Tom Eastep
039fd6ddd8
Move origin handling into log_[i]rule_limit
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-27 14:24:56 -08:00
Tom Eastep
57288086bf
Unify TRACK_RULES handling
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-27 12:55:21 -08:00
Tom Eastep
f999acda63
Eliminate shortlineinfo1()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-27 10:21:08 -08:00
Tom Eastep
b4723da07c
Eliminate $globals{TRACK_GLOBALS}
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-26 16:45:47 -08:00
Tom Eastep
3860a1dc72
Ensure that %origin is populated
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-26 16:31:04 -08:00
Tom Eastep
e756820ca1
Revert "Unify TRACK_RULES settings implementation"
...
This reverts commit 866cb04cbb
.
2016-01-26 11:49:26 -08:00
Tom Eastep
866cb04cbb
Unify TRACK_RULES settings implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-25 18:07:46 -08:00
Tom Eastep
6ef136a546
Add origin information for entries in shorewall[6].conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-25 15:49:18 -08:00
Tom Eastep
9b3b4579a2
Change TRACK_RULES setting from Internal to File
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-24 16:15:36 -08:00
Tom Eastep
3e404b765f
Make .ip[6]tables-restore-input comments conditional
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-23 17:04:52 -08:00
Tom Eastep
2235641c9f
Add origin to the ip[6]tables input.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-23 15:13:12 -08:00
Tom Eastep
3fe4619f66
Fix origin in interfaces and hosts
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-23 13:49:52 -08:00
Tom Eastep
247698a14d
Add origin in some rules from the Misc module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-23 12:31:53 -08:00
Tom Eastep
73b20c832c
Add 'origin' member to rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-23 10:45:26 -08:00
Tom Eastep
8ac754caed
Add 'origin' member to the interface and hosts tables
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-21 17:08:19 -08:00
Matt Darfeuille
c85ced09af
Corrected sysconfig files
...
Removed unnecessary lines in sysconfig files
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-19 09:25:37 -08:00
Tom Eastep
1abb77d66d
Remove restrictions on -m geoip
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-18 22:30:15 -08:00
Tom Eastep
a28f3012d5
Correct $VERSION setting in Raw.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-18 09:38:35 -08:00
Tom Eastep
7d443b5e2e
Eliminate return value from process_action()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-18 09:08:35 -08:00
Tom Eastep
a945b3e0dd
Tweak the process_action() changes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 17:03:46 -08:00
Tom Eastep
ec6c233666
Centralize Rules module handling of @CALLER in actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 16:29:35 -08:00
Tom Eastep
4059e9de95
Clean up use_policy_action()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 12:35:12 -08:00
Tom Eastep
1ee645cd79
Another determinism fix -- red and codel options are now sorted
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 09:50:34 -08:00
Tom Eastep
1fedb26f1d
Handle @CALLER in policy chains
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 09:42:01 -08:00
Tom Eastep
031371f259
Improve maintainability of action-tuple code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-16 17:26:16 -08:00
Tom Eastep
742c15b289
Improve @CALLER fix to create unique chains per caller
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-16 17:12:03 -08:00
Tom Eastep
f95c67ec6b
Restore unmodified .pm files after installation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-15 13:55:46 -08:00
matt darfeuille
f1ed963077
Shorewall 5.0.4 Beta 2
...
Hi Tom,
Some unnecessary lines need to be removed from the sysconfig files.
I made some more changes to the init.openwrt.sh scripts(lite and
lite6)
Attached as sysconfig-lite.patch!
In order to be able to use the build50 script I had to make a few
changes(attached as build50.patch):
- Adding a variable BASEDIR (to build shorewall in a subdirectory)
BASEDIR=$PWD
and doing:
$BASEDIR/annotate.pl
and so on ...
- Adding a variable
CYGWINSTYLESHEET
and modifying the script to use this new variable(added cygwin clause
in case statement)
- Adding a variable GITRELEASEDIR and modifying the lines around
624(to specify an other name for the release repo)
from
../release/
to
../$GITRELEASEDIR/
- Added line to remove unnecessary *.bak files
- Added an if statement if a subdirectory is used when patches are
created
question/request:
Would it be possible to use the build50 script without the '-t'
option?
That way only the packages would be built but the tarballs wouldn't
be created.
-Matt
On 12 Jan 2016 at 7:57, Tom Eastep wrote:
> Shorewall 5.0.4 Beta 2 is now available for download.
>
> New Feature since Beta 1:
>
> 1) The mangle file now supports an DIVERTHA action that provides
> support for HAProxy.
>
> To setup the HAProxy transparent configuration described at
>
> http://www.loadbalancer.org/blog/setting-up-haproxy-with-transparent-mode-on-centos-6-x ,
> place this entry in shorewall-providers(5):
>
>
> #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
> TProxy 1 - - lo - tproxy
>
> and use this DIVERTHA entry:
>
> #ACTION SOURCE DEST PROTO ...
> DIVERTHA - - tcp
>
> Thank you for testing,
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
-------------- Enclosure number 1 ----------------
>From ca4c854433e1c4c5870ea3e71225e5df8da4e255 Mon Sep 17 00:00:00 2001
From: Matt Darfeuille <matdarf@gmail.com>
Date: Wed, 13 Jan 2016 21:28:47 +0100
Subject: [PATCH 1/2] Modified lite and lite6.init.openwrt.sh
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-14 16:36:21 -08:00
Tom Eastep
726d1492cd
Correct error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-13 17:08:57 -08:00
Tom Eastep
12513e24a3
Revert "Implement dynamic actions"
...
This reverts commit 8075ba719a
.
2016-01-13 11:04:41 -08:00
Tom Eastep
21765d618d
Create unique chains when @caller is used
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-13 11:04:23 -08:00
Tom Eastep
de21c59885
Correct hashlimit in logging rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-13 09:49:22 -08:00
Tom Eastep
8075ba719a
Implement dynamic actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-13 09:33:38 -08:00
Tom Eastep
3828eb856b
Rename HADIVERT to DIVERTHA
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-08 15:36:10 -08:00
Tom Eastep
e29e2d117d
Documentation updates
...
- update LSM section of the Multi-ISP article
- Correct formatting of HAPROXY examples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-08 08:33:42 -08:00
Tom Eastep
ad2f20b824
Finish HAProxy support
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-06 09:12:33 -08:00
Tom Eastep
4c33c2b957
Add support for HAProxy
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-06 08:27:50 -08:00
Tom Eastep
ee6a1dadbb
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2016-01-05 10:48:48 -08:00
Tom Eastep
2f59ea5ca3
Implement the WAIT_OPTION capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-05 09:28:24 -08:00
Tuomo Soini
c447ddd03e
systemd service: rename pre214 systemd versions to pre214 and remove separeate 214 variants
2016-01-05 12:01:21 +02:00
Tom Eastep
0c66e5f1b2
More Openwrt support in Shorewall-init from Matt Darfeuille
...
- Also, various cleanup in install/uninstall scripts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-04 15:45:21 -08:00
Tom Eastep
e695e08009
A couple of corrections to the IP[6]TABLE transparency change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-04 14:13:58 -08:00
Tom Eastep
c91b78a875
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2016-01-04 13:10:48 -08:00
Tom Eastep
70a9240de6
Make IP[6]TABLES transparent
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-04 13:10:03 -08:00
Tom Eastep
06dd5dc38f
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2016-01-02 12:37:43 -08:00
Tom Eastep
fad41e262a
Support the DROP command in the mangle file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-02 12:36:38 -08:00
Tom Eastep
89d91d37a1
Add Shorewall-init installer support for OpenWRT
...
- Supply sysconfig files for all products
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-27 16:47:31 -08:00
Tom Eastep
c9f57ad9c9
Update manpages for ADD timeout
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-24 09:20:42 -08:00
Tom Eastep
694dc64900
Allow comma in disposition when LOGTAGONLY=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-23 09:06:43 -08:00
Tom Eastep
54b6488113
Allow a timeout to be specified in ADD rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-23 08:24:00 -08:00
Tom Eastep
532d5c7e50
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-12-08 08:06:39 -08:00
Tom Eastep
8429f68897
Handle MAC addresses in IPv6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-07 15:15:28 -08:00
Tom Eastep
3ddc2a8f8b
Add parentheses for readability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-07 08:02:35 -08:00
Tom Eastep
1d79cbc54e
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
...
# Conflicts:
# Shorewall-init/install.sh
2015-12-06 11:55:03 -08:00
Tom Eastep
4b893b2fd6
Install/uninstall fixes from Matt Darfeuille
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
Conflicts:
Shorewall-init/install.sh
2015-12-05 11:56:16 -08:00
Tom Eastep
8e7f001f7e
Update manpages for column renaming
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-04 14:53:26 -08:00
Tom Eastep
98b4ab5ceb
Add missing columns in the masq file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-03 19:51:21 -08:00
Tom Eastep
592de3e6fc
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2015-12-03 15:35:35 -08:00
Tom Eastep
2c1786422e
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2015-11-28 09:04:46 -08:00
Tom Eastep
b087cee7f0
Redefine MODULESDIR
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-28 08:36:12 -08:00
Tuomo Soini
948175124b
accounting: there must be more room for ACTION, SOURCE, and DEST
...
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-11-27 22:33:03 +02:00
Tom Eastep
178a7f83bc
Install/uninstall fixes from Matt Darfeuille
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-21 12:53:24 -08:00
Tuomo Soini
b25a8e4b2d
shorewall: use real field names in config file headers
...
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-11-16 18:16:17 +02:00
Tom Eastep
7b54e5e1a6
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2015-11-10 07:50:33 -08:00
Tuomo Soini
9460458fd5
Shorewall: reduce number of lines on config headers
...
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-11-09 23:04:00 +02:00
Tom Eastep
7fb00e0dfe
Remove the routestopped files and their manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-09 07:28:46 -08:00
Tuomo Soini
e989fa1d49
configfiles/routestopped: add install path
...
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-11-09 10:27:07 +02:00
Tuomo Soini
f095e6f31d
configfiles: unified configuration file formatting
...
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-11-09 10:24:20 +02:00
Tom Eastep
e75c88219f
Start optional interfaces when there are no providers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-05 18:07:31 -08:00
Tuomo Soini
85df53841b
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2015-11-02 00:02:56 +02:00
Tom Eastep
1c29240eb9
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2015-11-01 11:31:53 -08:00
Tom Eastep
2b733b610c
Return proper exit status from the remote-* commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-01 07:53:31 -08:00
Tom Eastep
aa680d8472
Avoid double slashes in pathnames within the installers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 12:57:33 -07:00
Tom Eastep
460f4bc5b7
Correct defect in processing the 'persistent' route option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 08:15:10 -07:00
Tom Eastep
f90567abf1
Add support for OpenWRT BB and later
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 08:08:17 -07:00
Tuomo Soini
0c481b4c30
shorewall: use consitent headers on config files
...
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-10-31 08:18:50 +02:00
Tom Eastep
6209616766
Add lib.cli-user support to the full products
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-30 08:47:16 -07:00
Tom Eastep
5a3589b9a6
Add some comments in get_params()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-30 08:18:45 -07:00
Tom Eastep
3973cdf0da
Merge branch '5.0.1'
2015-10-28 14:35:27 -07:00
Tom Eastep
e39d405e86
More tweaks to params processing and exporting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-28 14:33:55 -07:00
Tom Eastep
239560be8d
Add Cygwin-specific code in get_params()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-28 13:47:40 -07:00
Tom Eastep
3873ebe06a
More param handling fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-28 09:37:52 -07:00
Tuomo Soini
e987a11614
Shorewall/configfiles/stoppedrules: use standard description
...
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-10-28 10:48:27 +02:00
Tom Eastep
081cf30447
Don't export variables with parentheses in their names
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-27 17:45:22 -07:00
Tuomo Soini
d614081d55
Shorewall/configfiles: remove empty lines and fix blrules header to common format
...
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-10-27 22:03:28 +02:00
Tom Eastep
35b90c2709
Update documentation for 'remote-' vs. 'remote_'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-27 08:16:06 -07:00
Tom Eastep
79a145bf83
Correct "remote-" commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-27 07:18:54 -07:00
Tom Eastep
6535bb94c5
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-10-27 07:18:06 -07:00
Tom Eastep
38049fd0df
Correct "remote-" commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-26 20:06:10 -07:00
Tom Eastep
c2768a2d64
Correct error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-26 13:08:09 -07:00
Tom Eastep
4f4358d4db
Correct error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-26 13:07:40 -07:00
Tom Eastep
f822afef99
Issue warning if a persistent provider isn't optional
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-26 13:07:28 -07:00
Tom Eastep
514fe76fa5
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2015-10-26 07:55:30 -07:00
Tom Eastep
56bf8b1572
Don't configure persistence if the interface has no address
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-26 07:42:47 -07:00
Tuomo Soini
2a064c7b7c
macro.MSSQL: allow udp/1434
...
Reference: https://technet.microsoft.com/en-us/library/ms181087%28v=sql.105%29.aspx
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-10-26 10:22:37 +02:00
Tuomo Soini
30682e63d8
Shorewall/Macros: remove version number
...
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-10-26 10:20:11 +02:00
Tom Eastep
69dd7ce0b9
Add 'persistent' provider option - Phase II
...
- Also allow the creation of 'persistent' routing rules and routes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-25 16:45:11 -07:00
Tom Eastep
46c3db4f32
Add 'persistent' provider option - Phase I
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-22 06:58:32 -07:00
Tom Eastep
6e59fd5395
Correct permissions on certain files in $CONFDIR/$PRODUCT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-22 06:58:05 -07:00
Tom Eastep
8dc16268a7
Delete main default routes when there are 'load=' or 'fallback=' interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-13 09:34:58 -07:00