Tom Eastep
|
a66256b25b
|
Additional refinements of check_state()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-06 08:16:42 -08:00 |
|
Tom Eastep
|
11b976fb36
|
Correct reference type in check_state()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-05 19:55:22 -08:00 |
|
Tom Eastep
|
a6ccd53fe0
|
Unconditionally use '-j' to branch to a state chain or DISPOSITION.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-04 15:17:49 -08:00 |
|
Tom Eastep
|
b22b63b1c3
|
Don't use '-g' when DISPOSITION is CONTINUE.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-04 15:09:17 -08:00 |
|
Tom Eastep
|
615df6ab8f
|
Handle 'RETURN' in state chain with terminating disposition.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-04 15:08:20 -08:00 |
|
Tom Eastep
|
3757607356
|
Remove cruft from two actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-04 10:11:51 -08:00 |
|
Tom Eastep
|
f6faef7cd0
|
Correct syntax error in action.Untracked
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-04 09:58:38 -08:00 |
|
Tom Eastep
|
d8214885f2
|
Assume that the conntrack state value in a rule is not a reference.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-04 08:29:50 -08:00 |
|
Tom Eastep
|
475942deb9
|
Normalize rules prior to combine_state tests.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-03 18:14:14 -08:00 |
|
Tom Eastep
|
f1707d2ace
|
More state rule check fixes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-03 18:02:02 -08:00 |
|
Tom Eastep
|
c5dc69b750
|
Correct state actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-03 17:21:51 -08:00 |
|
Tom Eastep
|
30d96afb69
|
Push/pop $actionresult.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-03 12:43:28 -08:00 |
|
Tom Eastep
|
014b4ddc50
|
Combine adjacent rules differing only in conntrack state match.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-03 09:03:22 -08:00 |
|
Tom Eastep
|
61c219ed3a
|
Clarify the CHAIN column in the accounting manpage. Also mention ipset support.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-03 08:00:24 -08:00 |
|
Tom Eastep
|
5b9d1a6159
|
Handle UNTRACKED_DISPOSITION=ACCEPT correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-03 07:59:47 -08:00 |
|
Tom Eastep
|
752463bfab
|
Fix TCPFlags
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-02 22:19:13 -08:00 |
|
Tom Eastep
|
ebef29e161
|
Handle port numbers being passed to one of the tcp-specific actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-02 12:48:54 -08:00 |
|
Tom Eastep
|
9b30f48ba0
|
Correct handling of actions when @chain is altered.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-02 10:57:08 -08:00 |
|
Tom Eastep
|
e013e218a2
|
Don't try to import process_rule1 in three action files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-02 09:45:12 -08:00 |
|
Tom Eastep
|
0616dd9fcb
|
Add 'New' action for conntrack state NEW
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-02 09:33:24 -08:00 |
|
Tom Eastep
|
8249831e6d
|
Detect some state conflicts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-02 09:32:57 -08:00 |
|
Tom Eastep
|
cc1054be66
|
Correct handling of audited dispositions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-02 09:30:25 -08:00 |
|
Tom Eastep
|
c68d4c6e27
|
Simplify Perl from actions even further.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-01 15:55:39 -08:00 |
|
Tom Eastep
|
752e960f2f
|
Allow specification of the action type via perl_action_helper().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-01 12:59:48 -08:00 |
|
Tom Eastep
|
a5d3b1f470
|
Remove requirement that matches and proto end with a space in perl helper API.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-01 12:29:30 -08:00 |
|
Evangelos Foutras
|
c9247c8074
|
Remove Arch Linux init file
Arch Linux only supports systemd now.
Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-01 10:13:54 -08:00 |
|
Tom Eastep
|
abca3a2024
|
Improve maintainability of @colums vis a vis @rulecolumns.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-30 10:47:40 -08:00 |
|
Tom Eastep
|
8d28c44946
|
Remove 'audit' parameter handling from new state actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-30 10:45:10 -08:00 |
|
Tom Eastep
|
f407068d20
|
Update shorewall[6]-actions(5) regarding inline for some standard actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-30 08:27:30 -08:00 |
|
Tom Eastep
|
755d605578
|
Make %statetable global
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-30 08:26:47 -08:00 |
|
Tom Eastep
|
78db4abef5
|
Remove some redundant local variables from finish_chain_section()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-30 08:02:23 -08:00 |
|
Tom Eastep
|
fc73c3934b
|
Replace BLACKLISTNEWONLY with BLACKLIST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-30 08:00:47 -08:00 |
|
Tom Eastep
|
75fb164234
|
Don't issue fatal error if a proto other than tcp is passed to a tcp-only inline
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-29 10:31:20 -08:00 |
|
Tom Eastep
|
27c5e67632
|
Rename process_rule to process_raw_rule and process_rule1 to process_rule
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-29 10:13:48 -08:00 |
|
Tom Eastep
|
61d8f704f9
|
Correct rule-generation detection in perl_action_helper
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-29 09:43:12 -08:00 |
|
Tom Eastep
|
f33e36b61e
|
Raise an error if a protocol other than TCP is passed to a TCP-only inline
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-29 07:46:50 -08:00 |
|
Tom Eastep
|
670931c987
|
Initialize the columns array to '-'s.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-29 07:46:07 -08:00 |
|
Tom Eastep
|
316b67473e
|
Merge branch 'master' into 4.5.13
Conflicts:
Shorewall/Perl/Shorewall/Rules.pm
Shorewall/action.Established
Shorewall/actions.std
|
2013-01-29 07:30:52 -08:00 |
|
Tom Eastep
|
42f46ea5e7
|
Accurately determine if an inline action generates a rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 20:46:20 -08:00 |
|
Tom Eastep
|
49166efdca
|
Make the TCP standard actions inline
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 18:01:08 -08:00 |
|
Tom Eastep
|
5a2c1792cb
|
Inline the conntrack state actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 16:55:54 -08:00 |
|
Tom Eastep
|
de2cf6edf3
|
Correct typo in the actions.std files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 12:08:00 -08:00 |
|
Tom Eastep
|
6b889e537f
|
Correct typo in the actions.std files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 12:07:04 -08:00 |
|
Tom Eastep
|
a70c441458
|
Add CONTINUE as a possible setting for RELATED_DISPOSITION.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 11:47:45 -08:00 |
|
Tom Eastep
|
519861d7b2
|
Add CONTINUE as a possible setting for RELATED_DISPOSITION.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 07:58:03 -08:00 |
|
Tom Eastep
|
2e8eeff416
|
Correct error messages that include the section name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 07:41:52 -08:00 |
|
Tom Eastep
|
2217f89902
|
Correctly initialize $chainref->{sections} vis-a-vis FASTACCEPT.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 07:41:45 -08:00 |
|
Tom Eastep
|
5c63444c14
|
Correct error messages that include the section name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 07:41:09 -08:00 |
|
Tom Eastep
|
cfa5d86f5c
|
Correctly initialize $chainref->{sections} vis-a-vis FASTACCEPT.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-28 07:40:26 -08:00 |
|
Tom Eastep
|
f7bdb71aad
|
Add an Established action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-27 15:40:53 -08:00 |
|
Tom Eastep
|
819c8bf492
|
Add Established action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-27 15:38:25 -08:00 |
|
Tom Eastep
|
b3b074fb61
|
More infrastructure
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-27 15:37:23 -08:00 |
|
Tom Eastep
|
cbbcfe355e
|
Infrastructure for more powerful action handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-27 12:37:10 -08:00 |
|
Tom Eastep
|
2a2e23cb17
|
Merge branch '4.5.13'
|
2013-01-27 11:26:59 -08:00 |
|
Tom Eastep
|
1b94c3651d
|
Always handle ESTABLISHED before the other connection states.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-27 10:56:41 -08:00 |
|
Tom Eastep
|
b1b2aa910e
|
Correct section handling:
- Correct typo (' INVALID' -> 'INVALID' )
- Don't jump to non-existent target in finish_chain_section()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-27 10:14:27 -08:00 |
|
Tom Eastep
|
aa609b87a9
|
Allow arbitrary actions for the various states.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-27 10:10:24 -08:00 |
|
Tom Eastep
|
a3a90d8d2e
|
Correct section handling:
- Correct typo (' INVALID' -> 'INVALID' )
- Don't jump to non-existent target in finish_chain_section()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-27 10:08:02 -08:00 |
|
Tom Eastep
|
6c8761c7dd
|
Add a "matches" argument to process_rule1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-27 08:21:30 -08:00 |
|
Tom Eastep
|
9194165e89
|
Handle explicit CONTINUE value for UNTRACKED_DISPOSITION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-27 08:17:09 -08:00 |
|
Tom Eastep
|
6306103991
|
Clean up fix for optimize 8 performance issue
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-27 08:13:27 -08:00 |
|
Tom Eastep
|
749773f89a
|
Handle explicit CONTINUE value for UNTRACKED_DISPOSITION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-27 08:12:49 -08:00 |
|
Tom Eastep
|
5db317b6f7
|
Clean up fix for optimize 8 performance issue
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-27 07:55:55 -08:00 |
|
Tom Eastep
|
380d427a5d
|
Dramatically reduce the CPU cost of optimize 8.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-26 17:46:31 -08:00 |
|
Tom Eastep
|
6ce392b08e
|
Correct handling of handle_first_entry() to avoid runaway recursion.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-26 12:18:17 -08:00 |
|
Tom Eastep
|
69b660ba56
|
Add Related and Untracked actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-26 09:45:16 -08:00 |
|
Tom Eastep
|
5fa01728ad
|
Pass UNTRACKED packets through the blacklist chain when BLACKLISTNEWONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-26 09:18:20 -08:00 |
|
Tom Eastep
|
7bc66da663
|
Call handle_first_entry in the warning/error-message generators.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-26 07:30:50 -08:00 |
|
Tom Eastep
|
b8cc9c5a6a
|
Drop chain-ending rules whose target is 'RETURN'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-25 14:03:04 -08:00 |
|
Tom Eastep
|
b7273d6999
|
Favor low-numbered less complex synonym chains in optimization 8.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-25 13:55:04 -08:00 |
|
Tom Eastep
|
c958329d14
|
More manpage updates for RELATED and UNTRACKED rules sections.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-24 19:24:01 -08:00 |
|
Tom Eastep
|
e12b919dc1
|
Prefer shorter action chain names in optimize level 8.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-24 17:25:11 -08:00 |
|
Tom Eastep
|
18c0956374
|
Fix two bugs in the UNTRACKED section implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-24 16:41:18 -08:00 |
|
Tom Eastep
|
575673a8f5
|
Correct broken links in the .conf manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-24 15:42:20 -08:00 |
|
Tom Eastep
|
6403f4959d
|
Implement UNTRACKED SECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-24 15:42:01 -08:00 |
|
Tom Eastep
|
0ca93c1ac9
|
Unify handling of the RELATED and INVALID sections within finish_chain_section()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-24 14:38:02 -08:00 |
|
Tom Eastep
|
a40c74ddec
|
Eliminate forward declaration of finish_chain_section()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-24 09:04:50 -08:00 |
|
Tom Eastep
|
c2bc74cdfe
|
Add INVALID section to the rules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-24 08:33:59 -08:00 |
|
Tom Eastep
|
a03e793907
|
Added OUT-BANDWIDTH to the tcinterfaces column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-22 16:33:57 -08:00 |
|
Tom Eastep
|
7fe2027229
|
Eliminate superfluous ESTABLISHED,RELATED rule
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-22 16:17:19 -08:00 |
|
Tom Eastep
|
8fe36422b5
|
Delete stale comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-22 10:44:12 -08:00 |
|
Tom Eastep
|
17eae4adee
|
Update the description of BLACKLISTNEWONLY to match the implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-22 09:11:15 -08:00 |
|
Tom Eastep
|
f61f5a8183
|
Don't copy a chain that has a single RETURN rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-22 09:07:07 -08:00 |
|
Tom Eastep
|
4ed5c5fdfe
|
Sort the chain list in optimize_level8.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-21 16:00:32 -08:00 |
|
Tom Eastep
|
25d6164f21
|
Try to avoid ~combN chains when dealing with action chains.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-21 11:51:33 -08:00 |
|
Tom Eastep
|
32c475193f
|
Another fix for RELATED_DISPOSITION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-21 11:50:46 -08:00 |
|
Tom Eastep
|
982fabc96f
|
Delete $caller argument from process_default_action()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-21 09:45:54 -08:00 |
|
Tom Eastep
|
5beae475f5
|
Make optimize 8 a multi-pass operation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-21 09:12:42 -08:00 |
|
Tom Eastep
|
c820c54f41
|
Correctly handle audited RELATED_DISPOSITION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-21 09:03:27 -08:00 |
|
Tom Eastep
|
4a354ba5a2
|
Avoid internal error during standard chain completion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-21 08:02:50 -08:00 |
|
Tom Eastep
|
e23876b582
|
Rename '$inline' to '$action' in policy_rules()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-21 07:36:50 -08:00 |
|
Tom Eastep
|
64e76599e0
|
Correct handling of default actions that set Shorewall variables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-20 16:15:04 -08:00 |
|
Tom Eastep
|
b5cb27e84e
|
Correct .service files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-20 15:15:46 -08:00 |
|
Tom Eastep
|
c4a2f3d386
|
Set caller when possible in policy chains.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-20 14:51:16 -08:00 |
|
Tom Eastep
|
bc882af6c5
|
Allow RESET of Shorewall variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-20 07:32:34 -08:00 |
|
Tom Eastep
|
d31221b03c
|
Fix variable assignment.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-20 07:26:10 -08:00 |
|
Tom Eastep
|
f403420926
|
Allow setting chain variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-19 10:52:11 -08:00 |
|
Tom Eastep
|
b31c76cc50
|
Proper job of fixing DEFER_DNS_RESOLUTION=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-18 17:18:29 -08:00 |
|
Tom Eastep
|
1307770178
|
Allow setting action parameters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-18 15:05:14 -08:00 |
|
Tom Eastep
|
95aab78c0d
|
Add infrastructure to delete the %usedactions entry for an action chain if
the chain parameters are modified.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-18 14:54:57 -08:00 |
|
Tom Eastep
|
4587430e4a
|
Move get_action_logging() to the Config Module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-18 13:06:55 -08:00 |
|
Tom Eastep
|
8ccd1ab52b
|
Handle exclusion correctly when DEFER_DNS_RESOLUTION=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-18 12:09:54 -08:00 |
|
Tom Eastep
|
ea0325a1f5
|
Clarify IPv6 again.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-17 11:29:36 -08:00 |
|
Tom Eastep
|
066c159b4d
|
Provide instructions for changing DISABLE_IPV6 from Yes to No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-17 10:21:08 -08:00 |
|
Tom Eastep
|
724115bcbf
|
Add macro.ActiveDir
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-15 13:21:37 -08:00 |
|
Tom Eastep
|
89a09f0256
|
Implement DEFER_DNS_RESOLUTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-13 17:00:14 -08:00 |
|
Tom Eastep
|
54dbbaaa2d
|
Don't resolve DNS names at compile time.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-13 10:34:31 -08:00 |
|
Tom Eastep
|
90bd19feb9
|
Convert DNS names into ip addresses in validate_net().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-13 07:39:27 -08:00 |
|
Tom Eastep
|
853b9ce916
|
Enable DNS names without an interface name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-12 14:38:26 -08:00 |
|
Tom Eastep
|
c61d51363d
|
Correct generation of rules in the ESTABLISHED section of the rules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-12 06:49:32 -08:00 |
|
Tom Eastep
|
af83989465
|
Update copyright dates.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-11 16:01:10 -08:00 |
|
Tom Eastep
|
b53fd39b49
|
Avoid a fatal Perl error in Config::cleanup when an fatal error occurs
while compiling a default action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-11 15:50:23 -08:00 |
|
Tom Eastep
|
38097bef5d
|
Correct an optimizer bug.
- delete_chain_and_references() was only deleting the downward references
and not the upward ones.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-11 14:55:43 -08:00 |
|
Tom Eastep
|
76a63fb7e8
|
Don't flush 'noarp' ARP entries
= doing so kills the loopback interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-10 17:14:40 -08:00 |
|
Tom Eastep
|
f41b2fbffc
|
Clarify the LENGTH column of the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-09 16:22:38 -08:00 |
|
Tom Eastep
|
15ca9edf8a
|
Allow delete_tc1() to work on devices which an @ suffix in their reported names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-09 14:09:07 -08:00 |
|
Tom Eastep
|
199bce925f
|
Don't add chains with RETURNs to %terminating.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-09 12:54:29 -08:00 |
|
Tom Eastep
|
1fd3a6a522
|
Detect terminating chains
- no RETURN Rules
- last rule is terminating
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-08 16:32:24 -08:00 |
|
Tom Eastep
|
011dd2c901
|
Add a RETURNS flag to optflags indicating that there is RETURN in the chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-08 15:25:53 -08:00 |
|
Tom Eastep
|
e54563d9c1
|
Don't append rules that can't be matched.
Also, delete chains whose only rule is a -j RETURN
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-08 13:53:03 -08:00 |
|
Tom Eastep
|
f8c1b02dba
|
Correct test for optimization in 'check -r'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-08 09:51:32 -08:00 |
|
Tom Eastep
|
dece73f7b6
|
Another fix for *C actions in arprules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-07 18:59:24 -08:00 |
|
Tom Eastep
|
5883bc3f50
|
Correct typo (DNAC -> DNATC) in shorewall-arptables(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-07 18:33:27 -08:00 |
|
Tom Eastep
|
eb3b47ae24
|
Correctly handle *C actions in arprules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-07 18:29:41 -08:00 |
|
Tom Eastep
|
c157228f7d
|
Correct handling of unknown ACTION in arprules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-07 18:21:58 -08:00 |
|
Tom Eastep
|
a7af052d91
|
Correct issue with generating ESTABLISHED rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-07 16:07:24 -08:00 |
|
Tom Eastep
|
414a74d23c
|
Support protocol lists in most files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-07 16:06:54 -08:00 |
|
Tom Eastep
|
0526863e66
|
Make $section numeric
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-07 13:39:49 -08:00 |
|
Tom Eastep
|
5dbe2aa9ec
|
Optimize a test in finish_chain_section().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-07 07:00:15 -08:00 |
|
Tom Eastep
|
ca202ca10b
|
Flush the arp cache after applying the arprules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-06 17:46:40 -08:00 |
|
Tom Eastep
|
de4e0898b5
|
Catch protocol lists in contexts that don't allow them.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-06 17:23:14 -08:00 |
|
Tom Eastep
|
edc0a84e5d
|
Optimize RELATED rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-06 16:48:37 -08:00 |
|
Tom Eastep
|
d4c9885c09
|
Change interpretation of the log tag when LOGTAGONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-06 13:10:18 -08:00 |
|
Tom Eastep
|
c41b9e596d
|
Don't add --cstate to dropInvalid rule.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
|
2013-01-06 09:42:55 -08:00 |
|
Tom Eastep
|
9fd7933b5d
|
Make inline actions work in sections other than NEW.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
|
2013-01-06 09:32:50 -08:00 |
|
Tom Eastep
|
f223e3584c
|
Make '+' optional in the ADD and DEL statements.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
|
2013-01-06 07:37:11 -08:00 |
|
Tom Eastep
|
3f24416f37
|
Add a warning for opcode inversion when not arptables_jf.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-05 13:14:32 -08:00 |
|
Tom Eastep
|
38aa7f3857
|
Correct opcode inversion when not ARPTABLES_JF
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
|
2013-01-05 08:26:46 -08:00 |
|
Tom Eastep
|
7f6430a383
|
Correct address inversion in match_arp_net()
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
|
2013-01-05 08:20:51 -08:00 |
|
Tom Eastep
|
4fc0dba26d
|
Correct two-interface check in process_arprule.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
|
2013-01-05 08:17:53 -08:00 |
|
Tom Eastep
|
0c7e10dbfa
|
Add a comment to the Zones file
- define the {bridge} member.
|
2013-01-05 08:15:56 -08:00 |
|
Tom Eastep
|
97009bad79
|
Correct arptables_jf MAC handling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-04 17:27:16 -08:00 |
|
Tom Eastep
|
af7b7195d2
|
Fix MAC handling in the ARP module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-04 15:55:52 -08:00 |
|
Tom Eastep
|
a732f6e538
|
Add some comments to the ARP module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-04 15:07:51 -08:00 |
|
Tom Eastep
|
38657d9f98
|
Support for arptables.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
|
2013-01-04 09:17:57 -08:00 |
|
Tom Eastep
|
90e0c8b717
|
Don't update mtime on shorewall.conf during update that doesn't change the file
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
|
2013-01-02 15:03:07 -08:00 |
|
Tom Eastep
|
f955abe18b
|
Unify IPv4 and IPv6 modules.xtables files
- only difference now is xt_ipp2p
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
|
2013-01-01 08:44:36 -08:00 |
|
Tom Eastep
|
25b2341ecf
|
Add sch_fq_codel to modules.tc
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
|
2013-01-01 08:29:41 -08:00 |
|
Tom Eastep
|
aca3ce3c21
|
Delete blank line
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
|
2013-01-01 08:29:02 -08:00 |
|
Tom Eastep
|
34f8125416
|
Correct a couple of issues with update -D
- shorewall.conf.bak is no longer unlinked
- The mtime of all unaltered files is no longer updated
|
2012-12-31 12:43:02 -08:00 |
|