Commit Graph

2047 Commits

Author SHA1 Message Date
Tom Eastep
5729be6431
Add dropInvalid to BLACKLIST_DEFAULT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-10 09:06:41 -08:00
Tom Eastep
1a381f717c
Revert "Remove Multicast from the shorewall6.conf samples"
This reverts commit 655f260cb6.
2017-03-10 08:54:05 -08:00
Tom Eastep
655f260cb6
Remove Multicast from the shorewall6.conf samples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-03-09 13:16:52 -08:00
Tom Eastep
d20ad64739
Correct FAQ 1e
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-25 08:54:14 -08:00
Tom Eastep
c4f21ffefb
Additional documentation changes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-15 13:11:52 -08:00
Tom Eastep
944888c04f
Handle broadcast and muticast separately
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-15 10:16:20 -08:00
Tom Eastep
7e984af094
Some cleanup of policy actions
- Allow '+' in policy file action list

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-07 13:19:53 -08:00
Tom Eastep
e91f414223
Document policy action changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 17:09:23 -08:00
Tom Eastep
e45b96ca20
Update blacklisting article:
- ipset-based blacklisting
- BLACKLIST policy and action

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-26 13:17:11 -08:00
Tom Eastep
889ca756a1
Document @action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-23 08:58:42 -08:00
Tom Eastep
45b9ddf188
Add BALANCE_PROVIDERS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-17 08:58:09 -08:00
Tom Eastep
2d16fac9ed
Revert "Implement USE_DEFAULT_RT=Exact"
This reverts commit 2ca1ae734a.
2017-01-17 08:25:33 -08:00
Tom Eastep
2ca1ae734a
Implement USE_DEFAULT_RT=Exact
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-14 08:14:08 -08:00
Tom Eastep
a15b2918a4
Remove ipsec-tools/Racoon config info from the IPSEC-2.6 Article
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-08 13:32:34 -08:00
Tom Eastep
75a9e45caf
Documentation cleanup
- Update Copyright years
- Tweaks to the Anatomy article

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-02 09:17:59 -08:00
Tom Eastep
26f181ef2a
Add SERVICEDIR to the init file paragraph titles
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-29 14:28:46 -08:00
Tom Eastep
b0ea9db0bd
Update the Anatomy article for 5.1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-28 11:28:09 -08:00
Tom Eastep
7a3865bcfc
Eliminate duplicate id tags in the Anatomy article
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-28 11:24:30 -08:00
Tom Eastep
7b96d41065
Correct typo in the Shorewall 5 article
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-24 13:01:44 -08:00
Tom Eastep
dcade04fba
Update Shorewall5 article for 5.1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-20 08:38:49 -08:00
Tom Eastep
273b02c6da
Add IPCOMP information to the IPSEC article
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-17 12:31:17 -08:00
Tom Eastep
e98abac706
Define MYNET in the QOS example
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-12 09:35:03 -08:00
Roberto C. Sánchez
8a6dcc469b
Fix typo 2016-11-21 11:59:57 -05:00
Tom Eastep
3a70185284
A couple of documentation updates
- Anatomy
- Bridge (Perl)

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-31 11:09:06 -07:00
Tom Eastep
174f46f3e6
More snat documentation changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-28 14:56:44 -07:00
Tom Eastep
1a06765d14
Add Bill Shirley's logging suggestions to the logging article
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-26 16:06:15 -07:00
Tom Eastep
21877d5fcb
Force a reload when enabling an interface whose IP address has changed
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-26 13:39:50 -07:00
Tom Eastep
ee8ffc3ceb
Add SNAT action example to the Actions article
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-25 10:57:32 -07:00
Tom Eastep
6e30c286c3
Reword Address Variable Warning
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-22 19:06:56 -07:00
Tom Eastep
9c749731c5
Add caution regarding Address Varibles
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-22 14:39:40 -07:00
Tom Eastep
5b5f91f75f
SNAT option documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 15:32:22 -07:00
Tom Eastep
05dbfbb988
Restrict hypen as range separator to use with integers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 13:26:44 -07:00
Tom Eastep
2ca86d9abd
Merge branch '5.0.13' 2016-10-16 10:22:12 -07:00
Tom Eastep
ef0253905a
More document updates for the snat file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 16:16:30 -07:00
Tom Eastep
026c30cfff
Update the documentation for /etc/shorewall/snat
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 13:52:28 -07:00
Tom Eastep
b5906812a2
Accept '-' as the separator in a port range.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-14 10:10:03 -07:00
Tom Eastep
289825a76f
Update to logging article
- correct a typo
- recommend using NFLOG rather than ULOG
2016-10-12 10:02:59 -07:00
Tom Eastep
0bf5ca7e0c
Rename lsm->foolsm in MultiISP article
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-07 08:01:11 -07:00
Tom Eastep
0f287dfe60
Add 'reload' to config basic document as appropriate
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-24 08:05:47 -07:00
Tom Eastep
ef4b1c2030
Add a TIME Columns section to the config file basics doc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-22 15:45:18 -07:00
Tom Eastep
3954636fb5
Document 'comment' in the alternate input format
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-01 14:46:54 -07:00
Tom Eastep
d3591c071d
Correct dump instructions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-02 09:23:49 -07:00
Tom Eastep
65d5249bd8
Link to Digimer's article on Shorewall/REL7
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-07 12:44:28 -07:00
Roberto C. Sánchez
0364c15be1
Fix typos, thanks to Marco Di Cerbo for reporting them 2016-07-06 08:46:32 -04:00
Tom Eastep
094fd8129c
Update copyright and version info in the config basics doc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-25 12:11:34 -07:00
Matt Darfeuille
0925636995
(Fwd) [Shorewall-users] Shorewall-lite on OpenWRT
On 7 Jun 2016 at 8:21, Tom Eastep wrote:

> On 06/07/2016 06:40 AM, Matt Darfeuille wrote:
> > On 5 Jun 2016 at 12:53, Tom Eastep wrote:
> >
> >> On 06/05/2016 12:33 PM, Matt Darfeuille wrote:
> >>> On 5 Jun 2016 at 7:57, Tom Eastep wrote:
> >>>
> >>>> On 05/29/2016 02:00 AM, Matt Darfeuille wrote:
> >>>>
> >>>> Hi Matt,
> >>>>
> >>>>>
> >>>>> -------------- Enclosure number 1 ----------------
> >>>>> >From 6ff651108df33ab8be4562caef03a8582e9eac5e Mon Sep 17 00:00:00 2001
> >>>>> From: Matt Darfeuille <matdarf@gmail.com>
> >>>>> Date: Tue, 24 May 2016 13:10:28 +0200
> >>>>> Subject: [PATCH 1/8] Emulate 'ps -p' using grep to work on openwrt
> >>>>>
> >>>>> Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
> >>>>> ---
> >>>>>  Shorewall-core/lib.common | 2 +-
> >>>>>  1 file changed, 1 insertion(+), 1 deletion(-)
> >>>>>
> >>>>> diff --git a/Shorewall-core/lib.common b/Shorewall-core/lib.common
> >>>>> index 03ecb2a..fcb02ee 100644
> >>>>> --- a/Shorewall-core/lib.common
> >>>>> +++ b/Shorewall-core/lib.common
> >>>>> @@ -776,7 +776,7 @@ mutex_on()
> >>>>>  		error_message "WARNING: Stale lockfile ${lockf} removed"
> >>>>>  	    elif [ $lockpid -eq $$ ]; then
> >>>>>                  return 0
> >>>>> -	    elif ! qt ps p ${lockpid}; then
> >>>>> +	    elif ! qt ps | grep -v grep | grep ${lockpid}; then
> >>>>
> >>>> I don't see how this can work -- 'qt ps' will produce no output yet the
> >>>> code pipes into tandem greps.
> >>>>
> >>>> Do you really want this instead?
> >>>>
> >>>> elif ! ps | grep -v grep | qt grep ${lockpid}; then
> >>>>
> >>>
> >>> Oops sorry Tom, that's what I meant(do you want the corrected
> >>> patch?)!
> >>
> >> Yes, please.
> >>
> >
> > Tom, along with correcting this faulty commit I realize, after some
> > more testing, that I've also sent unnecessary commits.
> >
> > Should I revert these 3 commits(git revert ...):
> > Set proper permissions for the LOCKFILE on openwrt
> > 2ded346cb557212389212fd5adcd4c6800edbb62
> > Create lockfile before using openwrt's lock utility
> > 08e8796ff1abc3b24b8bbd40bf5e0a2b36464d61
> > Emulate 'ps -p' using grep to work on openwrt
> > 6ff651108df33ab8be4562caef03a8582e9eac5e
> >
> > or should I simply create new commits that will correct these faulty
> > commits?
> >
> > In other words what's the best way to correct submited commits.
> >
>
> Matt,
>
> Either way is fine.
>

Hopefully these 3 commits will do it(code-fixes.patch):

Patch 1 will correct the error you have point out!
On OpenWRT the lock utility doesn't allow to append the pid of the
currently running script to the LOCKFILE that's why I've simply
deleted that line(patch 2).
I've also reordered the permissions line to be added after the line
that will lock the file specified by the LOCKFILE variable(patch 3).

and two other patches:
While installing shorewall-init using the DESTDIR variable on debian,
'mkdir' would complain if the directory ${DESTDIR}/${etc}/default
already exist; corrected using 'mkdir -p ...'(patch 4).
The last patch will correct a typo in the blacklisting_support
article.

-Matt

-------------- Enclosure number 1 ----------------
>From 1a2ff15c8dc994030e819d2882570d188b99c501 Mon Sep 17 00:00:00 2001
From: Matt Darfeuille <matdarf@gmail.com>
Date: Wed, 8 Jun 2016 09:09:46 +0200
Subject: [PATCH 1/5] Correct pid detection mutex_on()

Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-08 15:40:48 -07:00
Tom Eastep
2809d6896c
Clarify dynamic sub-zones
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-18 08:20:23 -07:00
Tom Eastep
1d066bdfa4
Minor updates to the Shorewall 5 article
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-18 08:19:47 -07:00
Tom Eastep
590243a787 Add NFLOG as a supported mangle action
- Also document nflog-parameters
- Correct range of nflog groups

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-03 11:27:34 -07:00
Tom Eastep
d959fd4445 Fix link
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-30 08:37:20 -07:00