Commit Graph

10961 Commits

Author SHA1 Message Date
Tom Eastep
d85f6970e3 Fix wildcard interfaces
- Suppress extra jumps to interface chains.
- Insure that the 'lo' ACCEPT rule doesn't get masked by a wildcard interface

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-10 06:53:48 -08:00
Tom Eastep
83d373c0aa More documentation cleanup.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-10 06:52:14 -08:00
Tom Eastep
7ebf5a4284 Correct links in shorewall.conf manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-09 09:56:59 -08:00
Tom Eastep
d053faadde Allow convertion of a legacy blacklist configuration
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-08 12:59:40 -08:00
Tom Eastep
6108a9cad8 Delete BLACKLISTSECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-06 14:46:14 -08:00
Tom Eastep
da7516d401 Update config files and manpages for BLACKLISTSECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-06 12:05:07 -08:00
Tom Eastep
b0103a51d5 Merge branch 'master' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall 2011-11-06 08:44:26 -08:00
Tom Eastep
1091c24348 Implement the BLACKLISTSECTION option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-06 08:43:38 -08:00
Tom Eastep
755ed9859b Merge branch '4.4.25' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall 2011-11-06 06:16:43 -08:00
Roberto C. Sanchez
cf8c30904d Add support for a "status" command to the Debian init scripts
(cherry picked from commit d36a2030ea)
2011-11-06 09:10:59 -05:00
Tom Eastep
38d1a2ada9 Add DropSmurfs and TCPFlags to the IPv6 actions.std file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-05 07:54:21 -07:00
Tom Eastep
d883e45f83 Correct 'start -f' with AUTOMAKE=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-05 07:54:05 -07:00
Tom Eastep
e236be37db Include the rawpost table in dump output
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-05 07:52:40 -07:00
Tom Eastep
a842fad629 Mention that 'ignore' exempts the inteface from hairpin filtering.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-04 13:49:23 -07:00
Tom Eastep
689e9b0fe1 Make replacement of '+' by '*' global in case statements.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-04 13:49:10 -07:00
Tom Eastep
aed595f1d8 Document the 'ignore' interface option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-04 08:51:56 -07:00
Tom Eastep
352dba1aac More cleanup of the IN_BANDWIDTH code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-02 06:34:35 -07:00
Roberto C. Sanchez
d36a2030ea Add support for a "status" command to the Debian init scripts 2011-11-01 19:55:02 -04:00
Tom Eastep
b9a7374130 Omit estimator when no avrate.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-01 11:16:51 -07:00
Tom Eastep
cfa33e894f Restore IN_BANDWIDTH functionality on moribund distributions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-01 07:02:32 -07:00
Tom Eastep
8b8140cc9f Add 'Basic Filter' capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-01 06:34:57 -07:00
Tom Eastep
f3b5d5585f Correct detection of FLOW_FILTER
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-01 06:21:34 -07:00
Tom Eastep
0a605c63f2 Add note about separate blacklist file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-31 08:46:11 -07:00
Tom Eastep
dc1f815679 Reload blacklistsection chains even when legacy blacklisting is used.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-31 08:04:32 -07:00
Tom Eastep
29f6f6e3f2 Allow 'refresh' to reload chains from the BLACKLIST section.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-30 06:05:24 -07:00
Tom Eastep
e997b7e662 Update Build doc to reflect change to 'setversion'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-30 05:26:23 -07:00
Tom Eastep
16457ce85b Evaluate a variable at compile-time rather than at run-time
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-27 07:07:38 -07:00
Tom Eastep
3aac252645 Cleanup of IPv6 config files and manpages
- Add BLACKLIST section to IPv6 rules files.
- Add USE_DEFAULT_RT to the shorewall6.conf files and to the manpage.
2011-10-26 05:59:27 -07:00
Tom Eastep
5e97dc1954 Fold long lines in the FAQ
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-25 14:28:18 -07:00
Tom Eastep
c319921365 Correct validation of 4in6 addresses
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-25 06:19:34 -07:00
Tom Eastep
3258806f6c Insure that 32767 default rule exists on IPv6.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-24 21:15:09 -07:00
Tom Eastep
ccdda4c73b Tighten the rule compatibility test in sub compatible().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-24 13:16:17 -07:00
Tom Eastep
3c98094242 Combine all IPV6 filtering in the routing table copy routines
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-24 13:15:36 -07:00
Tom Eastep
14764acd2d Restore a blank line in the generated script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-24 08:50:15 -07:00
Tom Eastep
3ce5449257 Change the Caution at the top of the FAQs to refer to 4.4 rather than 4.3
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-24 06:23:33 -07:00
Tom Eastep
ee66be8f32 Place all ip-address rules at priority 20000.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-23 17:11:41 -07:00
Tom Eastep
54ba4ed879 Add MARK column to route_rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-23 07:56:53 -07:00
Tom Eastep
2316162d86 Fix last section of two-interface doc 2011-10-22 16:22:44 -07:00
Tom Eastep
cb13c02731 Fix last section of two-interface doc 2011-10-22 16:15:36 -07:00
Tom Eastep
4b419f7497 Cleanup if IPv6 provider work
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-22 12:48:07 -07:00
Tom Eastep
d3d9380df5 Don't combine incompatible chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-21 11:55:30 -07:00
Tom Eastep
f31f3dc92a Implement 'fallback' and 'balance' for IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-21 11:55:15 -07:00
Tom Eastep
20cd943a60 Make route-table copying work on IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-20 10:32:09 -07:00
Tom Eastep
18161b54e8 Update network graphics 2011-10-20 10:02:58 -07:00
Tom Eastep
a42e2dff7f Allow caps in IPv6 addresses
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-19 07:47:49 -07:00
Tom Eastep
62d43ab6dd Cleanup of new IN-BANDWIDTH handling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-18 05:53:50 -07:00
Tom Eastep
15915799b9 Document new IN-BANDWIDTH handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-18 05:53:31 -07:00
Tom Eastep
dbe936c7c9 Cleanup of new IN-BANDWIDTH handling (avoids a syntax error)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-17 06:29:27 -07:00
Tom Eastep
4d83201843 Allow configuraton of a rate estimated policing filter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-16 14:38:27 -07:00
Tom Eastep
ebc944f027 Add optional MTU parameter in IN_BANDWIDTH
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-10-16 10:52:45 -07:00