Tom Eastep
1510e111c4
Fix typo in conf basics doc
2010-08-13 20:27:14 -07:00
Tom Eastep
b7f638ddb3
Document status command change
2010-08-12 19:46:57 -07:00
Tom Eastep
7281c9166e
Record the config directory in the state file
2010-08-12 17:54:07 -07:00
Tom Eastep
15eec24672
Simplify logic for generating all parent zones
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-12 15:15:19 -07:00
Tom Eastep
7168257152
Document port range editing fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-12 11:52:43 -07:00
Tom Eastep
49053afdcb
Fix port range validate issue
2010-08-12 09:49:26 -07:00
Tom Eastep
92eed0d23c
Document fix for any bug
2010-08-12 07:35:45 -07:00
Tom Eastep
69eaf84078
Fix bug with 'any'
2010-08-12 07:31:37 -07:00
Tom Eastep
aa00acc310
Correct typo in release notes
2010-08-11 16:09:12 -07:00
Tom Eastep
e0780b9a84
Rename the first column of the masq file for clarity
2010-08-11 15:34:27 -07:00
Tom Eastep
965ad7ced1
Minor tweaks to the IPAddrs module
2010-08-11 11:46:26 -07:00
Tom Eastep
0234564a1b
Add destination IP blacklisting
2010-08-10 17:33:50 -07:00
Tom Eastep
d9cbbea36a
Delete extra item in enhancement list
2010-08-07 14:06:20 -07:00
Tom Eastep
da91ef8d2c
Fix typo in install.sh
2010-08-07 10:56:15 -07:00
Tom Eastep
1a4d84d502
Document fix to install.sh
2010-08-07 09:34:19 -07:00
Tom Eastep
8d4498c9b8
Update Version to 4.4.12 RC 1
2010-08-06 19:31:36 -07:00
Tom Eastep
59829565f5
Add COMPLETE to release notes
2010-08-06 19:30:33 -07:00
Tom Eastep
0f02ee2628
Fix issue with set match generation
2010-08-06 10:17:54 -07:00
Tom Eastep
364ad41cf5
Add support for new ipset match syntax
2010-08-03 21:06:17 -07:00
Tom Eastep
2774ee1bd6
Make 'icmp' a synonym for 'ipv6-icmp' in IPv6 compilations
2010-08-02 08:04:55 -07:00
Tom Eastep
3ce8ff5741
Bump version to Beta 4
2010-08-01 16:10:32 -07:00
Tom Eastep
967629569b
Taylor Universal config to work with Shorewall-init and streamline ruleset
...
- Make interface 'all' optional and set REQUIRE_INTERFACE=Yes
- Add COMPLETE option
- Set FASTACCEPT in Universal samples
- Reset SUBSYSLOCK in Universal samples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-01 08:36:56 -07:00
Tom Eastep
a88e2afa69
Tweak the Universal documentation
2010-07-31 18:43:54 -07:00
Tom Eastep
2f08ec4dd6
Update version in release notes
2010-07-31 14:06:49 -07:00
Tom Eastep
0b9aa0f84b
Fix the dump command
2010-07-31 13:52:28 -07:00
Tom Eastep
0b3dfcc844
Revert version to Beta 3
2010-07-31 13:23:53 -07:00
Tom Eastep
fdcc263023
Fix a couple of minor bugs
2010-07-31 13:11:46 -07:00
Tom Eastep
bebeba8cae
Document Universal Configuration and allow for empty LOGFILE
2010-07-31 12:45:43 -07:00
Tom Eastep
4e02031985
Document Universal Configuration
2010-07-31 11:59:25 -07:00
Tom Eastep
0174045181
Fixes for Universal Sample
2010-07-31 10:49:49 -07:00
Tom Eastep
beeeb6efbc
Allow '+' as a physical interface
2010-07-31 10:08:45 -07:00
Tom Eastep
fdeb9006fa
Correct module versions
2010-07-31 09:02:51 -07:00
Tom Eastep
005b6f7b45
Use new hashlimit match syntax if available
2010-07-31 07:19:41 -07:00
Tom Eastep
637cfdaa14
Handle case where old hashlimit match is no longer supported
2010-07-29 17:14:36 -07:00
Tom Eastep
e598dc77b7
Correct/improve LOGLIMIT handling
2010-07-29 16:50:17 -07:00
Tom Eastep
0b8ddeeed4
Correct typo in release notes
2010-07-29 12:49:26 -07:00
Tom Eastep
8f531355c9
Update known problems for RC1
2010-07-29 12:40:46 -07:00
Tom Eastep
a639b75e36
Bump version to RC1
2010-07-29 11:40:15 -07:00
Tom Eastep
e00517f075
Add Vserver support as a release highlight
2010-07-29 11:38:43 -07:00
Tom Eastep
6a1fea3a40
Add 'user marks'
2010-07-27 11:02:36 -07:00
Tom Eastep
0c38ba815c
Add LOGLIMIT to .conf files while deleting LOGRATE and LOGBURST
2010-07-27 06:44:10 -07:00
Tom Eastep
f1a8da61bc
Use global log rate limiting, if any, for synflood logging
2010-07-26 14:58:38 -07:00
Tom Eastep
8f27a2461d
Fix syntax diagram
2010-07-25 13:08:15 -07:00
Tom Eastep
bd5facda30
Implement per-IP log rate limiting
2010-07-25 12:42:39 -07:00
Tom Eastep
9bf06caa35
Bump version to Beta 2
2010-07-25 08:11:49 -07:00
Tom Eastep
1528cc2094
Correct RE in split_action()
2010-07-24 11:50:10 -07:00
Tom Eastep
e956068959
Make default setting of MANGLE_ENABLED depend on the capability with the same name
2010-07-24 09:27:21 -07:00
Tom Eastep
e5a7d2ae69
Fix syntax error in generated script
2010-07-23 11:24:42 -07:00
Tom Eastep
9eedf155bc
Fix syntax error in generated script
2010-07-23 11:23:23 -07:00
Tom Eastep
55b596ddb2
Update release notes version and document Shorewall-init fixes
2010-07-23 11:09:05 -07:00
Tom Eastep
2c6d1c8d14
Many fixes for Shorewall-init
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-23 09:26:47 -07:00
Tom Eastep
898274dd77
Syncronize shorewall-lite activities
2010-07-22 17:00:34 -07:00
Tom Eastep
3248fc8ab1
Add additional progress messages to updown()
2010-07-22 15:11:19 -07:00
Tom Eastep
49a8861f5b
Pretty up the code
2010-07-22 13:57:34 -07:00
Tom Eastep
7db9645225
Avoid an extra blank line
2010-07-22 13:51:47 -07:00
Tom Eastep
666cc35b46
Don't slow down stop with 'wait'
2010-07-22 12:56:49 -07:00
Tom Eastep
055f92c3d2
Document fix for :random with REDIRECT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-22 07:28:43 -07:00
Tom Eastep
4e33efd8a6
Allow :random to work with REDIRECT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-22 07:26:38 -07:00
Tom Eastep
8959245375
Update version to 4.4.12-Beta1
2010-07-21 20:35:36 -07:00
Tom Eastep
411d392ccd
Additional progress messages during up/down processing
2010-07-21 20:35:03 -07:00
Tom Eastep
d897635af5
Allow bizarre overriding of SOURCE/DEST with ipsets
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-20 16:03:12 -07:00
Tom Eastep
1de257be19
Make ADD and DELETE work with any type of ipset.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-20 15:42:11 -07:00
Tom Eastep
79128605b1
Validate all IPSET Names
2010-07-18 17:18:10 -07:00
Tom Eastep
cbb524b067
Implement ADD/DEL commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-18 08:46:38 -07:00
Tom Eastep
47961f3fd5
Update release notes to mention link local network error
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-16 10:19:29 -07:00
Tom Eastep
d99aff5e09
Use Perl Constants rather literals for IPv6 Networks
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-16 10:06:29 -07:00
Tom Eastep
27937f32e3
Document IPv6 multicast network fix
2010-07-16 09:37:38 -07:00
Tom Eastep
17bdcc1360
Eradicate incorrect multicast network address
2010-07-16 09:33:17 -07:00
Tom Eastep
e0ae48f4c4
Document fix for IPv6 shorecap program
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-15 13:32:10 -07:00
Tom Eastep
f92f75196c
Correct accidental modification of action.Drop
2010-07-14 06:27:27 -07:00
Tom Eastep
a29921c9d2
Reverse order of ICMPv6 and Multicast/anycast filtering
2010-07-13 13:03:55 -07:00
Tom Eastep
b52b7c422f
Drop multicast and anycast in Drop and Reject actions
2010-07-12 16:44:34 -07:00
Tom Eastep
c1b212225e
Use uniform coding style in latest changes
2010-07-12 13:07:11 -07:00
Tom Eastep
328e1b7f6a
Don't generate rules to link local net from vserver zones
2010-07-12 12:39:51 -07:00
Tom Eastep
59189d6324
Don't generate rules from link local net to vserver zones
2010-07-12 11:52:56 -07:00
Tom Eastep
4792d1e5f1
Fix nets= in Shorewall6
2010-07-11 19:52:18 -07:00
Tom Eastep
5a5546ef1b
Set version to 4.4.11
2010-07-09 09:01:08 -07:00
Tom Eastep
d0c1c3d69c
Change comment to clarify assumption about function arguments
2010-07-08 17:45:18 -07:00
Tom Eastep
9eca7fb37b
Simplify logic in loopback helper functions
2010-07-08 17:11:27 -07:00
Tom Eastep
591a4bc7f6
Revert version of modules with only whitespace changes; rename a couple of functions for clarity
2010-07-07 06:43:07 -07:00
Tom Eastep
02fab09a14
Add PERL= option to shorewall.conf and shorewall6.conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-05 13:11:52 -07:00
Tom Eastep
4547067da9
Document fix for missing closing quote
2010-07-05 11:43:37 -07:00
Tom Eastep
31a9d24164
Fix missing quote when REQUIRE_INTERFACE=Yes
2010-07-05 09:47:03 -07:00
Tom Eastep
f977631af9
Just reset provider bits in FORWARD chain
2010-07-05 09:46:24 -07:00
Tom Eastep
b445b4fdd9
Fix compiler detection of FWMARK_RT_MASK -- take 2
2010-07-05 08:51:13 -07:00
Tom Eastep
0e87ccbcfd
Fix compiler detection of FWMARK_RT_MASK
2010-07-05 08:39:32 -07:00
Tom Eastep
542557069e
Back out a couple of harmless but unintended changes
2010-07-05 08:02:51 -07:00
Tom Eastep
aa6bb6e911
Improve wording of FORWARD_CLEAR_MARK description
2010-07-05 07:53:31 -07:00
Tom Eastep
898c3a045f
Bump version to RC1
2010-07-05 07:08:06 -07:00
Tom Eastep
6a644716c9
Unconditionally use /usr/bin/perl
2010-07-04 17:13:33 -07:00
Tom Eastep
312624cef5
Fix NET3 bug (netmap)
2010-07-04 15:58:37 -07:00
Tom Eastep
7689831cd7
Minor cleanup of 4.4.11 Beta 3.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-04 09:29:16 -07:00
Tom Eastep
2ee4fd8f5a
Add FWMARK_RT_MASK capability.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-04 09:08:04 -07:00
Tom Eastep
d3e30b5fe4
Add FORWARD_CLEAR_MARK option
2010-07-03 17:03:42 -07:00
Tom Eastep
5d1e19364a
Bump version to Beta 3
2010-07-03 10:54:39 -07:00
Tom Eastep
148b251766
Only send loopback traffic to the 'loopback' chain
2010-07-03 10:53:25 -07:00
Tom Eastep
21ce6f9b84
Add new zone-list function to return all but firewall zone.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-03 08:33:10 -07:00
Tom Eastep
c8274f0538
Minor vserver doc update
2010-07-02 13:34:21 -07:00
Tom Eastep
63154367ad
Forbid 'ipsec' in a vserver host entry
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 13:12:23 -07:00
Tom Eastep
e5d3ce582a
Correct Old Defect in ipsec match generation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 13:11:57 -07:00
Tom Eastep
9e81a5101f
Cleaner fix for ipsec/vserver issue
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 12:24:58 -07:00
Tom Eastep
261af19b4e
Fix invalid policy match with vserver zone.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 12:18:18 -07:00
Tom Eastep
364cddf99b
Update release documents for find_hosts_by_option() fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 07:40:30 -07:00
Tom Eastep
f2ca9e25c9
Make find_hosts_by_option() work with options specified on the interface
2010-07-02 07:19:52 -07:00
Tom Eastep
db8dba66db
Correct defect in the handling of 'trace' and 'debug'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-01 15:56:57 -07:00
Tom Eastep
338c021272
Fix refression in handling of mss=
2010-07-01 09:05:25 -07:00
Tom Eastep
64decb25fe
Bump version to 4.4.11-Beta2
2010-07-01 07:08:11 -07:00
Tom Eastep
9f15ccb24f
Update Raw.pm version.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-30 20:40:26 -07:00
Tom Eastep
e4afc15370
Finish Vserver Implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-30 20:35:46 -07:00
Tom Eastep
9e37fe1ffa
Deimplement flawed rate limiting with simple TC
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-26 07:42:08 -07:00
Tom Eastep
fc95cb8dc6
Run insserv when installed on Debian
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-26 07:34:34 -07:00
Tom Eastep
914d752f1d
Fix latency parsing
2010-06-25 16:10:26 -07:00
Tom Eastep
fe27554fd0
Document undefined value issue
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-24 14:18:48 -07:00
Tom Eastep
2909b6fd92
Quiet down the Perl interpreter on some boxen
2010-06-24 13:58:46 -07:00
Tom Eastep
cc376ab72e
Update release documents for REQUIRE_INTERFACE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-23 13:00:00 -07:00
Tom Eastep
3cda3d0315
Add REQUIRE_INTERFACE to shorewall*.conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-23 12:58:35 -07:00
Tom Eastep
1cb22d0bcf
First feeble steps toward vserver zones
2010-06-22 16:42:20 -07:00
Tom Eastep
d5aaa97d4e
Update release documents for changes ported from the 4.4.10 branch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-22 08:40:07 -07:00
Tom Eastep
efa4cfa921
Update release documents for 4.4.11 Beta 1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-18 12:09:43 -07:00
Tom Eastep
dbbe6b264d
Fix the IPSET fix
2010-06-18 12:06:12 -07:00
Tom Eastep
e7340dabc0
Fix IPSET issue
2010-06-18 12:05:44 -07:00
Tom Eastep
503b1cf795
Update release note version banner
2010-06-16 16:46:56 -07:00
Tom Eastep
32d8a9d996
Allow patch from Gabriel
2010-06-12 14:10:40 -07:00
Tom Eastep
d58127e51c
Allow networks to be specified in a NETMAP rule
2010-06-12 13:50:58 -07:00
Tom Eastep
9acec39898
Fix a couple of issues with Simple TC
2010-06-12 13:50:11 -07:00
Tom Eastep
625f254d02
Add tcfilters to manpage index
2010-06-10 06:15:15 -07:00
Tom Eastep
6040f02bb0
Don't set variables needlessly
2010-06-08 16:33:54 -07:00
Tom Eastep
32d575a8c8
Remove extra logic
2010-06-08 16:18:23 -07:00
Tom Eastep
dcd64cd096
Move ipset-load code to Chains.pm. Better there than in Compiler.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-08 16:18:14 -07:00
Tom Eastep
a5816c23d4
Move save_dynamic_chains to Chains.pm where it belongs.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-08 16:17:57 -07:00
Tom Eastep
6537c1e55a
Improve readability
2010-06-08 16:16:23 -07:00
Tom Eastep
52a80e69a9
More tweaks to saving/restoring dynamic chains
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-08 11:27:09 -07:00
Tom Eastep
ec3fdbde98
More changes having to do with with dynamic chains
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-08 11:26:53 -07:00
Tom Eastep
aa4b0f71af
Much cleaner implementation of save_dynamic_chains()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-07 10:11:33 -07:00
Tom Eastep
0978f3d41a
More periodic removal of trailing white space
2010-06-07 09:16:56 -07:00
Tom Eastep
3467969c26
Periodic removal of trailing white space
2010-06-07 07:30:56 -07:00
Tom Eastep
04de6fac6d
Make dynamic chain saving work with IPv6
...
Also, use hidden files to save the chain contents.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-07 07:18:21 -07:00
Tom Eastep
b741ff2a81
Document first 4.4.11 features
2010-06-06 20:40:39 -07:00
Tom Eastep
db138edbd1
Update versions of modified modules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-06 13:49:26 -07:00
Tom Eastep
b3370dfd78
Initiate 4.4.11
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-06 13:36:45 -07:00
Tom Eastep
17b6e370af
Purge saved dynamic blacklist if the chain doesn't exist
2010-06-06 13:24:09 -07:00
Tom Eastep
25c0e3c7b3
Retain UPnP and dynamic blacklist over 'restart'
2010-06-06 13:23:49 -07:00
Tom Eastep
ca7d145746
Don't enter command mode for upnpclient rule for non-optional interface
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-06 08:05:19 -07:00
Tom Eastep
99a0226a43
Slight improvement of regular expression used to insert chain name into rules after '-A'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-06 08:04:28 -07:00
Tom Eastep
fdc3b698a9
Version to 4.4.10 (again)
2010-06-05 15:58:23 -07:00
Tom Eastep
d388b29d70
Let Zones.pm export chain_base rather than Chains.pm
2010-06-05 08:40:00 -07:00
Tom Eastep
0e995d65ac
Version to 4.4.10-RC2
2010-06-04 16:19:15 -07:00
Tom Eastep
742a3b2eef
Make wait and required work on wildcard interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-04 10:35:45 -07:00
Tom Eastep
82a74d7534
Resolve Optional/Required interfaces with wildcard names
...
Optional is allowed
Required is not
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-04 08:46:29 -07:00
Tom Eastep
165535cd8b
Disallow wildcard optional/required interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-04 07:18:55 -07:00
Tom Eastep
7625b4069b
Delete references to prenet subsystem locks.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-03 12:31:39 -07:00
Tom Eastep
43afd03b9b
Bump version to 4.4.10
2010-06-03 11:18:02 -07:00
Tom Eastep
f29b06ec07
Update .spec files to use DESTDIR
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-01 07:18:37 -07:00
Tom Eastep
91840acb18
Remove unused RUNLEVELS variable from the install scripts.
...
Add some documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-01 07:12:19 -07:00
Tom Eastep
fe55fa0f31
Rename PREFIX->DESTDIR
...
If DESTDIR is not supplied, look for PREFIX
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-01 06:42:11 -07:00
Tom Eastep
c52d0c4d9f
Update release notes for 'version -a'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-31 08:05:33 -07:00
Tom Eastep
858a422da3
Extend 'version -a' behavior to all CLIs
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-31 07:32:17 -07:00
Tom Eastep
47c4cbd85a
Remove extra step in DSL modem access
2010-05-30 11:31:41 -07:00
Tom Eastep
347757a190
Yet more updates for build on the Mac
2010-05-29 10:57:27 -07:00
Tom Eastep
58ad0bc9e0
More updates for build on the Mac
2010-05-29 10:50:39 -07:00
Tom Eastep
226eb6ca3e
Cleanup of optimization fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 09:56:14 -07:00
Tom Eastep
5bd1bac70d
Document fix for optimization bug
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 09:13:52 -07:00
Tom Eastep
e29d6d080d
Restore -a functionality to the version command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 08:59:45 -07:00
Tom Eastep
50ce5bab68
Fix Optimization Bug
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 08:58:16 -07:00
Tom Eastep
d58480943a
Bump version to 4.4.10 RC 1
2010-05-27 17:21:11 -07:00
Tom Eastep
3125a4d0d3
Restore RPM RedHat compatibility
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-27 06:49:49 -07:00
Tom Eastep
cc269d5d19
Make RPM SuSE-only
2010-05-26 18:49:33 -07:00
Tom Eastep
e627e0ea76
Bump version to 4.4.10-Beta4
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-26 16:47:49 -07:00
Tom Eastep
84909de8b9
Fixes for Debian
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-25 16:02:57 -07:00
Tom Eastep
cdcb42ce9c
Increment version to 4.4.10-Beta3.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-25 07:17:57 -07:00
Tom Eastep
3db31f2f65
Add SAFESTOP setting to /etc/default/shorewall*.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-25 07:16:02 -07:00
Tom Eastep
2d19cd1ebb
Add options to readlink
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-24 06:37:02 -07:00
Tom Eastep
9c0564831a
Fix syntax error in generated shell script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-24 06:23:45 -07:00
Tom Eastep
620f5cf76b
More build fixes
2010-05-23 17:12:42 -07:00
Tom Eastep
0f7b4cf7f4
Fix logrotate issue
2010-05-23 17:01:31 -07:00
Tom Eastep
0ef4cd1653
Allow Debian install with PREFIX
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-23 16:10:36 -07:00
Tom Eastep
60c751b98f
First stage rework of Shorewall install script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-23 16:02:28 -07:00
Tom Eastep
d32ed01cf0
Use readlink(1) where appropriate
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-23 13:37:26 -07:00
Tom Eastep
1d87fc0102
Update .spec files with virtual requires/provides
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-21 10:12:37 -07:00
Tom Eastep
eaad566978
Update documents for Shorewall-lite
2010-05-20 17:06:53 -07:00
Tom Eastep
4264524448
Bump Version to 4.4.10-Beta2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-20 14:13:38 -07:00
Tom Eastep
2a870088d8
Remove 'close' from CLI programs
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-20 14:09:40 -07:00
Tom Eastep
182f433772
Add note about supported distributions to release notes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-20 06:32:34 -07:00
Tom Eastep
50dc02da07
Implement the 'REQUIRE_INTERFACE' option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-19 07:32:02 -07:00
Tom Eastep
06a17c8973
Adjust manpage specifications in spec file
2010-05-18 20:59:24 -07:00
Tom Eastep
4e748f9255
Add Shorewall-init manpage and update release notes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 20:40:03 -07:00
Tom Eastep
4690075ed8
Start firewall on up event for optional interface.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 20:29:03 -07:00
Tom Eastep
1eb5e5b081
Fail the install on unknown distros.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 15:30:53 -07:00
Tom Eastep
9c5fb89b4c
Improve documentation in the release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 14:55:16 -07:00
Tom Eastep
0c9a0150d2
Document Shorewall-init; delete old auto-stop code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 14:42:39 -07:00
Tom Eastep
5b2affbd01
Changes to make RedHat work with NetworkManager
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 13:41:01 -07:00
Tom Eastep
f9d187c288
Correct issues found in Fedora Testing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 10:27:12 -07:00
Tom Eastep
499b0cddaa
Log the text from startup errors.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-17 07:02:30 -07:00
Tom Eastep
a534bca914
Fix an existing bug in Shorewall6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-16 19:28:49 -07:00
Tom Eastep
a501222194
Fix some bugs in the Shorewall-init implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-16 17:41:09 -07:00
Tom Eastep
4f428d8135
De-implement 'close'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-16 15:31:41 -07:00
Tom Eastep
749d6be64e
Add 'optional' interfaces to updown processing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 17:06:00 -07:00
Tom Eastep
a3589dc6e9
Implement the 'up' and 'down' script commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 12:48:04 -07:00
Tom Eastep
ff388ca5c4
Detect the 'closed' state in the status command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 12:46:47 -07:00
Tom Eastep
88188202cc
Add 'wait' interface option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 09:52:46 -07:00
Tom Eastep
16e451a7d8
Add 'required' interface option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 09:04:32 -07:00
Tom Eastep
a2758421ed
Bump version to 4.4.10-Beta1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-13 17:03:14 -07:00
Tom Eastep
529f9a07b4
Update Rules.pm version to 4.4.10
2010-05-13 16:39:52 -07:00
Tom Eastep
a04d8126e1
Finish implementing 'close'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-13 16:39:01 -07:00
Tom Eastep
1d0b8b1cec
Correct syntax error in generated code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-13 16:32:42 -07:00
Tom Eastep
449ca038ba
Implement 'close' command
2010-05-13 16:29:25 -07:00
Tom Eastep
74c515016e
Add back stuff merged earlier:
2010-05-08 16:32:03 -07:00
Tom Eastep
679ad6cf04
Allow OS X to be an Administrative System
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-06 09:07:16 -07:00
Tom Eastep
65a5d34276
Update Module Versions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 12:46:29 -07:00
Tom Eastep
96bef5bd49
Assume 'routeback' in routestopped based on interface config.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 12:31:11 -07:00
Tom Eastep
fca404eeaf
Update version to 4.4.9
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 10:02:02 -07:00
Tom Eastep
c7848be266
Back out the rest of the original change for dup / -[psiod]
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 09:59:25 -07:00
Tom Eastep
70c6a2cdf3
Update version to 4.4.9-RC2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-02 07:25:50 -07:00
Tom Eastep
7d2df848c9
Tighten up the new mDNS rule
2010-05-01 12:13:02 -07:00
Tom Eastep
9bcd9fd12b
Allow for mDNS multicast responses
2010-05-01 12:01:58 -07:00
Tom Eastep
639b3ea57d
Simplify checking for /! -[piosd] /
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 09:13:16 -07:00
Tom Eastep
311372013d
More fixes to optimization
...
Only disallow / ! -[piosd] / if the target is a chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 08:58:41 -07:00
Tom Eastep
518416ec2e
Add a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 08:08:39 -07:00
Tom Eastep
94c6b37e8e
Avoid leaving an orphan '!' behind.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 07:51:24 -07:00
Tom Eastep
219b2e0761
A more comprehensive solution to multiple -[piosd] matches.
...
- eliminate duplicate -[piosd] matches in merged rules
- avoid tracing !* unconditionally
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 07:26:25 -07:00
Tom Eastep
16161d9cfc
Add new trace types.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 06:43:09 -07:00
Tom Eastep
1173518d78
More minor cleanup of first code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-30 07:22:09 -07:00
Tom Eastep
2864841a9e
Correct release notes
...
update version to RC1
correct typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-29 11:21:31 -07:00
Tom Eastep
076da4bd5c
Couple of tweaks to my earliest code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-29 11:19:50 -07:00
Tom Eastep
a997d6507d
Update release notes with more common example of failure.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-28 08:09:10 -07:00
Tom Eastep
039668b333
Update release notes to reflect reality.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-28 06:57:45 -07:00
Tom Eastep
2c1cede54e
Revise addressless bridge change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 15:23:38 -07:00
Tom Eastep
d8b0f496df
Allow simple configuration of a bridge with no IP address
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 12:26:58 -07:00
Tom Eastep
988f7c4d7e
More fixes for bad NAT optimization
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:50:18 -07:00
Tom Eastep
f49848bd5b
Document rare optimization fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:32:53 -07:00
Tom Eastep
0e4698d57c
Fix rare optimization bug
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:19:58 -07:00
Tom Eastep
6d61e962eb
Use -m conntrack if available in place of -m state
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-25 13:35:41 -07:00
Tom Eastep
21e0c68ef2
Bump version to 4.4.9 RC1
2010-04-25 09:37:17 -07:00
Tom Eastep
fb2ddcee7b
Bump Version to 4.4.9 Beta 5
2010-04-24 21:53:12 -07:00
Tom Eastep
6053352f8c
A better fix for find_first_interface_address()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-23 20:06:45 -07:00
Tom Eastep
2cb3bac946
Document fix for find_first_interface_address()
2010-04-23 12:18:51 -07:00
Tom Eastep
232fc21fe2
Allow find_first_interface_address[_if_any] to work properly in the params file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-23 11:54:36 -07:00
Tom Eastep
b821bdcdfd
One more pass at improving regex's for target isolation and matching
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 14:45:34 -07:00
Tom Eastep
64bf772594
Set OUTPUT policy to ACCEPT when optimize_chain deletes all of its rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 13:38:38 -07:00
Tom Eastep
b0b39cfc39
Document optimization level 2 fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 11:55:13 -07:00
Tom Eastep
fb754b3a2e
Don't remove a lone ACCEPT rule from the OUTPUT chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 11:35:14 -07:00
Tom Eastep
0dde75d345
Fix install scripts (again)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-19 13:08:03 -07:00
Tom Eastep
a0abb11f67
Extend 'show log <ipaddr>' to search for a regular expression.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-19 13:02:21 -07:00
Tom Eastep
8c09f21e5d
Implement 'show log <token>'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-19 10:20:28 -07:00
Tom Eastep
a1a78cf09b
Abandon the fantesy that multiple optimize 8 passes will achieve anything.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 17:12:08 -07:00
Tom Eastep
938cfd7ba4
Don't create fw-><bport> chains and rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 12:29:51 -07:00
Tom Eastep
c52a3dcd14
Don't generate policy chains for fw to bridgeport zones.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:56:11 -07:00
Tom Eastep
1030c852f9
Simplify a test
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:21:30 -07:00
Tom Eastep
e7a4aaafc1
Modify optimization 8 loop to continue until no chains are combined.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:17:57 -07:00
Tom Eastep
8e1284f74c
Document OPTIMIZE=15
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:17:12 -07:00
Tom Eastep
4f00de0c57
Make additional optimize 8 passes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 08:42:25 -07:00
Tom Eastep
21b44ac42b
Change version to 4.4.9-Beta4
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 07:25:53 -07:00
Tom Eastep
82d6ba511f
Unify the REs that look for '-[jg] <chain>'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 18:02:31 -07:00
Tom Eastep
cec59360f6
Use '-j' rather than '-g' when jumping to tcpre, just to be safe
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 14:14:13 -07:00
Tom Eastep
46d207a86f
Restore original amount of whitespace in maclist rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 14:13:37 -07:00
Tom Eastep
e9a94b0cfb
Unify reference count adjustment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 14:12:48 -07:00
Tom Eastep
cf59d9ec68
Fix an optimize 8 bug.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 12:45:00 -07:00
Tom Eastep
dde540c42d
Update release notes for optimize 4 problems.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 12:44:37 -07:00
Tom Eastep
c1bcf360ee
Fix another 'add_rule' that should have been an 'add_jump'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 09:59:57 -07:00
Tom Eastep
f7e48a94da
Fix install scripts.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 09:39:21 -07:00
Tom Eastep
96d69bd8c3
Centralize message generation; optimize optimization-8 loop
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 09:29:37 -07:00
Tom Eastep
9ad5ee1818
Add correct release id.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 07:25:35 -07:00
Tom Eastep
aeb90969f7
Optimize 8 Documentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-14 17:12:25 -07:00
Tom Eastep
cff6f0010f
Remove chain name after '-A' (again).
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-14 17:05:03 -07:00
Tom Eastep
f8bacb54ef
Optimize 8
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-14 13:21:10 -07:00
Tom Eastep
4137961169
Speed up the replace_references* functions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-11 09:00:24 -07:00
Tom Eastep
715ea9ef32
Speed up delete_jumps()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-11 08:38:14 -07:00
Tom Eastep
91a711b34f
Document startup log fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 11:54:54 -07:00
Tom Eastep
4365b83b15
Rationalize init logs
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 11:46:50 -07:00
Tom Eastep
76b9ef7005
Use unshift rather than splice for readability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 09:25:29 -07:00
Tom Eastep
2e443df8e3
Adjust references in move_rules()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 09:09:46 -07:00
Tom Eastep
ff73d802da
More cleanup of rule and chain deletion:
...
- Rename purge_jumps() to delete_jumps()
- Add delete_chain() function
- Remove an unnecessary assertion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 08:37:17 -07:00
Tom Eastep
1de304bfd9
Relocate purge_jumps() and change the loop exit condition to be a bit safer.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 13:51:44 -07:00
Tom Eastep
14477d61fe
Verify that purge_jumps() reset the 'to' chain's referenced flag.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 12:28:01 -07:00
Tom Eastep
2ff1df53da
Unify chain deletion.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 11:38:18 -07:00
Tom Eastep
7a831107c7
Replace the complex rule deletion loops with C-stype for loops.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 09:58:32 -07:00
Tom Eastep
9dc8267888
Don't apply RE to rules that we've already checked.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 09:46:07 -07:00
Tom Eastep
1e078b8c8d
Use splice() to delete rules from chains
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 09:38:03 -07:00
Tom Eastep
2f3f591af1
Document removal of fallback scripts.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 07:43:36 -07:00
Tom Eastep
56bc28a182
Prepare 4.4.9 Beta 3
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 07:32:21 -07:00
Tom Eastep
c2c0fb0dd2
Fix deletion of only rule in a chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 17:20:11 -07:00
Tom Eastep
ab1a27ca2a
Update version to 4.4.9 Beta 2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 13:14:51 -07:00
Tom Eastep
9a00191c88
Remove a 'defined' test that is no longer needed.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 13:12:17 -07:00
Tom Eastep
359c221783
Keep rules arrays compressed throughout the compilation process
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 12:53:30 -07:00
Tom Eastep
3937c10251
Keep rule arrays compressed during optimization
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 11:35:15 -07:00
Tom Eastep
9126cc63d9
Delete unused rules arrays
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 10:55:31 -07:00
Tom Eastep
c668707aac
Update release docs with optimize 4 fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 20:18:56 -07:00
Tom Eastep
cca2c18370
Another case where reference counts are wrong
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 20:07:03 -07:00
Tom Eastep
aeb3b277b0
Fix reference count issue
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 19:47:49 -07:00
Tom Eastep
9d7d7e06d8
Update release documents
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 14:43:50 -07:00
Tom Eastep
3711e64d71
Fix for 0 values propagated to the script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 14:38:29 -07:00
Tom Eastep
3092a85999
SWAG regarding LOG_VERBOSITY issue
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 13:43:57 -07:00
Tom Eastep
c49e3076ec
Recode fix for find_first_interface_address()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 13:28:07 -07:00
Tom Eastep
62c9cb7b36
Change 'first_install' tests
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 13:16:16 -07:00
Tom Eastep
f17365cf6d
Fix find_first_interface_address()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 13:05:42 -07:00
Tom Eastep
3b317afb2f
Add mDNS macro from Vincent Smeets.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-03 15:57:50 -07:00
Tom Eastep
427b14b21d
Clean up file headers in the .conf files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 11:53:36 -07:00
Tom Eastep
af893b6296
Add 'N' trace records for chain creation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 07:32:38 -07:00
Tom Eastep
c57ee7d68d
Update release notes with additional trace information.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 07:23:17 -07:00
Tom Eastep
b2d8039ff6
Remove unnecessary text and 'before' images from trace entries
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 07:12:22 -07:00