Commit Graph

12240 Commits

Author SHA1 Message Date
Tom Eastep
f61f5a8183 Don't copy a chain that has a single RETURN rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-22 09:07:07 -08:00
Tom Eastep
4ed5c5fdfe Sort the chain list in optimize_level8.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-21 16:00:32 -08:00
Tom Eastep
25d6164f21 Try to avoid ~combN chains when dealing with action chains.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-21 11:51:33 -08:00
Tom Eastep
32c475193f Another fix for RELATED_DISPOSITION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-21 11:50:46 -08:00
Tom Eastep
982fabc96f Delete $caller argument from process_default_action()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-21 09:45:54 -08:00
Tom Eastep
5beae475f5 Make optimize 8 a multi-pass operation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-21 09:12:42 -08:00
Tom Eastep
c820c54f41 Correctly handle audited RELATED_DISPOSITION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-21 09:03:27 -08:00
Tom Eastep
4a354ba5a2 Avoid internal error during standard chain completion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-21 08:02:50 -08:00
Tom Eastep
e23876b582 Rename '$inline' to '$action' in policy_rules()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-21 07:36:50 -08:00
Tom Eastep
64e76599e0 Correct handling of default actions that set Shorewall variables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-20 16:15:04 -08:00
Tom Eastep
b5cb27e84e Correct .service files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-20 15:15:46 -08:00
Tom Eastep
c4a2f3d386 Set caller when possible in policy chains.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-20 14:51:16 -08:00
Tom Eastep
bc882af6c5 Allow RESET of Shorewall variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-20 07:32:34 -08:00
Tom Eastep
d31221b03c Fix variable assignment.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-20 07:26:10 -08:00
Tom Eastep
56919703ef Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2013-01-19 16:55:15 -08:00
Tom Eastep
f403420926 Allow setting chain variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-19 10:52:11 -08:00
Tom Eastep
b31c76cc50 Proper job of fixing DEFER_DNS_RESOLUTION=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-18 17:18:29 -08:00
Tom Eastep
1307770178 Allow setting action parameters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-18 15:05:14 -08:00
Tom Eastep
95aab78c0d Add infrastructure to delete the %usedactions entry for an action chain if
the chain parameters are modified.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-18 14:54:57 -08:00
Tom Eastep
4587430e4a Move get_action_logging() to the Config Module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-18 13:06:55 -08:00
Tom Eastep
8ccd1ab52b Handle exclusion correctly when DEFER_DNS_RESOLUTION=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-18 12:09:54 -08:00
Tom Eastep
e76c0c8187 Correct IPV6 document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-17 15:58:52 -08:00
Tom Eastep
ea0325a1f5 Clarify IPv6 again.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-17 11:29:36 -08:00
Tom Eastep
c303f14def Merge branch '4.5.12' 2013-01-17 10:49:56 -08:00
Tom Eastep
bb5151733c Add Eric Teeter's macro.ActiveDir
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-17 10:40:16 -08:00
Tom Eastep
066c159b4d Provide instructions for changing DISABLE_IPV6 from Yes to No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-17 10:21:08 -08:00
Tom Eastep
724115bcbf Add macro.ActiveDir
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-15 13:21:37 -08:00
Tom Eastep
f0e580347d Merge branch '4.5.12'
Conflicts:
	Shorewall/manpages/shorewall.conf.xml
	Shorewall6/manpages/shorewall6.conf.xml

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-15 10:42:10 -08:00
Tom Eastep
89a09f0256 Implement DEFER_DNS_RESOLUTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-13 17:00:14 -08:00
Tom Eastep
c26db29244 Implement DEFER_DNS_RESOLUTION 2013-01-13 13:23:38 -08:00
Tom Eastep
54dbbaaa2d Don't resolve DNS names at compile time.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-13 10:34:31 -08:00
Tom Eastep
ed40415458 Add FAQ 101 (speed up start/restart)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-13 08:19:26 -08:00
Tom Eastep
90bd19feb9 Convert DNS names into ip addresses in validate_net().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-13 07:39:27 -08:00
Tom Eastep
853b9ce916 Enable DNS names without an interface name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-12 14:38:26 -08:00
Tom Eastep
23a188f765 Merge branch '4.5.12' 2013-01-12 07:08:54 -08:00
Tom Eastep
c61d51363d Correct generation of rules in the ESTABLISHED section of the rules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-12 06:49:32 -08:00
Tom Eastep
af83989465 Update copyright dates.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-11 16:01:10 -08:00
Tom Eastep
b53fd39b49 Avoid a fatal Perl error in Config::cleanup when an fatal error occurs
while compiling a default action.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-11 15:50:23 -08:00
Tom Eastep
38097bef5d Correct an optimizer bug.
- delete_chain_and_references() was only deleting the downward references
  and not the upward ones.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-11 14:55:43 -08:00
Tom Eastep
20b551a1da Merge branch '4.5.12'
Conflicts:
	Shorewall/Perl/Shorewall/Chains.pm

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-10 17:21:02 -08:00
Tom Eastep
76a63fb7e8 Don't flush 'noarp' ARP entries
= doing so kills the loopback interface

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-10 17:14:40 -08:00
Tom Eastep
f41b2fbffc Clarify the LENGTH column of the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-09 16:22:38 -08:00
Tom Eastep
15ca9edf8a Allow delete_tc1() to work on devices which an @ suffix in their reported names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-09 14:09:07 -08:00
Tom Eastep
199bce925f Don't add chains with RETURNs to %terminating.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-09 12:54:29 -08:00
Tom Eastep
975fb8992e Add warnings about line continuation vs. comments
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-09 08:00:59 -08:00
Tom Eastep
1fd3a6a522 Detect terminating chains
- no RETURN Rules
- last rule is terminating

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-08 16:32:24 -08:00
Tom Eastep
011dd2c901 Add a RETURNS flag to optflags indicating that there is RETURN in the chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-08 15:25:53 -08:00
Tom Eastep
e54563d9c1 Don't append rules that can't be matched.
Also, delete chains whose only rule is a -j RETURN

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-08 13:53:03 -08:00
Tom Eastep
5818e106a5 Don't append rules that can't be matched.
Also, delete chains whose only rule is a -j RETURN

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-08 11:33:06 -08:00
Tom Eastep
f8c1b02dba Correct test for optimization in 'check -r'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-08 09:51:32 -08:00