Tom Eastep
db6a7276ec
Don't optimize chains with commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-07 14:11:44 -07:00
Tom Eastep
d771c6b2c2
Delete the 'dnat' nat-table chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-07 13:44:03 -07:00
Tom Eastep
fe7d0730d5
Break up generate_matrix()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-07 07:47:33 -07:00
Tom Eastep
a2a9ef0958
Rename OPTIMIZE_MASK1 to OPTIMIZE_MASK2n4
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-06 13:08:45 -07:00
Tom Eastep
21eda5daec
Fix multiple iprange matches without kludgefree.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-06 11:26:52 -07:00
Tom Eastep
6bd81145e9
Fix single-line embedded Perl
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-06 11:23:33 -07:00
Tom Eastep
49050e61de
Fix multiple iprange matches without kludgefree.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-06 10:50:16 -07:00
Tom Eastep
225101b802
Rename OPTIMIZE_MASK1 to OPTIMIZE_MASK2n4
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-05 12:51:52 -07:00
Tom Eastep
fa3164fb1b
Re-enable single-line embedded SHELL and PERL
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-05 12:51:16 -07:00
Tom Eastep
3294f7c4c3
Add a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-05 09:02:29 -07:00
Tom Eastep
654f7dd805
Fix single-line embedded Perl
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-05 09:02:12 -07:00
Tom Eastep
ee467a4877
Allow embedded shell/Perl directives to have leading '?'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-05 07:32:43 -07:00
Tom Eastep
170875c7dd
Convert the 'ignore' interface to be multi-valued
...
-Allows 'ignore=1' to only exempt interface from updown processing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-05 07:23:23 -07:00
Tom Eastep
c8156cfdb1
Correct typo
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-04 08:18:57 -07:00
Tom Eastep
57a9feaf2f
Correct typo
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-04 08:00:07 -07:00
Tom Eastep
92a13ec87c
Merge branch '4.5.4'
...
Conflicts:
Shorewall/Perl/Shorewall/Config.pm
2012-06-03 18:51:03 -07:00
Tom Eastep
040f693583
Cosmetic changes in code from when I was still learning Perl
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-03 17:50:34 -07:00
Tom Eastep
69387b9099
Make 'check -r' work like 'compile' WRT optimization
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-03 15:43:43 -07:00
Tom Eastep
28f0a066da
Make 'check -r' work like 'compile' WRT optimization
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-03 15:15:11 -07:00
Tom Eastep
621aa3fc6a
Another approach to reporting errors from process_conditional()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-03 13:47:38 -07:00
Tom Eastep
9869420106
Check for conditional directives prior to continuation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-03 09:05:09 -07:00
Tom Eastep
39b3a0da65
Check for conditional directives prior to continuation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-03 08:43:48 -07:00
Tom Eastep
121d34aed0
Add constant LOG_OPTIONS capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-02 14:06:31 -07:00
Tom Eastep
4b69216c83
Relocate lib.core in the Source Tree
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-02 12:46:35 -07:00
Tom Eastep
7ff15b0625
Merge branch '4.5.4'
...
Conflicts:
Shorewall/Perl/Shorewall/Zones.pm
2012-06-02 11:41:45 -07:00
Tom Eastep
41dcd5826f
Minimize the list of plain interfaces
...
Omit bridge ports and interfaces that match a wildcard.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-02 11:39:16 -07:00
Tom Eastep
26502034ec
Minimize the list of plain interfaces
...
Omit bridge ports and interfaces that match a wildcard.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-02 11:17:10 -07:00
Tom Eastep
baa2c4f5eb
Merge branch '4.5.4'
2012-06-02 09:30:47 -07:00
Tom Eastep
9e9c44d4ac
Handle Debian pre-down/post-down correctly
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-02 09:26:00 -07:00
Tom Eastep
01eb1a580b
Merge branch '4.5.4'
2012-06-02 08:20:40 -07:00
Tom Eastep
b3316d755a
Correct silly typo in Providers.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-01 17:14:08 -07:00
Tom Eastep
73274b9b0b
Correct progress message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-01 15:55:22 -07:00
Tom Eastep
c823b0e41e
More Shorewall-init fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-01 14:04:08 -07:00
Tom Eastep
78f9b76dae
Move mutex handling to the main program.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-01 14:03:47 -07:00
Tom Eastep
402e155148
More Shorewall-init fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-01 14:01:58 -07:00
Tom Eastep
9c4a01bcdd
Move mutex handling to the main program.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-01 11:47:58 -07:00
Tom Eastep
21b9a194ca
Merge branch '4.5.4'
2012-06-01 11:30:35 -07:00
Tom Eastep
312efe5c7b
Use enable/disable for up and down of provider interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-01 11:27:57 -07:00
Tom Eastep
f25187adb1
Move compile_updown() from the Zones module to the Providers module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-01 08:12:07 -07:00
Tom Eastep
eb03168685
Cleanup of process_rules1() breakup
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-31 15:32:16 -07:00
Tom Eastep
69badac72f
Merge branch '4.5.4'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-30 14:43:05 -07:00
Tom Eastep
de184b32bc
Fix sectioned IPSEC accounting.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-30 14:37:29 -07:00
Tom Eastep
303c661409
Eliminate bogus term in an expression.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-30 12:49:18 -07:00
Tom Eastep
e88c2c8cd3
Move rules file nat handling to the Nat module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-30 09:01:24 -07:00
Tom Eastep
67932f2d42
Break up expand_rule()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-30 06:49:00 -07:00
Tom Eastep
eb63745352
Merge branch '4.5.4'
2012-05-29 06:48:04 -07:00
Tom Eastep
32e0f154b5
Correct pptpserver tunnel configuration.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-29 06:46:40 -07:00
Tom Eastep
db50454afc
Complete removal of optimize level 4 when level 4 is set.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-25 15:42:34 -07:00
Tom Eastep
ed352f60b6
Complete removal of optimize level 4 when level 4 is set.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-25 15:41:55 -07:00
Tom Eastep
fc97f6d00e
Implement LOG target option control.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-24 13:54:59 -07:00
Tom Eastep
6142d4d535
Fix typo
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-23 07:55:07 -07:00
Tom Eastep
1f2ca30ebd
Infrastructure for iRule-based logging.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-22 16:46:11 -07:00
Tom Eastep
f147046288
Change 'cc' to 'country-code' in invalid cc list error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-21 07:01:07 -07:00
Tom Eastep
daaf3c031f
Change the 'no isocodes' error message to include the address family.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 09:40:37 -07:00
Tom Eastep
6b23eff650
Add a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 09:05:42 -07:00
Tom Eastep
ef974b5c8d
Clear the DEFAULT table if no FALLBACK providers are up.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 09:00:22 -07:00
Tom Eastep
d8ec051114
Load the geoip cc's dynamically.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 08:59:59 -07:00
Tom Eastep
84f92aa87c
Don't capture result of an RE match. Correct a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 07:06:59 -07:00
Tom Eastep
70e4c26df1
Delete a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 16:46:57 -07:00
Tom Eastep
db96f6ead2
Reject long CC lists.
...
- include offending CC in 'Invalid or Unknown' error
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 12:44:24 -07:00
Tom Eastep
f0a3e1652a
Bracket non-trivial cc lists with [...]
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 09:39:49 -07:00
Tom Eastep
56b8a9b9fa
Some code cleanup:
...
- Store config value in a local rather than repeatedly referencing the
%config hash.
- Centralize generation of the valid table array
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 09:02:44 -07:00
Tom Eastep
231c5dbca0
Eliminate need to call optimize_policy_chains() when OPTIMIZE 4 is selected
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 08:15:20 -07:00
Tom Eastep
1a9789a3da
Optimization tracing
...
- Correct tracing in optimize_chain()
- Add tracing to new level 4 optimization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 07:54:50 -07:00
Tom Eastep
f15e6d3995
Additional optimization in level 4.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-18 16:50:08 -07:00
Tom Eastep
3f42350a7b
Don't overwrite empty mark geometry settings.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-18 11:37:49 -07:00
Tom Eastep
e8648c993d
Use blackhole routes rather than unreachable.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-18 10:50:13 -07:00
Tom Eastep
55c88e8e81
Replace curly brace enclosure with a preceding caret to avoid ambiguity.
...
- {...} is used to enclose a set of column/value pairs and it is certain
that the two will become confused.
2012-05-17 15:26:16 -07:00
Tom Eastep
f5f80d2ccc
Re-arrange enforcement of restrictions on geoip.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-17 13:59:56 -07:00
Tom Eastep
d220d3d9d5
Abandon action.GeoIP in favor of extended syntax in the SOURCE and DEST columns.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-17 10:44:02 -07:00
Tom Eastep
6148c909f2
fix multiple ipsets in an imatch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-16 19:52:41 -07:00
Tom Eastep
2eb25f3f6a
Correct the grammar in an error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-16 07:52:42 -07:00
Tom Eastep
43d882db2b
Cosmetic cleanup
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-15 16:44:35 -07:00
Tom Eastep
78af118b9a
Quote original list when a translated list is ill-formed.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-15 16:39:46 -07:00
Tom Eastep
85f58d6906
Avoid funny-looking ERROR: messages out of Embedded Perl.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-15 16:38:56 -07:00
Tom Eastep
ac2ed505bb
Add GeoIP support
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-14 17:12:46 -07:00
Tom Eastep
926e589414
Exit the tcpost chain if a connection mark is restored
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-14 10:35:42 -07:00
Tom Eastep
cd150af790
Update .status file on disable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-12 07:44:46 -07:00
Tom Eastep
cd98266396
Correct add of default IPv6 route when no gateway specified
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-12 07:15:24 -07:00
Tom Eastep
3d541f50c8
Use "(S)" consistently in column headings.
...
- add synonyms so both the singular and plural forms are accepted.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 12:42:04 -07:00
Tom Eastep
f77b350a7b
Clear the 'balance' table if no balanced providers.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 11:28:06 -07:00
Tom Eastep
bed4457e0e
Delete jump to 'tproxy'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 09:00:09 -07:00
Tom Eastep
2d5269be7b
Fix another conditional compilation bug.
...
?IF $false
?IF $false
...
?ENDIF
foo <------- This line is not omitted!
?ENDIF
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 07:44:46 -07:00
Tom Eastep
a05b3afd7f
Eliminate the 'tproxy' chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 07:42:44 -07:00
Tom Eastep
9e743451f6
Add FORMAT 2 to tcrules files. Initialize $format in Tc.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 07:08:06 -07:00
Tom Eastep
cb7fc31f0b
Restore 4.5.3 compatibility
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-10 14:23:33 -07:00
Tom Eastep
69d735ea0a
Make TPROXY actually work!
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-10 11:19:23 -07:00
Tom Eastep
4d4fc315e0
More TPROXY changes
...
- Combine identical DIVERT chains.
- Add --transparent to -m socket
- Reserve a TPROXY bit in the fwmark
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-10 07:25:07 -07:00
Tom Eastep
820c965b72
Allow Shorewall::Config::in_hex() to accept an argument already expressed in hex.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-09 13:51:49 -07:00
Tom Eastep
605ef6ef86
Tweak to DIVERT plus correct TPROXY in man pages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-09 13:10:51 -07:00
Tom Eastep
2eb7af23dc
Merge branch 'master' into 4.5.3
2012-05-09 10:03:43 -07:00
Tom Eastep
582d025f58
Add DIVERT action to tcrules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-09 09:41:58 -07:00
Tom Eastep
b55d8c04e4
Do logical->physical mapping in rtrules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-08 14:52:18 -07:00
Tom Eastep
3b6f5b2d8a
Finish alternative balancing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-08 13:55:13 -07:00
Tom Eastep
6639b3534e
Close all input files in Shorewall::Config::cleanup()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-08 08:58:14 -07:00
Tom Eastep
59bf343521
Leave first filename and linenumber on the same line as error text.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-08 08:55:24 -07:00
Tom Eastep
1d6e6b65db
Finish a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 17:06:35 -07:00
Tom Eastep
2224fdbc65
Correct help text in compiler.pl
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 16:55:51 -07:00
Tom Eastep
fd1d6cf935
Handle default shorewallrc location
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 16:55:17 -07:00
Tom Eastep
5d7442e9e9
Correct typo in converted blrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 12:13:26 -07:00