Commit Graph

6601 Commits

Author SHA1 Message Date
Tom Eastep
8bed5c9d65 Drop support for the IPSECFILE option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 10:11:52 -07:00
Tom Eastep
037e92a60e Eliminate some config options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 14:28:12 -07:00
Tom Eastep
2165f746e6 Update .conf documents for 'reload'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 12:58:08 -07:00
Tom Eastep
ef9e75753a Restore .214 files
- Also merge Debian changes from 4.6.12

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 11:23:35 -07:00
Tom Eastep
85648bded1 Deimplement several .conf options
- LOGRATE/LOGBURST
- EXPORTPARAMS
- LEGACY_FASTSTART
2015-08-01 11:11:35 -07:00
Tom Eastep
67589cab69 More version changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-28 10:59:11 -07:00
Tom Eastep
f40373d60c Update config file version and copyrights
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-28 10:50:19 -07:00
Tom Eastep
fa7248c58c Add the LEGACY_RESTART option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-27 09:19:52 -07:00
Tom Eastep
0a7c65ae0d Allow connlimit by destination
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 14:26:58 -07:00
Tom Eastep
6e0fb1ab88 Correct syntax error
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 14:16:12 -07:00
Tom Eastep
34f58bd6ac Correct formatting in the rules file man pages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 11:36:14 -07:00
Tom Eastep
cecc81ce82 Update .service files
- make the .214 versions the default and remove the ones name *.214
- Add 'ExecReload' to all but Shorewall-init
- Create Debian-specific versions with /etc/default rather than /etc/sysconfig
2015-07-26 10:58:03 -07:00
Tom Eastep
a00bf196a3 Remove all workarounds
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 10:27:30 -07:00
Tom Eastep
f9ec0c6930 New 'reload' and 'restart' semantics
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 09:59:49 -07:00
Tom Eastep
df817b6d2c Correct formatting in the interfaces man pages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-13 13:06:53 -07:00
Tom Eastep
d0fc7f6547 Add some comments to the Zones module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-13 12:57:00 -07:00
Tom Eastep
5704438a44 Second Wave of changes to make script output reproducable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-12 15:00:41 -07:00
Tom Eastep
014ec1af1d First phase of producing consistent scripts with Perl >= 5.18.0
Beginning with Perl 5.18.0, the order of elements returned by the 'keys'
and 'each' iterators is no longer deterministic. This is the first wave
of Shorewall changes to compensate for this irrational behavior.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-12 10:54:48 -07:00
Tom Eastep
bc8156b503 Include Compiler version in the compiler progress commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-08 12:53:42 -07:00
Tom Eastep
4995456563 Clean up compiler PATH fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 14:33:20 -07:00
Tom Eastep
c6f48a77e0 Only add dhcp rule if one rpfilter interface has the 'dhcp' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 12:21:04 -07:00
Tom Eastep
e7792fc868 Exempt IPv4 DHCP broadcasts from rpfilter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 10:03:03 -07:00
Tom Eastep
c47abe416a Add default PATH to current PATH in the compiler
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 09:38:06 -07:00
Tom Eastep
0414166d6d 'show connections' enhancement
- Allow tayloring of the entries displayed by specifying conntrack
  -L options.
2015-06-29 14:55:47 -07:00
Tom Eastep
7153146759 Don't ask for script version when WORKAROUNDS=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-28 09:18:47 -07:00
Tom Eastep
5ca68477d5 Corrections to last commit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 15:18:07 -07:00
Tom Eastep
9f08726794 Eliminate running the script twice is some cases
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 14:32:43 -07:00
Tom Eastep
846d629c47 Eliminate the usage() function in lib.cli-std
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 12:55:34 -07:00
Tom Eastep
273a42b068 Correct the check for ordinary user attempting to access the default config
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 11:35:11 -07:00
Tom Eastep
9bf65ab9ab Don't run the postcompile script when compilation is bypassed
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-22 16:41:21 -07:00
Tom Eastep
b35c214c70 Defer 'Compiling...' message until after AUTOMAKE is checked
- Avoid an export statement in compiler()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-22 10:56:17 -07:00
Tom Eastep
5003e826b9 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-06-09 10:58:58 -07:00
Tuomo Soini
f8d95d1ee9 rename not_configured() to not_configured_error()
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-06-09 20:29:45 +03:00
Tom Eastep
7f50557250 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-06-08 13:50:47 -07:00
Tuomo Soini
15276b1f89 Set exit code to 6 when startup is disabled
Handles cases missed by 4b27c72c79

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-06-08 22:23:38 +03:00
Tom Eastep
116e85e040 Cosmetic cleanup of the Compiler module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-08 11:27:37 -07:00
Tom Eastep
2956698298 Corrections to WORKAROUNDS implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-06 12:15:03 -07:00
Tom Eastep
7c9155a6e8 Update man pages and .conf files for WORKAROUNDS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-06 07:56:14 -07:00
Tom Eastep
eb6be0e84d Remove old comment that now makes no sense
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-01 15:55:06 -07:00
Tom Eastep
019e49b481 Implement WORKAROUNDS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-01 12:59:25 -07:00
Tom Eastep
9a3c43b6d3 Make NFQUEUE parsing more robust
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-30 07:01:30 -07:00
Tom Eastep
0a45c7a646 Another Tweak to the NFQUEUE parser
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-30 06:38:21 -07:00
Tom Eastep
f227250959 Fix NFQUEUE parsing and documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-29 18:19:35 -07:00
Tom Eastep
29a0c92918 Fix ancient bug in old parameter syntax
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-29 14:39:48 -07:00
Tuomo Soini
4edd6026f0 prog.footer: disabling already disabled inteface is not an error.
Neither is enabling already enabled interface

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-05-29 22:15:55 +03:00
Tom Eastep
18348ef6f1 Clean up distribute_load()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-27 06:58:10 -07:00
Tom Eastep
93c7e2c2f7 Change the way in which a warning message is suppressed
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-26 15:54:41 -07:00
Tom Eastep
602315938c Correct the load distribution algorithm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-26 14:59:20 -07:00
Tom Eastep
425094de18 Mention load= warning (sum not 1.000000)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-25 10:31:08 -07:00
Tom Eastep
ca35f565e0 Return success exit status when no ipsets are saved by the script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-25 07:36:00 -07:00
Tom Eastep
bbdbdf7c47 Clean up 'call' description in the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-25 07:06:17 -07:00
Tom Eastep
631ebdecb8 load= enhancements
- Normalize loads to 0.nnnnnnnn
- Issue warning if the loads don't sum to 1.000000

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-23 08:05:58 -07:00
Tom Eastep
c851e03313 Don't try to use a probibility >= 1.00000000
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-23 07:06:31 -07:00
Tom Eastep
df4d6f1f92 Document load= in the providers manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-22 16:31:21 -07:00
Tom Eastep
c7ca3119ef Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-05-22 07:20:51 -07:00
Tom Eastep
ba7afcaeae Make 'call' a supported command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-21 10:38:35 -07:00
Tom Eastep
809e56cef6 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-05-21 09:04:35 -07:00
Tom Eastep
e3805b0ada Implement 'call' in the compiled script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-21 09:00:11 -07:00
Tom Eastep
f1b6e71e56 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-05-20 10:59:06 -07:00
Tom Eastep
f77d649ac7 Make policy descriptions match what the user entered rather than what was generated by the compiler
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-20 10:58:57 -07:00
Tom Eastep
267637f139 NFQUEUE enhancements
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-20 10:55:21 -07:00
Tom Eastep
acd921cd08 Don't require a helper for ctevents and expevents
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-16 13:40:40 -07:00
Tom Eastep
9329e7c36c Don't require a helper in the CT action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-16 09:08:32 -07:00
Tom Eastep
7195ee708e Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-05-08 09:49:42 -07:00
Tom Eastep
50d1a719f9 Delete superfluous test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-08 09:48:58 -07:00
Tom Eastep
4b27c72c79 Set exit code to 6 when startup is disabled
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-07 14:12:41 -07:00
Tom Eastep
3bb1f74283 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code into 4.6.9 2015-05-05 11:28:13 -07:00
Tuomo Soini
87eca92b10 lib.core: use consisten indenting 2015-05-05 20:40:17 +03:00
Tom Eastep
b58aadad01 Correct Syntax error in the generated code.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-04 08:23:42 -07:00
Tom Eastep
6dcd8174ee Don't require interfaces on stop, clear, etc.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-04 08:23:10 -07:00
Tom Eastep
e248c0a3d7 Update Shorewall/Shorewall6 help text for 'reenable'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 13:29:42 -07:00
Tom Eastep
3f17a8cf24 Update the program header information in lib.core
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 13:13:06 -07:00
Tom Eastep
2cea78e6df Add the 'reenable' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 13:02:12 -07:00
Tom Eastep
0abd51c796 Fix module versioning
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 11:59:01 -07:00
Tom Eastep
86e053be7a More optimization of detect_configuration()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 11:32:45 -07:00
Tom Eastep
75d18139f7 Optimize detect_configuration() for enable/disable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-25 15:46:19 -07:00
Tom Eastep
bebb41674a Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-04-25 12:57:04 -07:00
Tom Eastep
42f75f7ba2 Correct SetEvent and ResetEvent
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-25 12:56:36 -07:00
Tuomo Soini
2c9b7fbb07 macro.JabberSecure: use of Jabber SSL is deprecated. Note user. 2015-04-23 10:03:07 +03:00
Tuomo Soini
119299421f macro.JabberPlain: deprecate the macro in favor of macro.Jabber 2015-04-23 09:39:23 +03:00
Tuomo Soini
aef019e16d macro.Jabber: use of jabber has changed from Plain+SSL to STARTTLS 2015-04-23 09:38:40 +03:00
Tom Eastep
3ae243b882 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-04-22 20:34:03 -07:00
Tuomo Soini
0fc58f81cc macro.QUIC: added support for QUIC
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-04-22 16:29:17 +03:00
Tom Eastep
0e8b427778 Remove false comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-18 14:31:07 -07:00
Tom Eastep
6cb3004a39 Clarify helper module loading
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-17 09:51:25 -07:00
Tom Eastep
f5aa0373cb Correct interfaces example 4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-12 08:38:55 -07:00
Tom Eastep
b128c30813 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
Get Tuomo Soini's fix for serviced startup
2015-04-11 07:33:15 -07:00
Tuomo Soini
194252afd3 systemd: fix shorewall startup by adding Wants=network-online.target
Before shorewall failed to load if there were interfaces which were required
but there wasn't any other service which wanted network-online.target.
By adding Wants=network-online.target we make sure shorewall[6]* startup
won't fail if there are required interfaces

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-04-11 10:50:54 +03:00
Tom Eastep
16e3cb1b43 More manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-07 10:14:42 -07:00
Tom Eastep
27c1ffc5fb Include full syntax in lists of CLI commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-07 09:23:58 -07:00
Tom Eastep
0e54a86e82 Add descriptions of 'list' and 'ls' to the CLI manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-06 09:39:41 -07:00
Tom Eastep
4fd8aa692d Add comment to setting of TCPMSS_TARGET with old caps file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-04 09:34:23 -07:00
Tom Eastep
8c3dda80a3 Simplify previous change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-03 16:35:50 -07:00
Tom Eastep
9f96f58a0d Default TCPMSS_TARGET to 1 in old capabilities files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-03 14:46:50 -07:00
Tom Eastep
77165326f2 Merge branch '4.6.8'
Conflicts:
	Shorewall6/uninstall.sh
2015-04-03 14:02:21 -07:00
Tom Eastep
eb3a162560 Apply Matt Darfeuille's fix for fatal_error()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-02 13:26:51 -07:00
Tom Eastep
44142ed457 Apply Matt Darfeuille's uninstall fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-02 07:28:21 -07:00
Tom Eastep
659e9d550c Apply Matt Darfeuille's uninstall fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-02 07:27:57 -07:00
Tom Eastep
7442c2189d Implement TCPMSS_TARGET capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-31 15:53:05 -07:00
Tom Eastep
468167f9e5 Apply nfw's fix for IP[6]TABLES in the conntrack file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-24 09:23:15 -07:00
Tom Eastep
b00a7af619 Allow a comma-separated list in the rtrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-18 15:16:25 -07:00
Tom Eastep
0c11870e46 Implement the 'savesets' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-17 10:03:12 -07:00
Tom Eastep
c5ef3fd905 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-14 08:55:40 -07:00
Tom Eastep
86d6d6900e Improve 'close' and 'show opens' commands
- close accepts a rule number
- list opens displays rule numbers

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-14 08:54:30 -07:00
Tom Eastep
9a5cc5e51c Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-07 07:57:26 -08:00
Tom Eastep
d7a1ca41f9 Another attempt to correct the formatting of the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-07 07:56:34 -08:00
Tom Eastep
d3552346b0 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-06 15:38:48 -08:00
Tom Eastep
1e6c266b51 Formatting fix (I hope)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 15:37:56 -08:00
Tom Eastep
d6f8cda2d5 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-06 14:10:13 -08:00
Tom Eastep
4cc866cd81 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-03-06 14:09:11 -08:00
Tom Eastep
095e523c9f Add 'show opens' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 13:10:23 -08:00
Tom Eastep
2817060edb Improvements to the 'open' and 'close' commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 08:13:44 -08:00
Tom Eastep
30e750608b Fix broken links
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-05 16:23:49 -08:00
Tom Eastep
a85fdc45ac Implement 'open' and 'close' commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-05 16:20:54 -08:00
Roberto C. Sánchez
e9bb447537 Fix typo 2015-03-02 09:58:09 -05:00
Tom Eastep
cdc2d52208 Implement ADD and DEL in the mangle file.
- Also document the parameter to SAME

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-18 12:04:01 -08:00
Tom Eastep
18c8f1f835 Remove blank line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-17 20:10:25 -08:00
Tom Eastep
aff8623a44 Allow TTL to be specified in the SAME action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-17 19:11:28 -08:00
Tom Eastep
b14e7c54f9 Merge branch '4.6.6' 2015-02-07 08:29:44 -08:00
Tom Eastep
30a5f508be Change samples to specify MODULE_SUFFIX="ko ko.xz"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-06 12:56:35 -08:00
Orion Poplawski
9ad0b297e2 Supporting xz compressed kernel modules
- I've attached a patch that adds xz support to the default MODULE_SUFFIX.
- I'm wondering it wouldn't be better to not have MODULE_SUFFX=ko in various
sample configs so that the default value is used instead:

./Shorewall/configfiles/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/Universal/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/three-interfaces/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/two-interfaces/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/one-interface/shorewall.conf:MODULE_SUFFIX=ko
./docs/MultiISP.xml:MODULE_SUFFIX=ko
./docs/MyNetwork.xml:MODULE_SUFFIX=ko
./Shorewall6/configfiles/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/Universal/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/three-interfaces/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/two-interfaces/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/one-interface/shorewall6.conf:MODULE_SUFFIX=ko

- Is:

MODULE_SUFFIX=

sufficient to use the default value or does it need to be commented out?

Thanks,

  Orion

--
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion@nwra.com
Boulder, CO 80301                   http://www.nwra.com

>From f13edf8fc07c7b62825408b8665b10d6014d368d Mon Sep 17 00:00:00 2001
From: Orion Poplawski <orion@cora.nwra.com>
Date: Mon, 26 Jan 2015 09:48:48 -0700
Subject: [PATCH] Support xz compressed modules

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-06 12:51:00 -08:00
Tom Eastep
40104d0c86 Correct handling of +set[n]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-26 07:53:41 -08:00
Tom Eastep
5d110616a5 Merge branch '4.6.6' 2015-01-24 18:16:47 -08:00
Tom Eastep
a2b8069ee3 Clarify Zone exclusion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-24 18:15:10 -08:00
Tom Eastep
c7cd0060f0 Merge branch '4.6.6' 2015-01-23 09:07:28 -08:00
Tom Eastep
e3b96862ef Propagate the LOCKFILE setting to the generated script.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-23 08:18:30 -08:00
Tom Eastep
a060f683cc Correct file name in mangle 'split_line' error messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:34:47 -08:00
Tom Eastep
01220d58ea Change the installation default value of INLINE_MATCHES to 'No'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:34:39 -08:00
Tom Eastep
c2b6d974e7 Protect 'enable' and 'disable' with mutex
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:34:28 -08:00
Tom Eastep
7ab055e61e Correct file name in mangle 'split_line' error messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:31:51 -08:00
Tom Eastep
758f3cf955 Change the installation default value of INLINE_MATCHES to 'No'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:30:50 -08:00
Tom Eastep
08a184d95b Protect 'enable' and 'disable' with mutex
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:30:05 -08:00
Tom Eastep
50a0103e89 Merge branch '4.6.6' 2015-01-20 08:11:07 -08:00
Tom Eastep
6f2308e0fa Correct syntax of the SAVE and RESTORE actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-20 08:09:55 -08:00
Tom Eastep
a7cacdfee3 Allow SAVE and RESTORE in the INPUT chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-20 08:09:09 -08:00
Tom Eastep
28ac76bde4 Add tinc tunnel support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-13 13:28:37 -08:00
Tom Eastep
83431514fb Add Tinc macro
- From Răzvan Sandu
2015-01-13 07:05:15 -08:00
Tom Eastep
111c454193 Make leading SHELL case-sensitive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-13 07:04:20 -08:00
Tuomo Soini
b06ba536e9 macro.Zabbix: This macro handles Zabbix monitoring software server traffic to agent
and trap traffic from agent to zabbix server.

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-01-13 13:51:00 +02:00
Tom Eastep
97846e14de Correct handling of ipsets in one of the PORTS columns
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-09 09:28:08 -08:00
Tom Eastep
07c21b8968 Add 'primary' provider option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-06 09:06:27 -08:00
Tom Eastep
668759edad Catch parameter problems with TARPIT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 11:09:39 -08:00
Tom Eastep
0f1f54b57b Tweak loopback change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 11:00:02 -08:00
Tom Eastep
60d5a177a3 Use the 'Iface Match' capability for loopback traffic.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 09:46:39 -08:00
Tom Eastep
3ed5ced581 Correct syntax error introduced in Beta 2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 08:35:33 -08:00
Tom Eastep
086f8b6073 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2015-01-03 13:23:00 -08:00
Tom Eastep
fa377df9dc Fix installer's use of the DIGEST environmental variable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-03 13:22:06 -08:00
Tom Eastep
7dd9ccd06b Add the 'loopback' interface option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-03 09:22:40 -08:00
Tom Eastep
33e2e19193 Always set IP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 09:28:50 -08:00
Tom Eastep
4a4bfe77ce Implement IFACE_MATCH capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 09:05:06 -08:00
Tom Eastep
3890b8a884 Infrastructure for detecting loopback interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 08:49:38 -08:00
Tom Eastep
551a16d18f Document TARPIT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-01 09:14:00 -08:00
Tom Eastep
d1b597394f Correct typo (TARPIT_MATCH -> TARPIT_TARGET)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-30 10:22:33 -08:00
Tom Eastep
15a2fd14f9 Implement TARPIT target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-28 15:23:30 -08:00
Tom Eastep
f96baca780 Use the readable representation of the SHA1 digest in the chain table
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-27 11:13:10 -08:00
Tom Eastep
1b5f439609 Rewrite 'process_actions'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-27 09:28:02 -08:00
Tom Eastep
1655054de2 Rename 'externalize' to 'external_name'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-27 09:19:00 -08:00
Tom Eastep
89877ed3f7 Rename 'policy_rules' to 'add_policy_rules'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 15:58:13 -08:00
Tom Eastep
9649107a8e Rename 'apply_policy_rules' to 'complete_policy_chains'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 15:53:50 -08:00
Tom Eastep
33eb47a48a Reorder parameters and change identifiers in set_policy_chain()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 15:47:50 -08:00
Tom Eastep
93285e2798 Cleanup of preceding fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 14:05:43 -08:00
Tom Eastep
2430796495 Document the -c option of 'show routing'
Correct choice in show commands to 'req'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 12:15:28 -08:00
Tom Eastep
06ef7596cd Document the -c 'dump' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 11:57:24 -08:00
Tom Eastep
227db0cfa7 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2014-12-23 15:37:38 -08:00
Tom Eastep
c0f7d0e65d Start firewall after the network-online target has been reached
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-23 15:37:22 -08:00
Tom Eastep
ba806379f4 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2014-12-23 15:36:56 -08:00
Tom Eastep
6a15cead52 Cosmetic/commentary changes to the Config Module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-23 15:25:20 -08:00
Tom Eastep
f925358872 Minor Compiler Reorganization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-23 12:27:37 -08:00
Tom Eastep
52d2e62274 Convert two macros to Format 2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-22 08:36:34 -08:00
Tom Eastep
56e8068f3d Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2014-12-20 15:12:44 -08:00
Tom Eastep
35fc7b34b8 Minor code tweak
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-20 15:09:21 -08:00
Tom Eastep
fdf513fba6 Correct font in mangle manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-19 14:26:20 -08:00
Tom Eastep
79430673b8 Correct handling of duplicate states in the mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-16 19:08:25 -08:00
Tom Eastep
695db284c0 Improve Mark Range Implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-15 11:19:23 -08:00
Tom Eastep
807b9ca627 Revert "Improve handling of mark ranges"
This reverts commit 62f480897e.
2014-12-15 09:39:24 -08:00
Tom Eastep
62f480897e Improve handling of mark ranges
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-14 09:13:41 -08:00
Tom Eastep
2d7025dcc3 Correct mark range handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-13 08:31:31 -08:00
Tom Eastep
a833815b31 Correct IPv6 handling of LOG_BACKEND=LOG
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 08:56:42 -08:00
Thomas D
664e3bb0a8 Installer: $INITDIR already starts with a "/", so no need for, "$DESTDIR/$INITDIR"
Hi,

before the patch (DESTDIR = "/tmp/shorewall-4.6.5"; INITDIR =
"/etc/init.d"),

> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5//etc/init.d/shorewall-lite

after the patch

> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5/etc/init.d/shorewall-lite

-Thomas

From e7a192397323bb6cb66d08a6f24e7edfee044f31 Mon Sep 17 00:00:00 2001
From: Thomas D <whissi@whissi.de>
Date: Sat, 15 Nov 2014 16:38:05 +0100
Subject: [PATCH] $INITDIR already starts with a "/", so no need for
 "$DESTDIR/$INITDIR"

Before the patch (DESTDIR = "/tmp/shorewall-4.6.5"; INITDIR = "/etc/init.d"),

  > [...]
  > SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5//etc/init.d/shorewall-lite

after the patch

  > [...]
  > SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5/etc/init.d/shorewall-lite

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 07:55:14 -08:00
Tom Eastep
9241552c52 Make emacs sh-mode work better with lib.core
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-14 16:28:44 -08:00
Tom Eastep
16c1809ef2 Apply Alan Barrett's dhclient patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-14 13:39:23 -08:00
Tom Eastep
7100af5380 Correct .service files
- Make them match earlier versions

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-11 18:05:04 -08:00
Tom Eastep
c4171a92f6 Change spacing in shorewall[6] usage output
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-10 07:38:58 -08:00
Thomas D
a5b2886ae9 Patches for shorewall manpage
Hi,

I corrected some errors in the manpages. I started with "shorewall".

Tom, please tell me if you like this format and the patches at all.
If you like them, I can send you a similar patch set for shorewall6, too.

-Thomas

From 2aaeaa4f2da7aae92177ced0530f1deff86f44a9 Mon Sep 17 00:00:00 2001
From: Thomas D <whissi@whissi.de>
Date: Sun, 9 Nov 2014 15:45:29 +0100
Subject: [PATCH 11/14] The "-i" option from the "reload" command wasn't marked
 as an option.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-09 07:40:59 -08:00
Tom Eastep
9a6047b3c4 Correct reversed naming of SHA chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-06 08:18:52 -08:00
Tom Eastep
6f5de7ef3f Add now logging modules to the modules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-05 16:19:30 -08:00
Tom Eastep
5b4e3bc07c Accomodate new module names for LOG_BACKEND
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-05 12:51:24 -08:00
Tom Eastep
dc3f163e71 Change the names of the sha1 chains for uniqueness
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-04 17:54:38 -08:00
Tom Eastep
2f545012a6 More documentation updates for -C
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 09:25:58 -08:00
Tom Eastep
c97226c46c Correct behavior of 'start -fC'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 09:25:23 -08:00
Tom Eastep
8c0c1bd1e0 Omit the 'shorewall' chain from .ip[6]tables-restore-input
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 08:16:47 -08:00
Tom Eastep
8b825c4c4c Avoid failure of ip[6]tables-restore.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 07:56:05 -08:00
Tom Eastep
4493b2ab6b Correct typo in 'rules' manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 06:50:40 -08:00
Tom Eastep
9598ac6fad Correct a couple of problems with -C
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-01 10:09:04 -07:00
Tom Eastep
8fb73026c8 Replace SAVE_COUNTERS with the -C command option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-01 09:37:57 -07:00
Tom Eastep
4546cbaff7 Use chains with names derived from a digest to identify ruleset
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-31 11:36:53 -07:00
Tom Eastep
a83c146636 Cleanup
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 20:27:06 -07:00
Tom Eastep
2ffc97867c Correct syntax error in the generated script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 19:59:20 -07:00
Tom Eastep
f08803e293 Preserve counts on 'restart' without compilation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 18:38:45 -07:00
Tom Eastep
b7ab82dba4 Implement -f option in the -lite products' start command
- Remove 'recover' command

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 10:42:39 -07:00