Tom Eastep
|
f61f5a8183
|
Don't copy a chain that has a single RETURN rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-22 09:07:07 -08:00 |
|
Tom Eastep
|
4ed5c5fdfe
|
Sort the chain list in optimize_level8.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-21 16:00:32 -08:00 |
|
Tom Eastep
|
25d6164f21
|
Try to avoid ~combN chains when dealing with action chains.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-21 11:51:33 -08:00 |
|
Tom Eastep
|
32c475193f
|
Another fix for RELATED_DISPOSITION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-21 11:50:46 -08:00 |
|
Tom Eastep
|
982fabc96f
|
Delete $caller argument from process_default_action()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-21 09:45:54 -08:00 |
|
Tom Eastep
|
5beae475f5
|
Make optimize 8 a multi-pass operation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-21 09:12:42 -08:00 |
|
Tom Eastep
|
c820c54f41
|
Correctly handle audited RELATED_DISPOSITION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-21 09:03:27 -08:00 |
|
Tom Eastep
|
4a354ba5a2
|
Avoid internal error during standard chain completion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-21 08:02:50 -08:00 |
|
Tom Eastep
|
e23876b582
|
Rename '$inline' to '$action' in policy_rules()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-21 07:36:50 -08:00 |
|
Tom Eastep
|
64e76599e0
|
Correct handling of default actions that set Shorewall variables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-20 16:15:04 -08:00 |
|
Tom Eastep
|
b5cb27e84e
|
Correct .service files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-20 15:15:46 -08:00 |
|
Tom Eastep
|
c4a2f3d386
|
Set caller when possible in policy chains.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-20 14:51:16 -08:00 |
|
Tom Eastep
|
bc882af6c5
|
Allow RESET of Shorewall variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-20 07:32:34 -08:00 |
|
Tom Eastep
|
d31221b03c
|
Fix variable assignment.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-20 07:26:10 -08:00 |
|
Tom Eastep
|
56919703ef
|
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
|
2013-01-19 16:55:15 -08:00 |
|
Tom Eastep
|
f403420926
|
Allow setting chain variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-19 10:52:11 -08:00 |
|
Tom Eastep
|
b31c76cc50
|
Proper job of fixing DEFER_DNS_RESOLUTION=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-18 17:18:29 -08:00 |
|
Tom Eastep
|
1307770178
|
Allow setting action parameters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-18 15:05:14 -08:00 |
|
Tom Eastep
|
95aab78c0d
|
Add infrastructure to delete the %usedactions entry for an action chain if
the chain parameters are modified.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-18 14:54:57 -08:00 |
|
Tom Eastep
|
4587430e4a
|
Move get_action_logging() to the Config Module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-18 13:06:55 -08:00 |
|
Tom Eastep
|
8ccd1ab52b
|
Handle exclusion correctly when DEFER_DNS_RESOLUTION=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-18 12:09:54 -08:00 |
|
Tom Eastep
|
e76c0c8187
|
Correct IPV6 document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-17 15:58:52 -08:00 |
|
Tom Eastep
|
ea0325a1f5
|
Clarify IPv6 again.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-17 11:29:36 -08:00 |
|
Tom Eastep
|
c303f14def
|
Merge branch '4.5.12'
|
2013-01-17 10:49:56 -08:00 |
|
Tom Eastep
|
bb5151733c
|
Add Eric Teeter's macro.ActiveDir
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-17 10:40:16 -08:00 |
|
Tom Eastep
|
066c159b4d
|
Provide instructions for changing DISABLE_IPV6 from Yes to No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-17 10:21:08 -08:00 |
|
Tom Eastep
|
724115bcbf
|
Add macro.ActiveDir
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-15 13:21:37 -08:00 |
|
Tom Eastep
|
f0e580347d
|
Merge branch '4.5.12'
Conflicts:
Shorewall/manpages/shorewall.conf.xml
Shorewall6/manpages/shorewall6.conf.xml
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-15 10:42:10 -08:00 |
|
Tom Eastep
|
89a09f0256
|
Implement DEFER_DNS_RESOLUTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-13 17:00:14 -08:00 |
|
Tom Eastep
|
c26db29244
|
Implement DEFER_DNS_RESOLUTION
|
2013-01-13 13:23:38 -08:00 |
|
Tom Eastep
|
54dbbaaa2d
|
Don't resolve DNS names at compile time.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-13 10:34:31 -08:00 |
|
Tom Eastep
|
ed40415458
|
Add FAQ 101 (speed up start/restart)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-13 08:19:26 -08:00 |
|
Tom Eastep
|
90bd19feb9
|
Convert DNS names into ip addresses in validate_net().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-13 07:39:27 -08:00 |
|
Tom Eastep
|
853b9ce916
|
Enable DNS names without an interface name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-12 14:38:26 -08:00 |
|
Tom Eastep
|
23a188f765
|
Merge branch '4.5.12'
|
2013-01-12 07:08:54 -08:00 |
|
Tom Eastep
|
c61d51363d
|
Correct generation of rules in the ESTABLISHED section of the rules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-12 06:49:32 -08:00 |
|
Tom Eastep
|
af83989465
|
Update copyright dates.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-11 16:01:10 -08:00 |
|
Tom Eastep
|
b53fd39b49
|
Avoid a fatal Perl error in Config::cleanup when an fatal error occurs
while compiling a default action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-11 15:50:23 -08:00 |
|
Tom Eastep
|
38097bef5d
|
Correct an optimizer bug.
- delete_chain_and_references() was only deleting the downward references
and not the upward ones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-11 14:55:43 -08:00 |
|
Tom Eastep
|
20b551a1da
|
Merge branch '4.5.12'
Conflicts:
Shorewall/Perl/Shorewall/Chains.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-10 17:21:02 -08:00 |
|
Tom Eastep
|
76a63fb7e8
|
Don't flush 'noarp' ARP entries
= doing so kills the loopback interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-10 17:14:40 -08:00 |
|
Tom Eastep
|
f41b2fbffc
|
Clarify the LENGTH column of the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-09 16:22:38 -08:00 |
|
Tom Eastep
|
15ca9edf8a
|
Allow delete_tc1() to work on devices which an @ suffix in their reported names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-09 14:09:07 -08:00 |
|
Tom Eastep
|
199bce925f
|
Don't add chains with RETURNs to %terminating.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-09 12:54:29 -08:00 |
|
Tom Eastep
|
975fb8992e
|
Add warnings about line continuation vs. comments
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-09 08:00:59 -08:00 |
|
Tom Eastep
|
1fd3a6a522
|
Detect terminating chains
- no RETURN Rules
- last rule is terminating
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-08 16:32:24 -08:00 |
|
Tom Eastep
|
011dd2c901
|
Add a RETURNS flag to optflags indicating that there is RETURN in the chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-08 15:25:53 -08:00 |
|
Tom Eastep
|
e54563d9c1
|
Don't append rules that can't be matched.
Also, delete chains whose only rule is a -j RETURN
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-08 13:53:03 -08:00 |
|
Tom Eastep
|
5818e106a5
|
Don't append rules that can't be matched.
Also, delete chains whose only rule is a -j RETURN
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-08 11:33:06 -08:00 |
|
Tom Eastep
|
f8c1b02dba
|
Correct test for optimization in 'check -r'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-08 09:51:32 -08:00 |
|