COMMENT' along in the tunnels file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 11:58:37 -07:00
Tom Eastep
4320150dc4 Add alternate specification in tunnels file ('gateways')
- Make similar change in tcrules file with 'action'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 07:43:11 -07:00
Tom Eastep
7453b70666 Add emphasis to the 'required' option in the config basics doc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 07:14:56 -07:00
Tom Eastep
003daec41c Remove a couple of hard-coded '/usr/share' in Shorewall::Config
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-06 17:30:17 -07:00
Tom Eastep
cb159eba2e Add RST action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-06 12:14:30 -07:00
Tom Eastep
aac00c3cc7 Pop open stack in run_user_exit1 and run_user_exit2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-05 10:31:55 -07:00
Tom Eastep
cd35b6a13f Modify macro.BLACKLIST to use blacklog when appropriate
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-05 08:56:55 -07:00
Tom Eastep
af228806fc Allow manual changes to be used in macros.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-05 08:56:26 -07:00
Tom Eastep
69f6aae982 Delete extra copy of macro.BLACKLIST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-05 08:40:25 -07:00
Tom Eastep
53d66833b2 Document how to avoid dhcp client setting default route
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-04 08:28:06 -07:00
Tom Eastep
1d90ee174c Cleanup of ERROR/WARNING message enhancement.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-04 07:01:08 -07:00
Tom Eastep
097ab853db Apply Tuomo Soini's tunnels patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-04 06:18:22 -07:00
Tom Eastep
3e37f47fb5 Print out the include/open stack in WARNING and ERROR messages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-03 17:17:55 -07:00
Tom Eastep
bd30d59f3d Fix annotated interfaces files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-03 14:09:49 -07:00