Tom Eastep
|
1b82dedb77
|
Preserve shell variables when converting masq -> snat
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-06 13:53:05 -08:00 |
|
Tom Eastep
|
6398756647
|
Add a routine to split the raw current line image
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-06 08:44:24 -08:00 |
|
Tom Eastep
|
daa2440d9a
|
Ensure that $directive_callback->() gets an unaltered image
- pass omitted lines to that function as well
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-06 08:03:31 -08:00 |
|
Tom Eastep
|
6a89fd1367
|
Merge branch 'master' into 5.0.14
|
2016-11-04 08:37:55 -07:00 |
|
Tom Eastep
|
ffe1e1d335
|
Fix typo in the two-interface sample snat file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-04 08:36:24 -07:00 |
|
Tom Eastep
|
cecfe54ef6
|
Avoid shell errors when /proc/net/xt_recent/ is empty.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-03 21:29:01 -07:00 |
|
Tom Eastep
|
8441ac5c5f
|
Handle another issue with ADD_SNAT_ALIASES=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-03 15:06:38 -07:00 |
|
Tom Eastep
|
01a6881f4f
|
Catch total lack of address/port in SNAT argument
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-02 19:30:55 -07:00 |
|
Tom Eastep
|
f917670fbd
|
Tighten editing of SNAT/MASQ port ranges.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-02 19:30:18 -07:00 |
|
Tom Eastep
|
c376740329
|
Detect degenerate addr:port[-range] in SNAT rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-02 15:28:00 -07:00 |
|
Tom Eastep
|
4169520d63
|
Handle exceptionrule correctly with MASQUERADE.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-02 14:36:51 -07:00 |
|
Tom Eastep
|
53d97bbcc8
|
Correct handling of masquerade port range when ADD_SNAT_ALIASES=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-02 12:28:00 -07:00 |
|
Tom Eastep
|
9ae36e1989
|
Correct error message when multiple SNAT addresses are present.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-02 12:27:32 -07:00 |
|
Tom Eastep
|
60619fb3cb
|
Correct part of a recent patch to Nat.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-02 09:00:19 -07:00 |
|
Tom Eastep
|
41ecee356b
|
Correct earlier faulty patch to Nat.pm.
- Similar Rules.pm patch was okay.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-01 19:39:52 -07:00 |
|
Tom Eastep
|
e188bde6c4
|
Fix additional masq/snat issues.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-01 18:42:16 -07:00 |
|
Tom Eastep
|
6e08717089
|
Formatting changes to snat files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-01 17:11:43 -07:00 |
|
Tom Eastep
|
d37967f32f
|
Replace --to-ports <ports> with --to-source :<ports>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-01 16:52:08 -07:00 |
|
Tom Eastep
|
10c1ad245a
|
Handle omitted port[-range] in SNAT correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-01 12:59:44 -07:00 |
|
Tom Eastep
|
032a16eb43
|
Detect incorrect port-range separator in SNAT(...)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-11-01 11:28:19 -07:00 |
|
Tom Eastep
|
a89d8b3af4
|
Fix Shorewall installer re: snat file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-31 16:13:48 -07:00 |
|
Tom Eastep
|
3f68814a38
|
Disallow more than one address[-range] in SNAT rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-31 15:15:35 -07:00 |
|
Tom Eastep
|
3a70185284
|
A couple of documentation updates
- Anatomy
- Bridge (Perl)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-31 11:09:06 -07:00 |
|
Tom Eastep
|
95a1e65016
|
Clear target modifiers in interface loop
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-30 16:25:17 -07:00 |
|
Tom Eastep
|
282253022e
|
Correct handling of address variables out of the Providers module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-29 14:59:34 -07:00 |
|
Tom Eastep
|
174f46f3e6
|
More snat documentation changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-28 14:56:44 -07:00 |
|
Tom Eastep
|
4d77d673e8
|
Be sure NAT is enabled before processing an snat file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-28 09:30:17 -07:00 |
|
Tom Eastep
|
e4e424bbdc
|
Disallow '+' in inline SNAT action bodies
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-28 08:58:47 -07:00 |
|
Tom Eastep
|
71fb1a8cbd
|
Correct error message ( s/\*/+/ )
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-27 14:32:43 -07:00 |
|
Tom Eastep
|
46c8147521
|
Deprecate INLINE_MATCHES=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-27 13:55:11 -07:00 |
|
Tom Eastep
|
de3b05ea41
|
Correctly translate +INLINE(...)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-27 12:21:07 -07:00 |
|
Tom Eastep
|
ae9b57d854
|
Correct NONAT translation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-26 16:06:28 -07:00 |
|
Tom Eastep
|
1a06765d14
|
Add Bill Shirley's logging suggestions to the logging article
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-26 16:06:15 -07:00 |
|
Tom Eastep
|
579910fdb8
|
Fix MASQUERADE+ Handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-26 14:40:16 -07:00 |
|
Tom Eastep
|
21877d5fcb
|
Force a reload when enabling an interface whose IP address has changed
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-26 13:39:50 -07:00 |
|
Tom Eastep
|
0b9387f09c
|
Force address Detection on optional interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-25 14:42:03 -07:00 |
|
Tom Eastep
|
ee8ffc3ceb
|
Add SNAT action example to the Actions article
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-25 10:57:32 -07:00 |
|
Tom Eastep
|
fdfd8b919b
|
Merge branch '5.0.13'
|
2016-10-24 12:52:01 -07:00 |
|
Tom Eastep
|
3d3ae81bce
|
Restore old wording for Version 4 ipset creation message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-24 12:51:43 -07:00 |
|
Tom Eastep
|
3b6b89336e
|
Eliminate superfluous test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-24 11:57:56 -07:00 |
|
Tom Eastep
|
fc0ad7cd2e
|
Be sure that the 'restriction' member exists for the FORWARD chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-24 11:37:40 -07:00 |
|
Tom Eastep
|
c9b1b7684c
|
Correct handling of dest IPSET.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-24 09:06:05 -07:00 |
|
Tom Eastep
|
b8ec460a1a
|
Correct grammar in the ipset creation message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-24 08:49:51 -07:00 |
|
Tom Eastep
|
46b8e2e957
|
Avoid exception when validating 'occurs' in TC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-24 08:14:12 -07:00 |
|
Tom Eastep
|
0ed813972b
|
Auto-create ipsets used in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-23 16:44:07 -07:00 |
|
Tom Eastep
|
f9cfde91e5
|
Correctly handle ipset in tcfilter DEST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-23 16:43:49 -07:00 |
|
Tom Eastep
|
3df488e710
|
Correct handling of ipsets in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-23 16:28:36 -07:00 |
|
Tom Eastep
|
0efc7a4899
|
Correct restriction and chain number handling in the mangle files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-23 15:36:04 -07:00 |
|
Tom Eastep
|
d241421630
|
Merge branch '5.0.13'
|
2016-10-23 08:34:47 -07:00 |
|
Tom Eastep
|
e0203bca87
|
Correct nill address check in handling of 'origdest=detect'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-10-23 08:34:24 -07:00 |
|