Commit Graph

12240 Commits

Author SHA1 Message Date
Tom Eastep
27c5e67632 Rename process_rule to process_raw_rule and process_rule1 to process_rule
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-29 10:13:48 -08:00
Tom Eastep
61d8f704f9 Correct rule-generation detection in perl_action_helper
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-29 09:43:12 -08:00
Tom Eastep
221f4909b5 Document perl_action_helper
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-29 09:12:04 -08:00
Tom Eastep
f33e36b61e Raise an error if a protocol other than TCP is passed to a TCP-only inline
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-29 07:46:50 -08:00
Tom Eastep
670931c987 Initialize the columns array to '-'s.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-29 07:46:07 -08:00
Tom Eastep
316b67473e Merge branch 'master' into 4.5.13
Conflicts:
	Shorewall/Perl/Shorewall/Rules.pm
	Shorewall/action.Established
	Shorewall/actions.std
2013-01-29 07:30:52 -08:00
Tom Eastep
42f46ea5e7 Accurately determine if an inline action generates a rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 20:46:20 -08:00
Tom Eastep
49166efdca Make the TCP standard actions inline
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 18:01:08 -08:00
Tom Eastep
5a2c1792cb Inline the conntrack state actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 16:55:54 -08:00
Tom Eastep
de2cf6edf3 Correct typo in the actions.std files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 12:08:00 -08:00
Tom Eastep
6b889e537f Correct typo in the actions.std files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 12:07:04 -08:00
Tom Eastep
a70c441458 Add CONTINUE as a possible setting for RELATED_DISPOSITION.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 11:47:45 -08:00
Tom Eastep
519861d7b2 Add CONTINUE as a possible setting for RELATED_DISPOSITION.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:58:03 -08:00
Tom Eastep
2e8eeff416 Correct error messages that include the section name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:41:52 -08:00
Tom Eastep
2217f89902 Correctly initialize $chainref->{sections} vis-a-vis FASTACCEPT.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:41:45 -08:00
Tom Eastep
5c63444c14 Correct error messages that include the section name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:41:09 -08:00
Tom Eastep
cfa5d86f5c Correctly initialize $chainref->{sections} vis-a-vis FASTACCEPT.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-28 07:40:26 -08:00
Tom Eastep
f7bdb71aad Add an Established action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 15:40:53 -08:00
Tom Eastep
819c8bf492 Add Established action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 15:38:25 -08:00
Tom Eastep
b3b074fb61 More infrastructure
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 15:37:23 -08:00
Tom Eastep
cbbcfe355e Infrastructure for more powerful action handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 12:37:10 -08:00
Tom Eastep
2a2e23cb17 Merge branch '4.5.13' 2013-01-27 11:26:59 -08:00
Tom Eastep
1b94c3651d Always handle ESTABLISHED before the other connection states.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 10:56:41 -08:00
Tom Eastep
b1b2aa910e Correct section handling:
- Correct typo (' INVALID' -> 'INVALID' )
- Don't jump to non-existent target in finish_chain_section()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 10:14:27 -08:00
Tom Eastep
aa609b87a9 Allow arbitrary actions for the various states.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 10:10:24 -08:00
Tom Eastep
a3a90d8d2e Correct section handling:
- Correct typo (' INVALID' -> 'INVALID' )
- Don't jump to non-existent target in finish_chain_section()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 10:08:02 -08:00
Tom Eastep
6c8761c7dd Add a "matches" argument to process_rule1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 08:21:30 -08:00
Tom Eastep
9194165e89 Handle explicit CONTINUE value for UNTRACKED_DISPOSITION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 08:17:09 -08:00
Tom Eastep
6306103991 Clean up fix for optimize 8 performance issue
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 08:13:27 -08:00
Tom Eastep
749773f89a Handle explicit CONTINUE value for UNTRACKED_DISPOSITION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 08:12:49 -08:00
Tom Eastep
5db317b6f7 Clean up fix for optimize 8 performance issue
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-27 07:55:55 -08:00
Tom Eastep
380d427a5d Dramatically reduce the CPU cost of optimize 8.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-26 17:46:31 -08:00
Tom Eastep
6ce392b08e Correct handling of handle_first_entry() to avoid runaway recursion.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-26 12:18:17 -08:00
Tom Eastep
69b660ba56 Add Related and Untracked actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-26 09:45:16 -08:00
Tom Eastep
5fa01728ad Pass UNTRACKED packets through the blacklist chain when BLACKLISTNEWONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-26 09:18:20 -08:00
Tom Eastep
7bc66da663 Call handle_first_entry in the warning/error-message generators.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-26 07:30:50 -08:00
Tom Eastep
b8cc9c5a6a Drop chain-ending rules whose target is 'RETURN'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-25 14:03:04 -08:00
Tom Eastep
b7273d6999 Favor low-numbered less complex synonym chains in optimization 8.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-25 13:55:04 -08:00
Tom Eastep
c958329d14 More manpage updates for RELATED and UNTRACKED rules sections.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 19:24:01 -08:00
Tom Eastep
e12b919dc1 Prefer shorter action chain names in optimize level 8.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 17:25:11 -08:00
Tom Eastep
18c0956374 Fix two bugs in the UNTRACKED section implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 16:41:18 -08:00
Tom Eastep
575673a8f5 Correct broken links in the .conf manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 15:42:20 -08:00
Tom Eastep
6403f4959d Implement UNTRACKED SECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 15:42:01 -08:00
Tom Eastep
0ca93c1ac9 Unify handling of the RELATED and INVALID sections within finish_chain_section()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 14:38:02 -08:00
Tom Eastep
a40c74ddec Eliminate forward declaration of finish_chain_section()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 09:04:50 -08:00
Tom Eastep
c2bc74cdfe Add INVALID section to the rules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-24 08:33:59 -08:00
Tom Eastep
a03e793907 Added OUT-BANDWIDTH to the tcinterfaces column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-22 16:33:57 -08:00
Tom Eastep
7fe2027229 Eliminate superfluous ESTABLISHED,RELATED rule
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-22 16:17:19 -08:00
Tom Eastep
8fe36422b5 Delete stale comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-22 10:44:12 -08:00
Tom Eastep
17eae4adee Update the description of BLACKLISTNEWONLY to match the implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-22 09:11:15 -08:00