Commit Graph

3196 Commits

Author SHA1 Message Date
Tom Eastep
33ee9b1481 Add IPSEC Accounting (again) 2010-08-20 06:53:31 -07:00
Tom Eastep
d9d31ff132 Remove another 'our' variable 2010-08-19 15:34:04 -07:00
Tom Eastep
c80b1b3585 Correct types in do_ipsec() 2010-08-19 15:33:49 -07:00
Tom Eastep
af77eb08bc Back out IPSEC accounting rules 2010-08-19 15:13:01 -07:00
Tom Eastep
2a9bbbfe62 Eliminate an ugly 'our' variable.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-19 12:00:52 -07:00
Tom Eastep
676da7a2f1 More reorganization of process_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-19 11:53:26 -07:00
Tom Eastep
d997ef1653 First cut at IPSEC support in the accounting file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-19 11:46:26 -07:00
Tom Eastep
4322d7b2af Zone exclusion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 16:10:58 -07:00
Tom Eastep
4460b49842 Complete Zone list Support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 14:38:53 -07:00
Tom Eastep
fafb0dea73 Update version to 4.4.13-Beta1 2010-08-18 12:40:34 -07:00
Tom Eastep
66d4379962 Reorder sections of the Release Notes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 12:22:42 -07:00
Tom Eastep
255cd6cf9c Implement zone lists in rules file entries
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 12:18:58 -07:00
Tom Eastep
7a17b65368 Allow simple zone lists in rules 2010-08-18 07:26:38 -07:00
Tom Eastep
12aecdef37 Use '&' trick to avoid prototype matching 2010-08-17 09:17:25 -07:00
Tom Eastep
a0dffa787d Add an assertion 2010-08-16 19:17:44 -07:00
Tom Eastep
2919c48ba0 Avoid forward reference to ensure_chain() 2010-08-16 13:25:01 -07:00
Tom Eastep
00837ed503 Add Shorewall::Chains::find_chain() 2010-08-16 13:12:12 -07:00
Tom Eastep
633eba6c90 Set version to 4.4.12 2010-08-15 08:50:45 -07:00
Tom Eastep
42362ea318 Document fix for AUTOMAKE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-14 07:55:45 -07:00
Tom Eastep
72b8393c3a Fix AUTOMAKE=Yes 2010-08-14 07:32:53 -07:00
Tom Eastep
1510e111c4 Fix typo in conf basics doc 2010-08-13 20:27:14 -07:00
Tom Eastep
b7f638ddb3 Document status command change 2010-08-12 19:46:57 -07:00
Tom Eastep
7281c9166e Record the config directory in the state file 2010-08-12 17:54:07 -07:00
Tom Eastep
15eec24672 Simplify logic for generating all parent zones
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-12 15:15:19 -07:00
Tom Eastep
7168257152 Document port range editing fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-12 11:52:43 -07:00
Tom Eastep
49053afdcb Fix port range validate issue 2010-08-12 09:49:26 -07:00
Tom Eastep
92eed0d23c Document fix for any bug 2010-08-12 07:35:45 -07:00
Tom Eastep
69eaf84078 Fix bug with 'any' 2010-08-12 07:31:37 -07:00
Tom Eastep
aa00acc310 Correct typo in release notes 2010-08-11 16:09:12 -07:00
Tom Eastep
e0780b9a84 Rename the first column of the masq file for clarity 2010-08-11 15:34:27 -07:00
Tom Eastep
965ad7ced1 Minor tweaks to the IPAddrs module 2010-08-11 11:46:26 -07:00
Tom Eastep
0234564a1b Add destination IP blacklisting 2010-08-10 17:33:50 -07:00
Tom Eastep
d9cbbea36a Delete extra item in enhancement list 2010-08-07 14:06:20 -07:00
Tom Eastep
da91ef8d2c Fix typo in install.sh 2010-08-07 10:56:15 -07:00
Tom Eastep
1a4d84d502 Document fix to install.sh 2010-08-07 09:34:19 -07:00
Tom Eastep
8d4498c9b8 Update Version to 4.4.12 RC 1 2010-08-06 19:31:36 -07:00
Tom Eastep
59829565f5 Add COMPLETE to release notes 2010-08-06 19:30:33 -07:00
Tom Eastep
0f02ee2628 Fix issue with set match generation 2010-08-06 10:17:54 -07:00
Tom Eastep
364ad41cf5 Add support for new ipset match syntax 2010-08-03 21:06:17 -07:00
Tom Eastep
2774ee1bd6 Make 'icmp' a synonym for 'ipv6-icmp' in IPv6 compilations 2010-08-02 08:04:55 -07:00
Tom Eastep
3ce8ff5741 Bump version to Beta 4 2010-08-01 16:10:32 -07:00
Tom Eastep
967629569b Taylor Universal config to work with Shorewall-init and streamline ruleset
- Make interface 'all' optional and set REQUIRE_INTERFACE=Yes
- Add COMPLETE option
- Set FASTACCEPT in Universal samples
- Reset SUBSYSLOCK in Universal samples

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-01 08:36:56 -07:00
Tom Eastep
a88e2afa69 Tweak the Universal documentation 2010-07-31 18:43:54 -07:00
Tom Eastep
2f08ec4dd6 Update version in release notes 2010-07-31 14:06:49 -07:00
Tom Eastep
0b9aa0f84b Fix the dump command 2010-07-31 13:52:28 -07:00
Tom Eastep
0b3dfcc844 Revert version to Beta 3 2010-07-31 13:23:53 -07:00
Tom Eastep
fdcc263023 Fix a couple of minor bugs 2010-07-31 13:11:46 -07:00
Tom Eastep
bebeba8cae Document Universal Configuration and allow for empty LOGFILE 2010-07-31 12:45:43 -07:00
Tom Eastep
4e02031985 Document Universal Configuration 2010-07-31 11:59:25 -07:00
Tom Eastep
0174045181 Fixes for Universal Sample 2010-07-31 10:49:49 -07:00
Tom Eastep
beeeb6efbc Allow '+' as a physical interface 2010-07-31 10:08:45 -07:00
Tom Eastep
fdeb9006fa Correct module versions 2010-07-31 09:02:51 -07:00
Tom Eastep
005b6f7b45 Use new hashlimit match syntax if available 2010-07-31 07:19:41 -07:00
Tom Eastep
637cfdaa14 Handle case where old hashlimit match is no longer supported 2010-07-29 17:14:36 -07:00
Tom Eastep
e598dc77b7 Correct/improve LOGLIMIT handling 2010-07-29 16:50:17 -07:00
Tom Eastep
0b8ddeeed4 Correct typo in release notes 2010-07-29 12:49:26 -07:00
Tom Eastep
8f531355c9 Update known problems for RC1 2010-07-29 12:40:46 -07:00
Tom Eastep
a639b75e36 Bump version to RC1 2010-07-29 11:40:15 -07:00
Tom Eastep
e00517f075 Add Vserver support as a release highlight 2010-07-29 11:38:43 -07:00
Tom Eastep
6a1fea3a40 Add 'user marks' 2010-07-27 11:02:36 -07:00
Tom Eastep
0c38ba815c Add LOGLIMIT to .conf files while deleting LOGRATE and LOGBURST 2010-07-27 06:44:10 -07:00
Tom Eastep
f1a8da61bc Use global log rate limiting, if any, for synflood logging 2010-07-26 14:58:38 -07:00
Tom Eastep
8f27a2461d Fix syntax diagram 2010-07-25 13:08:15 -07:00
Tom Eastep
bd5facda30 Implement per-IP log rate limiting 2010-07-25 12:42:39 -07:00
Tom Eastep
9bf06caa35 Bump version to Beta 2 2010-07-25 08:11:49 -07:00
Tom Eastep
1528cc2094 Correct RE in split_action() 2010-07-24 11:50:10 -07:00
Tom Eastep
e956068959 Make default setting of MANGLE_ENABLED depend on the capability with the same name 2010-07-24 09:27:21 -07:00
Tom Eastep
e5a7d2ae69 Fix syntax error in generated script 2010-07-23 11:24:42 -07:00
Tom Eastep
9eedf155bc Fix syntax error in generated script 2010-07-23 11:23:23 -07:00
Tom Eastep
55b596ddb2 Update release notes version and document Shorewall-init fixes 2010-07-23 11:09:05 -07:00
Tom Eastep
2c6d1c8d14 Many fixes for Shorewall-init
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-23 09:26:47 -07:00
Tom Eastep
898274dd77 Syncronize shorewall-lite activities 2010-07-22 17:00:34 -07:00
Tom Eastep
3248fc8ab1 Add additional progress messages to updown() 2010-07-22 15:11:19 -07:00
Tom Eastep
49a8861f5b Pretty up the code 2010-07-22 13:57:34 -07:00
Tom Eastep
7db9645225 Avoid an extra blank line 2010-07-22 13:51:47 -07:00
Tom Eastep
666cc35b46 Don't slow down stop with 'wait' 2010-07-22 12:56:49 -07:00
Tom Eastep
055f92c3d2 Document fix for :random with REDIRECT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-22 07:28:43 -07:00
Tom Eastep
4e33efd8a6 Allow :random to work with REDIRECT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-22 07:26:38 -07:00
Tom Eastep
8959245375 Update version to 4.4.12-Beta1 2010-07-21 20:35:36 -07:00
Tom Eastep
411d392ccd Additional progress messages during up/down processing 2010-07-21 20:35:03 -07:00
Tom Eastep
d897635af5 Allow bizarre overriding of SOURCE/DEST with ipsets
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-20 16:03:12 -07:00
Tom Eastep
1de257be19 Make ADD and DELETE work with any type of ipset.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-20 15:42:11 -07:00
Tom Eastep
79128605b1 Validate all IPSET Names 2010-07-18 17:18:10 -07:00
Tom Eastep
cbb524b067 Implement ADD/DEL commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-18 08:46:38 -07:00
Tom Eastep
47961f3fd5 Update release notes to mention link local network error
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-16 10:19:29 -07:00
Tom Eastep
d99aff5e09 Use Perl Constants rather literals for IPv6 Networks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-16 10:06:29 -07:00
Tom Eastep
27937f32e3 Document IPv6 multicast network fix 2010-07-16 09:37:38 -07:00
Tom Eastep
17bdcc1360 Eradicate incorrect multicast network address 2010-07-16 09:33:17 -07:00
Tom Eastep
e0ae48f4c4 Document fix for IPv6 shorecap program
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-15 13:32:10 -07:00
Tom Eastep
f92f75196c Correct accidental modification of action.Drop 2010-07-14 06:27:27 -07:00
Tom Eastep
a29921c9d2 Reverse order of ICMPv6 and Multicast/anycast filtering 2010-07-13 13:03:55 -07:00
Tom Eastep
b52b7c422f Drop multicast and anycast in Drop and Reject actions 2010-07-12 16:44:34 -07:00
Tom Eastep
c1b212225e Use uniform coding style in latest changes 2010-07-12 13:07:11 -07:00
Tom Eastep
328e1b7f6a Don't generate rules to link local net from vserver zones 2010-07-12 12:39:51 -07:00
Tom Eastep
59189d6324 Don't generate rules from link local net to vserver zones 2010-07-12 11:52:56 -07:00
Tom Eastep
4792d1e5f1 Fix nets= in Shorewall6 2010-07-11 19:52:18 -07:00
Tom Eastep
5a5546ef1b Set version to 4.4.11 2010-07-09 09:01:08 -07:00
Tom Eastep
d0c1c3d69c Change comment to clarify assumption about function arguments 2010-07-08 17:45:18 -07:00
Tom Eastep
9eca7fb37b Simplify logic in loopback helper functions 2010-07-08 17:11:27 -07:00
Tom Eastep
591a4bc7f6 Revert version of modules with only whitespace changes; rename a couple of functions for clarity 2010-07-07 06:43:07 -07:00