Tom Eastep
|
6aa0ecae4f
|
Re-factor the code for saving/loading ipsets
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-14 15:15:47 -07:00 |
|
Tom Eastep
|
434e042494
|
Add the deprecated/ directories to the CONFIG_PATH
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-14 14:17:06 -07:00 |
|
Tom Eastep
|
9fa0df2fd1
|
Move the code that generates zap_ipsets() to after save_ipsets() generation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-14 09:56:48 -07:00 |
|
Tom Eastep
|
216bc715e8
|
Clean up V4/V5 ipset enforcement
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-14 09:00:38 -07:00 |
|
Tom Eastep
|
dbd42e1d5d
|
More ipset fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-12 16:29:13 -07:00 |
|
Tom Eastep
|
2cf3706864
|
Correct handling of a zone with two interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-11 10:32:26 -07:00 |
|
Tom Eastep
|
3028dafbac
|
Correct DBL 'src-dst' handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-11 09:13:17 -07:00 |
|
Tom Eastep
|
16a31c3d29
|
Make MINIUPNPD work with DOCKER
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-11 09:02:44 -07:00 |
|
Tom Eastep
|
d3f377e915
|
Don't double-save the dynamic blacklisting ipset
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-11 08:37:39 -07:00 |
|
Tom Eastep
|
6c00f72f44
|
Create ipsets with the 'counters' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-10 18:09:41 -07:00 |
|
Tom Eastep
|
deaaecdf1c
|
Add 'nodbl' interface option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-10 16:09:39 -07:00 |
|
Tom Eastep
|
05e4049174
|
Ipset-based blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-10 16:07:56 -07:00 |
|
Tom Eastep
|
5db6cb1b7d
|
Correct load_ipsets()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-09 16:07:10 -07:00 |
|
Tom Eastep
|
321476fd51
|
Tweak terminating() implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-08 08:24:57 -07:00 |
|
Tom Eastep
|
bd6b32eb25
|
Add a progress message for REJECT_ACTION processing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-07 10:30:54 -07:00 |
|
Tom Eastep
|
4fdf54eca1
|
Tweak process_reject_action()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-07 10:02:48 -07:00 |
|
Tom Eastep
|
70bbd21b35
|
Ensure that the REJECT_ACTION is terminating
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-07 09:34:38 -07:00 |
|
Tom Eastep
|
87a9b95f73
|
Catch case where a transformed rule jumps to its own chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-07 08:58:50 -07:00 |
|
Tom Eastep
|
ecd7261365
|
Use -g when target is a terminating chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-07 08:48:36 -07:00 |
|
Tom Eastep
|
293cd1d66a
|
Always go to the reject chain rather than jump to it
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-06 09:14:06 -07:00 |
|
Tom Eastep
|
436b5d89ce
|
Correct comment
- The chain will only exist if logging wasn't specified for the same
disposition.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-06 08:50:29 -07:00 |
|
Tom Eastep
|
26795cf082
|
Correct setup of $usedactions{A_REJECT}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-06 08:18:36 -07:00 |
|
Tom Eastep
|
3ac3ae279f
|
Add A_REJECT action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-05 16:38:39 -07:00 |
|
Tom Eastep
|
e9467326f3
|
Allow allow REJECT to take a parameter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-05 11:20:44 -07:00 |
|
Tom Eastep
|
75df718865
|
Reword comment in push_action_params()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-04 09:41:28 -07:00 |
|
Tom Eastep
|
ae8e2f70ea
|
Efficiency change to known_interface()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-03 17:34:02 -07:00 |
|
Tom Eastep
|
39f5b77e5f
|
Fix known_interface()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-03 16:31:45 -07:00 |
|
Tom Eastep
|
cb5a2519f3
|
Keep hyphens in @chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-03 16:30:31 -07:00 |
|
Tom Eastep
|
4151f7c504
|
Revert change to log_[i]rule_limit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-03 16:29:52 -07:00 |
|
Tom Eastep
|
054837aeea
|
Use the real chain name in log messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-03 13:04:25 -07:00 |
|
Tom Eastep
|
b637d303b9
|
Correct use of a physical interface name in the hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-02 17:27:20 -07:00 |
|
Tom Eastep
|
0dbf42424d
|
Make physical name a synonym for the correcponding logical name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-02 10:04:05 -07:00 |
|
Tom Eastep
|
f22e8d6d55
|
Allow physical interface to work in the ecn file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-01 15:10:49 -07:00 |
|
Tom Eastep
|
d98305c6f4
|
Correct default for MINIUPNOD
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-01 12:20:42 -07:00 |
|
Tom Eastep
|
3cbfdadb32
|
Merge branch '5.0.7'
|
2016-04-01 09:46:53 -07:00 |
|
Tom Eastep
|
df1b1f6768
|
Add MINIUPNPD option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-04-01 08:57:08 -07:00 |
|
Tom Eastep
|
3881b38e02
|
Fix similar INTERFACE column issue in the nat and netmap files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-31 14:16:43 -07:00 |
|
Tom Eastep
|
8a8f3b6f59
|
Merge branch '5.0.7'
|
2016-03-31 12:55:16 -07:00 |
|
Tom Eastep
|
b9bed00123
|
Correct handling of a physical name in a masq rule
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-31 12:52:30 -07:00 |
|
Tom Eastep
|
38aa7797c4
|
Allow protocol and user lists in actions and macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-30 08:34:42 -07:00 |
|
Tom Eastep
|
404540ffe1
|
Merge branch '5.0.7'
|
2016-03-30 08:17:19 -07:00 |
|
Tom Eastep
|
dd3c0daa08
|
Handle inline matches correctly in the mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-29 13:33:47 -07:00 |
|
Tom Eastep
|
4fddfcfba0
|
More complete fix for inline matches
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-29 13:15:01 -07:00 |
|
Tom Eastep
|
421d5f6043
|
Move Raw matches to last.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-29 09:31:27 -07:00 |
|
Tom Eastep
|
382ab380a2
|
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
|
2016-03-29 07:36:49 -07:00 |
|
Tuomo Soini
|
2342c7cd9c
|
Perl/Shorewall/Chains.pm: Fix warning with older perl
|
2016-03-29 09:58:33 +03:00 |
|
Tom Eastep
|
66ae4975b2
|
Allow :R with DIVERT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-28 15:52:49 -07:00 |
|
Tom Eastep
|
5b7a9db170
|
Correct clearing of inline matches
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-28 15:48:59 -07:00 |
|
Tom Eastep
|
ad87d94e33
|
Small efficiency change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-26 13:12:33 -07:00 |
|
Tom Eastep
|
f86abf9552
|
Eliminate @columnstack -- simple save the columns array on the call stack.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-22 10:49:40 -07:00 |
|