Commit Graph

4167 Commits

Author SHA1 Message Date
Tom Eastep
2efa2796d3 More new rule interface calls in the Misc module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-17 15:12:58 -07:00
Tom Eastep
b2305ca9cf Convert Tunnels file to use irules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-17 11:33:01 -07:00
Tom Eastep
a211f8fd0f Infrastructure for new rule interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-17 10:37:15 -07:00
Tom Eastep
f3f535abac POC of new rule interface
Also removed FAKE_AUDIT option

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-17 08:35:09 -07:00
Tom Eastep
950c32d46b Convert add_commands() calls to the equivalent add_rule() calls.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-16 16:31:29 -07:00
Tom Eastep
03913019d8 Mark DHCP rules for the convenience of move_rules().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-16 15:34:57 -07:00
Tom Eastep
27621fa0f9 Impose some structure on setting rule options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-16 14:46:34 -07:00
Tom Eastep
0f742187ae Implement intermediate rule representation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-16 09:41:53 -07:00
Tom Eastep
9661b445f2 Make install/uninstall files version independent
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-13 07:29:47 -07:00
Tom Eastep
d1b8d7b953 Make perl modules version-neutral
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-10 15:10:27 -07:00
Tom Eastep
11c580de54 Fix exclusion in IPv6 hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 17:27:09 -07:00
Tom Eastep
e21ff03339 Fix ipsets in IPv6 hosts file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 16:17:35 -07:00
Tom Eastep
fbeddca6a4 Another IPv6 ipset issue (z:!+set in the DEST column)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 15:40:18 -07:00
Tom Eastep
a998476d00 Correct Accounting module version
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 07:08:47 -07:00
Tom Eastep
6c802d3353 Tighten up source and dest checking in expand_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 07:08:39 -07:00
Tom Eastep
1f30976790 Correct change that tightened editing of IPv6 addresses
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 18:34:33 -07:00
Tom Eastep
22f1d1ba89 Another fix for IPv6 and IPSETs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 16:31:35 -07:00
Tom Eastep
a8daff0008 Correct handling of <interface>:+<ipset> in Shorewall6.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 15:57:08 -07:00
Tom Eastep
b70666eaf6 Move .spec files to release/
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 10:07:08 -07:00
Tom Eastep
27b99a62d0 Move known problems file to release sub-directory
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 09:14:54 -07:00
Tom Eastep
76c97a1cc4 Move release documents to their own directory 2011-07-07 15:51:50 -07:00
Tom Eastep
7fa59706c5 Correct TPROXY/IPv6 address fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-07 14:50:44 -07:00
Tom Eastep
3f903fe3f1 Allow IPv6 Address as the third argument to TPROXY
- also update the manpages to describe TPROXY

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-07 06:43:16 -07:00
Tom Eastep
cf5613441d Correct loading of xt_ipset
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-05 15:57:14 -07:00
Tom Eastep
95acabe97e Make load and reload use the .conf file in the CWD
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-05 15:56:38 -07:00
Tom Eastep
1c199a2644 Add semicolons in new actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-04 14:59:07 -07:00
Tom Eastep
20cee7649e Change quotes in action.Broadcast 2011-07-04 13:32:32 -07:00
Tom Eastep
a355141f40 Correct typo in .spec files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-04 13:13:52 -07:00
Tom Eastep
87870ad121 Add new actions to the .spec file 2011-07-04 13:01:49 -07:00
Tom Eastep
e1d8d71348 Version to 4.4.22 Beta 1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-04 09:36:54 -07:00
Tom Eastep
dd353eeafb Allow optimizatin of Invalid and NotSyn chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-04 07:50:25 -07:00
Tom Eastep
c4ba1089e6 Don't include IPv6 code in Shorewall/action.Broadcast
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-04 07:49:38 -07:00
Tom Eastep
6be8c08673 Create action chain without leading % when possible
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-04 07:48:52 -07:00
Tom Eastep
863881841a Add action.Invalid and action.NotSyn and modify action.Drop and action.Reject to use them
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 17:14:36 -07:00
Tom Eastep
1536ff4b92 Corrections to dropBcast/allowBcast
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 15:58:19 -07:00
Tom Eastep
bd1d7d6f92 Don't quote the empty setting of LOGLIMIT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 15:55:45 -07:00
Tom Eastep
f96c32634c Make config file quoting more consistent with update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 15:55:27 -07:00
Tom Eastep
befc8a00f6 Create parameterized action.Broadcast
- replace invocations of dropBcast with invocations of Broadcast(DROP,...)

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 08:58:30 -07:00
Tom Eastep
24deabb03f Merge branch '4.4.21' 2011-07-03 08:48:27 -07:00
Tom Eastep
9691a8ceb3 Don't collapse '-' and '--' in @actparms
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 08:47:53 -07:00
Tom Eastep
029ac610fe Merge branch '4.4.21' 2011-07-03 07:23:09 -07:00
Tom Eastep
d31e2d67ba DEFAULTS directive enforces max number of parameters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 07:22:29 -07:00
Tom Eastep
62c62441bb Eliminate duplicate function definitions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 07:04:52 -07:00
Tom Eastep
d99090978d Merge branch '4.4.21' 2011-07-03 06:40:08 -07:00
Tom Eastep
5b06e88b3d Push/Pop comment during action processing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 06:37:41 -07:00
Tom Eastep
7e3f97c154 Prepare for more parameterized actions
- Export add_commands, incr_cmd_level and decr_cmd_level by default
- Move ensure_audit_chain and require_audit from Rules.pm to Chains.pm
- Add get_action_logging() function
- Export require_capability and have_capability by default

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 06:22:51 -07:00
Tom Eastep
ad71faacaa Correct push_action_params()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-02 17:02:39 -07:00
Tom Eastep
42aa3724af Trace system calls when debugging
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-02 08:37:57 -07:00
Tom Eastep
4ea8a65cd9 Trace system calls when debugging
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-02 08:27:17 -07:00
Tom Eastep
afa5ea3fd2 Minor tweaks to Config.pm
- Look for unprintable gunk in lines processed by split_line1()
- Modify a comment
- replace awkward close/assert statement

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-02 08:10:43 -07:00