Tom Eastep
16c1809ef2
Apply Alan Barrett's dhclient patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-14 13:39:23 -08:00
Tom Eastep
9a6047b3c4
Correct reversed naming of SHA chains
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-06 08:18:52 -08:00
Tom Eastep
5b4e3bc07c
Accomodate new module names for LOG_BACKEND
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-05 12:51:24 -08:00
Tom Eastep
dc3f163e71
Change the names of the sha1 chains for uniqueness
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-04 17:54:38 -08:00
Tom Eastep
8c0c1bd1e0
Omit the 'shorewall' chain from .ip[6]tables-restore-input
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 08:16:47 -08:00
Tom Eastep
8b825c4c4c
Avoid failure of ip[6]tables-restore.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 07:56:05 -08:00
Tom Eastep
9598ac6fad
Correct a couple of problems with -C
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-01 10:09:04 -07:00
Tom Eastep
8fb73026c8
Replace SAVE_COUNTERS with the -C command option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-01 09:37:57 -07:00
Tom Eastep
4546cbaff7
Use chains with names derived from a digest to identify ruleset
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-31 11:36:53 -07:00
Tom Eastep
a83c146636
Cleanup
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 20:27:06 -07:00
Tom Eastep
2ffc97867c
Correct syntax error in the generated script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 19:59:20 -07:00
Tom Eastep
f08803e293
Preserve counts on 'restart' without compilation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 18:38:45 -07:00
Tom Eastep
3454e10525
Add SAVE_COUNTERS option.
...
- Also implement recover command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 08:57:56 -07:00
Tom Eastep
edc30fcc8d
Process the params file with SHOREWALL_SHELL
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-29 12:22:00 -07:00
Tom Eastep
85e5669fc7
Rename function interface_up() to interface_enabled()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-27 18:38:22 -07:00
Tom Eastep
f5bdc9e7f4
Allow two limits in the RATE LIMIT columns
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-22 11:21:43 -07:00
Tom Eastep
3bae6e61cf
Eliminate syntax errors in the generated script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-07 07:53:26 -07:00
Tom Eastep
5204cbc95f
Suppress 'No ipsets were saved' warning when SAVE_IPSETS=No
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-07 07:50:12 -07:00
Tom Eastep
ea1b8ac63a
Correct handling of empty LOG_BACKEND
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-07 07:34:55 -07:00
Tom Eastep
820c769499
Correct silly bug in last change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-29 07:08:39 -07:00
Tom Eastep
e6b0666ac9
Save ipsets during normal stop (duh)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 18:43:11 -07:00
Tom Eastep
3174454300
Correct SAVE_IPSETS logic in Config.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 14:38:01 -07:00
Tom Eastep
ce1c367d1d
Re-commit the fix that saves only the appropriate family
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 14:09:20 -07:00
Tom Eastep
3e2c903a41
Revert "Only save ipsets of the proper family"
...
This reverts commit b053cab630
.
2014-09-28 13:32:32 -07:00
Tom Eastep
b053cab630
Only save ipsets of the proper family
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 12:58:52 -07:00
Tom Eastep
6f7d063921
Remove the target file before saving ipsets in the savesets command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 11:53:52 -07:00
Tom Eastep
3858683e94
Allow saving a specified list of ipsets
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 11:19:41 -07:00
Tom Eastep
38a18ac9ac
Allow indefinite alternative to 'yes' and 'no'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-27 15:06:18 -07:00
Tom Eastep
a09484356c
Support 'yes', 'no, <other> values for simple config options
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-27 07:57:46 -07:00
Tom Eastep
bc8588a68e
Fix rule numbers in trace output
...
- Don't increment $number needlessly when not tracing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-27 07:57:09 -07:00
Tom Eastep
4989f694cd
Correct trace output
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-25 14:47:00 -07:00
Tom Eastep
053df2a5fb
Go back to original insert_irule() fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-25 09:21:20 -07:00
Tom Eastep
976a1f3deb
Merge branch '4.6.3'
...
Conflicts:
Shorewall/Perl/Shorewall/Misc.pm
2014-09-25 08:06:16 -07:00
Tom Eastep
ea40068c10
Fix ADMINISABSENTMINDED=No used with stoppedrules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-25 08:03:35 -07:00
Tom Eastep
56649e2183
Don't compile routestopped during check if there is stoppedrules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 19:24:13 -07:00
Tom Eastep
520d21c056
Another tweak to LOG_BACKEND
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 17:12:05 -07:00
Tom Eastep
540eff24aa
Correctons to LOG_BACKEND implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 16:35:41 -07:00
Tom Eastep
580e00dabd
Implement LOG_BACKEND option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 15:26:13 -07:00
Tom Eastep
4815f7eba3
Correct warning message in stoppedrules processing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 11:05:15 -07:00
Tom Eastep
7481514a97
Implement the 'terminating' action option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-23 09:29:13 -07:00
Tom Eastep
1f5439257a
Revert "Implement the 'terminating' action option"
...
This reverts commit 6851744cb7
.
2014-09-23 07:39:25 -07:00
Tom Eastep
d97d45f4ad
Merge branch '4.6.3'
2014-09-23 07:10:17 -07:00
Tom Eastep
f9d98b74a2
Merge branch '4.6.2' into 4.6.3
...
Conflicts:
Shorewall/Perl/Shorewall/Providers.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-16 08:09:20 -07:00
Tom Eastep
0d23b9c542
Don't verify required interfaces during 'stop' or 'clear'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-14 09:29:04 -07:00
Tom Eastep
a7bdfcc47b
Refine the rule reduction fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-11 20:58:01 -07:00
Tom Eastep
988ee64621
Eliminate Redundant Rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-11 10:17:01 -07:00
Tom Eastep
9947f4d968
Re-enable SECTION PREROUTING in the accounting file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-10 12:53:08 -07:00
Tom Eastep
9e039e30e5
Issue warning message when /etc/iproute2/rt_tables is not writeable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-02 08:11:33 -07:00
Tom Eastep
6851744cb7
Implement the 'terminating' action option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:16:42 -07:00
Tom Eastep
f963adccf5
Correct silly typo in Chains.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-31 16:57:24 -07:00
Tom Eastep
fa8c3b3b6c
Correct typo in error messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 08:34:33 -07:00
Tom Eastep
602ecad712
Cleaner code in expand_variables()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-20 11:25:49 -07:00
Tom Eastep
6f777098d7
Add 'wildcard' member to the interface table
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-12 06:51:17 -07:00
Tom Eastep
e545329eb9
Modify the preceding fix to work with wildcard interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-12 06:50:59 -07:00
Tom Eastep
aedd9b5a76
Add 'wildcard' member to the interface table
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-11 08:30:44 -07:00
Tom Eastep
427f38109e
Some cosmetic cleanup
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-10 07:20:23 -07:00
Tom Eastep
0e1a1a3f44
Modify the preceding fix to work with wildcard interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-08 10:34:29 -07:00
Tom Eastep
b6161b8be7
Merge branch '4.6.2'
2014-08-08 08:30:04 -07:00
Tom Eastep
d3209ca624
Correct handling of a physical name in the provider INTERFACE column
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-08 08:15:26 -07:00
Tom Eastep
5ef5aa8cdb
Allow inline matches in an action file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-05 07:34:24 -07:00
Tom Eastep
0ca12bd86f
Correct syntax error caused by replacing '%%' with '??'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-03 15:29:58 -07:00
Tom Eastep
a2f1c57246
Add DNSAmp action
...
- Allow escaping '@' allowing u32 in action body
- Allow inline matches in actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-03 15:11:25 -07:00
Tom Eastep
fd42fa9f74
Make 'detect_configuration' work in the 'run' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-01 07:34:40 -07:00
Tom Eastep
e49832f4b5
Run the 'init' script in the 'run' command.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-30 10:25:00 -07:00
Tom Eastep
0bf80c15d8
Detect missing <commmand> in the generated scrip
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-29 11:35:32 -07:00
Tom Eastep
31e5aeeaea
Refine the 'run' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-29 10:30:07 -07:00
Tom Eastep
a7b18ca875
Implement 'run' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-28 07:04:56 -07:00
Tom Eastep
ad6c91bcbd
Allow optimize level 8 to work with Perl 5.20.0.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-25 21:03:48 -07:00
Tom Eastep
461f7b10ba
Detect Arptables JF capability when LOAD_HELPERS_ONLY = No.
...
- Move detection of Header Match to its proper ordinal.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-20 07:19:02 -07:00
Tom Eastep
2c9eda9cee
Add some white space for readability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 18:33:02 -07:00
Tom Eastep
64fc3d2e43
Correct a typo that caused iset couter match to be mis-detected
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 10:27:29 -07:00
Tom Eastep
d0aed87546
Correct IPV6 ipset capabilities checking on 3.14 kernels
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 10:25:46 -07:00
Tom Eastep
56fa6bd78a
Revert "Correct ipset detection on later kernels."
...
This reverts commit b207f64a85
.
2014-07-19 10:22:12 -07:00
Tom Eastep
b207f64a85
Correct ipset detection on later kernels.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 08:55:02 -07:00
Tom Eastep
9f381209d5
Detect HEADER_MATCH when LOAD_MODULES_ONLY=No
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 07:20:28 -07:00
Tom Eastep
6771dc54ad
Streamline some code from the last commit
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-18 12:58:49 -07:00
Tom Eastep
417bd0138e
Correct two problems with tcrules processing:
...
- SAVE and RESTORE didn't work
- '|' and '&' were ignored
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-18 08:32:22 -07:00
Tom Eastep
2ed523101c
Allow specification of the MAC address of a gateway
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-06 09:54:53 -07:00
Tom Eastep
c663a14c4d
Correct TIME column handling in IPv6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-04 08:17:19 -07:00
Tom Eastep
8bfff55ed2
Add a TIME column to the mangle file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-04 08:01:14 -07:00
Tom Eastep
b1a6ec7f03
Merge branch '4.6.1'
2014-07-02 21:41:27 -07:00
Tom Eastep
cad8443e01
Allow SAVE/RESTORE rules in the OUTPUT chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-02 12:38:02 -07:00
Tom Eastep
2ad81f1a81
Apply Thibaut Chèze's patch for DSCP names
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-02 12:37:50 -07:00
Tom Eastep
166e1a3df9
Allow SAVE/RESTORE rules in the OUTPUT chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-01 06:54:54 -07:00
Tom Eastep
84437ea689
Apply Thibaut Chèze's patch for DSCP names
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-01 06:52:58 -07:00
Tom Eastep
7fdc398a5e
Revert "Revert "Revert "Add a TIME column to the mangle file"""
...
This reverts commit 1165b2689c
.
2014-06-27 08:23:04 -07:00
Tom Eastep
1165b2689c
Revert "Revert "Add a TIME column to the mangle file""
...
This reverts commit 9c7fcd09fd
.
2014-06-27 08:14:28 -07:00
Tom Eastep
2701b0a756
Correct number of columns in split_line2() calls.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-25 08:22:09 -07:00
Tom Eastep
9c7fcd09fd
Revert "Add a TIME column to the mangle file"
...
This reverts commit 824b14b714
.
2014-06-25 07:33:42 -07:00
Tom Eastep
824b14b714
Add a TIME column to the mangle file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-25 07:05:12 -07:00
Tom Eastep
122d58b122
Clear inline matches in perl_action_tcp_helper
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-21 07:58:27 -07:00
Tom Eastep
61bb73fd8c
Correct handling of matches in action_tcp_helper()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-20 14:28:17 -07:00
Tom Eastep
36e31ed839
Correct typo in error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-08 09:40:50 -07:00
Tom Eastep
b55b6a913c
Insert the server address list into the error message in DNAT/REDIRECT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-08 09:36:18 -07:00
Tom Eastep
9c9ae04c86
Raise an error when a server list is specified in a DNAT or REDIRECT rule
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-08 08:52:41 -07:00
Tom Eastep
c898129ad6
Correct pi-rho's patch to not deal with the loopback interface
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-06 13:12:02 -07:00
Tom Eastep
2cd5c41ec0
Clean up white space in pi-rho's patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-06 10:44:33 -07:00
Tom Eastep
bea5434de6
Merge branch '4.5.21'
2014-06-06 10:05:02 -07:00
Tom Eastep
8657dd97f7
Apply pi-rho's patch for rpfilter.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-06 10:04:42 -07:00
Tom Eastep
954cddc37a
Enable 1:1 NAT in IPv6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-25 12:50:00 -07:00
Tom Eastep
5a22b14947
Enable 1:1 NAT in IPv6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-25 08:57:01 -07:00
Tom Eastep
6d3b1d80d4
Make 'update -A' convert the tcrules file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-16 14:46:15 -07:00
Tom Eastep
c6565f051e
Clean up checking for chain designators with SOURCE $FW.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-16 07:18:35 -07:00
Tom Eastep
c9b6d4a670
Correct CHECKSUM handling
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-16 07:18:06 -07:00
Tom Eastep
d15956feea
Deprecate FORMAT-1 actions and macros
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-08 14:30:33 -07:00
Tom Eastep
f717d097d7
Apply Tuomo Soini's Macro format patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-07 12:19:24 -07:00
Tom Eastep
ba3a7d0621
Do not deprecate USE_DEFAULT_RT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-19 07:53:18 -07:00
Tom Eastep
4d4e8b3df4
Do nothing when a rules file section is empty.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-18 14:13:34 -07:00
Tom Eastep
240d3d8cab
Improve interface option inheritence
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-18 13:36:06 -07:00
Tom Eastep
acda5482c4
If USE_DEFAULT_RT isn't specified, make it 'No'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-18 13:22:58 -07:00
Tom Eastep
e731ea1ca8
Revert "Always inherit interface options"
...
This reverts commit 65cde3475f
.
2014-04-15 11:54:58 -07:00
Tom Eastep
65cde3475f
Always inherit interface options
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-15 11:37:51 -07:00
Tom Eastep
b3cd9ab15a
Default to LOAD_HELPERS_ONLY=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-12 11:05:28 -07:00
Tom Eastep
58700b2301
Correct the behavior of rpfilter when FASTACCEPT=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-31 07:29:29 -07:00
Tom Eastep
a9ac9c274e
Correct the behavior of rpfilter when FASTACCEPT=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-31 07:28:30 -07:00
Tom Eastep
72869adcd6
Correct missing comment in trace entry.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-28 08:55:55 -07:00
Tom Eastep
0c8365001d
Avoid spurious comments on jumps to section chains.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-28 08:55:48 -07:00
Tom Eastep
6274f8444f
Correct missing comment in trace entry.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-28 08:55:23 -07:00
Tom Eastep
05816e94ee
Avoid spurious comments on jumps to section chains.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-28 08:55:00 -07:00
Tom Eastep
0561b10adb
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2014-03-22 08:58:20 -07:00
Tom Eastep
db1b25b4d7
Restore small mark verification.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-22 08:38:57 -07:00
Tom Eastep
4de651ff55
Add a comment line
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-19 10:38:41 -07:00
Tom Eastep
5981ce59e3
Include -t <table> in debug_restore_input() error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-19 10:25:37 -07:00
Tom Eastep
54a5e4af52
A couple of minor tweaks to the Chains module.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-19 10:24:30 -07:00
Tom Eastep
4bd8d9791c
Include -t <table> in debug_restore_input() error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-18 07:28:14 -07:00
Tom Eastep
39b7527cb6
Include rule priority in delete of generated address route rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-10 08:25:59 -07:00
Tom Eastep
08d29edf1a
Include rule priority in delete of generated address route rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-10 08:24:38 -07:00
Tom Eastep
093ff580b5
Deprecate USE_DEFAULT_RT=No.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-09 07:48:05 -07:00
Tom Eastep
cea237620a
Change USE_DEFAULT_RT default to 'Yes'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-09 07:42:22 -07:00
Tom Eastep
c9d7370fb4
Merge branch '4.5.21'
...
Conflicts:
Shorewall/manpages/shorewall.conf.xml
Shorewall6/manpages/shorewall6.conf.xml
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-05 09:00:34 -08:00
Tom Eastep
8b4d8bfa16
Finish ADMINISABSENDMINDED change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-05 08:57:03 -08:00
Tom Eastep
4eadec234a
Revert "Correct the behavior of ADMINISABSENTMINDED"
...
This reverts commit ded747a51a
.
2014-03-02 08:25:05 -08:00
Tom Eastep
2b489993ca
Revert "Correct the behavior of ADMINISABSENTMINDED"
...
This reverts commit df09e0ccc5
.
2014-03-02 08:23:23 -08:00
Tom Eastep
ded747a51a
Correct the behavior of ADMINISABSENTMINDED
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-28 10:14:33 -08:00
Tom Eastep
df09e0ccc5
Correct the behavior of ADMINISABSENTMINDED
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-28 10:14:08 -08:00
Tom Eastep
454e53bcfa
Reformat preceding patch and correct syntax errors.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-25 13:21:23 -08:00
Tom Eastep
66fdc9f6a7
Call directive_callback for directives without '?'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-25 12:48:25 -08:00
Tom Eastep
c74235a200
Correct typos
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-17 14:17:49 -08:00
Tom Eastep
1759fc75b0
Correctly handle alternate specification with ';' in 'update -t'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-17 14:10:17 -08:00
Tom Eastep
3e87efc82b
Document -t option
...
- Also copy compiler directives to the mangle file.
2014-02-17 12:50:59 -08:00
Tom Eastep
a011ad8efe
Add raw matches to the converted mangle file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-16 09:59:13 -08:00
Tom Eastep
0e40a42729
Allow SAVE and RESTORE in the postrouting chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-16 09:50:43 -08:00
Tom Eastep
669d15e2cf
Implement the -t update option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-15 09:36:13 -08:00
Tom Eastep
2dbcd36a9c
Implement BASIC_FILTERS
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 16:34:03 -08:00
Tom Eastep
0383ca7de6
Correct semantics of ipset lists in tcfilters
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 12:27:46 -08:00
Tom Eastep
7ddc65133e
Support ipset lists in the tcfilters file.
...
- Also document the fact that ipset match options are not available in
the tcfilters file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 12:16:35 -08:00
Tom Eastep
1d4a87a0d0
Excape an opening parehthesis.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 12:15:35 -08:00
Tom Eastep
3b3608ad65
Correct ICMP handling in basic filters.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 07:16:41 -08:00
Tom Eastep
081a387f1d
Fix some bugs in basic filter generation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-03 14:59:27 -08:00
Tom Eastep
50fb8e3f2f
Use HEX representation for matching IPv6 addresses in basic filters.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-31 12:49:47 -08:00
Tom Eastep
f029f5b483
Correct handling of logging of a non-terminating target
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-29 08:22:31 -08:00
Tom Eastep
86f667afd4
Correct handling of logging of a non-terminating target
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-29 08:19:53 -08:00
Tom Eastep
8a63053c13
Correct defects found in unit testing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-21 20:19:56 -08:00
Tom Eastep
62557cb98e
Correct defects found during testing of ematch.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-21 12:53:33 -08:00
Tom Eastep
9c4089fc99
Initial basic filter implementation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-20 18:40:40 -08:00
Tom Eastep
fd28a12653
Allow DROP in the stoppedrules file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:19:49 -08:00
Tom Eastep
7e6fc3229d
Correct handling of default chain when a mark range is specified.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:15:51 -08:00
Tom Eastep
42dd8dfee9
Change license to GPLv2+ and update copyrights
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-04 09:48:27 -08:00
Tom Eastep
5a7e458104
Backout ematch stuff for now
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-03 12:01:56 -08:00
Tom Eastep
7e1a310929
Implement ipset matches in tcfilters
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-03 09:35:34 -08:00
Tom Eastep
78ecf9bdc8
Finish up ipset extensions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-03 09:23:14 -08:00
Tom Eastep
1771bb75cf
Finish ipset match option implementation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-02 14:43:55 -08:00
Tom Eastep
b4847d6a01
New IPSET MATCH extensions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-02 09:36:35 -08:00
Tom Eastep
48ceed9ecb
Make tcpflags the default.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 15:10:38 -08:00
Tom Eastep
1083dd8c26
Allow ?COMMENT in the mangle file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 08:02:17 -08:00
Tom Eastep
5e7cd855c2
Correct typo in Tc.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:53:38 -08:00
Tom Eastep
2c2aaf262c
Add IP[6]TABLES support for the conntrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:18:36 -08:00
Tom Eastep
6c990a7253
Logically OR builtin definitions from the actions file if the builtin exists
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:18:00 -08:00
Tom Eastep
f7bbac6ea8
Make tcrules/mangle similar to notrack/conntrack.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:15:56 -08:00
Tom Eastep
4c1b83beef
Tweaks to the Tc.pm module.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-31 11:42:38 -08:00
Tom Eastep
ac6a506e35
Allow logging from the RAW table
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-31 11:04:43 -08:00
Tom Eastep
11e61ec6e5
Add chain information to the builtin_target table.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-31 08:22:58 -08:00
Tom Eastep
5985a6e9b3
Implement IP[6]TABLES in the rules files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 13:46:58 -08:00
Tom Eastep
66a04e4819
Allow inline matches with IP[6]TABLES
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 10:13:00 -08:00
Tom Eastep
1634267faa
Rename JUMP to IP[6]TABLES.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 10:12:33 -08:00
Tom Eastep
c8866ef8bf
Correct handling of columns with embedded spaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 08:56:14 -08:00
Tom Eastep
6fe06c82c8
More switch from tcrules to mangle
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 15:24:05 -08:00
Tom Eastep
543446f8d7
Integrate tcrules and mangle processing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 14:24:36 -08:00
Tom Eastep
a1222d10cb
change 'marks' file to 'mangle'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 10:03:23 -08:00
Tom Eastep
3dba1f5bee
Tested version of the marks file handler
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-27 12:38:22 -08:00
Tom Eastep
3960aaee4c
Consolidate declarations in process_mark_rule().
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-24 09:49:10 -08:00
Tom Eastep
5419109880
Correct syntax errors in new mars handling
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-24 09:04:54 -08:00
Tom Eastep
584b0ac50e
Some small tweaks to the marks file processing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-24 07:25:40 -08:00
Tom Eastep
4c2cedb670
Add get_target_param1() that doesn't accept the <action>/<param> syntax
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-19 09:17:11 -08:00
Tom Eastep
f32a777099
Fix INLINE in tcrles
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-18 09:19:35 -08:00
Tom Eastep
cd5be38cfb
Eliminate silly extra loop in accounting processing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-18 09:19:16 -08:00
Tom Eastep
2894bb9656
Move INLINE processing into the Chains module.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-16 12:31:35 -08:00
Tom Eastep
fad3b42bd3
Correct line split in the Accounting module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-16 07:40:41 -08:00
Tom Eastep
4e4e7cac1d
Redefine the -i option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-15 11:23:20 -08:00
Tom Eastep
6d72cb3138
Correct update inline
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-15 09:32:09 -08:00
Tom Eastep
9abe60bc27
Implement the -i option of upgrade
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 17:54:10 -08:00
Tom Eastep
33c5893bdb
Implement INLINE_MATCHES
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 13:35:01 -08:00
Tom Eastep
2bc329aa1d
Add INLINE support to the masq file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-13 15:44:16 -08:00
Tom Eastep
95abeaea24
Finish INLINE in the tcrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-01 09:25:32 -08:00
Tom Eastep
75258083e3
Cleanup of column splitting change.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-01 09:24:49 -08:00
Tom Eastep
bf44e514e3
Keep parentheses balanced when splitting a line.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-30 14:13:42 -08:00
Tom Eastep
e5d250750b
Correct handling of ?SECTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-27 07:53:33 -08:00
Tom Eastep
d63262a0cb
change ZONE2ZONE default to '-'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-24 08:16:28 -08:00
Tom Eastep
3870157898
Issue warning on bare SECTION headings.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-24 07:58:02 -08:00
Tom Eastep
80d54ec40b
Implement ?SECTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-18 06:57:54 -08:00
Tom Eastep
855cb6e7f4
Correct handling of HFSC classes with DMAX but no UMAX
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-16 08:07:23 -08:00
Tom Eastep
e14d92c5ac
Add DROP support in tcrules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-04 10:50:11 -08:00
Tom Eastep
ca3385d1be
Remove superfluous '[' from character set.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-21 09:28:21 -07:00
Tom Eastep
5823411091
Correct typo in a regular expression.
...
- Re-enable |<mark> in the tctrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-21 07:04:23 -07:00
Tom Eastep
66c2fca2b0
Eradicate the use of 'fgrep'
...
- Busybox on Leaf Bering does not have fgrep
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-14 07:15:08 -07:00
Tom Eastep
b27e3d2fff
Merge branch '4.5.21'
2013-10-08 13:17:41 -07:00
Tom Eastep
5e67808abd
Don't add host route in default table.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 11:27:41 -07:00
Tom Eastep
fa500b9ea2
Correct H323 and netbios-ns handling.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 09:24:52 -07:00
Tom Eastep
b6d7e9ea96
Work around emacs bug
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 09:24:40 -07:00
Tom Eastep
0e61c2f210
Correct H323 and netbios-ns handling.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 09:20:46 -07:00
Tom Eastep
3c9d984835
Correct typo
...
- list_split s/b split_list
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 09:19:07 -07:00
Tom Eastep
4917500f12
Work around emacs bug
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 07:13:01 -07:00
Tom Eastep
50b7a81b13
Correct typo
...
- list_split s/b split_list
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 06:56:16 -07:00
Tom Eastep
8c4bbf0c85
Implement REAP_OPTION capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-07 07:54:52 -07:00
Tom Eastep
5b515f007b
Fix 'monthdays' in the TIME column.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-30 15:43:17 -07:00
Tom Eastep
d7cbd1da21
Allow actions to manipulate the current comment from Perl.
...
- Added set_comment()
- moved push/pop_comment() to the :DEFAULT export
2013-09-23 12:21:44 -07:00
Tom Eastep
eb75d0eef4
Add 'nohostroute' option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-18 16:49:54 -07:00
Tom Eastep
5dbcdd65e2
Force 'inline' for REJECT_ACTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-10 07:37:53 -07:00
Tom Eastep
dc5c0dc069
Validate default log levels
...
- Name the .conf option involved in error messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-06 16:00:15 -07:00
Tom Eastep
87ae801c15
Use the -w ip[6]tables option when available.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-04 10:16:36 -07:00
Tom Eastep
67603c5eb3
Implement REJECT_ACTION
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-01 09:14:10 -07:00
Tom Eastep
1540e50cce
Remove blank line
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-31 10:07:41 -07:00
Tom Eastep
0a2f6c18cc
Correct typo in prog.footer
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-13 07:03:20 -07:00
Tom Eastep
32763e998b
Make -v work with the status command
...
- Also document exit status
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-13 06:52:46 -07:00
Tom Eastep
a10aea280b
Add some abbreviations for common commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-06 07:05:47 -07:00
Tom Eastep
ceffc000eb
Correct Typo
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-05 08:32:17 -07:00
Tom Eastep
6615c1f736
Clarify usage of Interface Option Chains
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-04 09:01:09 -07:00
Tom Eastep
83d1aa6682
Allow OPTIMIZE=All
...
- Remove use of literal 4096 from OPTIMIZATION checks.
- Moved constant declarations to the Config module.
- Documented that level 1 is ignored when level 4 is specified.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-29 10:08:35 -07:00
Tom Eastep
aabb22a50f
Add the TRACK_RULES option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-24 07:22:51 -07:00
Tom Eastep
7aa33c140d
Add an AutoBL action with helper AutoBLL
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-17 10:19:18 -07:00
Tom Eastep
891e3e0e1d
Use the --reap option in sticky recent rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 14:46:39 -07:00
Tom Eastep
5c7500e13e
Display the current time as an integer in 'show event[s]' output
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 09:46:08 -07:00
Tom Eastep
09240da55a
Change the external name of MARK_ANYWHERE to 'Mark in the filter table'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 09:45:20 -07:00
Tom Eastep
89f16bdb37
Include a current time event in /proc/net/xt_recent/
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-12 07:14:22 -07:00
Tom Eastep
8e30831385
Resolve merge conflicts
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-11 14:20:38 -07:00
Tom Eastep
d2725fcd87
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2013-07-11 14:16:19 -07:00
Tom Eastep
9535a7d7df
Rename 'Trigger' to 'Event' and document
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-11 10:39:21 -07:00
Tom Eastep
3c6df56b57
Implement Triggers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-10 13:27:58 -07:00
Tom Eastep
411ca87ec3
Allow logging rules with more than 15 ports
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-08 15:59:54 -07:00
Tom Eastep
948a7fccc2
Enhance a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-07 12:52:04 -07:00
Tom Eastep
73060a3761
Correct typo in dropBcast()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-06 07:58:21 -07:00
Tom Eastep
cd83d7727c
Restore handle_original_dest().
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-04 14:51:06 -07:00
Tom Eastep
5121634457
Add ihandle_original_dest()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-04 14:37:24 -07:00
Tom Eastep
131c1f432b
Add iverify_source_interface()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-04 14:07:09 -07:00
Tom Eastep
03885f71d3
Create add_expanded_ijump() that breaks long lines
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-03 15:13:48 -07:00
Tom Eastep
b735b93378
Re-factor irule generation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-03 10:59:09 -07:00
Tom Eastep
5ce5d5e607
Delete superfluous blank line
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 15:03:50 -07:00
Tom Eastep
00c5985458
Rename clone_rule() to clone_irule()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 12:38:16 -07:00
Tom Eastep
1a44b66656
Cleaner handling of trailing spaces from log_irule_limit.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 12:32:35 -07:00
Tom Eastep
b215cf379a
Generate a warning when Limit is invoked.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-02 12:31:29 -07:00