Tom Eastep
7625b4069b
Delete references to prenet subsystem locks.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-03 12:31:39 -07:00
Tom Eastep
43afd03b9b
Bump version to 4.4.10
2010-06-03 11:18:02 -07:00
Tom Eastep
226eb6ca3e
Cleanup of optimization fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 09:56:14 -07:00
Tom Eastep
50ce5bab68
Fix Optimization Bug
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 08:58:16 -07:00
Tom Eastep
d58480943a
Bump version to 4.4.10 RC 1
2010-05-27 17:21:11 -07:00
Tom Eastep
e627e0ea76
Bump version to 4.4.10-Beta4
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-26 16:47:49 -07:00
Tom Eastep
cdcb42ce9c
Increment version to 4.4.10-Beta3.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-25 07:17:57 -07:00
Tom Eastep
9c0564831a
Fix syntax error in generated shell script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-24 06:23:45 -07:00
Tom Eastep
4264524448
Bump Version to 4.4.10-Beta2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-20 14:13:38 -07:00
Tom Eastep
50dc02da07
Implement the 'REQUIRE_INTERFACE' option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-19 07:32:02 -07:00
Tom Eastep
4690075ed8
Start firewall on up event for optional interface.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 20:29:03 -07:00
Tom Eastep
0c9a0150d2
Document Shorewall-init; delete old auto-stop code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 14:42:39 -07:00
Tom Eastep
f9d187c288
Correct issues found in Fedora Testing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 10:27:12 -07:00
Tom Eastep
499b0cddaa
Log the text from startup errors.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-17 07:02:30 -07:00
Tom Eastep
a534bca914
Fix an existing bug in Shorewall6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-16 19:28:49 -07:00
Tom Eastep
a501222194
Fix some bugs in the Shorewall-init implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-16 17:41:09 -07:00
Tom Eastep
4f428d8135
De-implement 'close'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-16 15:31:41 -07:00
Tom Eastep
749d6be64e
Add 'optional' interfaces to updown processing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 17:06:00 -07:00
Tom Eastep
a3589dc6e9
Implement the 'up' and 'down' script commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 12:48:04 -07:00
Tom Eastep
88188202cc
Add 'wait' interface option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 09:52:46 -07:00
Tom Eastep
16e451a7d8
Add 'required' interface option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 09:04:32 -07:00
Tom Eastep
a2758421ed
Bump version to 4.4.10-Beta1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-13 17:03:14 -07:00
Tom Eastep
529f9a07b4
Update Rules.pm version to 4.4.10
2010-05-13 16:39:52 -07:00
Tom Eastep
1d0b8b1cec
Correct syntax error in generated code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-13 16:32:42 -07:00
Tom Eastep
449ca038ba
Implement 'close' command
2010-05-13 16:29:25 -07:00
Tom Eastep
65a5d34276
Update Module Versions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 12:46:29 -07:00
Tom Eastep
96bef5bd49
Assume 'routeback' in routestopped based on interface config.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 12:31:11 -07:00
Tom Eastep
fca404eeaf
Update version to 4.4.9
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 10:02:02 -07:00
Tom Eastep
c7848be266
Back out the rest of the original change for dup / -[psiod]
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 09:59:25 -07:00
Tom Eastep
70c6a2cdf3
Update version to 4.4.9-RC2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-02 07:25:50 -07:00
Tom Eastep
639b3ea57d
Simplify checking for /! -[piosd] /
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 09:13:16 -07:00
Tom Eastep
311372013d
More fixes to optimization
...
Only disallow / ! -[piosd] / if the target is a chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 08:58:41 -07:00
Tom Eastep
518416ec2e
Add a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 08:08:39 -07:00
Tom Eastep
94c6b37e8e
Avoid leaving an orphan '!' behind.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 07:51:24 -07:00
Tom Eastep
219b2e0761
A more comprehensive solution to multiple -[piosd] matches.
...
- eliminate duplicate -[piosd] matches in merged rules
- avoid tracing !* unconditionally
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 07:26:25 -07:00
Tom Eastep
16161d9cfc
Add new trace types.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 06:43:09 -07:00
Tom Eastep
1173518d78
More minor cleanup of first code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-30 07:22:09 -07:00
Tom Eastep
076da4bd5c
Couple of tweaks to my earliest code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-29 11:19:50 -07:00
Tom Eastep
2c1cede54e
Revise addressless bridge change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 15:23:38 -07:00
Tom Eastep
d8b0f496df
Allow simple configuration of a bridge with no IP address
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 12:26:58 -07:00
Tom Eastep
988f7c4d7e
More fixes for bad NAT optimization
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:50:18 -07:00
Tom Eastep
0e4698d57c
Fix rare optimization bug
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:19:58 -07:00
Tom Eastep
6d61e962eb
Use -m conntrack if available in place of -m state
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-25 13:35:41 -07:00
Tom Eastep
21e0c68ef2
Bump version to 4.4.9 RC1
2010-04-25 09:37:17 -07:00
Tom Eastep
fb2ddcee7b
Bump Version to 4.4.9 Beta 5
2010-04-24 21:53:12 -07:00
Tom Eastep
b821bdcdfd
One more pass at improving regex's for target isolation and matching
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 14:45:34 -07:00
Tom Eastep
64bf772594
Set OUTPUT policy to ACCEPT when optimize_chain deletes all of its rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 13:38:38 -07:00
Tom Eastep
fb754b3a2e
Don't remove a lone ACCEPT rule from the OUTPUT chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 11:35:14 -07:00
Tom Eastep
a1a78cf09b
Abandon the fantesy that multiple optimize 8 passes will achieve anything.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 17:12:08 -07:00
Tom Eastep
c52a3dcd14
Don't generate policy chains for fw to bridgeport zones.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:56:11 -07:00
Tom Eastep
1030c852f9
Simplify a test
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:21:30 -07:00
Tom Eastep
e7a4aaafc1
Modify optimization 8 loop to continue until no chains are combined.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:17:57 -07:00
Tom Eastep
4f00de0c57
Make additional optimize 8 passes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 08:42:25 -07:00
Tom Eastep
21b44ac42b
Change version to 4.4.9-Beta4
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 07:25:53 -07:00
Tom Eastep
82d6ba511f
Unify the REs that look for '-[jg] <chain>'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 18:02:31 -07:00
Tom Eastep
cec59360f6
Use '-j' rather than '-g' when jumping to tcpre, just to be safe
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 14:14:13 -07:00
Tom Eastep
46d207a86f
Restore original amount of whitespace in maclist rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 14:13:37 -07:00
Tom Eastep
e9a94b0cfb
Unify reference count adjustment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 14:12:48 -07:00
Tom Eastep
cf59d9ec68
Fix an optimize 8 bug.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 12:45:00 -07:00
Tom Eastep
c1bcf360ee
Fix another 'add_rule' that should have been an 'add_jump'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 09:59:57 -07:00
Tom Eastep
96d69bd8c3
Centralize message generation; optimize optimization-8 loop
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 09:29:37 -07:00
Tom Eastep
cff6f0010f
Remove chain name after '-A' (again).
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-14 17:05:03 -07:00
Tom Eastep
f8bacb54ef
Optimize 8
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-14 13:21:10 -07:00
Tom Eastep
4137961169
Speed up the replace_references* functions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-11 09:00:24 -07:00
Tom Eastep
715ea9ef32
Speed up delete_jumps()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-11 08:38:14 -07:00
Tom Eastep
76b9ef7005
Use unshift rather than splice for readability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 09:25:29 -07:00
Tom Eastep
2e443df8e3
Adjust references in move_rules()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 09:09:46 -07:00
Tom Eastep
ff73d802da
More cleanup of rule and chain deletion:
...
- Rename purge_jumps() to delete_jumps()
- Add delete_chain() function
- Remove an unnecessary assertion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 08:37:17 -07:00
Tom Eastep
1de304bfd9
Relocate purge_jumps() and change the loop exit condition to be a bit safer.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 13:51:44 -07:00
Tom Eastep
14477d61fe
Verify that purge_jumps() reset the 'to' chain's referenced flag.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 12:28:01 -07:00
Tom Eastep
2ff1df53da
Unify chain deletion.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 11:38:18 -07:00
Tom Eastep
7a831107c7
Replace the complex rule deletion loops with C-stype for loops.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 09:58:32 -07:00
Tom Eastep
9dc8267888
Don't apply RE to rules that we've already checked.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 09:46:07 -07:00
Tom Eastep
1e078b8c8d
Use splice() to delete rules from chains
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 09:38:03 -07:00
Tom Eastep
56bc28a182
Prepare 4.4.9 Beta 3
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 07:32:21 -07:00
Tom Eastep
c2c0fb0dd2
Fix deletion of only rule in a chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 17:20:11 -07:00
Tom Eastep
ab1a27ca2a
Update version to 4.4.9 Beta 2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 13:14:51 -07:00
Tom Eastep
9a00191c88
Remove a 'defined' test that is no longer needed.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 13:12:17 -07:00
Tom Eastep
359c221783
Keep rules arrays compressed throughout the compilation process
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 12:53:30 -07:00
Tom Eastep
3937c10251
Keep rule arrays compressed during optimization
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 11:35:15 -07:00
Tom Eastep
9126cc63d9
Delete unused rules arrays
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 10:55:31 -07:00
Tom Eastep
cca2c18370
Another case where reference counts are wrong
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 20:07:03 -07:00
Tom Eastep
aeb3b277b0
Fix reference count issue
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 19:47:49 -07:00
Tom Eastep
3711e64d71
Fix for 0 values propagated to the script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 14:38:29 -07:00
Tom Eastep
3092a85999
SWAG regarding LOG_VERBOSITY issue
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 13:43:57 -07:00
Tom Eastep
af893b6296
Add 'N' trace records for chain creation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 07:32:38 -07:00
Tom Eastep
b2d8039ff6
Remove unnecessary text and 'before' images from trace entries
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 07:12:22 -07:00
Tom Eastep
7e97e9519d
Conditionally trace writes by copy2().
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 11:56:26 -07:00
Tom Eastep
51d4bf19b5
Conditionally trace writes by copy2().
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 11:56:06 -07:00
Tom Eastep
350a89e449
More complete generated script trace
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 09:48:23 -07:00
Tom Eastep
5c91fb40e2
Remove unneeded test; correct typo
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 09:04:45 -07:00
Tom Eastep
6d7226ae93
Remove special trace entries
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 16:31:03 -07:00
Tom Eastep
1fd656b8c9
Tweak trace facility
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 15:31:05 -07:00
Tom Eastep
b0733d93ee
Implement a more robust trace
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 13:09:04 -07:00
Tom Eastep
ef4237f5a0
Avoid verbosity overflow/underflow
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 07:27:27 -07:00
Tom Eastep
3e215d0482
Minor cleanup in the Chains module.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-27 08:18:41 -07:00
Tom Eastep
1153ff0c75
Avoid a shell warning when brctl is not installed.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-27 07:33:40 -07:00
Tom Eastep
f30cd7e287
Clarify provisional policy handling.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-26 08:02:49 -07:00
Tom Eastep
6cdc1ab7a2
Allow a logical interface name in the EXTERNAL column of the proxyarp file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-25 11:41:06 -07:00
Tom Eastep
7d91edc6ec
Remove redundant line of code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-23 12:49:06 -07:00