Commit Graph

2822 Commits

Author SHA1 Message Date
Tom Eastep
739013f248 Handle nfacct object lists in parens following an ipset name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-22 07:56:56 -07:00
Tom Eastep
6d57e7a0ce Mark a rule as complex if an option value is a reference.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-21 14:44:30 -07:00
Tom Eastep
5ad69aa650 Add CHAIN_SCRIPTS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-21 07:30:31 -07:00
Tom Eastep
1b9fd642bb Add INLINE to the accounting file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-20 08:02:02 -07:00
Tom Eastep
7c8f1ae020 Correct HELPERS handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 16:35:19 -07:00
Tom Eastep
1fd62e1612 Restore order in the NFACCT target.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 11:11:37 -07:00
Tom Eastep
6c2679ce75 Allow incrementing an nfacct object when an ipset matches.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 10:44:57 -07:00
Tom Eastep
610bdf1aac Correct merge_rules() for LAST matches.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-19 08:40:01 -07:00
Tom Eastep
cbdca08fea Fix for multiple nfacct patch.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-18 16:37:54 -07:00
Tom Eastep
b87b4b61d8 Allow multiple nfacct matches in one accounting rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-18 16:14:57 -07:00
Tom Eastep
9c010691a3 Always place 'nfacct' last
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-18 15:26:34 -07:00
Tom Eastep
8ef11a376b Document 'HELPERS=none'.
- Also make 'check -u' work correctly regarding HELPERS=

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-18 11:30:47 -07:00
Tom Eastep
4d686e873b Implement 'HELPERS=none'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-18 10:30:56 -07:00
Tom Eastep
f55e34dd8b Don't allow options on targets that don't accept them.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-17 17:18:01 -07:00
Tom Eastep
668bd4a1a4 Accept complex log levels with INLINE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-17 16:59:14 -07:00
Tom Eastep
5d5f168f25 Don't clone rule unconditionally in format_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-17 13:35:32 -07:00
Tom Eastep
938bd72844 Better handling of the matches rule member.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-17 10:39:32 -07:00
Tom Eastep
8b91575c9e Maintain order when multiple instances of a match are separated.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-17 06:52:32 -07:00
Tom Eastep
0da38cc38e Order matches in rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-12 11:37:29 -07:00
Tom Eastep
6950cd2576 Allow '-' in a match name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 18:30:02 -07:00
Tom Eastep
ff4fb21044 Require that the '-j' part of a free-form rule be known.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 18:29:45 -07:00
Tom Eastep
614c5e6155 Assume LOG if a level is specified with INLINE.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 14:16:34 -07:00
Tom Eastep
35b0b4a4f9 Support A_ACCEPT!
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 13:37:49 -07:00
Tom Eastep
c34cf333ba Allow both {...} and ';' with INLINE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 12:57:59 -07:00
Tom Eastep
b33bdeaa02 Allow a parameter to INLINE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 11:54:58 -07:00
Tom Eastep
38f3ae0934 Handle 'NONE' policy correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 09:35:27 -07:00
Tom Eastep
beec4a188f Implement INLINE action (again).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 09:15:59 -07:00
Tom Eastep
f85d548d40 Correct handling of MACLIST_DISPOSITION with MACLIST_TABLE=mangle
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-11 06:23:22 -07:00
Tom Eastep
ee2e85c0fb Correct generation of the blacklog chain when disposition is audited
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-10 16:43:38 -07:00
Tom Eastep
186f71fa96 Add NEW_TOS_MATCH capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-09 14:04:16 -07:00
Tom Eastep
477e2bc455 Additional corrections to INLINE action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-09 09:41:43 -07:00
Tom Eastep
273f109daf Correct handling of MACLIST_DISPOSITION=A_xxx when MACLIST_TABLE=mangle
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-09 09:37:12 -07:00
Tom Eastep
50494f667c Implement INLINE action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-08 17:30:00 -07:00
Tom Eastep
183a0a75a1 Implement 'builtin' actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-08 16:14:26 -07:00
Tom Eastep
9e10c38e26 Don't emit 'quantum' calculation unless the qdisc is 'htb'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-03 08:39:18 -07:00
Tom Eastep
ee66a45e2e Correct comments in the Chains module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-02 12:52:10 -07:00
Tom Eastep
c200efa6d7 Revert "Disable script generation while processing TC"
This reverts commit 5b18ff91ca.
2013-04-01 15:23:16 -07:00
Tom Eastep
5b18ff91ca Disable script generation while processing TC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-04-01 09:05:12 -07:00
Tom Eastep
ef5818ce7e Merge branch '4.5.15' 2013-03-31 07:08:49 -07:00
Tom Eastep
58ef8e0ec3 Correct bounds check in do_dscp()
- "< 0x2f" s/b "< 0x3f"

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-31 07:07:21 -07:00
Tom Eastep
8a84c1c371 Avoid 'echo' failure during 'enable'.
- in the case where the kernel doesn't know about
  /proc/sys/net/ipv6/conf/x/accept_ra

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-31 07:02:11 -07:00
Tom Eastep
1db5741edd Merge branch '4.5.15'
Conflicts:
	Shorewall/Perl/Shorewall/Proc.pm
2013-03-30 18:08:17 -07:00
Tom Eastep
1139e1a09c Establish /proc/sys/net/ipv6/conf/X/forwarding during 'enable'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-30 17:26:50 -07:00
Tom Eastep
d415de1883 Add the accept_ra Shorewall6 interface option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-30 16:44:18 -07:00
Tom Eastep
448d957e48 Fix use of names for DSCP.
- From Thibaut Chèze

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-30 07:20:10 -07:00
Tom Eastep
8fe7963631 Revert another replace->add change.
- Also includes a cosmetic change.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-27 06:57:49 -07:00
Tom Eastep
6334b09653 Add a comment about why the 'id' member of builtin tables is initialized in process_providers()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-26 14:30:42 -07:00
Tom Eastep
e572d6ce50 Use the 'id' member in copy_and_edit_table().
- Also add prohibit and unreachable to the existing blackhole case.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-26 07:38:13 -07:00
Tom Eastep
792a19bf4b Initialize the 'id' member of reserved tables after .conf has been read.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-26 07:36:57 -07:00
Tom Eastep
61e21de41b Revert bad hunk from last change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-03-26 07:00:16 -07:00