holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity
11,572 Commits 104 Branches 736 Tags 54 MiB
3c2385de06
Commit Graph

2236 Commits

Author SHA1 Message Date
Tom Eastep
cf176474ac Merge branch '4.5.2' 
Conflicts:
	Shorewall/Perl/Shorewall/Chains.pm
 2012-03-31 09:44:36 -07:00
Tom Eastep
6ed207aba0 Fix 'dhcp' with 'nets' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-31 09:30:29 -07:00
Tom Eastep
924ec49d09 Add OWNER_NAME_MATCH to do_user 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-30 16:58:38 -07:00
Tom Eastep
a4097b7a02 Correct Typo in setup_null_routing() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-30 16:57:26 -07:00
Tom Eastep
e38fcb2bfc Correct ipset creation and add a WARNING when creating an ipset 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-30 16:56:43 -07:00
Tom Eastep
e09457cdf9 Correct Typo in setup_null_routing() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-27 07:46:53 -07:00
Tom Eastep
e641bf7ac2 Correct typo 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-26 16:01:35 -07:00
Tom Eastep
8a164adf98 Export TMPDIR if it exists in the .shorewallrc file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-26 15:43:04 -07:00
Tom Eastep
dee20c8d74 Add OWNER_NAME_MATCH to do_user 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-25 20:18:20 -07:00
Tom Eastep
ee15baf98c Correct typo in Chains.pm 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-25 12:48:57 -07:00
Tom Eastep
25e7555e80 Correct typo in the compiler 2012-03-25 12:36:25 -07:00
Tom Eastep
9dd9ee614b Correct ipset creation and add a WARNING when creating an ipset 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-25 08:27:28 -07:00
Tom Eastep
5aed14ffdc Set PRODUCT before processing rc file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-25 07:25:15 -07:00
Tom Eastep
59aab485c3 Handle 'PRODUCT' more gracefully 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-24 22:21:42 -07:00
Tom Eastep
173d29969d Improve shorewallrc variable expansion 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-24 21:34:24 -07:00
Tom Eastep
7390789b5e Add BLACKLIST Macro 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-24 21:33:57 -07:00
Tom Eastep
fc4aaa97c6 Expand variables in shorewallrc 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-24 21:26:20 -07:00
Tom Eastep
eb118e4443 Add shorewallrc files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-24 13:05:39 -07:00
Tom Eastep
f4ed4109c6 Fix LENGTH handling (again) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-23 15:40:48 -07:00
Tom Eastep
398c843643 Concatenate match options when not KLUDGEFREE 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-23 15:40:25 -07:00
Tom Eastep
01d07f55a9 Only include user exit basename in exported progress messages 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-20 07:33:32 -07:00
Tom Eastep
bdc8cb66bd Correct load_kernel_modules() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-20 07:15:47 -07:00
Tom Eastep
7bc823fb8b Support 'kerneltz' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 15:57:38 -07:00
Tom Eastep
48b7594b64 Delete prog.header* 
- Move functions into lib.core with ?IF ... ?ELSE ... ?END

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 15:56:02 -07:00
Tom Eastep
88b1180817 Support ?IF in copied files 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 13:38:24 -07:00
Tom Eastep
8803cd8d3b ?IF improvements 
- Pass line number to make process_conditional more general
- Add debugging output
- Do first_line processing prior to looking for ?

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 12:51:22 -07:00
Tom Eastep
0063de1564 Add capabilities to conditionals 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 11:57:33 -07:00
Tom Eastep
f104596b39 Merge branch '4.5.1' 2012-03-19 10:13:08 -07:00
Tom Eastep
146d66f0aa Don't complain about SHOREWALL_INIT_SCRIPT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 09:52:55 -07:00
Tom Eastep
0ccb398cec Merge branch '4.5.1' 2012-03-19 09:22:44 -07:00
Tom Eastep
287a44be52 Allow TOS to work on RHEL5 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 09:22:21 -07:00
Tom Eastep
86f3667b82 Correct nested ?IF 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 08:19:32 -07:00
Tom Eastep
962b1cca1f Remove Perl diagnostic 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 07:46:45 -07:00
Tom Eastep
2026fdab6a Correct IPSET_WARNINGS 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 07:44:52 -07:00
Tom Eastep
722e888043 Fix ?IF 
- Allow nested ?IFs to work correctly
- Correct push logic for $ifstack

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 07:38:52 -07:00
Tom Eastep
e3997abfb9 Merge branch '4.5.2' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-19 07:27:53 -07:00
Tom Eastep
710687bbd6 Revert "Move conditional processing to it's own function" 
This reverts commit 8262cff71a.
 2012-03-19 07:23:57 -07:00
Tom Eastep
d4a1e7dba9 Revert "Allow ?IF, ?ELSE and ?ENDIF in copied files" 
This reverts commit 29dd342118.
 2012-03-19 07:23:24 -07:00
Tom Eastep
c7237e5c8e Revert "Move all functions from prog.header* to lib.core" 
This reverts commit f9f557e1c6.
 2012-03-19 07:22:51 -07:00
Tom Eastep
c299c6d61a Revert "Correct spelling" 
This reverts commit 1d021e3701.
 2012-03-19 07:22:29 -07:00
Tom Eastep
6769acc7a7 Revert "Some corrections to conditional inclusion" 
This reverts commit 164d2f5d1b.
 2012-03-19 07:22:07 -07:00
Tom Eastep
df33587395 Revert "Clean up of conditional inclusion." 
This reverts commit 5f3ba4eb40.
 2012-03-19 07:21:36 -07:00
Tom Eastep
508f33a183 Revert "Eliminate prog.header6" 
This reverts commit 60f1004339.
 2012-03-19 07:21:12 -07:00
Tom Eastep
11f970d1c2 Revert "Eliminate prog.header" 
This reverts commit 13bf383ce8.
 2012-03-19 07:20:57 -07:00
Tom Eastep
72e6330ff4 Revert "Add capabilities to ?IF conditionals" 
This reverts commit 0d71c590e4.
 2012-03-19 07:20:31 -07:00
Tom Eastep
5caf68bc31 Remove .project 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-18 19:31:40 -07:00
Tom Eastep
15ca0fd1f0 Add IPSET_WARNINGS option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-18 19:30:04 -07:00
Tom Eastep
955a9f0051 Correct Steven's issues 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-18 19:10:46 -07:00
Tom Eastep
5bfd2cc2c9 Remove some WARNINGs 
- Mr Dash4 has decided he doesn't want them after all.
 2012-03-18 12:42:32 -07:00
Tom Eastep
56f66bd966 Require the correct PROTO to use a port range in the ADDRESS column of masq 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-18 11:22:37 -07:00
Tom Eastep
6e089fb0e2 Require the correct PROTO to use a port range in the ADDRESS column of masq 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-18 11:21:53 -07:00
Tom Eastep
0d71c590e4 Add capabilities to ?IF conditionals 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-18 08:48:26 -07:00
Tom Eastep
d1661c95d5 Remove .project 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-17 18:29:32 -07:00
Tom Eastep
13bf383ce8 Eliminate prog.header 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-17 18:07:36 -07:00
Tom Eastep
60f1004339 Eliminate prog.header6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-17 17:51:56 -07:00
Tom Eastep
5f3ba4eb40 Clean up of conditional inclusion. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-17 12:12:32 -07:00
Tom Eastep
164d2f5d1b Some corrections to conditional inclusion 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-17 10:26:36 -07:00
Tom Eastep
1d021e3701 Correct spelling 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-17 09:42:15 -07:00
Tom Eastep
f9f557e1c6 Move all functions from prog.header* to lib.core 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-17 09:35:35 -07:00
Tom Eastep
29dd342118 Allow ?IF, ?ELSE and ?ENDIF in copied files 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-17 09:33:40 -07:00
Tom Eastep
8262cff71a Move conditional processing to it's own function 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-17 09:32:56 -07:00
Tom Eastep
ab13fbe95e Allow conditional compilation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-16 08:16:12 -07:00
Tom Eastep
95e4f8dd91 Fix TOS(tos/mask) in tcrules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-14 15:34:11 -07:00
Tom Eastep
8e413a7bf0 Fix TOS(tos/mask) in tcrules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-14 15:33:31 -07:00
Tom Eastep
2a67a202b0 Merge branch '4.5.1' 2012-03-13 20:16:01 -07:00
Tom Eastep
7e14777b8f Fix typo 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-13 19:54:58 -07:00
Tom Eastep
c1d0681e17 Correct LENGTH column validation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-13 17:58:18 -07:00
Tom Eastep
e3f2c49c7e Remove level of indirection for the 'super' property 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-13 12:23:33 -07:00
Tom Eastep
fecd091078 Remove %zones{option}{nested} 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-13 11:31:13 -07:00
Tom Eastep
e0b360513c Remove a level of indirection for 'complex' zone flag. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-13 09:47:31 -07:00
Tom Eastep
01d99d4873 Move zone mss handling to the Rules File 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-12 15:59:35 -07:00
Tom Eastep
acb2e2a8ab Implement mss= in hosts file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-12 15:14:35 -07:00
Tom Eastep
48570227ba Big cleanup of TOS handling 
- Validate settings/matches
- Allow setting in the tcrules file.
- Deprecate /etc/shorewall[6]/tos
 2012-03-09 16:16:25 -08:00
Tom Eastep
c112f20e17 Tighten editing of LENGTH column(s) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-07 14:07:04 -08:00
Tom Eastep
b2842ae8d4 Don't allow reserved variables to be set in params 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-05 15:42:53 -08:00
Tom Eastep
dff5136134 Correct issues with debugging the generated script 
a) Rename DEBUG to g_debug_iptablesb
b) Clear all of the tables prior to handling iptables-restore input.
 2012-03-05 15:21:10 -08:00
Tom Eastep
a84e131115 Fix bug in DSCP implementation. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-03-05 09:50:15 -08:00
Tom Eastep
aab6e67e70 Omit non-default geometry settings from updated shorewall.conf. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-29 12:34:06 -08:00
Tom Eastep
47453a20f7 Tweak to Run-time gateway variables 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-24 09:02:04 -08:00
Tom Eastep
7273f4d8d4 Implement run-time gateway variables. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-23 13:36:00 -08:00
Tom Eastep
2624005fa8 Fix FORMAT-2 interfaces 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-21 16:41:56 -08:00
Tom Eastep
d5af9c360d Implement FORMAT-2 interfaces file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-21 11:23:58 -08:00
Tom Eastep
2137840fec Fix bug in DSCP support 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-20 16:40:11 -08:00
Tom Eastep
a1ec1dc178 Add DSCP match support 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-20 08:47:48 -08:00
Tom Eastep
e2f4af6e48 Create a Perl-style switch statement to handle irregular entries in 
the tcrules file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-19 17:28:49 -08:00
Tom Eastep
b1272e8835 Add DSCP target support. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-19 17:04:16 -08:00
Tom Eastep
75d5957020 Unify 'dont_' chain flags 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-19 14:20:09 -08:00
Tom Eastep
1896e56894 Rework some newbie code in add_group_to_zone() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-19 08:39:17 -08:00
Tom Eastep
7cd7f1ebbe Make zone-option hashes and constants global 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-19 08:30:39 -08:00
Tom Eastep
7fef97d92d Fix compiler crash from unknown interface 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-18 10:02:39 -08:00
Tom Eastep
cd3a9854f8 Change ipset flags error to a warning 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-18 08:22:16 -08:00
Tom Eastep
59fea1a05d Add a SWITCH column to /etc/shorewall/masq 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-18 08:17:14 -08:00
Tom Eastep
1c7476fe61 Validate SOURCE/DEST fit for ipset flags 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-17 15:46:28 -08:00
Tom Eastep
460efbac77 Merge branch '4.5.0' 2012-02-11 11:36:38 -08:00
Tom Eastep
09078cf6ad Add comments to add_interface_options() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-07 14:20:11 -08:00
Tom Eastep
f5c09a9e2e Restore 'update -b' functionality 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-07 07:40:35 -08:00
Tom Eastep
f4be778b86 Restore 'update -b' functionality 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-07 07:38:07 -08:00
Tom Eastep
bd959884cc Don't require a MARK value on the default class. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-06 14:40:22 -08:00
Tom Eastep
a87a981a2e Merge branch '4.5.0' 2012-02-05 13:19:54 -08:00
Tom Eastep
e8875ae50b Sort emitted param settings in export_params() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-05 10:03:47 -08:00
Tom Eastep
8561bb77ee Delete the BLACKLIST entry in %sections 2012-02-05 09:40:02 -08:00
Tom Eastep
a25075d3c5 Minor cleanup of Rules file 
- Correct comments
- Delete stale comments
- Simplify a statement in process_rules1()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-03 10:34:53 -08:00
Tom Eastep
63aaeb37c4 Remove redundant prototype. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-03 10:34:37 -08:00
Tom Eastep
99e0a340b1 Cosmetic changes to Zones.pm source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-03 10:34:30 -08:00
Tom Eastep
b5e3a41e13 Remove redundant logic 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-03 10:34:20 -08:00
Tom Eastep
5c30c236a3 Minor cleanup of Rules file 
- Correct comments
- Delete stale comments
- Simplify a statement in process_rules1()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-03 09:53:43 -08:00
Tom Eastep
cdf284a4ee Remove redundant prototype. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-03 09:06:20 -08:00
Tom Eastep
57d1b29d1e Cosmetic changes to Zones.pm source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-03 07:29:13 -08:00
Tom Eastep
25031c3a42 Remove redundant logic 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-03 07:21:28 -08:00
Tom Eastep
0c1beb50ae Add 'IMQ Target' capability to tcrules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-02 12:54:00 -08:00
Tom Eastep
ab04a7fb46 Fix comments -- reflect changes done during the irule implementation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-01 13:53:12 -08:00
Tom Eastep
45a1f9df4f Streamline exclusion of the %vserver% pseudo-interface. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-02-01 10:25:26 -08:00
Tom Eastep
3f42b6d76f Merge branch 'master' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall 2012-01-25 20:41:50 -08:00
Tom Eastep
df3bded324 Simply getparams as a result of the new lib.cli variable-setting 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-25 20:41:08 -08:00
Tom Eastep
7cd05fd874 Correct routing commands in proxy NDP 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-21 19:58:47 -08:00
Tom Eastep
7d1bb30175 Merge branch 'master' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall 2012-01-17 13:12:01 -08:00
Tom Eastep
fc5f439b4b Generate prio 999 rule when USE_DEFAULT_RT=Yes, even when there are no balance providers. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-17 13:00:34 -08:00
Tom Eastep
ed3a623184 Cosmetic and maintainability improvements: 
1. Export optimization masks from Shorewall::Chains for use in
   Shorewall::Compiler.
2. Move capability reporting and checkint from Shorewall::Compiler to
   Shorewall::Config.
3. Eliminate some gratuitous black lines.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-17 07:24:12 -08:00
Tom Eastep
3120bb37d1 Reload load distribution chains during 'refresh' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-16 10:07:18 -08:00
Tom Eastep
58bf562747 Generate load rules at runtime rather than at compile time. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-15 19:23:44 -08:00
Tom Eastep
364420c4eb Don't derive base in load_chain() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-15 07:54:30 -08:00
Tom Eastep
b0f7c08844 Save load and status of each interface. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-14 17:43:25 -08:00
Tom Eastep
7316a2c51a Implement 'load=<load-factor>' in providers file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-13 16:37:05 -08:00
Tom Eastep
3920cef17e Update copyright on Shorewall::Providers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-12 07:14:04 -08:00
Tom Eastep
ec8491caf8 Issue a warning message when both 'route_rules' and 'rtrules' exist. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-12 07:10:16 -08:00
Tom Eastep
057ea718cd Remove 'stat' provider option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-12 07:09:53 -08:00
Tom Eastep
58a0b9b5c1 Rename route_rules to rtrules -- phase 2 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-09 07:19:10 -08:00
Tom Eastep
048d380c28 Issue warning if there is a deprecated option setting in the .conf file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-07 19:58:45 -08:00
Tom Eastep
ce73bb3d22 Unify prog.footer and prog.footer6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-07 13:53:41 -08:00
Tom Eastep
6f5ab698b4 Add a PROBABILITY column to the tcrules file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-06 12:54:37 -08:00
Tom Eastep
c4768d4a4a Allow run-time address variable in the SOURCE column of route_rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-06 11:59:22 -08:00
Tom Eastep
f003c0644b Fix MARK_IN_FORWARD_CHAIN=Yes with fw source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-06 09:26:43 -08:00
Tom Eastep
5ddb197680 Make '0' equivalent to '-' in the IN_BANDWIDTH column 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-06 09:14:07 -08:00
Tom Eastep
cda4c6ed11 Implement 'stat' provider option -- phase 1 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-05 16:49:26 -08:00
Tom Eastep
46d8adcfe9 Add STATISTIC_MATCH capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-04 15:46:01 -08:00
Tom Eastep
84dc26b82c Create lib.core 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-03 13:06:00 -08:00
Tom Eastep
7d756f51ac More unification of prog.header and prog.header6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-03 08:39:18 -08:00
Tom Eastep
4216d80c12 Allow Provider name in 'disable' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-02 15:25:43 -08:00
Tom Eastep
018ba394e3 Move common code from prog.header[6] to lib.common 2012-01-02 14:13:19 -08:00
Tom Eastep
a39f4699dc Update versions and copyrights 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-01-02 07:43:13 -08:00
Tom Eastep
288c7b06dc Place sfilter jumps in the option chains 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-31 14:47:36 -08:00
Tom Eastep
4b8fb130ba Update copyright dates. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-31 14:15:25 -08:00
Tom Eastep
c2293f3d64 Eliminate the $blrules global in Shorewall::Rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-31 13:16:04 -08:00
Tom Eastep
d6bac484dc Allow the timeout to be specified in that 'safe' commands. 
Also, allow a suffix (s, m or h) in the <timeout> paramater to the 'try' command.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-31 09:40:36 -08:00
Tom Eastep
64d3ac036b Disable BLACKLIST section 2011-12-30 20:25:54 -08:00
Tom Eastep
28f27c65aa Use SHA1 to shorten digests. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-30 14:58:49 -08:00
Tom Eastep
4d9a43a4dd Delete some 'dont_move' flags 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-30 11:31:08 -08:00
Tom Eastep
1d9a4c58e9 Cosmetic change with comments. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-30 10:59:23 -08:00
Tom Eastep
6f61293b08 Reduce the size of many configs by not copying long chains multiple times. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-30 10:27:58 -08:00
Tom Eastep
b63c7e0016 A bit of optimization in add_interface_options() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-30 08:08:28 -08:00
Tom Eastep
6bed5e5e55 Merge branch '4.4.27' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-30 07:28:14 -08:00
Tom Eastep
5b2f960db3 Disallow :P in CLASSIFY rules and complain if :F is used when the SOURCE or DEST is $FW. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-30 07:22:14 -08:00
Tom Eastep
1da7f52ed5 Copy output interface options rather than jump 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 18:49:47 -08:00
Tom Eastep
39f214208a Fix silly bug in the new option chain implementation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 17:57:39 -08:00
Tom Eastep
6926bcdbb9 More refinements of the option chain stuff. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 14:52:07 -08:00
Tom Eastep
f9960a0c94 Restore blacklst and blackout chains 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 13:45:35 -08:00
Tom Eastep
2c441b5393 Copy option rules into interface chains if no blacklist 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 09:32:16 -08:00
Tom Eastep
bddfb4f41c Add output option chains 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 08:22:00 -08:00
Tom Eastep
03610181fd Disallow :P in CLASSIFY rules and complain if :F is used when the SOURCE or DEST is $FW. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-29 07:49:53 -08:00
Tom Eastep
3ca9577f04 Cruft removal 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-28 16:22:11 -08:00
Tom Eastep
8cdc83638e Don't allow PREROUTING CLASSIFY rules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-28 14:07:12 -08:00
Tom Eastep
a98c85cbc4 Make 'audit' work on a converted blacklist file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-28 10:30:24 -08:00
Tom Eastep
eda918215d Option chain phase II implementation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-28 10:29:15 -08:00
Tom Eastep
0518def9cf Merge branch '4.4.27' 2011-12-28 09:58:19 -08:00
Tom Eastep
09f58512be Make 'audit' work on a converted blacklist file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-28 09:34:34 -08:00
Tom Eastep
eff447ac11 Phase one option chain implementation. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-27 18:12:58 -08:00
Tom Eastep
ea9c59a297 Add an interface filter chain for each interface. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-27 13:52:44 -08:00
Tom Eastep
49eb84b9e2 Remove more helper/proto silliness 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-27 13:06:37 -08:00
Tom Eastep
8a8214704e Centralize checking for required proto with helper 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-27 13:04:19 -08:00
Tom Eastep
aa743f2886 Merge branch '4.4.27' 2011-12-27 13:02:08 -08:00
Tom Eastep
c5868ef6e4 Revert "Remove redundant check." 
This reverts commit 53dd13cf15.
 2011-12-27 13:01:27 -08:00
Tom Eastep
7721644209 Merge branch '4.4.27' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall into 4.4.27 
Conflicts:
	Shorewall/Perl/Shorewall/Chains.pm
	Shorewall/Perl/Shorewall/Raw.pm
 2011-12-27 12:32:13 -08:00
Tom Eastep
1c2ab238a5 Merge branch '4.4.27' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall into 4.4.27 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-26 13:22:30 -08:00
Tom Eastep
3541767881 Don't croak when adding gateway route fails for IPv6. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-26 11:58:06 -08:00
Tom Eastep
53dd13cf15 Remove redundant check. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-26 11:57:34 -08:00
Tom Eastep
5520a6d31d Validate helper<->protocol 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-24 09:24:01 -08:00
Tom Eastep
be4cb9d26a Validate helper<->protocol 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-23 17:55:13 -08:00
Tom Eastep
97354c8ce8 Detect CT_TARGET when LOAD_HELPERS_ONLY=No 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-23 11:59:51 -08:00
Tom Eastep
0e3ad6ff91 Omit the chain designator from an error message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-23 07:51:12 -08:00
Tom Eastep
1c535ee0f9 Correct handling of a chain designator in CLASSIFY rules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-23 07:44:16 -08:00
Tom Eastep
3081ab1da1 Correct RELATED_DISPOSITION error message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-22 15:51:50 -08:00
Tom Eastep
ce735e9415 Allow a chain designator in CLASSIFY rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-22 15:41:16 -08:00
Tom Eastep
e93dbdcb99 Stop generation of superfluous routing rules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-21 08:01:25 -08:00
Tom Eastep
c03fe0a076 Implement USE_LOGICAL_NAMES. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-20 16:03:56 -08:00
Tom Eastep
1c8f6d3856 Eliminate a variable 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-18 15:05:03 -08:00
Tom Eastep
c00068e08d Another correction to the 'CT' target 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-18 07:21:32 -08:00
Tom Eastep
a80b46be81 Allow a port number to be appended to a helper name 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-17 17:08:24 -08:00
Tom Eastep
ec848ebc01 Parenthesize qa/.../ in embedded Perl 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-17 10:09:23 -08:00
Tom Eastep
ba5db8753e Fix CT helpers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-17 08:59:27 -08:00
Tom Eastep
9d66f34932 Allow config options to be used as shell variables 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-15 12:52:22 -08:00
Tom Eastep
10d10b1c16 Remove a redundant capability test 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-15 12:52:06 -08:00
Tom Eastep
6194eceaa4 Restore text of 'Provider "..." compiled' message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-15 12:51:39 -08:00
Tom Eastep
2142baca4f Avoid inappropriate RELATED,ESTABLISHED rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-06 19:04:43 -08:00
Tom Eastep
004d0bcc38 Allow rules in the RELATED section when there are non-default settions of 
the new RELATED_* options.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-06 13:38:11 -08:00
Tom Eastep
d4957696d1 Update man pages and sample files 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-05 17:45:09 -08:00
Tom Eastep
439af55312 Implement RELATED_DISPOSITION and RELATED_LOG_LEVEL 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-05 16:08:17 -08:00
Tom Eastep
febe9e5222 Apply Chris Boot's fix for TC_ENABLED=Shared 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-05 12:22:48 -08:00
Tom Eastep
2cffae738f Initial implementation of CT target support in the 'notrack' file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-04 17:15:58 -08:00
Tom Eastep
a794027f63 Implement CT capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-04 14:35:53 -08:00
Tom Eastep
e7d2b1d4ed Consolidate the lib.common files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-04 09:19:48 -08:00
Tom Eastep
6bb487bb68 Pass $CONFIG_PATH to compiler.pl 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-02 07:36:23 -08:00
Tom Eastep
8c6914d1a2 Don't deprecate 'optional' for shared providers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-01 11:23:22 -08:00
Tom Eastep
a27f5655a7 Merge branch '4.4.26' 2011-12-01 10:41:22 -08:00
Tom Eastep
99bf7fb994 Don't do TC stuff during enable/disable of a shared provider 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-01 10:41:03 -08:00
Tom Eastep
568e3b2e5b Allow a provider name in addition to an interface name in enable/disable 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-01 10:32:54 -08:00
Tom Eastep
8f14485d67 Allow a provider name in addition to an interface name in enable/disable 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-01 10:30:42 -08:00
Tom Eastep
3110f7c74a Add enable/disable commands to the CLIs 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-12-01 10:25:51 -08:00
Tom Eastep
d8caa6498a Add tracing to Optimize 16. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-30 07:57:19 -08:00
Tom Eastep
9e149ca038 Correct default values during update 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-27 14:12:51 -08:00
Tom Eastep
61d5c6d6da Implement Shorewall::Chains::clone_rule() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-26 09:36:02 -08:00
Tom Eastep
3498076a96 Accurately compare rule key values that are array references. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-26 08:03:02 -08:00
Tom Eastep
15d95b6977 Fix SAME target. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-26 07:48:03 -08:00
Tom Eastep
5cdb74168f Correct port list capture with --multiport. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-25 16:22:23 -08:00
Tom Eastep
613e41c25a Enable OPT 16 in check -r; Suppress duplicate rules 2011-11-25 16:05:07 -08:00
Tom Eastep
90e03e1833 Even more tweaks to optimize 16 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-25 14:46:37 -08:00
Tom Eastep
71bbd7963c Some tweaks to optimize 16 2011-11-25 10:42:10 -08:00
Tom Eastep
f305da9d0d Require extended multi-port match for OPTIMIZE 16. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-24 10:57:09 -08:00
Tom Eastep
8d8a681f40 Implement optimization level 16 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-24 10:22:04 -08:00
Tom Eastep
4559c8b5d0 Tweaks to convert_blacklist() 
- Reword an error message to handle both missing file and zero-sized file.
- Don't rename file that doesn't exist.
 2011-11-21 12:13:39 -08:00
Tom Eastep
dffb79e7bd Handle empty blacklist file in 'update -b' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-20 17:02:01 -08:00
Tom Eastep
bd8ba435cd Avoid uninitialized value in hash element. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-20 16:24:42 -08:00
Tom Eastep
4d30811794 Implement 'show marks' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-20 12:29:17 -08:00
Tom Eastep
e5a6387695 Eliminate use of WIDE_TC_MARKS in the Tc module 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-20 08:45:16 -08:00
Tom Eastep
382309bc53 Derive default values for the mark-layout options 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-20 07:03:33 -08:00
Tom Eastep
83d7cfa76a Update documentation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-19 15:18:43 -08:00
Tom Eastep
ae8aa3a45a More fixes for ZONE_BITS 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-19 08:19:38 -08:00
Tom Eastep
ab1b65d6a8 Fixes for blacklist conversion 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-19 08:18:58 -08:00
Tom Eastep
4f9afc32ec Allow zone names in the MARK column when ZONE_BITS != 0 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-18 07:23:24 -08:00
Tom Eastep
7c0cb69c29 Don't copy limited broadcast routes to provider tables 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-18 07:07:51 -08:00
Tom Eastep
364b30fd9b Fix 'update -b' handling of missing files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-18 06:26:37 -08:00
Tom Eastep
72f75c201c Implement zone automark 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-17 16:07:45 -08:00
Tom Eastep
96f5aec71f Add ZONE_BITS configuration option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-17 10:40:47 -08:00
Tom Eastep
fe09646bed Make zone types a power of 2. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-17 09:23:39 -08:00
Tom Eastep
348c6c8cf7 Correct handling of LOGMARK 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-17 07:22:07 -08:00
Tom Eastep
d096b9399a Fix '\!' handling in validate_level() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-15 16:41:32 -08:00
Tom Eastep
afaf0d9de8 Trivial optimiation in validate_level() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-13 06:19:40 -08:00
Tom Eastep
28a1087cd4 Cleanup of rewritten validate_level() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-13 05:58:59 -08:00
Tom Eastep
73ed66b9b9 Add ULOG and NFLOG capabilities plus LOGMARK for IPv6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-12 14:10:48 -08:00
Tom Eastep
ffec7a4d95 More corrections to wildcard interfaces 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-11 07:29:44 -08:00
Tom Eastep
04dfe26549 Remove two unused variables. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-11 05:23:37 -08:00
Tom Eastep
972721facb Remove some white space 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-10 17:52:25 -08:00
Tom Eastep
6813409c31 Make the previous patch a bit cleaner 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-10 07:19:21 -08:00
Tom Eastep
d85f6970e3 Fix wildcard interfaces 
- Suppress extra jumps to interface chains.
- Insure that the 'lo' ACCEPT rule doesn't get masked by a wildcard interface

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-10 06:53:48 -08:00
Tom Eastep
d053faadde Allow convertion of a legacy blacklist configuration 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-08 12:59:40 -08:00
Tom Eastep
6108a9cad8 Delete BLACKLISTSECTION 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-06 14:46:14 -08:00
Tom Eastep
da7516d401 Update config files and manpages for BLACKLISTSECTION 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-06 12:05:07 -08:00
Tom Eastep
1091c24348 Implement the BLACKLISTSECTION option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-06 08:43:38 -08:00
Tom Eastep
689e9b0fe1 Make replacement of '+' by '*' global in case statements. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-04 13:49:10 -07:00
Tom Eastep
352dba1aac More cleanup of the IN_BANDWIDTH code 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-02 06:34:35 -07:00
Tom Eastep
b9a7374130 Omit estimator when no avrate. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2011-11-01 11:16:51 -07:00