Commit Graph

5571 Commits

Author SHA1 Message Date
Tom Eastep
724115bcbf Add macro.ActiveDir
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-15 13:21:37 -08:00
Tom Eastep
89a09f0256 Implement DEFER_DNS_RESOLUTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-13 17:00:14 -08:00
Tom Eastep
54dbbaaa2d Don't resolve DNS names at compile time.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-13 10:34:31 -08:00
Tom Eastep
90bd19feb9 Convert DNS names into ip addresses in validate_net().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-13 07:39:27 -08:00
Tom Eastep
853b9ce916 Enable DNS names without an interface name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-12 14:38:26 -08:00
Tom Eastep
c61d51363d Correct generation of rules in the ESTABLISHED section of the rules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-12 06:49:32 -08:00
Tom Eastep
af83989465 Update copyright dates.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-11 16:01:10 -08:00
Tom Eastep
b53fd39b49 Avoid a fatal Perl error in Config::cleanup when an fatal error occurs
while compiling a default action.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-11 15:50:23 -08:00
Tom Eastep
38097bef5d Correct an optimizer bug.
- delete_chain_and_references() was only deleting the downward references
  and not the upward ones.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-11 14:55:43 -08:00
Tom Eastep
76a63fb7e8 Don't flush 'noarp' ARP entries
= doing so kills the loopback interface

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-10 17:14:40 -08:00
Tom Eastep
f41b2fbffc Clarify the LENGTH column of the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-09 16:22:38 -08:00
Tom Eastep
15ca9edf8a Allow delete_tc1() to work on devices which an @ suffix in their reported names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-09 14:09:07 -08:00
Tom Eastep
199bce925f Don't add chains with RETURNs to %terminating.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-09 12:54:29 -08:00
Tom Eastep
1fd3a6a522 Detect terminating chains
- no RETURN Rules
- last rule is terminating

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-08 16:32:24 -08:00
Tom Eastep
011dd2c901 Add a RETURNS flag to optflags indicating that there is RETURN in the chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-08 15:25:53 -08:00
Tom Eastep
e54563d9c1 Don't append rules that can't be matched.
Also, delete chains whose only rule is a -j RETURN

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-08 13:53:03 -08:00
Tom Eastep
f8c1b02dba Correct test for optimization in 'check -r'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-08 09:51:32 -08:00
Tom Eastep
dece73f7b6 Another fix for *C actions in arprules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 18:59:24 -08:00
Tom Eastep
5883bc3f50 Correct typo (DNAC -> DNATC) in shorewall-arptables(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 18:33:27 -08:00
Tom Eastep
eb3b47ae24 Correctly handle *C actions in arprules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 18:29:41 -08:00
Tom Eastep
c157228f7d Correct handling of unknown ACTION in arprules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 18:21:58 -08:00
Tom Eastep
a7af052d91 Correct issue with generating ESTABLISHED rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 16:07:24 -08:00
Tom Eastep
414a74d23c Support protocol lists in most files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 16:06:54 -08:00
Tom Eastep
0526863e66 Make $section numeric
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 13:39:49 -08:00
Tom Eastep
5dbe2aa9ec Optimize a test in finish_chain_section().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 07:00:15 -08:00
Tom Eastep
ca202ca10b Flush the arp cache after applying the arprules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-06 17:46:40 -08:00
Tom Eastep
de4e0898b5 Catch protocol lists in contexts that don't allow them.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-06 17:23:14 -08:00
Tom Eastep
edc0a84e5d Optimize RELATED rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-06 16:48:37 -08:00
Tom Eastep
d4c9885c09 Change interpretation of the log tag when LOGTAGONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-06 13:10:18 -08:00
Tom Eastep
c41b9e596d Don't add --cstate to dropInvalid rule.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-06 09:42:55 -08:00
Tom Eastep
9fd7933b5d Make inline actions work in sections other than NEW.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-06 09:32:50 -08:00
Tom Eastep
f223e3584c Make '+' optional in the ADD and DEL statements.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-06 07:37:11 -08:00
Tom Eastep
3f24416f37 Add a warning for opcode inversion when not arptables_jf.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-05 13:14:32 -08:00
Tom Eastep
38aa7f3857 Correct opcode inversion when not ARPTABLES_JF
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-05 08:26:46 -08:00
Tom Eastep
7f6430a383 Correct address inversion in match_arp_net()
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-05 08:20:51 -08:00
Tom Eastep
4fc0dba26d Correct two-interface check in process_arprule.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-05 08:17:53 -08:00
Tom Eastep
0c7e10dbfa Add a comment to the Zones file
- define the {bridge} member.
2013-01-05 08:15:56 -08:00
Tom Eastep
97009bad79 Correct arptables_jf MAC handling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-04 17:27:16 -08:00
Tom Eastep
af7b7195d2 Fix MAC handling in the ARP module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-04 15:55:52 -08:00
Tom Eastep
a732f6e538 Add some comments to the ARP module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-04 15:07:51 -08:00
Tom Eastep
38657d9f98 Support for arptables.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-04 09:17:57 -08:00
Tom Eastep
90e0c8b717 Don't update mtime on shorewall.conf during update that doesn't change the file
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-02 15:03:07 -08:00
Tom Eastep
f955abe18b Unify IPv4 and IPv6 modules.xtables files
- only difference now is xt_ipp2p

Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-01 08:44:36 -08:00
Tom Eastep
25b2341ecf Add sch_fq_codel to modules.tc
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-01 08:29:41 -08:00
Tom Eastep
aca3ce3c21 Delete blank line
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-01 08:29:02 -08:00
Tom Eastep
34f8125416 Correct a couple of issues with update -D
- shorewall.conf.bak is no longer unlinked
- The mtime of all unaltered files is no longer updated
2012-12-31 12:43:02 -08:00
Tom Eastep
87715e5f0b Correct Typo
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2012-12-31 10:36:27 -08:00
Tom Eastep
4590e25052 Correct modules.xtables
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2012-12-31 08:54:32 -08:00
Tom Eastep
5848d7cab7 Correct helper validation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-30 13:20:56 -08:00
Tom Eastep
5dfc27355e Correct a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 11:34:12 -08:00
Tom Eastep
115081dda5 Tweak fq_codel documentation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 11:20:16 -08:00
Tom Eastep
6d9cca1cff fq_codel
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 10:58:11 -08:00
Tom Eastep
51deec115b Correct handling of wildcard interfaces
- chain_base[1] renamed var_base[1]
- $chain replaced by $var in renamed functions
- replace trailing '+' by '_plus' to provide uniqueness
- add sub chain_base() to the Chains module as an identity mapper

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-28 10:39:19 -08:00
Tom Eastep
643f419264 Merge branch '4.5.11'
Conflicts:
	Shorewall/Perl/Shorewall/Rules.pm

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-28 09:02:33 -08:00
Tom Eastep
2009a66bb5 Avoid invalid function name for starting an optional interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-28 08:04:06 -08:00
Tom Eastep
ebe4267c49 Rename IGNOREOLDCAPVERSIONS to WARNOLDCAPVERSION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:58:45 -08:00
Tom Eastep
8b92a59821 Ignore '-m comment' when detecting duplicate rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:51:33 -08:00
Tom Eastep
f96bc7cc2d Cosmetic cleanup of the .conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:01:37 -08:00
Tom Eastep
8bb6f81dc5 Rename IGNOREOLDCAPS to IGNOREOLDCAPVERSIONS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 08:54:22 -08:00
Tom Eastep
01a8ff20d4 Add the xtables modules to modules.xtables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 16:06:54 -08:00
Tom Eastep
ef0102e9f1 Add the 'IGNOREOLDCAPS' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 15:48:08 -08:00
Tom Eastep
14bbda14a2 Add some comments describing Config.pm globals
- Also changed $shell from 'my' to 'our'.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 10:55:13 -08:00
Tom Eastep
62406e261d Correct typo in shorewall-masq(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 07:43:06 -08:00
Tom Eastep
bfeea76cf2 Disallow ?FORMAT when $max_format == 1
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/Perl/Shorewall/Config.pm
2012-12-26 07:37:23 -08:00
Tom Eastep
100e03cf93 Don't set $nocomment in in-line action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 07:06:29 -08:00
Tom Eastep
84cc78c58e Eliminate @comments
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-25 17:00:24 -08:00
Tom Eastep
3f28af80d2 Disallow ?FORMAT when $max_format == 1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-25 08:10:48 -08:00
Tom Eastep
6126ae67e6 Don't apply AUTOCOMMENT or comment continuation to inline actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-24 13:50:26 -08:00
Tom Eastep
575020c851 More comment handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-24 13:35:42 -08:00
Tom Eastep
1c212e878f Restore SECTION handling in Accounting File
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-24 13:33:44 -08:00
Tom Eastep
4393a6c603 Eliminate redundant calls to clear_comment.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-24 12:35:08 -08:00
Tom Eastep
fca5b75c5b Merge branch '4.5.11' 2012-12-24 10:30:43 -08:00
Tom Eastep
c942a95d3c Allow ?COMMENT in accounting.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-24 10:15:23 -08:00
Tom Eastep
89ea37e088 Correct nested comments.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-24 10:11:53 -08:00
Tom Eastep
14f8947012 Remove old COMMENT/FORMAT handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-24 09:31:20 -08:00
Tom Eastep
15817078b8 Use 'our' for globals to aid debugging.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-23 13:16:54 -08:00
Tom Eastep
0acd93a032 Ensure that action and macro files always allow comment directives.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-23 12:19:30 -08:00
Tom Eastep
4d2379f542 Implement update -D
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-23 10:50:31 -08:00
Tom Eastep
c9eccaf3b8 Implement ?COMMENT directive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-23 10:49:32 -08:00
Tom Eastep
44a4f6d77d Move COMMENT handling to the Config module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-22 13:51:24 -08:00
Tom Eastep
e4e61c4193 A more uniform way of handling $max_format
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-22 11:57:25 -08:00
Tom Eastep
0cd0675c98 Always push $file_format and $max_format onto the include stack.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-22 08:15:46 -08:00
Tom Eastep
bc230c00a3 Optimizations in process_compiler_directive()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-22 08:14:46 -08:00
Tom Eastep
96b61ea05c Update documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-21 16:13:23 -08:00
Tom Eastep
dbd55acba2 Update samples, standard Actions and Macros to use ?FORMAT 2012-12-21 15:51:14 -08:00
Tom Eastep
10108b2d6a Convert file processors to use ?FORMAT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-21 15:49:28 -08:00
Tom Eastep
35aeaf340f Implement ?FORMAT directive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-21 15:31:42 -08:00
Tom Eastep
0eb041d2d1 Correct ?SET error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-21 15:23:26 -08:00
Tom Eastep
a5debe793f Add $file_format exported variable and handle in the include stack.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-21 15:14:23 -08:00
Tom Eastep
eb20283a55 Replace $1-$5 with @1-@5 in the standard actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-21 14:00:05 -08:00
Tom Eastep
df7785f2e9 Implement user-defined address variables.
- Also correct handling of ${0} & ${chain} in a SWITCH column.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-18 17:58:20 -08:00
Tom Eastep
2869a9a94d Rename add_quotes to join_parts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-15 16:12:03 -08:00
Tom Eastep
3fbe3aad09 Merge branch '4.5.10' 2012-12-14 06:34:45 -08:00
Tom Eastep
7c6fcfccd5 Fix typo on line 21 on the conntrack file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-14 06:33:54 -08:00
Tom Eastep
1cbeaa6a9f Apply Tuomo Soini's tabs patches for the rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-13 09:26:09 -08:00
Tom Eastep
b6e699ca5c Factor some common code into a function.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-13 06:46:57 -08:00
Tom Eastep
743478614b Make @0 work correctly again.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-12 13:13:17 -08:00
Tom Eastep
5944b4fc7b Make @chain (@{chain}) a synonym for @0 (@{0})
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-12 11:55:04 -08:00
Tom Eastep
8a0abab4cc Rename 'ALLOWUNKNOWNVARIABLES' to 'IGNOREUNKNOWNVARIABLES'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-12 11:51:31 -08:00
Tom Eastep
5da7db3d5f Implement @-variables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-12 11:46:38 -08:00
Tom Eastep
14cdaf21fc Handle nested params in push_action_params()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-09 10:45:29 -08:00
Tom Eastep
88d4814209 Merge branch '4.5.10'
Conflicts:
	Shorewall/Perl/Shorewall/Config.pm
2012-12-08 20:54:33 -08:00
Tom Eastep
4d064d6713 Replace spaces with tabs in rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-07 16:48:55 -08:00
Tom Eastep
6ab5cfd63a Use split_list2 in isolate_basic_target()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-06 19:12:44 -08:00
Tom Eastep
7190cd1265 Handle nested parens when pushing action parameters.
- Add an optional argument to split_list1 that causes parens to be retained.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:

	Shorewall/Perl/Shorewall/Config.pm
2012-12-06 15:20:10 -08:00
Tom Eastep
61d67a4741 Remove extraneous comment from the rule generated by action.RST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-06 15:13:46 -08:00
Tom Eastep
5f48e4e531 Handle nested parens when pushing action parameters.
- Add an optional argument to split_list1 that causes parens to be retained.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-06 15:13:14 -08:00
Tom Eastep
0a31d9ba41 Remove extraneous comment from the rule generated by action.RST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-06 15:10:53 -08:00
Tom Eastep
fdadb57e82 Minor readability improvement
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-05 19:41:18 -08:00
Tom Eastep
56d7b6248b Begin Action Documentaiton Update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-05 19:07:42 -08:00
Tom Eastep
8139f2ad91 Rename process_conditional() to process_compiler_directive()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-05 14:53:03 -08:00
Tom Eastep
189cd59650 Improve expression evaluation
- Only quote values when there is not an odd number of preceding quotes
- Make address family test return a numeric value
- Unconditionally trace the generated expression if debugging is set.
- Convert an empty expression into '' rather than generate an error.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-05 08:37:50 -08:00
Tom Eastep
4ec47783f1 Detect missing target in merge_levels()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-05 07:52:07 -08:00
Tom Eastep
2875fbb521 Cosmetic change (add a blank line).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-05 07:51:41 -08:00
Tom Eastep
25c53f5a60 Detect missing target in merge_levels()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-05 07:51:21 -08:00
Tom Eastep
c61c9ba7eb Make expression evaluation more deterministic.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 18:10:19 -08:00
Tom Eastep
2fbbc70e83 Only do SET and RESET when we aren't omitting.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 16:27:18 -08:00
Tom Eastep
c18996b6f5 Implement ?set and ?reset directives
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 14:28:03 -08:00
Tom Eastep
02cbd72a91 Merge branch '4.5.10' 2012-12-04 10:56:09 -08:00
Tom Eastep
60012d1208 Add additional space for the OPTIONS column
- actions and actions.std problem

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 10:54:32 -08:00
Tom Eastep
903e25a91a Add ALLOWUNKNOWNVARIABLES to the sample configurations.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 09:04:34 -08:00
Tom Eastep
8f1e8bf475 Add 'ALLOWUNKNOWNVARIABLES' to the manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 08:50:23 -08:00
Tom Eastep
fb2d876683 Rename $loglevel and $logtag to $_loglevel and $_logtag respectively.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 08:49:59 -08:00
Tom Eastep
a25b3c68ee Rename %symbols to %variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-04 08:49:25 -08:00
Tom Eastep
314632f1f4 Unified symbol table for shell variables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-03 17:18:21 -08:00
Tom Eastep
409f5f2aab Expand variables from the shorewallrc1 then shorewallrc hashes 2012-12-03 15:33:33 -08:00
Tom Eastep
fb0035bdf3 Add ALLOWUNKNOWNVARIABLES option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-03 14:43:35 -08:00
Tom Eastep
72aabef0fa Add $logaction and $logtag as variables usable within actions
- Also make action variables usable in ?if and ?elsif expressions.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-03 12:31:47 -08:00
Tom Eastep
fc3606a489 Prepare for multiple options in actions files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-03 08:17:55 -08:00
Tom Eastep
ad4709cb6d Small effeciency improvement
- Don't check for 'bad match' until it is known that the matches are the same.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-03 06:54:44 -08:00
Tom Eastep
c0abdc1fe8 Add some comments in and around delete_duplicates()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-02 17:31:13 -08:00
Tom Eastep
cd5e9be467 Carefully suppress duplicate rules in all tables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-02 12:20:24 -08:00
Tom Eastep
c05c928c6c Delete adjacent duplicate rules in tables other than 'raw'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-02 09:21:04 -08:00
Tom Eastep
a33cf5cc91 Fix AUTOCOMMENT=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-02 08:26:54 -08:00
Tom Eastep
9da507ae98 Remove error messages from 6 actions regarding in-line.
- The compiler now ignores 'inline' for these actions.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-02 07:13:09 -08:00
Tom Eastep
e0e7b2a9f2 Correct action.DropSmurfs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-02 07:11:58 -08:00
Tom Eastep
65676cb865 Support passing log levels inside parameters.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 15:06:51 -08:00
Tom Eastep
8ebbdee20f Only look for numerics if a shell variable begins with a number.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 12:52:26 -08:00
Tom Eastep
6c1a5b8051 Be more agressive about detecting action recursion.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 12:10:06 -08:00
Tom Eastep
cc657e571d Update action templates with new columns.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 10:25:10 -08:00
Tom Eastep
f358a78eca Revise the description of 'noinline' to match the changed implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 09:33:38 -08:00
Tom Eastep
b9adc2ebec Remove another vestage of CONDITION_INIT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 09:33:01 -08:00
Tom Eastep
44f00cd0aa Restore original $actionfile logic in process_actions()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 08:09:20 -08:00
Tom Eastep
ae5680401f Remove questionable autocreate of an action in createlogactionchain()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 08:04:29 -08:00
Tom Eastep
8cbe26e32c Ignore 'inline' for certain actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-01 07:54:42 -08:00
Tom Eastep
146402d9be Yet another correction to the same line :-(
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-30 09:55:24 -08:00
Tom Eastep
70f26d8bb2 Correct line in prior commit.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-30 09:30:27 -08:00
Tom Eastep
893d054cb8 Reduce the block levels in define_firewall()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-30 08:46:49 -08:00
Tom Eastep
53fd0e7c8c Don't require functions called from Shorewall::Compiler::compiler to know the current indentation.
Also, add an optional 'times' parameter to push_indent() and pop_indent().

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-30 07:49:42 -08:00
Tom Eastep
6702bb1989 Revert condition initialization patch.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-11-30 07:31:29 -08:00