Commit Graph

387 Commits

Author SHA1 Message Date
Matt Darfeuille
05a15c6f8b patches and request
Tom,

Some patches for the trunk repo(fixes.patch):

Patch1: Fix a typo in the path being printed for the standard actions
file.
Patch2: Will only install the shorewall's manpages if the variable
MANDIR is none-empty(I did it only for the sake of completeness)!
Patch3: Will only install the shorewall-lite's manpages if the
variable MANDIR is none-empty.
Patch4: Correct multiple product name's typos in
shorewall-init/install.sh.
Patch5: Remove ~/.shorewallrc when shorewall-core is uninstalled.

And two other  patches for the release repo(changelog-1.patch):

Patch1: Changed restart to reload for the line: 'Update DHCP
article(refresh -> restart).
Patch2: Rephrased the line for the newly added ?WARNING and ?INFO
directives.

Request:
Could the date of the compiled firewall script also be displayed when
'shorewall status' is executed?

-Matt

-------------- Enclosure number 2 ----------------
>From a5ae24bbe9b25aefdbcc4d7c8e5d013a36b03078 Mon Sep 17 00:00:00 2001
From: Matt Darfeuille <matdarf@gmail.com>
Date: Sat, 23 Apr 2016 14:44:19 +0200
Subject: [PATCH 1/5] Fix typo in printed path for standard actions file

Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-27 15:07:44 -07:00
Tom Eastep
47edfaf093 Create standard error messages in the CLI
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-27 10:13:24 -07:00
Tom Eastep
524838ae47 Implement $SW_LOGGERTAG
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-15 14:29:51 -07:00
Tom Eastep
fc2b555cdb Correct date formatting in startup_error()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-11 15:24:35 -07:00
Tom Eastep
8dc88898c8 Tidy up the output of 'shorewall[6][-lite] show bl'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 17:22:22 -07:00
Tom Eastep
05e4049174 Ipset-based blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 16:07:56 -07:00
Tom Eastep
3c544b20e6 Convert the state actions to use the 'state' action option
- Also avoid the CLI having to know about builtin actions

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-14 14:54:09 -07:00
Tom Eastep
c56ba534d6 Yet more PAGER fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-02 12:34:39 -08:00
Tom Eastep
90bc894200 More PAGER fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-02 08:58:26 -08:00
Tom Eastep
90d254f0c3 Add PAGER option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-02 08:32:49 -08:00
Tom Eastep
a95de8d092 Page the output of verbose commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-01 15:12:54 -08:00
Tom Eastep
8a02624f05 Update copyrights in the install and uninstall scripts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-02-29 11:03:09 -08:00
Tom Eastep
bf8c131545 Add a local variable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-02-15 10:36:53 -08:00
Tom Eastep
1553e6b831 Sort the output of 'show actions'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-02-10 08:37:47 -08:00
Tom Eastep
9aa915a5e0 Avoid errors from 'status -i' when there are no optional interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-15 16:39:47 -08:00
Tom Eastep
2f59ea5ca3 Implement the WAIT_OPTION capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-05 09:28:24 -08:00
Tom Eastep
0c66e5f1b2 More Openwrt support in Shorewall-init from Matt Darfeuille
- Also, various cleanup in install/uninstall scripts

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-04 15:45:21 -08:00
Tom Eastep
89d91d37a1 Add Shorewall-init installer support for OpenWRT
- Supply sysconfig files for all products

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-27 16:47:31 -08:00
Tom Eastep
fc426923b1 Accept host=debian.* in the configure scripts (Matt Darfeuille)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-12 08:10:34 -08:00
Tom Eastep
5bc471ff03 Another fix to configure.pl from Matt Darfeuille
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-11 14:37:52 -08:00
Tom Eastep
0bc250ba11 More configure/install/uninstall fixes from Matt Darfeuille
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-06 12:04:34 -08:00
Tom Eastep
09af9130df Correct syntax error in lib.cli
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-05 08:42:34 -08:00
Tom Eastep
4139c932a4 More configure/install/uninstall fixes from Matt Darfeuille
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-05 08:31:22 -08:00
Tom Eastep
8e7f001f7e Update manpages for column renaming
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-12-04 14:53:26 -08:00
Tom Eastep
f4fef3a931 Configure script corrections for Debian
- Matt Darfeuille and Tom Eastep

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-29 09:06:39 -08:00
Tom Eastep
b087cee7f0 Redefine MODULESDIR
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-28 08:36:12 -08:00
Tom Eastep
dab780368f Use netstat if ss isn't installed
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-16 15:02:47 -08:00
Tom Eastep
8ae6e3ff57 A couple more OpenWRT fixes
- Detect OpenWRT in the configure script
- Fix the Shorewall6-lite uninstaller
2015-11-07 07:20:44 -08:00
Tom Eastep
ec1c9bd991 Delete shorewallrc from Shorewall-core
- Inadvertently added during OpenWRT testing

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-06 14:12:28 -08:00
Tom Eastep
6f560bda38 More OpenWRT tweaks from Matt Darfeuille
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-06 14:01:02 -08:00
Tom Eastep
7cce2e4ed5 Fix mkdir command in mutex_on()
- Also support 'lock' utility on openWRT

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-05 12:38:54 -08:00
Tom Eastep
3d4cde76aa OpenWRT support in the installers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-04 13:29:59 -08:00
Tom Eastep
ca0ac0473c Another tweak to syslog_circular_buffer()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-03 18:59:10 -08:00
Tom Eastep
3890a5c1fd Correct syslog_circular_buffer()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-02 14:29:06 -08:00
Tom Eastep
332f636d29 Adjust LOGFILE if circular log buffer
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-11-01 07:25:34 -08:00
Tom Eastep
d1bad364e9 Correct syntax error in installers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 17:54:20 -07:00
Tom Eastep
5807d44733 Allow HOST=default in the configure scripts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 13:29:02 -07:00
Tom Eastep
aa680d8472 Avoid double slashes in pathnames within the installers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 12:57:33 -07:00
Tom Eastep
3d06a75768 Remove more %_b instances
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 12:43:22 -07:00
Tom Eastep
073b2992cc Require the 'install' utility in the installers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 12:43:01 -07:00
Tom Eastep
27d94c8921 Improve check for circular log buffer
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 08:31:46 -07:00
Tom Eastep
f90567abf1 Add support for OpenWRT BB and later
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-31 08:08:17 -07:00
Tom Eastep
c83536767e Move get_config() into the overloadable part of the file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-30 08:54:07 -07:00
Tom Eastep
1848c3fa45 Add lib.cli-user support to the -lite products
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-30 08:47:01 -07:00
Tom Eastep
38049fd0df Correct "remote-" commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-26 20:06:10 -07:00
Tom Eastep
1e2cfcd9a3 Deal with missing 'hostname' utility
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-10-21 17:41:01 -07:00
Tom Eastep
1b571f3d86 Correct the reset command
- Also allow chain names to be specified a la the refresh command

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-09-11 14:16:16 -07:00
Tom Eastep
ed90360b4c Remove all of the update-specific options from the update command
Leave -i and -A

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-31 14:21:41 -07:00
Tom Eastep
5ead22aa48 Move fatal_error() to lib.base
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-21 14:19:20 -07:00
Tom Eastep
0d635632e3 Add conversion of notrack to conntrack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-08 16:46:58 -07:00
Tom Eastep
73c8b563a1 Add -s option to update to convert the routestopped file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-07 13:46:16 -07:00
Tom Eastep
4bf714aca0 Correct debian systemd shorewallrc file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 14:53:05 -07:00
Tom Eastep
2eb1cb5e6e More debian changes from 4.6.12
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 14:35:03 -07:00
Tom Eastep
ef9e75753a Restore .214 files
- Also merge Debian changes from 4.6.12

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-01 11:23:35 -07:00
Tom Eastep
67589cab69 More version changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-28 10:59:11 -07:00
Tom Eastep
f233031b08 Update shorewallrc files' versions
- Correct the SERVICEDIR setting for debian

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-28 10:33:22 -07:00
Tom Eastep
b1d75e53a1 Correct syntax error in lib.cli
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-27 07:23:39 -07:00
Tom Eastep
cecc81ce82 Update .service files
- make the .214 versions the default and remove the ones name *.214
- Add 'ExecReload' to all but Shorewall-init
- Create Debian-specific versions with /etc/default rather than /etc/sysconfig
2015-07-26 10:58:03 -07:00
Tom Eastep
a00bf196a3 Remove all workarounds
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 10:27:30 -07:00
Tom Eastep
f9ec0c6930 New 'reload' and 'restart' semantics
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 09:59:49 -07:00
Tom Eastep
3959feebe0 Remove extraneous line that causes a "not found" shell diagnostic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-10 09:35:43 -07:00
Tom Eastep
0414166d6d 'show connections' enhancement
- Allow tayloring of the entries displayed by specifying conntrack
  -L options.
2015-06-29 14:55:47 -07:00
Tom Eastep
7153146759 Don't ask for script version when WORKAROUNDS=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-28 09:18:47 -07:00
Tom Eastep
a911ec318e Add a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-27 09:19:14 -07:00
Tom Eastep
5ca68477d5 Corrections to last commit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 15:18:07 -07:00
Tom Eastep
9f08726794 Eliminate running the script twice is some cases
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 14:32:43 -07:00
Tom Eastep
846d629c47 Eliminate the usage() function in lib.cli-std
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 12:55:34 -07:00
Tom Eastep
5003e826b9 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-06-09 10:58:58 -07:00
Tuomo Soini
f8d95d1ee9 rename not_configured() to not_configured_error()
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-06-09 20:29:45 +03:00
Tom Eastep
7f50557250 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2015-06-08 13:50:47 -07:00
Tuomo Soini
5221c92d7f Add to lib.common a new function not_configured()
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-06-08 22:18:01 +03:00
Tom Eastep
2956698298 Corrections to WORKAROUNDS implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-06 12:15:03 -07:00
Tom Eastep
019e49b481 Implement WORKAROUNDS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-01 12:59:25 -07:00
Tom Eastep
93c7e2c2f7 Change the way in which a warning message is suppressed
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-26 15:54:41 -07:00
Tom Eastep
ba7afcaeae Make 'call' a supported command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-21 10:38:35 -07:00
Tom Eastep
4b27c72c79 Set exit code to 6 when startup is disabled
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-07 14:12:41 -07:00
Tom Eastep
fe37844455 Correct CLI helper capability detection
- Previously, the HELPERS setting was ignored

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-02 07:54:01 -07:00
Tom Eastep
2cea78e6df Add the 'reenable' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 13:02:12 -07:00
Tom Eastep
3cb45f234e Delete questionable logic in lib.cli
- It hasn't worked since there was a typo in it that prevented it from
  doing the correct thing.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-07 12:12:59 -07:00
Tom Eastep
23137e5e8a Correct typo in lib.cli
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-07 09:23:35 -07:00
Tom Eastep
77165326f2 Merge branch '4.6.8'
Conflicts:
	Shorewall6/uninstall.sh
2015-04-03 14:02:21 -07:00
Tom Eastep
eb3a162560 Apply Matt Darfeuille's fix for fatal_error()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-02 13:26:51 -07:00
Tom Eastep
7442c2189d Implement TCPMSS_TARGET capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-31 15:53:05 -07:00
Tom Eastep
0c11870e46 Implement the 'savesets' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-17 10:03:12 -07:00
Tom Eastep
fdc36747ad Allow the 'open' and 'close' commands to handle icmp
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-16 16:25:32 -07:00
Tom Eastep
ecaae1f644 Improve editing of open numbers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-15 10:15:39 -07:00
Tom Eastep
52e7efc666 Move open_close_setup() inside open_close_command()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-14 09:42:43 -07:00
Tom Eastep
86d6d6900e Improve 'close' and 'show opens' commands
- close accepts a rule number
- list opens displays rule numbers

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-14 08:54:30 -07:00
Tom Eastep
095e523c9f Add 'show opens' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 13:10:23 -08:00
Tom Eastep
2817060edb Improvements to the 'open' and 'close' commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-06 08:13:44 -08:00
Tom Eastep
a85fdc45ac Implement 'open' and 'close' commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-03-05 16:20:54 -08:00
Orion Poplawski
9ad0b297e2 Supporting xz compressed kernel modules
- I've attached a patch that adds xz support to the default MODULE_SUFFIX.
- I'm wondering it wouldn't be better to not have MODULE_SUFFX=ko in various
sample configs so that the default value is used instead:

./Shorewall/configfiles/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/Universal/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/three-interfaces/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/two-interfaces/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/one-interface/shorewall.conf:MODULE_SUFFIX=ko
./docs/MultiISP.xml:MODULE_SUFFIX=ko
./docs/MyNetwork.xml:MODULE_SUFFIX=ko
./Shorewall6/configfiles/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/Universal/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/three-interfaces/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/two-interfaces/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/one-interface/shorewall6.conf:MODULE_SUFFIX=ko

- Is:

MODULE_SUFFIX=

sufficient to use the default value or does it need to be commented out?

Thanks,

  Orion

--
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       orion@nwra.com
Boulder, CO 80301                   http://www.nwra.com

>From f13edf8fc07c7b62825408b8665b10d6014d368d Mon Sep 17 00:00:00 2001
From: Orion Poplawski <orion@cora.nwra.com>
Date: Mon, 26 Jan 2015 09:48:48 -0700
Subject: [PATCH] Support xz compressed modules

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-06 12:51:00 -08:00
Tom Eastep
740e19968b Don't complain if the 'ip' executable doesn't exist.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-09 12:20:51 -08:00
Tom Eastep
33e2e19193 Always set IP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 09:28:50 -08:00
Tom Eastep
4a4bfe77ce Implement IFACE_MATCH capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 09:05:06 -08:00
Tom Eastep
3890b8a884 Infrastructure for detecting loopback interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 08:49:38 -08:00
Tom Eastep
15a2fd14f9 Implement TARPIT target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-28 15:23:30 -08:00
Tom Eastep
685825a336 Correct Handling of Dynamic Zones
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-13 13:48:36 -08:00
Evangelos Foutras
3a64ef7d3a Set SBINDIR to /usr/bin in shorewallrc.archlinux
/usr/bin is the directory used for all binaries that were previously
installed to /bin, /sbin or /usr/sbin. This unification occurred in
Arch Linux in mid-2013, so might as well change it in Shorewall too.

Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 07:55:08 -08:00
Evangelos Foutras
b746c9319f Rename SYSTEMDDIR to SERVICEDIR in shorewallrc.*
This was omitted from commit e3b1034 (Change SYSTEMDDIR to SERVICEDIR).

Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 07:55:04 -08:00