Commit Graph

2240 Commits

Author SHA1 Message Date
Tom Eastep
db6a7276ec Don't optimize chains with commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-07 14:11:44 -07:00
Tom Eastep
d771c6b2c2 Delete the 'dnat' nat-table chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-07 13:44:03 -07:00
Tom Eastep
fe7d0730d5 Break up generate_matrix()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-07 07:47:33 -07:00
Tom Eastep
a2a9ef0958 Rename OPTIMIZE_MASK1 to OPTIMIZE_MASK2n4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-06 13:08:45 -07:00
Tom Eastep
21eda5daec Fix multiple iprange matches without kludgefree.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-06 11:26:52 -07:00
Tom Eastep
6bd81145e9 Fix single-line embedded Perl
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-06 11:23:33 -07:00
Tom Eastep
49050e61de Fix multiple iprange matches without kludgefree.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-06 10:50:16 -07:00
Tom Eastep
225101b802 Rename OPTIMIZE_MASK1 to OPTIMIZE_MASK2n4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-05 12:51:52 -07:00
Tom Eastep
fa3164fb1b Re-enable single-line embedded SHELL and PERL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-05 12:51:16 -07:00
Tom Eastep
3294f7c4c3 Add a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-05 09:02:29 -07:00
Tom Eastep
654f7dd805 Fix single-line embedded Perl
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-05 09:02:12 -07:00
Tom Eastep
ee467a4877 Allow embedded shell/Perl directives to have leading '?'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-05 07:32:43 -07:00
Tom Eastep
170875c7dd Convert the 'ignore' interface to be multi-valued
-Allows 'ignore=1' to only exempt interface from updown processing

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-05 07:23:23 -07:00
Tom Eastep
c8156cfdb1 Correct typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-04 08:18:57 -07:00
Tom Eastep
57a9feaf2f Correct typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-04 08:00:07 -07:00
Tom Eastep
92a13ec87c Merge branch '4.5.4'
Conflicts:
	Shorewall/Perl/Shorewall/Config.pm
2012-06-03 18:51:03 -07:00
Tom Eastep
040f693583 Cosmetic changes in code from when I was still learning Perl
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-03 17:50:34 -07:00
Tom Eastep
69387b9099 Make 'check -r' work like 'compile' WRT optimization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-03 15:43:43 -07:00
Tom Eastep
28f0a066da Make 'check -r' work like 'compile' WRT optimization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-03 15:15:11 -07:00
Tom Eastep
621aa3fc6a Another approach to reporting errors from process_conditional()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-03 13:47:38 -07:00
Tom Eastep
9869420106 Check for conditional directives prior to continuation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-03 09:05:09 -07:00
Tom Eastep
39b3a0da65 Check for conditional directives prior to continuation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-03 08:43:48 -07:00
Tom Eastep
121d34aed0 Add constant LOG_OPTIONS capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-02 14:06:31 -07:00
Tom Eastep
4b69216c83 Relocate lib.core in the Source Tree
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-02 12:46:35 -07:00
Tom Eastep
7ff15b0625 Merge branch '4.5.4'
Conflicts:
	Shorewall/Perl/Shorewall/Zones.pm
2012-06-02 11:41:45 -07:00
Tom Eastep
41dcd5826f Minimize the list of plain interfaces
Omit bridge ports and interfaces that match a wildcard.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-02 11:39:16 -07:00
Tom Eastep
26502034ec Minimize the list of plain interfaces
Omit bridge ports and interfaces that match a wildcard.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-02 11:17:10 -07:00
Tom Eastep
baa2c4f5eb Merge branch '4.5.4' 2012-06-02 09:30:47 -07:00
Tom Eastep
9e9c44d4ac Handle Debian pre-down/post-down correctly
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-02 09:26:00 -07:00
Tom Eastep
01eb1a580b Merge branch '4.5.4' 2012-06-02 08:20:40 -07:00
Tom Eastep
b3316d755a Correct silly typo in Providers.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-01 17:14:08 -07:00
Tom Eastep
73274b9b0b Correct progress message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-01 15:55:22 -07:00
Tom Eastep
c823b0e41e More Shorewall-init fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-01 14:04:08 -07:00
Tom Eastep
78f9b76dae Move mutex handling to the main program.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-01 14:03:47 -07:00
Tom Eastep
402e155148 More Shorewall-init fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-01 14:01:58 -07:00
Tom Eastep
9c4a01bcdd Move mutex handling to the main program.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-01 11:47:58 -07:00
Tom Eastep
21b9a194ca Merge branch '4.5.4' 2012-06-01 11:30:35 -07:00
Tom Eastep
312efe5c7b Use enable/disable for up and down of provider interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-01 11:27:57 -07:00
Tom Eastep
f25187adb1 Move compile_updown() from the Zones module to the Providers module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-06-01 08:12:07 -07:00
Tom Eastep
eb03168685 Cleanup of process_rules1() breakup
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-31 15:32:16 -07:00
Tom Eastep
69badac72f Merge branch '4.5.4'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-30 14:43:05 -07:00
Tom Eastep
de184b32bc Fix sectioned IPSEC accounting.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-30 14:37:29 -07:00
Tom Eastep
303c661409 Eliminate bogus term in an expression.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-30 12:49:18 -07:00
Tom Eastep
e88c2c8cd3 Move rules file nat handling to the Nat module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-30 09:01:24 -07:00
Tom Eastep
67932f2d42 Break up expand_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-30 06:49:00 -07:00
Tom Eastep
eb63745352 Merge branch '4.5.4' 2012-05-29 06:48:04 -07:00
Tom Eastep
32e0f154b5 Correct pptpserver tunnel configuration.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-29 06:46:40 -07:00
Tom Eastep
db50454afc Complete removal of optimize level 4 when level 4 is set.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-25 15:42:34 -07:00
Tom Eastep
ed352f60b6 Complete removal of optimize level 4 when level 4 is set.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-25 15:41:55 -07:00
Tom Eastep
fc97f6d00e Implement LOG target option control.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-24 13:54:59 -07:00
Tom Eastep
6142d4d535 Fix typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-23 07:55:07 -07:00
Tom Eastep
1f2ca30ebd Infrastructure for iRule-based logging.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-22 16:46:11 -07:00
Tom Eastep
f147046288 Change 'cc' to 'country-code' in invalid cc list error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-21 07:01:07 -07:00
Tom Eastep
daaf3c031f Change the 'no isocodes' error message to include the address family.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 09:40:37 -07:00
Tom Eastep
6b23eff650 Add a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 09:05:42 -07:00
Tom Eastep
ef974b5c8d Clear the DEFAULT table if no FALLBACK providers are up.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 09:00:22 -07:00
Tom Eastep
d8ec051114 Load the geoip cc's dynamically.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 08:59:59 -07:00
Tom Eastep
84f92aa87c Don't capture result of an RE match. Correct a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-20 07:06:59 -07:00
Tom Eastep
70e4c26df1 Delete a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 16:46:57 -07:00
Tom Eastep
db96f6ead2 Reject long CC lists.
- include offending CC in 'Invalid or Unknown' error

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 12:44:24 -07:00
Tom Eastep
f0a3e1652a Bracket non-trivial cc lists with [...]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 09:39:49 -07:00
Tom Eastep
56b8a9b9fa Some code cleanup:
- Store config value in a local rather than repeatedly referencing the
  %config hash.
- Centralize generation of the valid table array

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 09:02:44 -07:00
Tom Eastep
231c5dbca0 Eliminate need to call optimize_policy_chains() when OPTIMIZE 4 is selected
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 08:15:20 -07:00
Tom Eastep
1a9789a3da Optimization tracing
- Correct tracing in optimize_chain()
- Add tracing to new level 4 optimization

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-19 07:54:50 -07:00
Tom Eastep
f15e6d3995 Additional optimization in level 4.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-18 16:50:08 -07:00
Tom Eastep
3f42350a7b Don't overwrite empty mark geometry settings.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-18 11:37:49 -07:00
Tom Eastep
e8648c993d Use blackhole routes rather than unreachable.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-18 10:50:13 -07:00
Tom Eastep
55c88e8e81 Replace curly brace enclosure with a preceding caret to avoid ambiguity.
- {...} is used to enclose a set of column/value pairs and it is certain
  that the two will become confused.
2012-05-17 15:26:16 -07:00
Tom Eastep
f5f80d2ccc Re-arrange enforcement of restrictions on geoip.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-17 13:59:56 -07:00
Tom Eastep
d220d3d9d5 Abandon action.GeoIP in favor of extended syntax in the SOURCE and DEST columns.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-17 10:44:02 -07:00
Tom Eastep
6148c909f2 fix multiple ipsets in an imatch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-16 19:52:41 -07:00
Tom Eastep
2eb25f3f6a Correct the grammar in an error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-16 07:52:42 -07:00
Tom Eastep
43d882db2b Cosmetic cleanup
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-15 16:44:35 -07:00
Tom Eastep
78af118b9a Quote original list when a translated list is ill-formed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-15 16:39:46 -07:00
Tom Eastep
85f58d6906 Avoid funny-looking ERROR: messages out of Embedded Perl.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-15 16:38:56 -07:00
Tom Eastep
ac2ed505bb Add GeoIP support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-14 17:12:46 -07:00
Tom Eastep
926e589414 Exit the tcpost chain if a connection mark is restored
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-14 10:35:42 -07:00
Tom Eastep
cd150af790 Update .status file on disable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-12 07:44:46 -07:00
Tom Eastep
cd98266396 Correct add of default IPv6 route when no gateway specified
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-12 07:15:24 -07:00
Tom Eastep
3d541f50c8 Use "(S)" consistently in column headings.
- add synonyms so both the singular and plural forms are accepted.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 12:42:04 -07:00
Tom Eastep
f77b350a7b Clear the 'balance' table if no balanced providers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 11:28:06 -07:00
Tom Eastep
bed4457e0e Delete jump to 'tproxy'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 09:00:09 -07:00
Tom Eastep
2d5269be7b Fix another conditional compilation bug.
?IF $false
   ?IF $false
      ...
   ?ENDIF
   foo <------- This line is not omitted!
?ENDIF

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 07:44:46 -07:00
Tom Eastep
a05b3afd7f Eliminate the 'tproxy' chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 07:42:44 -07:00
Tom Eastep
9e743451f6 Add FORMAT 2 to tcrules files. Initialize $format in Tc.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-11 07:08:06 -07:00
Tom Eastep
cb7fc31f0b Restore 4.5.3 compatibility
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-10 14:23:33 -07:00
Tom Eastep
69d735ea0a Make TPROXY actually work!
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-10 11:19:23 -07:00
Tom Eastep
4d4fc315e0 More TPROXY changes
- Combine identical DIVERT chains.
- Add --transparent to -m socket
- Reserve a TPROXY bit in the fwmark

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-10 07:25:07 -07:00
Tom Eastep
820c965b72 Allow Shorewall::Config::in_hex() to accept an argument already expressed in hex.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-09 13:51:49 -07:00
Tom Eastep
605ef6ef86 Tweak to DIVERT plus correct TPROXY in man pages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-09 13:10:51 -07:00
Tom Eastep
2eb7af23dc Merge branch 'master' into 4.5.3 2012-05-09 10:03:43 -07:00
Tom Eastep
582d025f58 Add DIVERT action to tcrules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-09 09:41:58 -07:00
Tom Eastep
b55d8c04e4 Do logical->physical mapping in rtrules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-08 14:52:18 -07:00
Tom Eastep
3b6f5b2d8a Finish alternative balancing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-08 13:55:13 -07:00
Tom Eastep
6639b3534e Close all input files in Shorewall::Config::cleanup()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-08 08:58:14 -07:00
Tom Eastep
59bf343521 Leave first filename and linenumber on the same line as error text.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-08 08:55:24 -07:00
Tom Eastep
1d6e6b65db Finish a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 17:06:35 -07:00
Tom Eastep
2224fdbc65 Correct help text in compiler.pl
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 16:55:51 -07:00
Tom Eastep
fd1d6cf935 Handle default shorewallrc location
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 16:55:17 -07:00
Tom Eastep
5d7442e9e9 Correct typo in converted blrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-05-07 12:13:26 -07:00