Tom Eastep
|
272e1d330c
|
Convert allowInvalid and dropInvalid into macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-06 09:54:12 -08:00 |
|
Tom Eastep
|
a66256b25b
|
Additional refinements of check_state()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-06 08:16:42 -08:00 |
|
Tom Eastep
|
11b976fb36
|
Correct reference type in check_state()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-05 19:55:22 -08:00 |
|
Tom Eastep
|
a6ccd53fe0
|
Unconditionally use '-j' to branch to a state chain or DISPOSITION.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-04 15:17:49 -08:00 |
|
Tom Eastep
|
b22b63b1c3
|
Don't use '-g' when DISPOSITION is CONTINUE.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-04 15:09:17 -08:00 |
|
Tom Eastep
|
615df6ab8f
|
Handle 'RETURN' in state chain with terminating disposition.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-04 15:08:20 -08:00 |
|
Tom Eastep
|
3757607356
|
Remove cruft from two actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-04 10:11:51 -08:00 |
|
Tom Eastep
|
f6faef7cd0
|
Correct syntax error in action.Untracked
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-04 09:58:38 -08:00 |
|
Tom Eastep
|
d8214885f2
|
Assume that the conntrack state value in a rule is not a reference.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-04 08:29:50 -08:00 |
|
Tom Eastep
|
475942deb9
|
Normalize rules prior to combine_state tests.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-03 18:14:14 -08:00 |
|
Tom Eastep
|
f1707d2ace
|
More state rule check fixes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-03 18:02:02 -08:00 |
|
Tom Eastep
|
c5dc69b750
|
Correct state actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-03 17:21:51 -08:00 |
|
Tom Eastep
|
30d96afb69
|
Push/pop $actionresult.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-03 12:43:28 -08:00 |
|
Tom Eastep
|
014b4ddc50
|
Combine adjacent rules differing only in conntrack state match.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-03 09:03:22 -08:00 |
|
Tom Eastep
|
61c219ed3a
|
Clarify the CHAIN column in the accounting manpage. Also mention ipset support.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-03 08:00:24 -08:00 |
|
Tom Eastep
|
5b9d1a6159
|
Handle UNTRACKED_DISPOSITION=ACCEPT correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-03 07:59:47 -08:00 |
|
Tom Eastep
|
752463bfab
|
Fix TCPFlags
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-02 22:19:13 -08:00 |
|
Tom Eastep
|
ebef29e161
|
Handle port numbers being passed to one of the tcp-specific actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-02 12:48:54 -08:00 |
|
Tom Eastep
|
9b30f48ba0
|
Correct handling of actions when @chain is altered.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-02 10:57:08 -08:00 |
|
Tom Eastep
|
e013e218a2
|
Don't try to import process_rule1 in three action files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-02 09:45:12 -08:00 |
|
Tom Eastep
|
0616dd9fcb
|
Add 'New' action for conntrack state NEW
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-02 09:33:24 -08:00 |
|
Tom Eastep
|
8249831e6d
|
Detect some state conflicts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-02 09:32:57 -08:00 |
|
Tom Eastep
|
cc1054be66
|
Correct handling of audited dispositions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-02 09:30:25 -08:00 |
|
Tom Eastep
|
c68d4c6e27
|
Simplify Perl from actions even further.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-01 15:55:39 -08:00 |
|
Tom Eastep
|
752e960f2f
|
Allow specification of the action type via perl_action_helper().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-01 12:59:48 -08:00 |
|
Tom Eastep
|
a5d3b1f470
|
Remove requirement that matches and proto end with a space in perl helper API.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-01 12:29:30 -08:00 |
|
Evangelos Foutras
|
c9247c8074
|
Remove Arch Linux init file
Arch Linux only supports systemd now.
Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-01 10:13:54 -08:00 |
|
Tom Eastep
|
abca3a2024
|
Improve maintainability of @colums vis a vis @rulecolumns.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-30 10:47:40 -08:00 |
|
Tom Eastep
|
8d28c44946
|
Remove 'audit' parameter handling from new state actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-30 10:45:10 -08:00 |
|
Tom Eastep
|
f407068d20
|
Update shorewall[6]-actions(5) regarding inline for some standard actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-30 08:27:30 -08:00 |
|
Tom Eastep
|
755d605578
|
Make %statetable global
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-30 08:26:47 -08:00 |
|
Tom Eastep
|
78db4abef5
|
Remove some redundant local variables from finish_chain_section()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-30 08:02:23 -08:00 |
|
Tom Eastep
|
fc73c3934b
|
Replace BLACKLISTNEWONLY with BLACKLIST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-30 08:00:47 -08:00 |
|
Tom Eastep
|
75fb164234
|
Don't issue fatal error if a proto other than tcp is passed to a tcp-only inline
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-29 10:31:20 -08:00 |
|
Tom Eastep
|
27c5e67632
|
Rename process_rule to process_raw_rule and process_rule1 to process_rule
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-29 10:13:48 -08:00 |
|
Tom Eastep
|
61d8f704f9
|
Correct rule-generation detection in perl_action_helper
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-29 09:43:12 -08:00 |
|
Tom Eastep
|
f33e36b61e
|
Raise an error if a protocol other than TCP is passed to a TCP-only inline
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-29 07:46:50 -08:00 |
|
Tom Eastep
|
670931c987
|
Initialize the columns array to '-'s.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-29 07:46:07 -08:00 |
|
Tom Eastep
|
316b67473e
|
Merge branch 'master' into 4.5.13
Conflicts:
Shorewall/Perl/Shorewall/Rules.pm
Shorewall/action.Established
Shorewall/actions.std
|
2013-01-29 07:30:52 -08:00 |
|
Tom Eastep
|
42f46ea5e7
|
Accurately determine if an inline action generates a rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 20:46:20 -08:00 |
|
Tom Eastep
|
49166efdca
|
Make the TCP standard actions inline
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 18:01:08 -08:00 |
|
Tom Eastep
|
5a2c1792cb
|
Inline the conntrack state actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 16:55:54 -08:00 |
|
Tom Eastep
|
de2cf6edf3
|
Correct typo in the actions.std files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 12:08:00 -08:00 |
|
Tom Eastep
|
6b889e537f
|
Correct typo in the actions.std files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 12:07:04 -08:00 |
|
Tom Eastep
|
a70c441458
|
Add CONTINUE as a possible setting for RELATED_DISPOSITION.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 11:47:45 -08:00 |
|
Tom Eastep
|
519861d7b2
|
Add CONTINUE as a possible setting for RELATED_DISPOSITION.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 07:58:03 -08:00 |
|
Tom Eastep
|
2e8eeff416
|
Correct error messages that include the section name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 07:41:52 -08:00 |
|
Tom Eastep
|
2217f89902
|
Correctly initialize $chainref->{sections} vis-a-vis FASTACCEPT.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 07:41:45 -08:00 |
|
Tom Eastep
|
5c63444c14
|
Correct error messages that include the section name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 07:41:09 -08:00 |
|
Tom Eastep
|
cfa5d86f5c
|
Correctly initialize $chainref->{sections} vis-a-vis FASTACCEPT.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 07:40:26 -08:00 |
|