Tom Eastep
d997ef1653
First cut at IPSEC support in the accounting file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-19 11:46:26 -07:00
Tom Eastep
4322d7b2af
Zone exclusion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 16:10:58 -07:00
Tom Eastep
4460b49842
Complete Zone list Support
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 14:38:53 -07:00
Tom Eastep
fafb0dea73
Update version to 4.4.13-Beta1
2010-08-18 12:40:34 -07:00
Tom Eastep
255cd6cf9c
Implement zone lists in rules file entries
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 12:18:58 -07:00
Tom Eastep
7a17b65368
Allow simple zone lists in rules
2010-08-18 07:26:38 -07:00
Tom Eastep
12aecdef37
Use '&' trick to avoid prototype matching
2010-08-17 09:17:25 -07:00
Tom Eastep
a0dffa787d
Add an assertion
2010-08-16 19:17:44 -07:00
Tom Eastep
2919c48ba0
Avoid forward reference to ensure_chain()
2010-08-16 13:25:01 -07:00
Tom Eastep
00837ed503
Add Shorewall::Chains::find_chain()
2010-08-16 13:12:12 -07:00
Tom Eastep
633eba6c90
Set version to 4.4.12
2010-08-15 08:50:45 -07:00
Tom Eastep
1510e111c4
Fix typo in conf basics doc
2010-08-13 20:27:14 -07:00
Tom Eastep
7281c9166e
Record the config directory in the state file
2010-08-12 17:54:07 -07:00
Tom Eastep
15eec24672
Simplify logic for generating all parent zones
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-12 15:15:19 -07:00
Tom Eastep
49053afdcb
Fix port range validate issue
2010-08-12 09:49:26 -07:00
Tom Eastep
69eaf84078
Fix bug with 'any'
2010-08-12 07:31:37 -07:00
Tom Eastep
965ad7ced1
Minor tweaks to the IPAddrs module
2010-08-11 11:46:26 -07:00
Tom Eastep
0234564a1b
Add destination IP blacklisting
2010-08-10 17:33:50 -07:00
Tom Eastep
8d4498c9b8
Update Version to 4.4.12 RC 1
2010-08-06 19:31:36 -07:00
Tom Eastep
0f02ee2628
Fix issue with set match generation
2010-08-06 10:17:54 -07:00
Tom Eastep
364ad41cf5
Add support for new ipset match syntax
2010-08-03 21:06:17 -07:00
Tom Eastep
2774ee1bd6
Make 'icmp' a synonym for 'ipv6-icmp' in IPv6 compilations
2010-08-02 08:04:55 -07:00
Tom Eastep
3ce8ff5741
Bump version to Beta 4
2010-08-01 16:10:32 -07:00
Tom Eastep
967629569b
Taylor Universal config to work with Shorewall-init and streamline ruleset
...
- Make interface 'all' optional and set REQUIRE_INTERFACE=Yes
- Add COMPLETE option
- Set FASTACCEPT in Universal samples
- Reset SUBSYSLOCK in Universal samples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-01 08:36:56 -07:00
Tom Eastep
a88e2afa69
Tweak the Universal documentation
2010-07-31 18:43:54 -07:00
Tom Eastep
0b3dfcc844
Revert version to Beta 3
2010-07-31 13:23:53 -07:00
Tom Eastep
fdcc263023
Fix a couple of minor bugs
2010-07-31 13:11:46 -07:00
Tom Eastep
0174045181
Fixes for Universal Sample
2010-07-31 10:49:49 -07:00
Tom Eastep
beeeb6efbc
Allow '+' as a physical interface
2010-07-31 10:08:45 -07:00
Tom Eastep
fdeb9006fa
Correct module versions
2010-07-31 09:02:51 -07:00
Tom Eastep
005b6f7b45
Use new hashlimit match syntax if available
2010-07-31 07:19:41 -07:00
Tom Eastep
637cfdaa14
Handle case where old hashlimit match is no longer supported
2010-07-29 17:14:36 -07:00
Tom Eastep
e598dc77b7
Correct/improve LOGLIMIT handling
2010-07-29 16:50:17 -07:00
Tom Eastep
a639b75e36
Bump version to RC1
2010-07-29 11:40:15 -07:00
Tom Eastep
6a1fea3a40
Add 'user marks'
2010-07-27 11:02:36 -07:00
Tom Eastep
f1a8da61bc
Use global log rate limiting, if any, for synflood logging
2010-07-26 14:58:38 -07:00
Tom Eastep
bd5facda30
Implement per-IP log rate limiting
2010-07-25 12:42:39 -07:00
Tom Eastep
9bf06caa35
Bump version to Beta 2
2010-07-25 08:11:49 -07:00
Tom Eastep
1528cc2094
Correct RE in split_action()
2010-07-24 11:50:10 -07:00
Tom Eastep
e956068959
Make default setting of MANGLE_ENABLED depend on the capability with the same name
2010-07-24 09:27:21 -07:00
Tom Eastep
e5a7d2ae69
Fix syntax error in generated script
2010-07-23 11:24:42 -07:00
Tom Eastep
9eedf155bc
Fix syntax error in generated script
2010-07-23 11:23:23 -07:00
Tom Eastep
3248fc8ab1
Add additional progress messages to updown()
2010-07-22 15:11:19 -07:00
Tom Eastep
49a8861f5b
Pretty up the code
2010-07-22 13:57:34 -07:00
Tom Eastep
7db9645225
Avoid an extra blank line
2010-07-22 13:51:47 -07:00
Tom Eastep
666cc35b46
Don't slow down stop with 'wait'
2010-07-22 12:56:49 -07:00
Tom Eastep
4e33efd8a6
Allow :random to work with REDIRECT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-22 07:26:38 -07:00
Tom Eastep
8959245375
Update version to 4.4.12-Beta1
2010-07-21 20:35:36 -07:00
Tom Eastep
411d392ccd
Additional progress messages during up/down processing
2010-07-21 20:35:03 -07:00
Tom Eastep
d897635af5
Allow bizarre overriding of SOURCE/DEST with ipsets
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-20 16:03:12 -07:00
Tom Eastep
1de257be19
Make ADD and DELETE work with any type of ipset.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-20 15:42:11 -07:00
Tom Eastep
79128605b1
Validate all IPSET Names
2010-07-18 17:18:10 -07:00
Tom Eastep
cbb524b067
Implement ADD/DEL commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-18 08:46:38 -07:00
Tom Eastep
d99aff5e09
Use Perl Constants rather literals for IPv6 Networks
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-16 10:06:29 -07:00
Tom Eastep
17bdcc1360
Eradicate incorrect multicast network address
2010-07-16 09:33:17 -07:00
Tom Eastep
b52b7c422f
Drop multicast and anycast in Drop and Reject actions
2010-07-12 16:44:34 -07:00
Tom Eastep
c1b212225e
Use uniform coding style in latest changes
2010-07-12 13:07:11 -07:00
Tom Eastep
328e1b7f6a
Don't generate rules to link local net from vserver zones
2010-07-12 12:39:51 -07:00
Tom Eastep
59189d6324
Don't generate rules from link local net to vserver zones
2010-07-12 11:52:56 -07:00
Tom Eastep
4792d1e5f1
Fix nets= in Shorewall6
2010-07-11 19:52:18 -07:00
Tom Eastep
5a5546ef1b
Set version to 4.4.11
2010-07-09 09:01:08 -07:00
Tom Eastep
d0c1c3d69c
Change comment to clarify assumption about function arguments
2010-07-08 17:45:18 -07:00
Tom Eastep
9eca7fb37b
Simplify logic in loopback helper functions
2010-07-08 17:11:27 -07:00
Tom Eastep
591a4bc7f6
Revert version of modules with only whitespace changes; rename a couple of functions for clarity
2010-07-07 06:43:07 -07:00
Tom Eastep
02fab09a14
Add PERL= option to shorewall.conf and shorewall6.conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-05 13:11:52 -07:00
Tom Eastep
31a9d24164
Fix missing quote when REQUIRE_INTERFACE=Yes
2010-07-05 09:47:03 -07:00
Tom Eastep
f977631af9
Just reset provider bits in FORWARD chain
2010-07-05 09:46:24 -07:00
Tom Eastep
b445b4fdd9
Fix compiler detection of FWMARK_RT_MASK -- take 2
2010-07-05 08:51:13 -07:00
Tom Eastep
0e87ccbcfd
Fix compiler detection of FWMARK_RT_MASK
2010-07-05 08:39:32 -07:00
Tom Eastep
542557069e
Back out a couple of harmless but unintended changes
2010-07-05 08:02:51 -07:00
Tom Eastep
898c3a045f
Bump version to RC1
2010-07-05 07:08:06 -07:00
Tom Eastep
312624cef5
Fix NET3 bug (netmap)
2010-07-04 15:58:37 -07:00
Tom Eastep
7689831cd7
Minor cleanup of 4.4.11 Beta 3.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-04 09:29:16 -07:00
Tom Eastep
2ee4fd8f5a
Add FWMARK_RT_MASK capability.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-04 09:08:04 -07:00
Tom Eastep
d3e30b5fe4
Add FORWARD_CLEAR_MARK option
2010-07-03 17:03:42 -07:00
Tom Eastep
5d1e19364a
Bump version to Beta 3
2010-07-03 10:54:39 -07:00
Tom Eastep
148b251766
Only send loopback traffic to the 'loopback' chain
2010-07-03 10:53:25 -07:00
Tom Eastep
21ce6f9b84
Add new zone-list function to return all but firewall zone.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-03 08:33:10 -07:00
Tom Eastep
c8274f0538
Minor vserver doc update
2010-07-02 13:34:21 -07:00
Tom Eastep
63154367ad
Forbid 'ipsec' in a vserver host entry
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 13:12:23 -07:00
Tom Eastep
e5d3ce582a
Correct Old Defect in ipsec match generation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 13:11:57 -07:00
Tom Eastep
9e81a5101f
Cleaner fix for ipsec/vserver issue
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 12:24:58 -07:00
Tom Eastep
261af19b4e
Fix invalid policy match with vserver zone.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 12:18:18 -07:00
Tom Eastep
f2ca9e25c9
Make find_hosts_by_option() work with options specified on the interface
2010-07-02 07:19:52 -07:00
Tom Eastep
338c021272
Fix refression in handling of mss=
2010-07-01 09:05:25 -07:00
Tom Eastep
64decb25fe
Bump version to 4.4.11-Beta2
2010-07-01 07:08:11 -07:00
Tom Eastep
9f15ccb24f
Update Raw.pm version.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-30 20:40:26 -07:00
Tom Eastep
e4afc15370
Finish Vserver Implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-30 20:35:46 -07:00
Tom Eastep
9e37fe1ffa
Deimplement flawed rate limiting with simple TC
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-26 07:42:08 -07:00
Tom Eastep
914d752f1d
Fix latency parsing
2010-06-25 16:10:26 -07:00
Tom Eastep
2909b6fd92
Quiet down the Perl interpreter on some boxen
2010-06-24 13:58:46 -07:00
Tom Eastep
1cb22d0bcf
First feeble steps toward vserver zones
2010-06-22 16:42:20 -07:00
Tom Eastep
dbbe6b264d
Fix the IPSET fix
2010-06-18 12:06:12 -07:00
Tom Eastep
e7340dabc0
Fix IPSET issue
2010-06-18 12:05:44 -07:00
Tom Eastep
32d8a9d996
Allow patch from Gabriel
2010-06-12 14:10:40 -07:00
Tom Eastep
d58127e51c
Allow networks to be specified in a NETMAP rule
2010-06-12 13:50:58 -07:00
Tom Eastep
9acec39898
Fix a couple of issues with Simple TC
2010-06-12 13:50:11 -07:00
Tom Eastep
625f254d02
Add tcfilters to manpage index
2010-06-10 06:15:15 -07:00
Tom Eastep
6040f02bb0
Don't set variables needlessly
2010-06-08 16:33:54 -07:00
Tom Eastep
32d575a8c8
Remove extra logic
2010-06-08 16:18:23 -07:00