Commit Graph

3431 Commits

Author SHA1 Message Date
Tom Eastep
61f6cacc30 Infrastructure required by Docker
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-02-20 14:01:48 -08:00
Tom Eastep
caba1cd770 DOCKER=Yes requires IPTABLES_S
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-02-20 10:03:06 -08:00
Tom Eastep
4306ff1029 Correct 'save_dynamic_chains'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-02-20 09:57:11 -08:00
Tom Eastep
663f82c158 Move nat POSTROUTING rules to SHOREWALL if DOCKER=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-02-20 09:24:06 -08:00
Tom Eastep
e66d9f6547 Add DOCKER option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-02-19 17:42:54 -08:00
Tom Eastep
f33f333937 Make 'default' and 'none' case insensitive in the GATEWAY column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-02-17 15:25:46 -08:00
Tom Eastep
94cfe54f92 Allow routing tables with no default route
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-02-17 11:49:09 -08:00
Tom Eastep
8ac0f96029 Delete blank line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-02-09 18:20:00 -08:00
Tom Eastep
894a98f24e Improve optimizer handling of origin during rule merge
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-02-04 12:00:05 -08:00
Tom Eastep
bd9e8142b9 Ensure that the chain origin is used when there is no rule origin
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-02-03 10:43:10 -08:00
Tom Eastep
916a392fb0 Improve chain-completion rule tracking
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-02-02 14:57:47 -08:00
Tom Eastep
28983a0194 Add comment describing the origin member of a rule
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-31 09:29:24 -08:00
Tom Eastep
2cd098ba31 Update heading versions and copyrights
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-28 13:46:34 -08:00
Tom Eastep
9188f7efa3 Don't export shortlineinfo2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-28 13:38:26 -08:00
Tom Eastep
95a029316a Improve get_keys*()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-28 12:51:23 -08:00
Tom Eastep
d4bea3d3ec Optimize TRACK_RULES handling in the Chains module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-28 11:38:48 -08:00
Tom Eastep
6085c6092f Add origin comments to command-mode rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-28 10:58:09 -08:00
Tom Eastep
48df3d9627 Add origin member to the providers table
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-28 10:34:36 -08:00
Tom Eastep
94442abfcf Correct check for duplicate interface in providers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-28 10:34:16 -08:00
Tom Eastep
86f2e23f33 Invoke add_irule_extended rather than a hack that predated that function
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-27 19:01:23 -08:00
Tom Eastep
6e9d5f45ec Avoid spurious comment in jump to interface option chains.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-27 16:50:03 -08:00
Tom Eastep
039fd6ddd8 Move origin handling into log_[i]rule_limit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-27 14:24:56 -08:00
Tom Eastep
57288086bf Unify TRACK_RULES handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-27 12:55:21 -08:00
Tom Eastep
f999acda63 Eliminate shortlineinfo1()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-27 10:21:08 -08:00
Tom Eastep
b4723da07c Eliminate $globals{TRACK_GLOBALS}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-26 16:45:47 -08:00
Tom Eastep
3860a1dc72 Ensure that %origin is populated
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-26 16:31:04 -08:00
Tom Eastep
e756820ca1 Revert "Unify TRACK_RULES settings implementation"
This reverts commit 866cb04cbb.
2016-01-26 11:49:26 -08:00
Tom Eastep
866cb04cbb Unify TRACK_RULES settings implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-25 18:07:46 -08:00
Tom Eastep
6ef136a546 Add origin information for entries in shorewall[6].conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-25 15:49:18 -08:00
Tom Eastep
9b3b4579a2 Change TRACK_RULES setting from Internal to File
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-24 16:15:36 -08:00
Tom Eastep
3e404b765f Make .ip[6]tables-restore-input comments conditional
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-23 17:04:52 -08:00
Tom Eastep
2235641c9f Add origin to the ip[6]tables input.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-23 15:13:12 -08:00
Tom Eastep
3fe4619f66 Fix origin in interfaces and hosts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-23 13:49:52 -08:00
Tom Eastep
247698a14d Add origin in some rules from the Misc module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-23 12:31:53 -08:00
Tom Eastep
73b20c832c Add 'origin' member to rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-23 10:45:26 -08:00
Tom Eastep
8ac754caed Add 'origin' member to the interface and hosts tables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-21 17:08:19 -08:00
Tom Eastep
1abb77d66d Remove restrictions on -m geoip
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-18 22:30:15 -08:00
Tom Eastep
a28f3012d5 Correct $VERSION setting in Raw.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-18 09:38:35 -08:00
Tom Eastep
7d443b5e2e Eliminate return value from process_action()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-18 09:08:35 -08:00
Tom Eastep
a945b3e0dd Tweak the process_action() changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 17:03:46 -08:00
Tom Eastep
ec6c233666 Centralize Rules module handling of @CALLER in actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 16:29:35 -08:00
Tom Eastep
4059e9de95 Clean up use_policy_action()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 12:35:12 -08:00
Tom Eastep
1ee645cd79 Another determinism fix -- red and codel options are now sorted
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 09:50:34 -08:00
Tom Eastep
1fedb26f1d Handle @CALLER in policy chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-17 09:42:01 -08:00
Tom Eastep
031371f259 Improve maintainability of action-tuple code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-16 17:26:16 -08:00
Tom Eastep
742c15b289 Improve @CALLER fix to create unique chains per caller
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-16 17:12:03 -08:00
Tom Eastep
726d1492cd Correct error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-13 17:08:57 -08:00
Tom Eastep
12513e24a3 Revert "Implement dynamic actions"
This reverts commit 8075ba719a.
2016-01-13 11:04:41 -08:00
Tom Eastep
21765d618d Create unique chains when @caller is used
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-13 11:04:23 -08:00
Tom Eastep
de21c59885 Correct hashlimit in logging rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-13 09:49:22 -08:00