Tom Eastep
8bed5c9d65
Drop support for the IPSECFILE option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 10:11:52 -07:00
Tom Eastep
037e92a60e
Eliminate some config options
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 14:28:12 -07:00
Tom Eastep
2165f746e6
Update .conf documents for 'reload'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 12:58:08 -07:00
Tom Eastep
ef9e75753a
Restore .214 files
...
- Also merge Debian changes from 4.6.12
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 11:23:35 -07:00
Tom Eastep
85648bded1
Deimplement several .conf options
...
- LOGRATE/LOGBURST
- EXPORTPARAMS
- LEGACY_FASTSTART
2015-08-01 11:11:35 -07:00
Tom Eastep
67589cab69
More version changes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-28 10:59:11 -07:00
Tom Eastep
f40373d60c
Update config file version and copyrights
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-28 10:50:19 -07:00
Tom Eastep
fa7248c58c
Add the LEGACY_RESTART option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-27 09:19:52 -07:00
Tom Eastep
0a7c65ae0d
Allow connlimit by destination
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 14:26:58 -07:00
Tom Eastep
6e0fb1ab88
Correct syntax error
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 14:16:12 -07:00
Tom Eastep
34f58bd6ac
Correct formatting in the rules file man pages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 11:36:14 -07:00
Tom Eastep
cecc81ce82
Update .service files
...
- make the .214 versions the default and remove the ones name *.214
- Add 'ExecReload' to all but Shorewall-init
- Create Debian-specific versions with /etc/default rather than /etc/sysconfig
2015-07-26 10:58:03 -07:00
Tom Eastep
a00bf196a3
Remove all workarounds
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 10:27:30 -07:00
Tom Eastep
f9ec0c6930
New 'reload' and 'restart' semantics
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 09:59:49 -07:00
Tom Eastep
df817b6d2c
Correct formatting in the interfaces man pages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-13 13:06:53 -07:00
Tom Eastep
d0fc7f6547
Add some comments to the Zones module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-13 12:57:00 -07:00
Tom Eastep
5704438a44
Second Wave of changes to make script output reproducable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-12 15:00:41 -07:00
Tom Eastep
014ec1af1d
First phase of producing consistent scripts with Perl >= 5.18.0
...
Beginning with Perl 5.18.0, the order of elements returned by the 'keys'
and 'each' iterators is no longer deterministic. This is the first wave
of Shorewall changes to compensate for this irrational behavior.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-12 10:54:48 -07:00
Tom Eastep
bc8156b503
Include Compiler version in the compiler progress commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-08 12:53:42 -07:00
Tom Eastep
4995456563
Clean up compiler PATH fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 14:33:20 -07:00
Tom Eastep
c6f48a77e0
Only add dhcp rule if one rpfilter interface has the 'dhcp' option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 12:21:04 -07:00
Tom Eastep
e7792fc868
Exempt IPv4 DHCP broadcasts from rpfilter
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 10:03:03 -07:00
Tom Eastep
c47abe416a
Add default PATH to current PATH in the compiler
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 09:38:06 -07:00
Tom Eastep
0414166d6d
'show connections' enhancement
...
- Allow tayloring of the entries displayed by specifying conntrack
-L options.
2015-06-29 14:55:47 -07:00
Tom Eastep
7153146759
Don't ask for script version when WORKAROUNDS=No
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-28 09:18:47 -07:00
Tom Eastep
5ca68477d5
Corrections to last commit
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 15:18:07 -07:00
Tom Eastep
9f08726794
Eliminate running the script twice is some cases
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 14:32:43 -07:00
Tom Eastep
846d629c47
Eliminate the usage() function in lib.cli-std
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 12:55:34 -07:00
Tom Eastep
273a42b068
Correct the check for ordinary user attempting to access the default config
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 11:35:11 -07:00
Tom Eastep
9bf65ab9ab
Don't run the postcompile script when compilation is bypassed
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-22 16:41:21 -07:00
Tom Eastep
b35c214c70
Defer 'Compiling...' message until after AUTOMAKE is checked
...
- Avoid an export statement in compiler()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-22 10:56:17 -07:00
Tom Eastep
5003e826b9
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2015-06-09 10:58:58 -07:00
Tuomo Soini
f8d95d1ee9
rename not_configured() to not_configured_error()
...
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-06-09 20:29:45 +03:00
Tom Eastep
7f50557250
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2015-06-08 13:50:47 -07:00
Tuomo Soini
15276b1f89
Set exit code to 6 when startup is disabled
...
Handles cases missed by 4b27c72c79
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-06-08 22:23:38 +03:00
Tom Eastep
116e85e040
Cosmetic cleanup of the Compiler module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-08 11:27:37 -07:00
Tom Eastep
2956698298
Corrections to WORKAROUNDS implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-06 12:15:03 -07:00
Tom Eastep
7c9155a6e8
Update man pages and .conf files for WORKAROUNDS
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-06 07:56:14 -07:00
Tom Eastep
eb6be0e84d
Remove old comment that now makes no sense
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-01 15:55:06 -07:00
Tom Eastep
019e49b481
Implement WORKAROUNDS option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-01 12:59:25 -07:00
Tom Eastep
9a3c43b6d3
Make NFQUEUE parsing more robust
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-30 07:01:30 -07:00
Tom Eastep
0a45c7a646
Another Tweak to the NFQUEUE parser
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-30 06:38:21 -07:00
Tom Eastep
f227250959
Fix NFQUEUE parsing and documentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-29 18:19:35 -07:00
Tom Eastep
29a0c92918
Fix ancient bug in old parameter syntax
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-29 14:39:48 -07:00
Tuomo Soini
4edd6026f0
prog.footer: disabling already disabled inteface is not an error.
...
Neither is enabling already enabled interface
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-05-29 22:15:55 +03:00
Tom Eastep
18348ef6f1
Clean up distribute_load()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-27 06:58:10 -07:00
Tom Eastep
93c7e2c2f7
Change the way in which a warning message is suppressed
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-26 15:54:41 -07:00
Tom Eastep
602315938c
Correct the load distribution algorithm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-26 14:59:20 -07:00
Tom Eastep
425094de18
Mention load= warning (sum not 1.000000)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-25 10:31:08 -07:00
Tom Eastep
ca35f565e0
Return success exit status when no ipsets are saved by the script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-25 07:36:00 -07:00
Tom Eastep
bbdbdf7c47
Clean up 'call' description in the manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-25 07:06:17 -07:00
Tom Eastep
631ebdecb8
load= enhancements
...
- Normalize loads to 0.nnnnnnnn
- Issue warning if the loads don't sum to 1.000000
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-23 08:05:58 -07:00
Tom Eastep
c851e03313
Don't try to use a probibility >= 1.00000000
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-23 07:06:31 -07:00
Tom Eastep
df4d6f1f92
Document load= in the providers manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-22 16:31:21 -07:00
Tom Eastep
c7ca3119ef
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-05-22 07:20:51 -07:00
Tom Eastep
ba7afcaeae
Make 'call' a supported command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-21 10:38:35 -07:00
Tom Eastep
809e56cef6
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-05-21 09:04:35 -07:00
Tom Eastep
e3805b0ada
Implement 'call' in the compiled script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-21 09:00:11 -07:00
Tom Eastep
f1b6e71e56
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-05-20 10:59:06 -07:00
Tom Eastep
f77d649ac7
Make policy descriptions match what the user entered rather than what was generated by the compiler
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-20 10:58:57 -07:00
Tom Eastep
267637f139
NFQUEUE enhancements
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-20 10:55:21 -07:00
Tom Eastep
acd921cd08
Don't require a helper for ctevents and expevents
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-16 13:40:40 -07:00
Tom Eastep
9329e7c36c
Don't require a helper in the CT action.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-16 09:08:32 -07:00
Tom Eastep
7195ee708e
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-05-08 09:49:42 -07:00
Tom Eastep
50d1a719f9
Delete superfluous test
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-08 09:48:58 -07:00
Tom Eastep
4b27c72c79
Set exit code to 6 when startup is disabled
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-07 14:12:41 -07:00
Tom Eastep
3bb1f74283
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code into 4.6.9
2015-05-05 11:28:13 -07:00
Tuomo Soini
87eca92b10
lib.core: use consisten indenting
2015-05-05 20:40:17 +03:00
Tom Eastep
b58aadad01
Correct Syntax error in the generated code.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-04 08:23:42 -07:00
Tom Eastep
6dcd8174ee
Don't require interfaces on stop, clear, etc.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-04 08:23:10 -07:00
Tom Eastep
e248c0a3d7
Update Shorewall/Shorewall6 help text for 'reenable'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 13:29:42 -07:00
Tom Eastep
3f17a8cf24
Update the program header information in lib.core
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 13:13:06 -07:00
Tom Eastep
2cea78e6df
Add the 'reenable' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 13:02:12 -07:00
Tom Eastep
0abd51c796
Fix module versioning
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 11:59:01 -07:00
Tom Eastep
86e053be7a
More optimization of detect_configuration()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 11:32:45 -07:00
Tom Eastep
75d18139f7
Optimize detect_configuration() for enable/disable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-25 15:46:19 -07:00
Tom Eastep
bebb41674a
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2015-04-25 12:57:04 -07:00
Tom Eastep
42f75f7ba2
Correct SetEvent and ResetEvent
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-25 12:56:36 -07:00
Tuomo Soini
2c9b7fbb07
macro.JabberSecure: use of Jabber SSL is deprecated. Note user.
2015-04-23 10:03:07 +03:00
Tuomo Soini
119299421f
macro.JabberPlain: deprecate the macro in favor of macro.Jabber
2015-04-23 09:39:23 +03:00
Tuomo Soini
aef019e16d
macro.Jabber: use of jabber has changed from Plain+SSL to STARTTLS
2015-04-23 09:38:40 +03:00
Tom Eastep
3ae243b882
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2015-04-22 20:34:03 -07:00
Tuomo Soini
0fc58f81cc
macro.QUIC: added support for QUIC
...
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-04-22 16:29:17 +03:00
Tom Eastep
0e8b427778
Remove false comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-18 14:31:07 -07:00
Tom Eastep
6cb3004a39
Clarify helper module loading
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-17 09:51:25 -07:00
Tom Eastep
f5aa0373cb
Correct interfaces example 4
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-12 08:38:55 -07:00
Tom Eastep
b128c30813
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
...
Get Tuomo Soini's fix for serviced startup
2015-04-11 07:33:15 -07:00
Tuomo Soini
194252afd3
systemd: fix shorewall startup by adding Wants=network-online.target
...
Before shorewall failed to load if there were interfaces which were required
but there wasn't any other service which wanted network-online.target.
By adding Wants=network-online.target we make sure shorewall[6]* startup
won't fail if there are required interfaces
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-04-11 10:50:54 +03:00
Tom Eastep
16e3cb1b43
More manpage updates
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-07 10:14:42 -07:00
Tom Eastep
27c1ffc5fb
Include full syntax in lists of CLI commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-07 09:23:58 -07:00
Tom Eastep
0e54a86e82
Add descriptions of 'list' and 'ls' to the CLI manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-06 09:39:41 -07:00
Tom Eastep
4fd8aa692d
Add comment to setting of TCPMSS_TARGET with old caps file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-04 09:34:23 -07:00
Tom Eastep
8c3dda80a3
Simplify previous change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-03 16:35:50 -07:00
Tom Eastep
9f96f58a0d
Default TCPMSS_TARGET to 1 in old capabilities files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-03 14:46:50 -07:00
Tom Eastep
77165326f2
Merge branch '4.6.8'
...
Conflicts:
Shorewall6/uninstall.sh
2015-04-03 14:02:21 -07:00
Tom Eastep
eb3a162560
Apply Matt Darfeuille's fix for fatal_error()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-02 13:26:51 -07:00
Tom Eastep
44142ed457
Apply Matt Darfeuille's uninstall fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-02 07:28:21 -07:00
Tom Eastep
659e9d550c
Apply Matt Darfeuille's uninstall fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-02 07:27:57 -07:00
Tom Eastep
7442c2189d
Implement TCPMSS_TARGET capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-31 15:53:05 -07:00
Tom Eastep
468167f9e5
Apply nfw's fix for IP[6]TABLES in the conntrack file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-24 09:23:15 -07:00
Tom Eastep
b00a7af619
Allow a comma-separated list in the rtrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-18 15:16:25 -07:00
Tom Eastep
0c11870e46
Implement the 'savesets' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-17 10:03:12 -07:00
Tom Eastep
c5ef3fd905
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-03-14 08:55:40 -07:00
Tom Eastep
86d6d6900e
Improve 'close' and 'show opens' commands
...
- close accepts a rule number
- list opens displays rule numbers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-14 08:54:30 -07:00
Tom Eastep
9a5cc5e51c
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-03-07 07:57:26 -08:00
Tom Eastep
d7a1ca41f9
Another attempt to correct the formatting of the manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-07 07:56:34 -08:00
Tom Eastep
d3552346b0
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-03-06 15:38:48 -08:00
Tom Eastep
1e6c266b51
Formatting fix (I hope)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 15:37:56 -08:00
Tom Eastep
d6f8cda2d5
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-03-06 14:10:13 -08:00
Tom Eastep
4cc866cd81
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-03-06 14:09:11 -08:00
Tom Eastep
095e523c9f
Add 'show opens' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 13:10:23 -08:00
Tom Eastep
2817060edb
Improvements to the 'open' and 'close' commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 08:13:44 -08:00
Tom Eastep
30e750608b
Fix broken links
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-05 16:23:49 -08:00
Tom Eastep
a85fdc45ac
Implement 'open' and 'close' commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-05 16:20:54 -08:00
Roberto C. Sánchez
e9bb447537
Fix typo
2015-03-02 09:58:09 -05:00
Tom Eastep
cdc2d52208
Implement ADD and DEL in the mangle file.
...
- Also document the parameter to SAME
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-18 12:04:01 -08:00
Tom Eastep
18c8f1f835
Remove blank line
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-17 20:10:25 -08:00
Tom Eastep
aff8623a44
Allow TTL to be specified in the SAME action.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-17 19:11:28 -08:00
Tom Eastep
b14e7c54f9
Merge branch '4.6.6'
2015-02-07 08:29:44 -08:00
Tom Eastep
30a5f508be
Change samples to specify MODULE_SUFFIX="ko ko.xz"
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-06 12:56:35 -08:00
Orion Poplawski
9ad0b297e2
Supporting xz compressed kernel modules
...
- I've attached a patch that adds xz support to the default MODULE_SUFFIX.
- I'm wondering it wouldn't be better to not have MODULE_SUFFX=ko in various
sample configs so that the default value is used instead:
./Shorewall/configfiles/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/Universal/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/three-interfaces/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/two-interfaces/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/one-interface/shorewall.conf:MODULE_SUFFIX=ko
./docs/MultiISP.xml:MODULE_SUFFIX=ko
./docs/MyNetwork.xml:MODULE_SUFFIX=ko
./Shorewall6/configfiles/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/Universal/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/three-interfaces/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/two-interfaces/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/one-interface/shorewall6.conf:MODULE_SUFFIX=ko
- Is:
MODULE_SUFFIX=
sufficient to use the default value or does it need to be commented out?
Thanks,
Orion
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion@nwra.com
Boulder, CO 80301 http://www.nwra.com
>From f13edf8fc07c7b62825408b8665b10d6014d368d Mon Sep 17 00:00:00 2001
From: Orion Poplawski <orion@cora.nwra.com>
Date: Mon, 26 Jan 2015 09:48:48 -0700
Subject: [PATCH] Support xz compressed modules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-06 12:51:00 -08:00
Tom Eastep
40104d0c86
Correct handling of +set[n]
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-26 07:53:41 -08:00
Tom Eastep
5d110616a5
Merge branch '4.6.6'
2015-01-24 18:16:47 -08:00
Tom Eastep
a2b8069ee3
Clarify Zone exclusion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-24 18:15:10 -08:00
Tom Eastep
c7cd0060f0
Merge branch '4.6.6'
2015-01-23 09:07:28 -08:00
Tom Eastep
e3b96862ef
Propagate the LOCKFILE setting to the generated script.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-23 08:18:30 -08:00
Tom Eastep
a060f683cc
Correct file name in mangle 'split_line' error messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:34:47 -08:00
Tom Eastep
01220d58ea
Change the installation default value of INLINE_MATCHES to 'No'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:34:39 -08:00
Tom Eastep
c2b6d974e7
Protect 'enable' and 'disable' with mutex
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:34:28 -08:00
Tom Eastep
7ab055e61e
Correct file name in mangle 'split_line' error messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:31:51 -08:00
Tom Eastep
758f3cf955
Change the installation default value of INLINE_MATCHES to 'No'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:30:50 -08:00
Tom Eastep
08a184d95b
Protect 'enable' and 'disable' with mutex
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:30:05 -08:00
Tom Eastep
50a0103e89
Merge branch '4.6.6'
2015-01-20 08:11:07 -08:00
Tom Eastep
6f2308e0fa
Correct syntax of the SAVE and RESTORE actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-20 08:09:55 -08:00
Tom Eastep
a7cacdfee3
Allow SAVE and RESTORE in the INPUT chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-20 08:09:09 -08:00
Tom Eastep
28ac76bde4
Add tinc tunnel support
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-13 13:28:37 -08:00
Tom Eastep
83431514fb
Add Tinc macro
...
- From Răzvan Sandu
2015-01-13 07:05:15 -08:00
Tom Eastep
111c454193
Make leading SHELL case-sensitive
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-13 07:04:20 -08:00
Tuomo Soini
b06ba536e9
macro.Zabbix: This macro handles Zabbix monitoring software server traffic to agent
...
and trap traffic from agent to zabbix server.
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-01-13 13:51:00 +02:00
Tom Eastep
97846e14de
Correct handling of ipsets in one of the PORTS columns
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-09 09:28:08 -08:00
Tom Eastep
07c21b8968
Add 'primary' provider option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-06 09:06:27 -08:00
Tom Eastep
668759edad
Catch parameter problems with TARPIT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 11:09:39 -08:00
Tom Eastep
0f1f54b57b
Tweak loopback change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 11:00:02 -08:00
Tom Eastep
60d5a177a3
Use the 'Iface Match' capability for loopback traffic.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 09:46:39 -08:00
Tom Eastep
3ed5ced581
Correct syntax error introduced in Beta 2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 08:35:33 -08:00
Tom Eastep
086f8b6073
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-01-03 13:23:00 -08:00
Tom Eastep
fa377df9dc
Fix installer's use of the DIGEST environmental variable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-03 13:22:06 -08:00
Tom Eastep
7dd9ccd06b
Add the 'loopback' interface option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-03 09:22:40 -08:00
Tom Eastep
33e2e19193
Always set IP
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 09:28:50 -08:00
Tom Eastep
4a4bfe77ce
Implement IFACE_MATCH capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 09:05:06 -08:00
Tom Eastep
3890b8a884
Infrastructure for detecting loopback interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 08:49:38 -08:00
Tom Eastep
551a16d18f
Document TARPIT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-01 09:14:00 -08:00
Tom Eastep
d1b597394f
Correct typo (TARPIT_MATCH -> TARPIT_TARGET)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-30 10:22:33 -08:00
Tom Eastep
15a2fd14f9
Implement TARPIT target
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-28 15:23:30 -08:00
Tom Eastep
f96baca780
Use the readable representation of the SHA1 digest in the chain table
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-27 11:13:10 -08:00
Tom Eastep
1b5f439609
Rewrite 'process_actions'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-27 09:28:02 -08:00
Tom Eastep
1655054de2
Rename 'externalize' to 'external_name'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-27 09:19:00 -08:00
Tom Eastep
89877ed3f7
Rename 'policy_rules' to 'add_policy_rules'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 15:58:13 -08:00
Tom Eastep
9649107a8e
Rename 'apply_policy_rules' to 'complete_policy_chains'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 15:53:50 -08:00
Tom Eastep
33eb47a48a
Reorder parameters and change identifiers in set_policy_chain()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 15:47:50 -08:00
Tom Eastep
93285e2798
Cleanup of preceding fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 14:05:43 -08:00
Tom Eastep
2430796495
Document the -c option of 'show routing'
...
Correct choice in show commands to 'req'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 12:15:28 -08:00
Tom Eastep
06ef7596cd
Document the -c 'dump' option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 11:57:24 -08:00
Tom Eastep
227db0cfa7
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2014-12-23 15:37:38 -08:00
Tom Eastep
c0f7d0e65d
Start firewall after the network-online target has been reached
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-23 15:37:22 -08:00
Tom Eastep
ba806379f4
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2014-12-23 15:36:56 -08:00
Tom Eastep
6a15cead52
Cosmetic/commentary changes to the Config Module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-23 15:25:20 -08:00
Tom Eastep
f925358872
Minor Compiler Reorganization
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-23 12:27:37 -08:00
Tom Eastep
52d2e62274
Convert two macros to Format 2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-22 08:36:34 -08:00
Tom Eastep
56e8068f3d
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2014-12-20 15:12:44 -08:00
Tom Eastep
35fc7b34b8
Minor code tweak
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-20 15:09:21 -08:00
Tom Eastep
fdf513fba6
Correct font in mangle manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-19 14:26:20 -08:00
Tom Eastep
79430673b8
Correct handling of duplicate states in the mangle file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-16 19:08:25 -08:00
Tom Eastep
695db284c0
Improve Mark Range Implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-15 11:19:23 -08:00
Tom Eastep
807b9ca627
Revert "Improve handling of mark ranges"
...
This reverts commit 62f480897e
.
2014-12-15 09:39:24 -08:00
Tom Eastep
62f480897e
Improve handling of mark ranges
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-14 09:13:41 -08:00
Tom Eastep
2d7025dcc3
Correct mark range handling
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-13 08:31:31 -08:00
Tom Eastep
a833815b31
Correct IPv6 handling of LOG_BACKEND=LOG
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 08:56:42 -08:00
Thomas D
664e3bb0a8
Installer: $INITDIR already starts with a "/", so no need for, "$DESTDIR/$INITDIR"
...
Hi,
before the patch (DESTDIR = "/tmp/shorewall-4.6.5"; INITDIR =
"/etc/init.d"),
> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5//etc/init.d/shorewall-lite
after the patch
> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5/etc/init.d/shorewall-lite
-Thomas
From e7a192397323bb6cb66d08a6f24e7edfee044f31 Mon Sep 17 00:00:00 2001
From: Thomas D <whissi@whissi.de>
Date: Sat, 15 Nov 2014 16:38:05 +0100
Subject: [PATCH] $INITDIR already starts with a "/", so no need for
"$DESTDIR/$INITDIR"
Before the patch (DESTDIR = "/tmp/shorewall-4.6.5"; INITDIR = "/etc/init.d"),
> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5//etc/init.d/shorewall-lite
after the patch
> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5/etc/init.d/shorewall-lite
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 07:55:14 -08:00
Tom Eastep
9241552c52
Make emacs sh-mode work better with lib.core
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-14 16:28:44 -08:00
Tom Eastep
16c1809ef2
Apply Alan Barrett's dhclient patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-14 13:39:23 -08:00
Tom Eastep
7100af5380
Correct .service files
...
- Make them match earlier versions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-11 18:05:04 -08:00
Tom Eastep
c4171a92f6
Change spacing in shorewall[6] usage output
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-10 07:38:58 -08:00
Thomas D
a5b2886ae9
Patches for shorewall manpage
...
Hi,
I corrected some errors in the manpages. I started with "shorewall".
Tom, please tell me if you like this format and the patches at all.
If you like them, I can send you a similar patch set for shorewall6, too.
-Thomas
From 2aaeaa4f2da7aae92177ced0530f1deff86f44a9 Mon Sep 17 00:00:00 2001
From: Thomas D <whissi@whissi.de>
Date: Sun, 9 Nov 2014 15:45:29 +0100
Subject: [PATCH 11/14] The "-i" option from the "reload" command wasn't marked
as an option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-09 07:40:59 -08:00
Tom Eastep
9a6047b3c4
Correct reversed naming of SHA chains
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-06 08:18:52 -08:00
Tom Eastep
6f5de7ef3f
Add now logging modules to the modules files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-05 16:19:30 -08:00
Tom Eastep
5b4e3bc07c
Accomodate new module names for LOG_BACKEND
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-05 12:51:24 -08:00
Tom Eastep
dc3f163e71
Change the names of the sha1 chains for uniqueness
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-04 17:54:38 -08:00
Tom Eastep
2f545012a6
More documentation updates for -C
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 09:25:58 -08:00
Tom Eastep
c97226c46c
Correct behavior of 'start -fC'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 09:25:23 -08:00
Tom Eastep
8c0c1bd1e0
Omit the 'shorewall' chain from .ip[6]tables-restore-input
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 08:16:47 -08:00
Tom Eastep
8b825c4c4c
Avoid failure of ip[6]tables-restore.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 07:56:05 -08:00
Tom Eastep
4493b2ab6b
Correct typo in 'rules' manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 06:50:40 -08:00
Tom Eastep
9598ac6fad
Correct a couple of problems with -C
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-01 10:09:04 -07:00
Tom Eastep
8fb73026c8
Replace SAVE_COUNTERS with the -C command option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-01 09:37:57 -07:00
Tom Eastep
4546cbaff7
Use chains with names derived from a digest to identify ruleset
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-31 11:36:53 -07:00
Tom Eastep
a83c146636
Cleanup
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 20:27:06 -07:00
Tom Eastep
2ffc97867c
Correct syntax error in the generated script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 19:59:20 -07:00
Tom Eastep
f08803e293
Preserve counts on 'restart' without compilation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 18:38:45 -07:00
Tom Eastep
b7ab82dba4
Implement -f option in the -lite products' start command
...
- Remove 'recover' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 10:42:39 -07:00