Commit Graph

676 Commits

Author SHA1 Message Date
Tom Eastep
508e1123bb Revert change that allowed out of order policies 2009-12-19 07:24:17 -08:00
Tom Eastep
43c45a064c Add current and limit to conntrack table display 2009-12-12 09:10:24 -08:00
Tom Eastep
9988cfb619 Remove silly logic in expand_rule() 2009-12-10 08:00:18 -08:00
Tom Eastep
a150ed1a72 Update change log 2009-12-08 13:30:55 -08:00
Tom Eastep
79ce532b69 Document fix for 'reload -c' 2009-12-08 08:30:37 -08:00
Tom Eastep
4076a6bca7 Fix ENHANCED_REJECT and MODULE_SUFFIX 2009-12-07 13:55:49 -08:00
Tom Eastep
c8616d4c67 Fix Shorewall6 capability detection 2009-12-05 21:35:05 -08:00
Tom Eastep
ee2195e745 Allow LOGFILE=/dev/null 2009-12-03 16:30:06 -08:00
Tom Eastep
a188fec942 Auto-load cls_flow and search .../sched for modules 2009-12-03 12:20:58 -08:00
Tom Eastep
4c7731fee6 Remove change log error for rejected change 2009-12-03 10:44:36 -08:00
Tom Eastep
e5106f10bc Revert 8ff4d004c0 2009-11-28 07:23:23 -08:00
Tom Eastep
4e8d753682 Revert "Finish Virtual Zones"
This reverts commit 222c8cf88f.
2009-11-28 07:20:52 -08:00
Tom Eastep
222c8cf88f Finish Virtual Zones 2009-11-26 12:14:58 -08:00
Tom Eastep
8ff4d004c0 Better virtual zone implementation 2009-11-25 18:14:14 -08:00
Tom Eastep
8263ea1312 Limit providers to 15 2009-11-25 12:18:08 -08:00
Tom Eastep
d189c08533 Revert "Add 'virtual' zone support"
This reverts commit a2cd4bd1f4.
2009-11-25 11:51:13 -08:00
Tom Eastep
a2cd4bd1f4 Add 'virtual' zone support 2009-11-25 09:42:28 -08:00
Tom Eastep
d3d21d4d18 Fix 'show policies' in Shorewall6[-lite] 2009-11-23 13:50:41 -08:00
Tom Eastep
cc809eaf78 Complete merge of 4.4 branch into master 2009-11-23 11:15:33 -08:00
Tom Eastep
c17ac8f23f commit crap for now 2009-11-23 11:13:57 -08:00
Tom Eastep
532105ec39 Allow specific policy to supersede a wildcard policy 2009-11-23 10:02:04 -08:00
Tom Eastep
b30cae89e3 Allow <zone>::<serverport> in the rules file DEST column 2009-11-23 09:56:15 -08:00
Tom Eastep
99a35c1bf0 Allow <zone>::<serverport> in the rules file DEST column 2009-11-23 09:33:16 -08:00
Tom Eastep
90170d6018 Update changelog 2009-11-22 08:58:06 -08:00
Tom Eastep
720442b400 Fix merge screwup 2009-11-22 08:43:32 -08:00
Tom Eastep
bd9c0ac285 Generate error on port == 0 2009-11-22 08:39:03 -08:00
Tom Eastep
c8209f4ce2 Apply bridge fix to 4.4 2009-11-22 08:18:23 -08:00
Tom Eastep
c7de19cf39 Allow specific policy to supersede an expanded one 2009-11-21 13:56:40 -08:00
Tom Eastep
cbe944c354 Open the 4.5.0 Thread 2009-11-21 11:41:10 -08:00
Tom Eastep
ecf6a0ec4a Open 4.4.5 2009-11-21 11:08:50 -08:00
Tom Eastep
bce4d51a18 Allow wide MARK values in tcclasses when WIDE_TC_MARKS=Yes 2009-11-21 07:54:42 -08:00
Tom Eastep
c5bb493b29 Fix class number assignment when WIDE_TC_MARKS=Yes 2009-11-20 12:25:15 -08:00
Tom Eastep
9d5dd2ad3a Implement an '-l' option to the 'show' command 2009-11-16 15:14:24 -08:00
Tom Eastep
2a910ebddf Suppress redundant tests for provider availability in route rules processing 2009-11-16 12:43:44 -08:00
Tom Eastep
31f01fe765 Document fixing route rule addition code 2009-11-16 11:20:02 -08:00
Tom Eastep
f5a019becc Implement 'show policies' command 2009-11-15 09:24:56 -08:00
Tom Eastep
893a847c87 Suppress extra COMMENT warnings 2009-11-10 17:17:55 -08:00
Tom Eastep
bf8c38e054 Add ZONE2ZONE option to shorewall.conf 2009-11-10 14:12:55 -08:00
Tom Eastep
89bdcf9a3d Implement 'physical' option 2009-11-06 07:27:44 -08:00
Tom Eastep
28b660c853 Avoid reporting bogus duplicate interface with two bridges and wildcard ports 2009-11-05 11:04:14 -08:00
Tom Eastep
4548db58da Relax port list limitation in /etc/shorewall/routestopped 2009-11-03 11:36:32 -08:00
Tom Eastep
4f5c602d5f Fix .spec error and document logrotate files 2009-11-03 10:12:38 -08:00
Tom Eastep
11ddfa92e9 Eliminate Perl run-time errors out of move_rules() 2009-11-01 17:14:42 -08:00
Tom Eastep
23d0806da2 Change Shorewall6 default STARTUP_LOG and LOG_VERBOSITY 2009-11-01 11:09:17 -08:00
Tom Eastep
f0b4b1f42e Add limit option to tcclasses 2009-10-26 12:23:32 -07:00
Tom Eastep
b3571261dd Fix optional providers 2009-10-24 12:05:44 -07:00
Tom Eastep
3e2cf982a3 Correct messages issued when a provider is not added 2009-10-24 08:50:15 -07:00
Tom Eastep
86df82a29a Fix IPv6 address validation error 2009-10-23 13:41:51 -07:00
Tom Eastep
d0cda6b6ea Add TRACK_PROVIDERS option 2009-10-20 13:24:17 -07:00
Tom Eastep
49f361124e Make 'track' the default 2009-10-20 12:24:28 -07:00
Tom Eastep
abc9ab061a Remove superfluous variables from generated script 2009-10-19 07:25:03 -07:00
Tom Eastep
f3043f1453 Document nested zone fix 2009-10-17 11:06:36 -07:00
Tom Eastep
b38841798e Fix initialization 2009-10-15 13:43:46 -07:00
Tom Eastep
990a9f0fdc Fix RETAIN_ALIASES 2009-10-13 14:36:47 -07:00
Tom Eastep
83a9d8dd1b Rename 'object' to 'script' 2009-10-05 15:43:29 -07:00
Tom Eastep
ab4e7cffcf Document fix to routestopped 2009-10-03 10:53:53 -07:00
Tom Eastep
beac09e45f STARTUP_LOG changes 2009-10-02 16:10:14 -07:00
Tom Eastep
964cba79a9 Initialize 4.4.3 2009-10-02 11:31:08 -07:00
Tom Eastep
393673a884 Allow MARK in action body -- take 2 2009-09-25 16:15:56 -04:00
Tom Eastep
428c3d1e4e Hack to make new LIMIT stuff work on ancient iptables releases 2009-09-20 09:12:35 -04:00
Tom Eastep
120aade417 Allow Extension Scripts for Accounting Chains 2009-09-15 12:22:51 -07:00
Tom Eastep
a5f3a05341 Fix typo in the Introduction 2009-09-14 13:43:32 -07:00
Tom Eastep
8fdebf0c38 Add new columns to macros 2009-09-13 08:09:40 -07:00
Tom Eastep
07d8872823 Indicate that Squeeze 'will' include 4.4 2009-09-12 09:20:38 -07:00
Tom Eastep
9b0a9e8ecd Add -<family> to 'ip route del default' command 2009-09-12 08:48:52 -07:00
Tom Eastep
8c2a228a7d Apply Jesse Shrieve's SNAT patch 2009-09-11 07:47:31 -07:00
Tom Eastep
7c1dd35a00 Update release documents 2009-09-09 12:18:31 -07:00
Tom Eastep
bb83db3eb9 Don't call compile_stop_firewall() during 'check'; call process_routestopped() instead - change log 2009-09-08 12:55:14 -07:00
Tom Eastep
b03d502bbb Allow comments on continued lines 2009-09-06 16:17:22 -07:00
Tom Eastep
70ebe17cb3 Reimplement MAPOLDACTIONS=Yes 2009-09-06 13:37:24 -07:00
Tom Eastep
ec94ed638e Better modularization of Chains and Actions 2009-09-05 08:43:14 -07:00
Tom Eastep
03821dc22c Process routestopped file during 'check' 2009-09-03 19:27:25 -07:00
Tom Eastep
f3455b107d 4.4.2 release doc initialization and update 2009-09-03 14:58:46 -07:00
Tom Eastep
62b1dbcd7f Document portlist-splitting change 2009-09-02 15:30:26 -07:00
Tom Eastep
fbfa4b4e49 Update release documents and make minor change to faq 2009-08-31 14:19:15 -07:00
Tom Eastep
2bb92a79f3 Fix silly hole in zones file parsing 2009-08-30 08:05:10 -07:00
Tom Eastep
d31721a066 Fix rule generated by MULTICAST=Yes -- release documents 2009-08-29 09:34:16 -07:00
Tom Eastep
1ef00c547b Disallow 'nets=' in a multi-zone interface definition 2009-08-29 07:41:27 -07:00
Tom Eastep
4809314fc1 Allow extending a zone defined with nets= 2009-08-29 07:20:16 -07:00
Tom Eastep
acfdc7e481 nets= allows multicast 2009-08-28 15:17:10 -07:00
Tom Eastep
5db7e77462 Turn off IP forwarding in the standalone example -- update release docs 2009-08-28 08:31:48 -07:00
Tom Eastep
383f3e8bcf Fix nested IPSEC zones 2009-08-26 12:44:10 -07:00
Tom Eastep
1b26c65cbc Fix logging in rules at the end of INPUT and OUTPUT 2009-08-25 09:22:26 -07:00
Tom Eastep
088e164f18 Redefine 'full' when used in a sub-class definition 2009-08-24 11:56:16 -07:00
Tom Eastep
e24dbb9aea Add 'clean' target to Makefiles 2009-08-23 10:43:01 -07:00
Tom Eastep
622db3655f More updates/corrections to change notes 2009-08-18 08:50:50 -07:00
Tom Eastep
4bc1fb145a Update change notes 2009-08-18 08:44:55 -07:00
Tom Eastep
0557148bec Avoid double globals initialization for IPv6 2009-08-16 09:24:51 -07:00
Tom Eastep
55f75604b3 Add support for 'persistent' 2009-08-15 08:15:38 -07:00
Tom Eastep
883f415e53 Start 4.4.1 2009-08-14 14:46:31 -07:00
Tom Eastep
2bac824207 Fix provider number in masq entry 2009-08-12 13:52:56 -07:00
Tom Eastep
55c879e4e6 Fix log record displays 2009-08-07 13:33:07 -07:00
Tom Eastep
70f46c02cc Fix logging NAT rules 2009-08-05 12:48:14 -07:00
Tom Eastep
999a00dc77 Remove need for '-v-1' when compiling to stdout 2009-08-03 11:20:34 -07:00
Tom Eastep
4af6c7650e Correct handling of nested IPSEC zone 2009-07-29 14:35:27 -07:00
Tom Eastep
8d8920e7ad Disallow ipsec zones nested within an ip zone 2009-07-29 07:49:06 -07:00
Tom Eastep
f2f8cab962 Make 'any' a reserved zone name 2009-07-26 12:29:37 -07:00
Tom Eastep
26cb2b1eeb Allow Shorewall6 to recognize TC, IP and IPSET 2009-07-26 12:26:49 -07:00
Tom Eastep
c77f462d2d Delete prog.functions and prog.functions6 2009-07-24 14:51:24 -07:00
Tom Eastep
4fd338f3ca Fix 'rpm -U' from earlier versions 2009-07-21 12:32:25 -07:00