Tom Eastep
|
17838c1443
|
Add TCPMSS to the allowed mangle actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-10-19 12:58:38 -07:00 |
|
Tom Eastep
|
5867ce6c3b
|
CLAMPMSS now done in the mangle table.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-10-18 15:55:07 -07:00 |
|
Tom Eastep
|
84cd80eba9
|
Update the Shared Config document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-10-17 16:51:35 -07:00 |
|
Tom Eastep
|
9b02f7a922
|
Update Shared config article
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-10-15 19:15:13 -07:00 |
|
Tom Eastep
|
f1975ae9b0
|
More robust detection of empty SPD entries.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-10-15 08:26:27 -07:00 |
|
Tom Eastep
|
7b9f7c095d
|
Don't dump SPD entries for the other address family
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-10-14 13:39:00 -07:00 |
|
Tom Eastep
|
8ea96098bf
|
Warning when 'persistent' used with RESTORE_DEFAULT_ROUTE=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-10-11 15:22:07 -07:00 |
|
Tom Eastep
|
02ed36332a
|
Revert "Warn when RESTORE_DEFAULT_ROUTE=Yes and a persistent provider is defined"
This reverts commit 39a3c72057 .
|
2017-10-11 11:24:54 -07:00 |
|
Tom Eastep
|
15a3b29a32
|
Revert "Document warning when RESTORE_DEFAULT_ROUTE=Yes and 'persistent'"
This reverts commit bfab002dda .
|
2017-10-11 11:24:39 -07:00 |
|
Tom Eastep
|
cb4f9e7261
|
Don't restore default routes when there is an enabled fallback provider
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-10-11 11:24:13 -07:00 |
|
Tom Eastep
|
bfab002dda
|
Document warning when RESTORE_DEFAULT_ROUTE=Yes and 'persistent'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-10-11 11:01:09 -07:00 |
|
Tom Eastep
|
ddb12fcad9
|
Add/correct comments
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-10-11 11:00:46 -07:00 |
|
Tom Eastep
|
42ce754961
|
Don't restore default routes when a fallback= provider is enabled
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-10-11 11:00:05 -07:00 |
|
Tom Eastep
|
5cd4d63bc5
|
Delete main default routes when a fallback provider is enabled
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-10-11 10:59:31 -07:00 |
|
Tom Eastep
|
5b567f2d8b
|
Correct delete_default_routes() in tables other than main
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-10-11 10:58:48 -07:00 |
|
Tom Eastep
|
39a3c72057
|
Warn when RESTORE_DEFAULT_ROUTE=Yes and a persistent provider is defined
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-10-11 10:58:09 -07:00 |
|
Tom Eastep
|
b47e633c38
|
Use 'route replace' rather than 'route add' to avoid persistence issues
Previous failure case was:
- disable interface
- reload
- enable interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-10-09 08:58:10 -07:00 |
|
Tom Eastep
|
1b55a37a28
|
Ensure that 'rule add' commands don't fail with persistent interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-10-08 08:53:53 -07:00 |
|
Tom Eastep
|
a97dcd23d0
|
Allow merging of rules that specify an IPSEC policy
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-10-07 13:17:43 -07:00 |
|
Tom Eastep
|
108b169d8d
|
Treat LOG_TARGET like all other capabilities
- Previous implementation could generate unworkable script when
LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-10-06 08:01:52 -07:00 |
|
Tom Eastep
|
a9fbaa57ed
|
Pass -$g_family to 'ip xfrm' commands
- This currently doesn't work correctly, but maybe it will in the future
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-10-06 08:00:29 -07:00 |
|
Tom Eastep
|
317f12041b
|
Strengthen the test for empty SPD entries
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-30 15:43:17 -07:00 |
|
Tom Eastep
|
8469f983d8
|
Merge branch '5.1.7'
# Conflicts:
# Shorewall/Perl/prog.footer
|
2017-09-29 15:25:37 -07:00 |
|
Tom Eastep
|
f54acb665a
|
Correct handling of mark range in MARK target.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-29 14:44:33 -07:00 |
|
Tom Eastep
|
3d2e9eb93e
|
Improve the fix for SELinux "getattr" denials
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-28 15:16:50 -07:00 |
|
Tom Eastep
|
c6a939301f
|
Improve the fix for SELinux "getattr" denials
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-28 15:16:00 -07:00 |
|
Tom Eastep
|
1cb98254cc
|
Handle SELinux getattr denials in open() processing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-26 16:42:54 -07:00 |
|
Tom Eastep
|
baa791a1e3
|
Handle SELinux getattr denials in open() processing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-26 16:41:50 -07:00 |
|
Tom Eastep
|
8b4b965f63
|
Remove unnecessary disable/enable of script generation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-21 14:36:30 -07:00 |
|
Tom Eastep
|
8ee2d6246c
|
Update a comment in the compiler
- get_configuration() also processes the shorewallrc file(s)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-21 12:32:34 -07:00 |
|
Tom Eastep
|
a7be3dfece
|
Align progress messages produced by 'reenable'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-19 13:29:13 -07:00 |
|
Tom Eastep
|
846e8c4ece
|
Correct reenable logic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-19 13:29:08 -07:00 |
|
Tom Eastep
|
e2bf7e6584
|
Align progress messages produced by 'reenable'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-19 13:28:09 -07:00 |
|
Tom Eastep
|
ff3994f6a1
|
Correct reenable logic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-19 13:17:50 -07:00 |
|
Tom Eastep
|
494ec9c59c
|
Avoid extra comparison in reload_command()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-19 10:49:11 -07:00 |
|
Tom Eastep
|
1cde92e8f3
|
Initialize g_dockeringress
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-19 10:43:44 -07:00 |
|
Tom Eastep
|
721a1e3b33
|
Initialize g_dockeringress
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-19 10:39:52 -07:00 |
|
Tom Eastep
|
84fa774cb7
|
Change copyright dates in lib.runtime
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-19 09:03:00 -07:00 |
|
Tom Eastep
|
c39bc7b65f
|
Update version of lib.*installer
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-18 13:09:35 -07:00 |
|
Tom Eastep
|
2548e8741d
|
Update version and copyright dates in lib.common
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-18 13:07:37 -07:00 |
|
Tom Eastep
|
0a31fba6bb
|
Update version and copyright dates in lib.core
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-18 13:00:50 -07:00 |
|
Tom Eastep
|
9701c9c522
|
Update version and copyright dates in lib.base
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-18 12:57:02 -07:00 |
|
Tom Eastep
|
973d352209
|
Update shorewall script
- Update copyright dates
- Add a comment about PRODUCT setting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-18 12:51:27 -07:00 |
|
Tom Eastep
|
91e59c2ed4
|
Remove the Lite Makefiles
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-18 11:56:04 -07:00 |
|
Tom Eastep
|
be5aabcbfb
|
Correct typo in Chains.pm
&g_dockeringress -> $g_dockeringress
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-18 10:14:22 -07:00 |
|
Tom Eastep
|
a8937e6bc8
|
Correct harmless typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-18 10:06:41 -07:00 |
|
Tom Eastep
|
e91bd9a0e9
|
Remove useless/empty .tmp file when SAVE_IPSETS is set
- Add SAVE_IPSETS support to the Redhat/Fedora sysv init script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-18 09:28:43 -07:00 |
|
Tom Eastep
|
5e1cf17ebc
|
DOCKER-INGRESS support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-17 10:57:29 -07:00 |
|
Tom Eastep
|
85a7ec6fe5
|
Correct module loading in the compiler
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-14 15:08:38 -07:00 |
|
Tom Eastep
|
fb831e3128
|
Remove empty/useless ipsets tmp file in Shorewall-init
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2017-09-12 11:56:24 -07:00 |
|