Commit Graph

12728 Commits

Author SHA1 Message Date
Tom Eastep
e77ca971bd Avoid shell diagnostic in 'show capabilities' when no arptables installed
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-10 09:48:10 -07:00
Tom Eastep
8442477224 Add Enhanced Multi-port match capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-10 09:04:47 -07:00
Tom Eastep
fd2fcc996f Don't allow port redirection with UDPLITE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-10 08:32:45 -07:00
Tom Eastep
6e9fc77f73 Remove nonsensical comment from the stoppedrules manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-09 08:15:13 -08:00
Tom Eastep
8c4c856caa Issue a warning if the contents of the DUPLICATE column may be invalid.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-09 07:57:13 -08:00
Tom Eastep
a167e3449e Avoid Perl run-time errors when checking a provider interface.
- Handle case where a provider interface matches a wildcard

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-09 07:56:16 -08:00
Tom Eastep
b871fc689c Merge branch 'FETCH_HEAD' into 4.5.14 2013-03-09 07:11:47 -08:00
Tom Eastep
cfe2bd11b0 Allow 'none' in the COPY column when the DUPLICATE column is empty.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-08 19:18:13 -08:00
Tom Eastep
bd64baa8d9 Require at least one zone for a provider
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-08 13:08:23 -08:00
Tom Eastep
e1f7a9dbf8 Reverse an earlier silly patch.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-08 10:38:13 -08:00
Tom Eastep
fe6533943c Correct 'routes' manpages.
- change 4.5.15 with 4.5.14 for the availability of blackhole routes
- Add 'main' to the legal providers.
2013-03-08 08:26:08 -08:00
Tom Eastep
7913082d41 Merge branch 'master' into 4.5.14 2013-03-08 08:19:43 -08:00
Tom Eastep
a990ceecba Clarify ipsets WRT xtables-addons.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-08 08:18:00 -08:00
Tom Eastep
4586568649 Merge branch '4.5.14' of ssh://git.code.sf.net/p/shorewall/code 2013-03-08 08:00:43 -08:00
Tom Eastep
b4d4083513 Split large '--ports' lists across multiple rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-08 07:38:23 -08:00
Tom Eastep
91f5a9dec0 Make 'main' work correctly when specified in the routes file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-08 07:26:49 -08:00
Tom Eastep
50030bcc2d Revert "Don't allow routes to be added to non-Provider tables."
This reverts commit 6f9a1ba29d.
2013-03-08 06:55:12 -08:00
Tom Eastep
8eacbe287b Correction to MULTIPORT patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 18:11:59 -08:00
Tom Eastep
6f9a1ba29d Don't allow routes to be added to non-Provider tables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 17:18:57 -08:00
Tom Eastep
6ba02c4a24 Merge branch 'master' into 4.5.14
Conflicts:
	Shorewall/Perl/Shorewall/Providers.pm
2013-03-07 08:29:30 -08:00
Tom Eastep
c4f0be96ac Require that interfaces in the COPY column be known.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 07:32:56 -08:00
Tom Eastep
7da10ff923 Additional change to copy blackhole routes.
- Add 'blackhole' to the outer case statement
- Add RFC1918 blackhole routes before starting providers.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 07:01:58 -08:00
Tom Eastep
ace9a49106 Allow addition of blackhole routes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 07:01:41 -08:00
Tom Eastep
7f2c933cb3 Copy blackhole routes to secondary tables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 07:01:18 -08:00
Tom Eastep
f091935f96 Merge branch 'FETCH_HEAD' 2013-03-07 06:53:44 -08:00
Tom Eastep
5aa731e963 Additional change to copy blackhole routes.
- Add 'blackhole' to the outer case statement
- Add RFC1918 blackhole routes before starting providers.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-07 06:52:16 -08:00
Tom Eastep
5e0749da3c New approach to copying blackhole routes to secondary routing tables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 20:02:48 -08:00
Tom Eastep
06e7f297f7 Allow addition of blackhole routes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 11:48:09 -08:00
Tom Eastep
216029c3a9 Copy blackhole routes to secondary tables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 11:04:23 -08:00
Tom Eastep
ec5e1b54c1 Correct COPY description in the multi-ISP document.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 08:28:18 -08:00
Tom Eastep
e12bc47546 Remove duplicate interface names in generated case statement.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 08:28:12 -08:00
Tom Eastep
384c179dd6 Avoid duplicate echo command in generated script.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 08:28:03 -08:00
Tom Eastep
ef291b79d5 Correct COPY description in the multi-ISP document.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 07:56:42 -08:00
Tom Eastep
32b2030e59 Remove duplicate interface names in generated case statement.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 07:03:41 -08:00
Tom Eastep
0bb62ed290 Avoid duplicate echo command in generated script.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-06 06:12:43 -08:00
Tom Eastep
6ffedae4fb Document '=' in the SOURCE PORT(S) column of shorewall-tcrules(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-05 08:39:14 -08:00
Tom Eastep
631c1ac843 Mention the multiport match requirement for '='
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-04 12:53:00 -08:00
Tom Eastep
49918b654e Support '=' in SOURCE PORT(S) columns
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-04 09:56:10 -08:00
Tom Eastep
fbfd265c0d Merge branch 'FETCH_HEAD'
Conflicts:
	Shorewall/Perl/Shorewall/Chains.pm
2013-03-03 17:50:16 -08:00
Tom Eastep
0857eb27d5 Another case of detecting invalid server IP address.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-02 09:08:13 -08:00
Tom Eastep
69f6149d4c Detect missing, NIL or ALL server IP address in a DNAT rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-02 09:00:08 -08:00
Tom Eastep
5ca3b795fc Correct IPv6 REDIRECT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-01 16:44:49 -08:00
Tom Eastep
9499a47a0d Revert "Use '--to-dest' for IPv6 rather than '--to-destination'"
This reverts commit c9d8c22b60.
2013-03-01 10:44:40 -08:00
Tom Eastep
c9d8c22b60 Use '--to-dest' for IPv6 rather than '--to-destination'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-01 09:03:22 -08:00
Tom Eastep
8960f72532 Handle DNAT with no port correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-01 07:58:58 -08:00
Tom Eastep
252dd9b676 Correct SUBSYSLOCK setting in shorewall6.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-28 07:45:17 -08:00
Tom Eastep
ee091d09eb Allow ports with UDPLITE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-28 06:27:51 -08:00
Tom Eastep
22c614d30b Don't allow :persistent in a MASQUERADE rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-27 12:48:27 -08:00
Tom Eastep
418034579f Support IPv6 Masquerade
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-27 09:25:26 -08:00
Tom Eastep
78babf0941 Fixes for IPv6 DNAT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-02-26 10:24:25 -08:00