Tom Eastep
33ee9b1481
Add IPSEC Accounting (again)
2010-08-20 06:53:31 -07:00
Tom Eastep
d9d31ff132
Remove another 'our' variable
2010-08-19 15:34:04 -07:00
Tom Eastep
c80b1b3585
Correct types in do_ipsec()
2010-08-19 15:33:49 -07:00
Tom Eastep
af77eb08bc
Back out IPSEC accounting rules
2010-08-19 15:13:01 -07:00
Tom Eastep
2a9bbbfe62
Eliminate an ugly 'our' variable.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-19 12:00:52 -07:00
Tom Eastep
676da7a2f1
More reorganization of process_rule()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-19 11:53:26 -07:00
Tom Eastep
d997ef1653
First cut at IPSEC support in the accounting file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-19 11:46:26 -07:00
Tom Eastep
4322d7b2af
Zone exclusion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 16:10:58 -07:00
Tom Eastep
4460b49842
Complete Zone list Support
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 14:38:53 -07:00
Tom Eastep
fafb0dea73
Update version to 4.4.13-Beta1
2010-08-18 12:40:34 -07:00
Tom Eastep
66d4379962
Reorder sections of the Release Notes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 12:22:42 -07:00
Tom Eastep
255cd6cf9c
Implement zone lists in rules file entries
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 12:18:58 -07:00
Tom Eastep
7a17b65368
Allow simple zone lists in rules
2010-08-18 07:26:38 -07:00
Tom Eastep
12aecdef37
Use '&' trick to avoid prototype matching
2010-08-17 09:17:25 -07:00
Tom Eastep
a0dffa787d
Add an assertion
2010-08-16 19:17:44 -07:00
Tom Eastep
2919c48ba0
Avoid forward reference to ensure_chain()
2010-08-16 13:25:01 -07:00
Tom Eastep
00837ed503
Add Shorewall::Chains::find_chain()
2010-08-16 13:12:12 -07:00
Tom Eastep
633eba6c90
Set version to 4.4.12
2010-08-15 08:50:45 -07:00
Tom Eastep
42362ea318
Document fix for AUTOMAKE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-14 07:55:45 -07:00
Tom Eastep
72b8393c3a
Fix AUTOMAKE=Yes
2010-08-14 07:32:53 -07:00
Tom Eastep
1510e111c4
Fix typo in conf basics doc
2010-08-13 20:27:14 -07:00
Tom Eastep
b7f638ddb3
Document status command change
2010-08-12 19:46:57 -07:00
Tom Eastep
7281c9166e
Record the config directory in the state file
2010-08-12 17:54:07 -07:00
Tom Eastep
15eec24672
Simplify logic for generating all parent zones
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-12 15:15:19 -07:00
Tom Eastep
7168257152
Document port range editing fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-12 11:52:43 -07:00
Tom Eastep
49053afdcb
Fix port range validate issue
2010-08-12 09:49:26 -07:00
Tom Eastep
92eed0d23c
Document fix for any bug
2010-08-12 07:35:45 -07:00
Tom Eastep
69eaf84078
Fix bug with 'any'
2010-08-12 07:31:37 -07:00
Tom Eastep
aa00acc310
Correct typo in release notes
2010-08-11 16:09:12 -07:00
Tom Eastep
e0780b9a84
Rename the first column of the masq file for clarity
2010-08-11 15:34:27 -07:00
Tom Eastep
965ad7ced1
Minor tweaks to the IPAddrs module
2010-08-11 11:46:26 -07:00
Tom Eastep
0234564a1b
Add destination IP blacklisting
2010-08-10 17:33:50 -07:00
Tom Eastep
d9cbbea36a
Delete extra item in enhancement list
2010-08-07 14:06:20 -07:00
Tom Eastep
da91ef8d2c
Fix typo in install.sh
2010-08-07 10:56:15 -07:00
Tom Eastep
1a4d84d502
Document fix to install.sh
2010-08-07 09:34:19 -07:00
Tom Eastep
8d4498c9b8
Update Version to 4.4.12 RC 1
2010-08-06 19:31:36 -07:00
Tom Eastep
59829565f5
Add COMPLETE to release notes
2010-08-06 19:30:33 -07:00
Tom Eastep
0f02ee2628
Fix issue with set match generation
2010-08-06 10:17:54 -07:00
Tom Eastep
364ad41cf5
Add support for new ipset match syntax
2010-08-03 21:06:17 -07:00
Tom Eastep
2774ee1bd6
Make 'icmp' a synonym for 'ipv6-icmp' in IPv6 compilations
2010-08-02 08:04:55 -07:00
Tom Eastep
3ce8ff5741
Bump version to Beta 4
2010-08-01 16:10:32 -07:00
Tom Eastep
967629569b
Taylor Universal config to work with Shorewall-init and streamline ruleset
...
- Make interface 'all' optional and set REQUIRE_INTERFACE=Yes
- Add COMPLETE option
- Set FASTACCEPT in Universal samples
- Reset SUBSYSLOCK in Universal samples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-01 08:36:56 -07:00
Tom Eastep
a88e2afa69
Tweak the Universal documentation
2010-07-31 18:43:54 -07:00
Tom Eastep
2f08ec4dd6
Update version in release notes
2010-07-31 14:06:49 -07:00
Tom Eastep
0b9aa0f84b
Fix the dump command
2010-07-31 13:52:28 -07:00
Tom Eastep
0b3dfcc844
Revert version to Beta 3
2010-07-31 13:23:53 -07:00
Tom Eastep
fdcc263023
Fix a couple of minor bugs
2010-07-31 13:11:46 -07:00
Tom Eastep
bebeba8cae
Document Universal Configuration and allow for empty LOGFILE
2010-07-31 12:45:43 -07:00
Tom Eastep
4e02031985
Document Universal Configuration
2010-07-31 11:59:25 -07:00
Tom Eastep
0174045181
Fixes for Universal Sample
2010-07-31 10:49:49 -07:00
Tom Eastep
beeeb6efbc
Allow '+' as a physical interface
2010-07-31 10:08:45 -07:00
Tom Eastep
fdeb9006fa
Correct module versions
2010-07-31 09:02:51 -07:00
Tom Eastep
005b6f7b45
Use new hashlimit match syntax if available
2010-07-31 07:19:41 -07:00
Tom Eastep
637cfdaa14
Handle case where old hashlimit match is no longer supported
2010-07-29 17:14:36 -07:00
Tom Eastep
e598dc77b7
Correct/improve LOGLIMIT handling
2010-07-29 16:50:17 -07:00
Tom Eastep
0b8ddeeed4
Correct typo in release notes
2010-07-29 12:49:26 -07:00
Tom Eastep
8f531355c9
Update known problems for RC1
2010-07-29 12:40:46 -07:00
Tom Eastep
a639b75e36
Bump version to RC1
2010-07-29 11:40:15 -07:00
Tom Eastep
e00517f075
Add Vserver support as a release highlight
2010-07-29 11:38:43 -07:00
Tom Eastep
6a1fea3a40
Add 'user marks'
2010-07-27 11:02:36 -07:00
Tom Eastep
0c38ba815c
Add LOGLIMIT to .conf files while deleting LOGRATE and LOGBURST
2010-07-27 06:44:10 -07:00
Tom Eastep
f1a8da61bc
Use global log rate limiting, if any, for synflood logging
2010-07-26 14:58:38 -07:00
Tom Eastep
8f27a2461d
Fix syntax diagram
2010-07-25 13:08:15 -07:00
Tom Eastep
bd5facda30
Implement per-IP log rate limiting
2010-07-25 12:42:39 -07:00
Tom Eastep
9bf06caa35
Bump version to Beta 2
2010-07-25 08:11:49 -07:00
Tom Eastep
1528cc2094
Correct RE in split_action()
2010-07-24 11:50:10 -07:00
Tom Eastep
e956068959
Make default setting of MANGLE_ENABLED depend on the capability with the same name
2010-07-24 09:27:21 -07:00
Tom Eastep
e5a7d2ae69
Fix syntax error in generated script
2010-07-23 11:24:42 -07:00
Tom Eastep
9eedf155bc
Fix syntax error in generated script
2010-07-23 11:23:23 -07:00
Tom Eastep
55b596ddb2
Update release notes version and document Shorewall-init fixes
2010-07-23 11:09:05 -07:00
Tom Eastep
2c6d1c8d14
Many fixes for Shorewall-init
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-23 09:26:47 -07:00
Tom Eastep
898274dd77
Syncronize shorewall-lite activities
2010-07-22 17:00:34 -07:00
Tom Eastep
3248fc8ab1
Add additional progress messages to updown()
2010-07-22 15:11:19 -07:00
Tom Eastep
49a8861f5b
Pretty up the code
2010-07-22 13:57:34 -07:00
Tom Eastep
7db9645225
Avoid an extra blank line
2010-07-22 13:51:47 -07:00
Tom Eastep
666cc35b46
Don't slow down stop with 'wait'
2010-07-22 12:56:49 -07:00
Tom Eastep
055f92c3d2
Document fix for :random with REDIRECT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-22 07:28:43 -07:00
Tom Eastep
4e33efd8a6
Allow :random to work with REDIRECT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-22 07:26:38 -07:00
Tom Eastep
8959245375
Update version to 4.4.12-Beta1
2010-07-21 20:35:36 -07:00
Tom Eastep
411d392ccd
Additional progress messages during up/down processing
2010-07-21 20:35:03 -07:00
Tom Eastep
d897635af5
Allow bizarre overriding of SOURCE/DEST with ipsets
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-20 16:03:12 -07:00
Tom Eastep
1de257be19
Make ADD and DELETE work with any type of ipset.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-20 15:42:11 -07:00
Tom Eastep
79128605b1
Validate all IPSET Names
2010-07-18 17:18:10 -07:00
Tom Eastep
cbb524b067
Implement ADD/DEL commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-18 08:46:38 -07:00
Tom Eastep
47961f3fd5
Update release notes to mention link local network error
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-16 10:19:29 -07:00
Tom Eastep
d99aff5e09
Use Perl Constants rather literals for IPv6 Networks
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-16 10:06:29 -07:00
Tom Eastep
27937f32e3
Document IPv6 multicast network fix
2010-07-16 09:37:38 -07:00
Tom Eastep
17bdcc1360
Eradicate incorrect multicast network address
2010-07-16 09:33:17 -07:00
Tom Eastep
e0ae48f4c4
Document fix for IPv6 shorecap program
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-15 13:32:10 -07:00
Tom Eastep
f92f75196c
Correct accidental modification of action.Drop
2010-07-14 06:27:27 -07:00
Tom Eastep
a29921c9d2
Reverse order of ICMPv6 and Multicast/anycast filtering
2010-07-13 13:03:55 -07:00
Tom Eastep
b52b7c422f
Drop multicast and anycast in Drop and Reject actions
2010-07-12 16:44:34 -07:00
Tom Eastep
c1b212225e
Use uniform coding style in latest changes
2010-07-12 13:07:11 -07:00
Tom Eastep
328e1b7f6a
Don't generate rules to link local net from vserver zones
2010-07-12 12:39:51 -07:00
Tom Eastep
59189d6324
Don't generate rules from link local net to vserver zones
2010-07-12 11:52:56 -07:00
Tom Eastep
4792d1e5f1
Fix nets= in Shorewall6
2010-07-11 19:52:18 -07:00
Tom Eastep
5a5546ef1b
Set version to 4.4.11
2010-07-09 09:01:08 -07:00
Tom Eastep
d0c1c3d69c
Change comment to clarify assumption about function arguments
2010-07-08 17:45:18 -07:00
Tom Eastep
9eca7fb37b
Simplify logic in loopback helper functions
2010-07-08 17:11:27 -07:00
Tom Eastep
591a4bc7f6
Revert version of modules with only whitespace changes; rename a couple of functions for clarity
2010-07-07 06:43:07 -07:00