Tom Eastep
e6275ba31d
Fix a bug in auditing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 15:28:00 -07:00
Tom Eastep
d89a915f26
Load IPv6 libraries when processing /etc/shorewall6/params
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 13:24:36 -07:00
Tom Eastep
2dec3a8ecb
Correct handling of AUDIT_TARGET is both cli libraries.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 11:39:21 -07:00
Tom Eastep
26d08b92c0
Correct use of null value as a hash
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 11:38:49 -07:00
Tom Eastep
b0447b8bd3
Remove another MACLIST defect
2011-05-30 08:49:41 -07:00
Tom Eastep
7b560eefe4
Allow compound options in the installers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 08:15:59 -07:00
Tom Eastep
60d33740f6
Fix MACLIST_DISPOSITION defect introduced earlier in this release
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-30 07:59:44 -07:00
Tom Eastep
11c209c55f
Restore access to $Shorewall::Rules::family
2011-05-29 17:22:36 -07:00
Tom Eastep
2852cdeb53
Another attempt at the IPMARK fix
2011-05-29 14:42:23 -07:00
Tom Eastep
a71136fd5a
Rework configuration files for Shorewall and Shorewall6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-29 14:34:18 -07:00
Tom Eastep
7404d912bd
Add LOGRATE to */shorewall.conf
2011-05-28 19:12:34 -07:00
Tom Eastep
ec01e39479
Add LOGBURST to */shorewall.conf
2011-05-28 19:03:18 -07:00
Tom Eastep
9dc689dd13
Sort Sample .conf files
2011-05-28 12:38:12 -07:00
Tom Eastep
6d3640dafc
Alphabetize config files and sync files and manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 10:34:54 -07:00
Tom Eastep
03ecdc8c06
Clean up shorewall.conf and its documentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 09:10:46 -07:00
Tom Eastep
243e8f1dbe
Fix check for unreferenced 'sfilter' chain
2011-05-28 08:31:36 -07:00
Tom Eastep
fc34f07a7a
Remove PKTTYPE option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-28 07:11:48 -07:00
Tom Eastep
a37dbf76dc
Delete 'sfilter' chain if it isn't referenced
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 19:56:54 -07:00
Tom Eastep
1a2c9a08e1
Don't include comment in audit chain rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 19:56:04 -07:00
Tom Eastep
5082b0701a
Get release notes changes for filter->sfilter
2011-05-27 19:43:13 -07:00
Tom Eastep
bac640e731
Get changes from 4.5.0 branch
2011-05-27 19:42:09 -07:00
Tom Eastep
586a3537bf
Delete 'sfiter' chain if it doesn't have referenes
2011-05-27 19:38:03 -07:00
Tom Eastep
790c96c90a
Version to RC 1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 09:11:47 -07:00
Tom Eastep
c6e9de65f1
Prevent duplicate 'filter' rules when combining two interface chains
...
into the same zone forwarding chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 06:43:47 -07:00
Tom Eastep
8a0dc9f0f6
Clean up release notes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-27 06:42:56 -07:00
Tom Eastep
fbfe7b9f93
Don't create 'reject' and AUDIT' in the 'stopped' case.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-26 14:11:36 -07:00
Tom Eastep
0287d96aa2
Finish filtering implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-26 13:38:44 -07:00
Tom Eastep
6c3163cc27
Routeback corrections
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-25 10:45:57 -07:00
Tom Eastep
e4d667ca6a
Add routeback protection
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 17:07:31 -07:00
Tom Eastep
bbe165c3cf
Bump version to Beta 5
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 11:40:11 -07:00
Tom Eastep
0beb327f0a
Rename audited actions and Macros
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 11:31:42 -07:00
Tom Eastep
84b844ae79
Implement -T option for compile and check
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 10:21:49 -07:00
Tom Eastep
ee98772349
Add -c to the start command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 09:13:02 -07:00
Tom Eastep
021048379f
Additions to the Beta 4 Documentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 08:54:43 -07:00
Tom Eastep
e6c1de3829
Correct ADrop action
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 07:47:42 -07:00
Tom Eastep
d4b2a462a2
Add audited actions to the .spec files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 07:30:46 -07:00
Tom Eastep
704f3fdd55
Document audited default actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 07:24:15 -07:00
Tom Eastep
c333368243
Create Audited versions of the IPv4 standard default actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-24 07:09:15 -07:00
Tom Eastep
f464ec5624
Fixes for AUDIT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 20:59:33 -07:00
Tom Eastep
016f7d9f2a
Yet more shorewall/shorewall6 unification
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 16:41:51 -07:00
Tom Eastep
a64d882a36
Apply Ed W's first patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 14:36:21 -07:00
Tom Eastep
c050b29985
Factor some similar code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 14:20:14 -07:00
Tom Eastep
0a11a0e2ad
Add xt_AUDIT to modules.xtables
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 12:08:51 -07:00
Tom Eastep
3ab35c65b0
Correct LEGACY_FASTSTART error messages in shorewall and shorwall6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 11:24:52 -07:00
Tom Eastep
15e9e3182d
Update copyrights
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 10:06:56 -07:00
Tom Eastep
31e74658c8
Update copyrights
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 09:51:51 -07:00
Tom Eastep
0704f7ca59
Clarify the problem corrected
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 09:25:19 -07:00
Tom Eastep
2d574fff10
Tweak wording
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 06:56:54 -07:00
Tom Eastep
7c250cd5b3
Clean up release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 06:55:54 -07:00
Tom Eastep
54f9a0e671
Correct and expand the Problems Corrected section of the release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 06:43:31 -07:00
Tom Eastep
3b28fcd566
Remove documentation disclaimer from release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 06:41:32 -07:00
Tom Eastep
485a7fb29d
Implement 'restart -c'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-23 06:39:26 -07:00
Tom Eastep
e95003b82a
Add FAKE_AUDIT option
2011-05-22 17:42:50 -07:00
Tom Eastep
5d04c93a16
Implement LEGACY_FASTSTART option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-22 15:36:29 -07:00
Tom Eastep
981b503fa4
Bump version to Beta 4
2011-05-22 11:05:22 -07:00
Tom Eastep
c56fe3448a
Update release documents
2011-05-22 11:03:57 -07:00
Tom Eastep
529e256856
Assigned unused dev numbers
2011-05-22 10:18:26 -07:00
Tom Eastep
db6091f101
Avoid dependence on 'make'
2011-05-22 09:47:57 -07:00
Tom Eastep
99cb09bd84
Documentation update 1 for AUDIT supportttt
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-21 16:25:38 -07:00
Tom Eastep
83cdf78b18
Replace A_* builtin actions with builtin targets
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-21 15:02:04 -07:00
Tom Eastep
d9b095bdea
Document new features
2011-05-21 12:07:23 -07:00
Tom Eastep
71ef1f48e2
Allow auditing of the builtin actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-21 10:38:25 -07:00
Tom Eastep
82d6a00c9e
Implement some extentions to AUDIT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-21 09:25:58 -07:00
Tom Eastep
61b5dbbb95
Eliminate cruft left over from when Action.pm and Policy.pm were folded into Rules.pm - Phase II
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 10:48:28 -07:00
Tom Eastep
f64e171c19
Eliminate cruft left over from when Action.pm and Policy.pm were folded into Rules.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 10:46:18 -07:00
Tom Eastep
ac2e9cce64
Shrink process_actions2 further.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 10:28:30 -07:00
Tom Eastep
676af32ebc
Simplify a loop in process_actions2()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 10:11:23 -07:00
Tom Eastep
7cbf113ba0
Simplify an RE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-20 08:33:36 -07:00
Tom Eastep
d15475efae
Cleanup of AUDIT before Beta 3
...
- Correct merge snafus
- Rename the new actions (e.g., ADROP->A_DROP)
- Correct MACLIST_DISPOSITION logic
2011-05-20 07:47:35 -07:00
Tom Eastep
e9df13a42b
Resolve merge conflicts
2011-05-19 15:10:22 -07:00
Tom Eastep
2e93b95afe
Clean up release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-19 14:57:16 -07:00
Tom Eastep
5e68dbfa9a
Complete first attempt at AUDIT support
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-19 12:06:43 -07:00
Tom Eastep
814494e277
More AUDIT changes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-19 08:35:40 -07:00
Tom Eastep
d2ab27c071
More AUDIT changes
2011-05-18 21:25:57 -07:00
Tom Eastep
ce8df2f66c
Revert "Bump version to Beta 3"
...
This reverts commit 465e729288
.
2011-05-18 17:50:12 -07:00
Tom Eastep
465e729288
Bump version to Beta 3
2011-05-18 17:08:07 -07:00
Tom Eastep
314921f766
Revert "Set quantum in subordinate SFQ class to the MTU for HFSC parents."
...
This reverts commit 5ab6f8e0e5
.
2011-05-18 11:13:50 -07:00
Tom Eastep
166d27f6d4
Minor tweak to blacklisting
...
Reverse order of tests for 'from' and 'src'.
Use equivalent logic for generating unknown option error
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-18 11:13:03 -07:00
Tom Eastep
5ab6f8e0e5
Set quantum in subordinate SFQ class to the MTU for HFSC parents.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-18 10:34:46 -07:00
Tom Eastep
0e59932b8d
Correct known problems
2011-05-18 10:14:20 -07:00
Tom Eastep
568e54b50d
Update version to Beta 2
2011-05-18 09:58:35 -07:00
Tom Eastep
e940f5018e
Implement whitelisting.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-18 08:30:01 -07:00
Tom Eastep
cec07a6be5
Don't apply HTB quantum to HFSC
2011-05-17 18:34:41 -07:00
Tom Eastep
8d12e13ff1
Improve wording in the change log
2011-05-17 13:55:00 -07:00
Tom Eastep
495aa9b9ac
Implement NFLOG accounting action.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-17 13:42:13 -07:00
Tom Eastep
fd70e73d34
Add ACCOUNTING_TABLE option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-17 12:51:33 -07:00
Tom Eastep
680ca519ed
Correct deletion of ipv6 'shorewall' chain
2011-05-17 11:33:56 -07:00
Tom Eastep
11ff245697
Don't generate refresh rules unless the command is 'refresh'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-16 13:08:32 -07:00
Tom Eastep
ffe7a1b777
Avoid inconsistencies and errors in refresh
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-16 11:34:41 -07:00
Tom Eastep
30f2fbff60
Issue warning on missing IPSET
2011-05-15 11:48:34 -07:00
Tom Eastep
72a330cba2
Don't emit degenerate tcfilters
2011-05-15 10:57:02 -07:00
Tom Eastep
e459fbf997
Don't allow non-leaf default class
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-15 10:56:46 -07:00
Tom Eastep
3f90f00081
Issue warnings and ignore non-leaf class in tcfilters and tcrules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-15 10:56:31 -07:00
Tom Eastep
7d25f6356b
Augment a comment
2011-05-15 08:45:41 -07:00
Tom Eastep
c247140063
Restore 'our' to a couple of exported variables in the Config module
2011-05-14 14:18:22 -07:00
Tom Eastep
00add745b7
Use -o when copying routing tables
2011-05-14 13:56:39 -07:00
Tom Eastep
05e385a748
Only use 'our' when required
2011-05-14 13:21:31 -07:00
Tom Eastep
0626594cda
Restore accuracy of tcclasses diagram
2011-05-14 09:27:51 -07:00
Tom Eastep
7327c24f14
Document that non-leaf tcrules and tcfilters are ignored
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-14 07:22:20 -07:00
Tom Eastep
5f4d40019e
Update release notes with relative/absolute path behavior.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-05-14 06:18:39 -07:00