Commit Graph

891 Commits

Author SHA1 Message Date
Tom Eastep
d997ef1653 First cut at IPSEC support in the accounting file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-19 11:46:26 -07:00
Tom Eastep
4322d7b2af Zone exclusion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 16:10:58 -07:00
Tom Eastep
4460b49842 Complete Zone list Support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 14:38:53 -07:00
Tom Eastep
fafb0dea73 Update version to 4.4.13-Beta1 2010-08-18 12:40:34 -07:00
Tom Eastep
255cd6cf9c Implement zone lists in rules file entries
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 12:18:58 -07:00
Tom Eastep
7a17b65368 Allow simple zone lists in rules 2010-08-18 07:26:38 -07:00
Tom Eastep
12aecdef37 Use '&' trick to avoid prototype matching 2010-08-17 09:17:25 -07:00
Tom Eastep
a0dffa787d Add an assertion 2010-08-16 19:17:44 -07:00
Tom Eastep
2919c48ba0 Avoid forward reference to ensure_chain() 2010-08-16 13:25:01 -07:00
Tom Eastep
00837ed503 Add Shorewall::Chains::find_chain() 2010-08-16 13:12:12 -07:00
Tom Eastep
633eba6c90 Set version to 4.4.12 2010-08-15 08:50:45 -07:00
Tom Eastep
1510e111c4 Fix typo in conf basics doc 2010-08-13 20:27:14 -07:00
Tom Eastep
7281c9166e Record the config directory in the state file 2010-08-12 17:54:07 -07:00
Tom Eastep
15eec24672 Simplify logic for generating all parent zones
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-12 15:15:19 -07:00
Tom Eastep
49053afdcb Fix port range validate issue 2010-08-12 09:49:26 -07:00
Tom Eastep
69eaf84078 Fix bug with 'any' 2010-08-12 07:31:37 -07:00
Tom Eastep
965ad7ced1 Minor tweaks to the IPAddrs module 2010-08-11 11:46:26 -07:00
Tom Eastep
0234564a1b Add destination IP blacklisting 2010-08-10 17:33:50 -07:00
Tom Eastep
8d4498c9b8 Update Version to 4.4.12 RC 1 2010-08-06 19:31:36 -07:00
Tom Eastep
0f02ee2628 Fix issue with set match generation 2010-08-06 10:17:54 -07:00
Tom Eastep
364ad41cf5 Add support for new ipset match syntax 2010-08-03 21:06:17 -07:00
Tom Eastep
2774ee1bd6 Make 'icmp' a synonym for 'ipv6-icmp' in IPv6 compilations 2010-08-02 08:04:55 -07:00
Tom Eastep
3ce8ff5741 Bump version to Beta 4 2010-08-01 16:10:32 -07:00
Tom Eastep
967629569b Taylor Universal config to work with Shorewall-init and streamline ruleset
- Make interface 'all' optional and set REQUIRE_INTERFACE=Yes
- Add COMPLETE option
- Set FASTACCEPT in Universal samples
- Reset SUBSYSLOCK in Universal samples

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-01 08:36:56 -07:00
Tom Eastep
a88e2afa69 Tweak the Universal documentation 2010-07-31 18:43:54 -07:00
Tom Eastep
0b3dfcc844 Revert version to Beta 3 2010-07-31 13:23:53 -07:00
Tom Eastep
fdcc263023 Fix a couple of minor bugs 2010-07-31 13:11:46 -07:00
Tom Eastep
0174045181 Fixes for Universal Sample 2010-07-31 10:49:49 -07:00
Tom Eastep
beeeb6efbc Allow '+' as a physical interface 2010-07-31 10:08:45 -07:00
Tom Eastep
fdeb9006fa Correct module versions 2010-07-31 09:02:51 -07:00
Tom Eastep
005b6f7b45 Use new hashlimit match syntax if available 2010-07-31 07:19:41 -07:00
Tom Eastep
637cfdaa14 Handle case where old hashlimit match is no longer supported 2010-07-29 17:14:36 -07:00
Tom Eastep
e598dc77b7 Correct/improve LOGLIMIT handling 2010-07-29 16:50:17 -07:00
Tom Eastep
a639b75e36 Bump version to RC1 2010-07-29 11:40:15 -07:00
Tom Eastep
6a1fea3a40 Add 'user marks' 2010-07-27 11:02:36 -07:00
Tom Eastep
f1a8da61bc Use global log rate limiting, if any, for synflood logging 2010-07-26 14:58:38 -07:00
Tom Eastep
bd5facda30 Implement per-IP log rate limiting 2010-07-25 12:42:39 -07:00
Tom Eastep
9bf06caa35 Bump version to Beta 2 2010-07-25 08:11:49 -07:00
Tom Eastep
1528cc2094 Correct RE in split_action() 2010-07-24 11:50:10 -07:00
Tom Eastep
e956068959 Make default setting of MANGLE_ENABLED depend on the capability with the same name 2010-07-24 09:27:21 -07:00
Tom Eastep
e5a7d2ae69 Fix syntax error in generated script 2010-07-23 11:24:42 -07:00
Tom Eastep
9eedf155bc Fix syntax error in generated script 2010-07-23 11:23:23 -07:00
Tom Eastep
3248fc8ab1 Add additional progress messages to updown() 2010-07-22 15:11:19 -07:00
Tom Eastep
49a8861f5b Pretty up the code 2010-07-22 13:57:34 -07:00
Tom Eastep
7db9645225 Avoid an extra blank line 2010-07-22 13:51:47 -07:00
Tom Eastep
666cc35b46 Don't slow down stop with 'wait' 2010-07-22 12:56:49 -07:00
Tom Eastep
4e33efd8a6 Allow :random to work with REDIRECT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-22 07:26:38 -07:00
Tom Eastep
8959245375 Update version to 4.4.12-Beta1 2010-07-21 20:35:36 -07:00
Tom Eastep
411d392ccd Additional progress messages during up/down processing 2010-07-21 20:35:03 -07:00
Tom Eastep
d897635af5 Allow bizarre overriding of SOURCE/DEST with ipsets
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-20 16:03:12 -07:00
Tom Eastep
1de257be19 Make ADD and DELETE work with any type of ipset.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-20 15:42:11 -07:00
Tom Eastep
79128605b1 Validate all IPSET Names 2010-07-18 17:18:10 -07:00
Tom Eastep
cbb524b067 Implement ADD/DEL commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-18 08:46:38 -07:00
Tom Eastep
d99aff5e09 Use Perl Constants rather literals for IPv6 Networks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-16 10:06:29 -07:00
Tom Eastep
17bdcc1360 Eradicate incorrect multicast network address 2010-07-16 09:33:17 -07:00
Tom Eastep
b52b7c422f Drop multicast and anycast in Drop and Reject actions 2010-07-12 16:44:34 -07:00
Tom Eastep
c1b212225e Use uniform coding style in latest changes 2010-07-12 13:07:11 -07:00
Tom Eastep
328e1b7f6a Don't generate rules to link local net from vserver zones 2010-07-12 12:39:51 -07:00
Tom Eastep
59189d6324 Don't generate rules from link local net to vserver zones 2010-07-12 11:52:56 -07:00
Tom Eastep
4792d1e5f1 Fix nets= in Shorewall6 2010-07-11 19:52:18 -07:00
Tom Eastep
5a5546ef1b Set version to 4.4.11 2010-07-09 09:01:08 -07:00
Tom Eastep
d0c1c3d69c Change comment to clarify assumption about function arguments 2010-07-08 17:45:18 -07:00
Tom Eastep
9eca7fb37b Simplify logic in loopback helper functions 2010-07-08 17:11:27 -07:00
Tom Eastep
591a4bc7f6 Revert version of modules with only whitespace changes; rename a couple of functions for clarity 2010-07-07 06:43:07 -07:00
Tom Eastep
02fab09a14 Add PERL= option to shorewall.conf and shorewall6.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-05 13:11:52 -07:00
Tom Eastep
31a9d24164 Fix missing quote when REQUIRE_INTERFACE=Yes 2010-07-05 09:47:03 -07:00
Tom Eastep
f977631af9 Just reset provider bits in FORWARD chain 2010-07-05 09:46:24 -07:00
Tom Eastep
b445b4fdd9 Fix compiler detection of FWMARK_RT_MASK -- take 2 2010-07-05 08:51:13 -07:00
Tom Eastep
0e87ccbcfd Fix compiler detection of FWMARK_RT_MASK 2010-07-05 08:39:32 -07:00
Tom Eastep
542557069e Back out a couple of harmless but unintended changes 2010-07-05 08:02:51 -07:00
Tom Eastep
898c3a045f Bump version to RC1 2010-07-05 07:08:06 -07:00
Tom Eastep
312624cef5 Fix NET3 bug (netmap) 2010-07-04 15:58:37 -07:00
Tom Eastep
7689831cd7 Minor cleanup of 4.4.11 Beta 3.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-04 09:29:16 -07:00
Tom Eastep
2ee4fd8f5a Add FWMARK_RT_MASK capability.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-04 09:08:04 -07:00
Tom Eastep
d3e30b5fe4 Add FORWARD_CLEAR_MARK option 2010-07-03 17:03:42 -07:00
Tom Eastep
5d1e19364a Bump version to Beta 3 2010-07-03 10:54:39 -07:00
Tom Eastep
148b251766 Only send loopback traffic to the 'loopback' chain 2010-07-03 10:53:25 -07:00
Tom Eastep
21ce6f9b84 Add new zone-list function to return all but firewall zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-03 08:33:10 -07:00
Tom Eastep
c8274f0538 Minor vserver doc update 2010-07-02 13:34:21 -07:00
Tom Eastep
63154367ad Forbid 'ipsec' in a vserver host entry
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 13:12:23 -07:00
Tom Eastep
e5d3ce582a Correct Old Defect in ipsec match generation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 13:11:57 -07:00
Tom Eastep
9e81a5101f Cleaner fix for ipsec/vserver issue
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 12:24:58 -07:00
Tom Eastep
261af19b4e Fix invalid policy match with vserver zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 12:18:18 -07:00
Tom Eastep
f2ca9e25c9 Make find_hosts_by_option() work with options specified on the interface 2010-07-02 07:19:52 -07:00
Tom Eastep
338c021272 Fix refression in handling of mss= 2010-07-01 09:05:25 -07:00
Tom Eastep
64decb25fe Bump version to 4.4.11-Beta2 2010-07-01 07:08:11 -07:00
Tom Eastep
9f15ccb24f Update Raw.pm version.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-30 20:40:26 -07:00
Tom Eastep
e4afc15370 Finish Vserver Implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-30 20:35:46 -07:00
Tom Eastep
9e37fe1ffa Deimplement flawed rate limiting with simple TC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-26 07:42:08 -07:00
Tom Eastep
914d752f1d Fix latency parsing 2010-06-25 16:10:26 -07:00
Tom Eastep
2909b6fd92 Quiet down the Perl interpreter on some boxen 2010-06-24 13:58:46 -07:00
Tom Eastep
1cb22d0bcf First feeble steps toward vserver zones 2010-06-22 16:42:20 -07:00
Tom Eastep
dbbe6b264d Fix the IPSET fix 2010-06-18 12:06:12 -07:00
Tom Eastep
e7340dabc0 Fix IPSET issue 2010-06-18 12:05:44 -07:00
Tom Eastep
32d8a9d996 Allow patch from Gabriel 2010-06-12 14:10:40 -07:00
Tom Eastep
d58127e51c Allow networks to be specified in a NETMAP rule 2010-06-12 13:50:58 -07:00
Tom Eastep
9acec39898 Fix a couple of issues with Simple TC 2010-06-12 13:50:11 -07:00
Tom Eastep
625f254d02 Add tcfilters to manpage index 2010-06-10 06:15:15 -07:00
Tom Eastep
6040f02bb0 Don't set variables needlessly 2010-06-08 16:33:54 -07:00
Tom Eastep
32d575a8c8 Remove extra logic 2010-06-08 16:18:23 -07:00