Commit Graph

14663 Commits

Author SHA1 Message Date
Tom Eastep
1b82dedb77
Preserve shell variables when converting masq -> snat
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-06 13:53:05 -08:00
Tom Eastep
6398756647
Add a routine to split the raw current line image
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-06 08:44:24 -08:00
Tom Eastep
daa2440d9a
Ensure that $directive_callback->() gets an unaltered image
- pass omitted lines to that function as well

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-06 08:03:31 -08:00
Tom Eastep
6a89fd1367
Merge branch 'master' into 5.0.14 2016-11-04 08:37:55 -07:00
Tom Eastep
ffe1e1d335
Fix typo in the two-interface sample snat file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-04 08:36:24 -07:00
Tom Eastep
cecfe54ef6
Avoid shell errors when /proc/net/xt_recent/ is empty.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-03 21:29:01 -07:00
Tom Eastep
8441ac5c5f
Handle another issue with ADD_SNAT_ALIASES=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-03 15:06:38 -07:00
Tom Eastep
01a6881f4f
Catch total lack of address/port in SNAT argument
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-02 19:30:55 -07:00
Tom Eastep
f917670fbd
Tighten editing of SNAT/MASQ port ranges.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-02 19:30:18 -07:00
Tom Eastep
c376740329
Detect degenerate addr:port[-range] in SNAT rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-02 15:28:00 -07:00
Tom Eastep
4169520d63
Handle exceptionrule correctly with MASQUERADE.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-02 14:36:51 -07:00
Tom Eastep
53d97bbcc8
Correct handling of masquerade port range when ADD_SNAT_ALIASES=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-02 12:28:00 -07:00
Tom Eastep
9ae36e1989
Correct error message when multiple SNAT addresses are present.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-02 12:27:32 -07:00
Tom Eastep
60619fb3cb
Correct part of a recent patch to Nat.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-02 09:00:19 -07:00
Tom Eastep
41ecee356b
Correct earlier faulty patch to Nat.pm.
- Similar Rules.pm patch was okay.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-01 19:39:52 -07:00
Tom Eastep
e188bde6c4
Fix additional masq/snat issues.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-01 18:42:16 -07:00
Tom Eastep
6e08717089
Formatting changes to snat files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-01 17:11:43 -07:00
Tom Eastep
d37967f32f
Replace --to-ports <ports> with --to-source :<ports>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-01 16:52:08 -07:00
Tom Eastep
10c1ad245a
Handle omitted port[-range] in SNAT correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-01 12:59:44 -07:00
Tom Eastep
032a16eb43
Detect incorrect port-range separator in SNAT(...)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-01 11:28:19 -07:00
Tom Eastep
a89d8b3af4
Fix Shorewall installer re: snat file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-31 16:13:48 -07:00
Tom Eastep
3f68814a38
Disallow more than one address[-range] in SNAT rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-31 15:15:35 -07:00
Tom Eastep
3a70185284
A couple of documentation updates
- Anatomy
- Bridge (Perl)

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-31 11:09:06 -07:00
Tom Eastep
95a1e65016
Clear target modifiers in interface loop
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-30 16:25:17 -07:00
Tom Eastep
282253022e
Correct handling of address variables out of the Providers module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-29 14:59:34 -07:00
Tom Eastep
174f46f3e6
More snat documentation changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-28 14:56:44 -07:00
Tom Eastep
4d77d673e8
Be sure NAT is enabled before processing an snat file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-28 09:30:17 -07:00
Tom Eastep
e4e424bbdc
Disallow '+' in inline SNAT action bodies
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-28 08:58:47 -07:00
Tom Eastep
71fb1a8cbd
Correct error message ( s/\*/+/ )
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-27 14:32:43 -07:00
Tom Eastep
46c8147521
Deprecate INLINE_MATCHES=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-27 13:55:11 -07:00
Tom Eastep
de3b05ea41
Correctly translate +INLINE(...)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-27 12:21:07 -07:00
Tom Eastep
ae9b57d854
Correct NONAT translation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-26 16:06:28 -07:00
Tom Eastep
1a06765d14
Add Bill Shirley's logging suggestions to the logging article
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-26 16:06:15 -07:00
Tom Eastep
579910fdb8
Fix MASQUERADE+ Handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-26 14:40:16 -07:00
Tom Eastep
21877d5fcb
Force a reload when enabling an interface whose IP address has changed
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-26 13:39:50 -07:00
Tom Eastep
0b9387f09c
Force address Detection on optional interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-25 14:42:03 -07:00
Tom Eastep
ee8ffc3ceb
Add SNAT action example to the Actions article
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-25 10:57:32 -07:00
Tom Eastep
fdfd8b919b
Merge branch '5.0.13' 2016-10-24 12:52:01 -07:00
Tom Eastep
3d3ae81bce
Restore old wording for Version 4 ipset creation message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-24 12:51:43 -07:00
Tom Eastep
3b6b89336e
Eliminate superfluous test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-24 11:57:56 -07:00
Tom Eastep
fc0ad7cd2e
Be sure that the 'restriction' member exists for the FORWARD chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-24 11:37:40 -07:00
Tom Eastep
c9b1b7684c
Correct handling of dest IPSET.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-24 09:06:05 -07:00
Tom Eastep
b8ec460a1a
Correct grammar in the ipset creation message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-24 08:49:51 -07:00
Tom Eastep
46b8e2e957
Avoid exception when validating 'occurs' in TC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-24 08:14:12 -07:00
Tom Eastep
0ed813972b
Auto-create ipsets used in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-23 16:44:07 -07:00
Tom Eastep
f9cfde91e5
Correctly handle ipset in tcfilter DEST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-23 16:43:49 -07:00
Tom Eastep
3df488e710
Correct handling of ipsets in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-23 16:28:36 -07:00
Tom Eastep
0efc7a4899
Correct restriction and chain number handling in the mangle files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-23 15:36:04 -07:00
Tom Eastep
d241421630
Merge branch '5.0.13' 2016-10-23 08:34:47 -07:00
Tom Eastep
e0203bca87
Correct nill address check in handling of 'origdest=detect'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-23 08:34:24 -07:00