holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity
9,588 Commits 104 Branches 736 Tags 54 MiB
19f40ab721
Commit Graph

3450 Commits

Author SHA1 Message Date
Tom Eastep
81e6e0889c Initiate Beta 2 2010-11-15 15:09:22 -08:00
Tom Eastep
3c5cadb02c Add another variable to the preceding optimization 2010-11-15 08:42:58 -08:00
Tom Eastep
64e49229f8 Simply variable initialization 2010-11-15 08:14:31 -08:00
Tom Eastep
7507f67d9a Now that I've RTFM, simplify the rule for skipping over the IPv6 header 2010-11-15 07:40:50 -08:00
Tom Eastep
94e827862e Fix typo in release notes 2010-11-15 07:40:18 -08:00
Tom Eastep
31bcb8727e Update release documents 2010-11-14 15:54:58 -08:00
Tom Eastep
5d0e719d03 Prevent suprious 'fi' in filter output 2010-11-14 10:51:42 -08:00
Tom Eastep
0e5dc41d31 Fix 'Shared' traffic shaping 2010-11-14 09:31:00 -08:00
Tom Eastep
997a697a65 Fix required/optional interface with physical eq '+' 2010-11-14 08:43:20 -08:00
Tom Eastep
9568a6ef59 Add getparams to the .spec file - Take 2 2010-11-14 08:10:05 -08:00
Tom Eastep
59f6b10a55 Add getparams to the .spec file 2010-11-14 08:03:14 -08:00
Tom Eastep
2d8785d574 Add 'TC_ENABLED=Shared' support 2010-11-14 07:52:51 -08:00
Tom Eastep
5bae689fe1 Generate distinct progress messages for IPv4 and IPv6 filters 2010-11-14 07:38:01 -08:00
Tom Eastep
ff571cb83b Give IPv6 filters a distinct priority 2010-11-14 06:55:09 -08:00
Tom Eastep
1d93a18b8d IPV6 now working -- BOTH still broken 2010-11-13 18:08:19 -08:00
Tom Eastep
3f6cce10d2 Protect against accidental output from params file 2010-11-13 16:16:58 -08:00
Tom Eastep
19122512d0 Fix new params file processing for INCLUDE 2010-11-13 10:59:09 -08:00
Tom Eastep
b20ed2d4de Simply another RE 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-11-11 14:03:00 -08:00
Tom Eastep
775bee278a Fix for unexpected /usr/share/shorewall/init 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-11-11 13:03:00 -08:00
Tom Eastep
ff61d4dba4 Correct documentation of NULL_ROUTE_RFC1918 fix 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-11-10 14:18:33 -08:00
Tom Eastep
0602b619bd Fix NULL_ROUTE_RFC1918=Yes 2010-11-09 15:20:23 -08:00
Tom Eastep
8a9aaff4e8 Change shell variable resolution order 2010-11-07 13:28:03 -08:00
Tom Eastep
1e6b7c8130 Simplify an RE 2010-11-06 20:25:46 -07:00
Tom Eastep
092f032b8e Realign precedence of environment inheritance 2010-11-06 19:02:14 -07:00
Tom Eastep
25397e8284 Document params file processing change 2010-11-06 18:33:41 -07:00
Tom Eastep
69c3600107 Modernize processing of params file 2010-11-06 17:12:05 -07:00
Tom Eastep
7c4bc900d6 Belated update to Perl module versions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-30 10:45:14 -07:00
Tom Eastep
dcf2d633b1 Don't save ipsets if there are no dynamic zones or ipset rules 2010-10-30 10:35:52 -07:00
Tom Eastep
d4f857f877 Update version to 4.4.15-Beta1 2010-10-30 07:12:03 -07:00
Tom Eastep
4daf4c372e Initialize release documents for 4.4.15 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-29 08:28:58 -07:00
Tom Eastep
1db13849ab Clear VERBOSE and VERBOSITY at CLI startup 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-28 15:17:37 -07:00
Tom Eastep
5cf0cd2c33 Document VERBOSITY fix. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-28 11:41:38 -07:00
Tom Eastep
8758d3a834 Insure that VERBOSITY=0 when interrogating compiled script version 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-28 11:25:56 -07:00
Tom Eastep
20bb781874 Document fix for 10+ TC interfaces 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-28 10:33:17 -07:00
Tom Eastep
bc406b39bc Fix > 10 TC interfaces 2010-10-28 10:27:55 -07:00
Tom Eastep
6c90046ab5 Document fix for split_list() 2010-10-26 06:55:01 -07:00
Tom Eastep
f2ab068044 Fix split_list() 2010-10-26 06:49:55 -07:00
Tom Eastep
1060b201dd Update version to 4.4.14 2010-10-23 21:40:22 -07:00
Tom Eastep
ded852e0ee Fix compilation warning 2010-10-19 08:42:35 -07:00
Tom Eastep
3ec6185f72 Run update-rc.d on Debian 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-13 08:42:35 -07:00
Tom Eastep
28e473d9a1 Document change to FORWARD_CLEAR_MARK default 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-10 07:49:17 -07:00
Tom Eastep
11f2c7772a Clear FORWARD_CLEAR_MARK setting in the remaining config files 2010-10-09 11:28:13 -07:00
Tom Eastep
17860cacd8 Move dump_command() to a more logical place in the file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-07 14:36:05 -07:00
Tom Eastep
033d43b014 Implement undocumented dumpfilter extension file 2010-10-07 14:35:51 -07:00
Tom Eastep
f0ef27b3e5 Update version to RC1 2010-10-06 16:16:37 -07:00
Tom Eastep
b9602d9a6a Correct typo in the release notes 2010-10-06 11:24:45 -07:00
Tom Eastep
3d90c63528 Improve validation and reporting in the net list processing. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-05 16:20:07 -07:00
Tom Eastep
a10ced2da2 Make exclusion of set lists more consistent 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-05 12:22:27 -07:00
Tom Eastep
7767d30c7c Improve error message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-05 11:25:18 -07:00
Tom Eastep
587dacdae0 Allow set lists with "!" 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-05 08:38:30 -07:00
Tom Eastep
8fd221ef30 Refine source/dest network parsing in expand_rule() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-04 18:57:11 -07:00
Tom Eastep
e74f48410f Correct handling of exclusion with ipset lists 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-04 14:29:50 -07:00
Tom Eastep
38851fe446 Delete obsolete options from shorewall.conf 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-04 07:44:28 -07:00
Tom Eastep
cee05d9763 Refine -lite handling of scfilter. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-03 12:52:30 -07:00
Tom Eastep
b3d0447ef2 Reword scfilter -lite explaination 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-03 11:00:51 -07:00
Tom Eastep
432534a650 Eliminate need to restart -lite to extract scfilter 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-03 10:56:55 -07:00
Tom Eastep
994ea3cce6 Document -lite log reading fix. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-03 08:35:17 -07:00
Tom Eastep
f9af35ffbe Document -lite fixes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-02 07:22:37 -07:00
Tom Eastep
b27fd07e9f Don't indent the embedded scfilter file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-01 13:20:36 -07:00
Tom Eastep
ac71868cc1 Package the scfilter along with the generated script for -lite 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-01 10:59:15 -07:00
Tom Eastep
6e9fc12517 Update version to Beta 4 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-01 09:31:11 -07:00
Tom Eastep
468af44876 Add support for 'scfilter' script 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-01 09:15:58 -07:00
Tom Eastep
2fa7e11976 Add 'scfilter' extension script 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-10-01 07:38:14 -07:00
Tom Eastep
3898edfddb Make 'show connections' work on ancient distros 2010-09-30 17:18:58 -07:00
Tom Eastep
077aa18a2d Update release notes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-30 15:03:02 -07:00
Tom Eastep
e795a9995b Update release documents 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-30 14:17:51 -07:00
Tom Eastep
1218ccf0cb More optimization performance improvements 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-30 14:15:19 -07:00
Tom Eastep
252a9f2205 More speedup of optimization level 8 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-29 13:30:10 -07:00
Tom Eastep
46f1074422 Reduce the cost of optimization substantially. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-29 11:54:39 -07:00
Tom Eastep
8017f603a0 Add progress message for each optimization pass. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-28 12:20:35 -07:00
Tom Eastep
6171d938f7 Correction to last change -- move two declarations to an outer block. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-28 12:20:06 -07:00
Tom Eastep
48c3200a5a Issue error message when required file is missing or has zero size. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-28 11:22:47 -07:00
Tom Eastep
68f537ac5b Bypass processing logic when an optional config file is absent. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-28 10:48:44 -07:00
Tom Eastep
47fbc83419 Don't add trailing whitespace to DNAT/REDIRECT target 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-28 09:27:42 -07:00
Tom Eastep
91aabfc078 Revise fix for extraneous progress messages 2010-09-27 16:18:11 -07:00
Tom Eastep
0109b8113a Prevent random progress messages during compilation. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-27 15:56:22 -07:00
Tom Eastep
75d50d126c Make zones with 'mss' complex. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-27 13:57:56 -07:00
Tom Eastep
f7eb3c3d8c Periodic elimination of trailing white space 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-27 11:16:18 -07:00
Tom Eastep
f33912d5f7 Correct/update release notes. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-27 09:11:17 -07:00
Tom Eastep
ac646930a3 Tighter validation of ipset names in the hosts file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-26 08:36:27 -07:00
Tom Eastep
066c772fcd Correct minor issue with previous error message improvement change 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-26 08:28:25 -07:00
Tom Eastep
0becb39202 Bump version to Beta 3 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-26 08:15:32 -07:00
Tom Eastep
2828b65326 Improve error message generated when a token beginning with '+' reaches validate_net() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-26 07:56:55 -07:00
Tom Eastep
74f1cb2443 Mention maclist file in shorewall-ipsets(5) 2010-09-25 16:07:56 -07:00
Tom Eastep
f07ec1e9d3 Clean up untidiness where Shorewall6 tries to start on a system with an old kernel 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-25 08:46:14 -07:00
Tom Eastep
e018ee6adc Don't create <zone>_frwd when unnecessary 
- Set the zone {complex} flag based on ipsec options rather than the presense of any options.
- Generate forwarding blacklist rules in lieu of creating<zone>_frwd

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-24 15:25:57 -07:00
Tom Eastep
b5fdb089bc Fix syntax error in blacklist fix 2010-09-24 13:42:05 -07:00
Tom Eastep
0768235278 Correct blacklisting in simple configurations 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-24 13:41:54 -07:00
Tom Eastep
03161ed57d Bump version to 4.4.14 Beta 2 2010-09-23 19:33:37 -07:00
Tom Eastep
0f4d8eb929 Use 'conntrack' for 'show connections' 2010-09-23 19:08:40 -07:00
Tom Eastep
6702fbbd40 Make timestamps in log uniform 2010-09-23 07:40:27 -07:00
Tom Eastep
2c7b1b5d7b Add more comments 2010-09-22 15:26:01 -07:00
Tom Eastep
9d5642aedd Update Version to 4.4.14-Beta1 2010-09-21 11:34:26 -07:00
Tom Eastep
dbd7914ee6 More fiddling with move_rules() 
- Assert that the chain being moved has no blacklist jumps
- delete duplicate rules in case the destination chain has such a jump
 2010-09-20 18:00:39 -07:00
Tom Eastep
271154ed60 Rename DESTIFAC_DISALLOW -> DESTIFACE_DISALLOW 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-20 09:45:48 -07:00
Tom Eastep
bde0a297f9 Misc cleanup for 4.4.13 
1. Replace statement with equivalent function call in promote_blacklist_rules()
2. Bump version of Tunnels.pm
3. Fix typo in comment in Zones.pm

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2010-09-20 09:45:38 -07:00
Tom Eastep
7baa1839cf Tighen up parsing of bracketed lists -- Take 2 2010-09-20 07:24:22 -07:00
Tom Eastep
f64993fe40 Tighen up parsing of bracketed lists 2010-09-20 07:05:23 -07:00
Tom Eastep
0ed33a0552 Document fix for '*' in interface names 2010-09-19 15:55:09 -07:00
Tom Eastep
9335ef5745 Don't allow '*' in interface names 2010-09-19 15:10:21 -07:00