Tom Eastep
|
739013f248
|
Handle nfacct object lists in parens following an ipset name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-22 07:56:56 -07:00 |
|
Tom Eastep
|
6d57e7a0ce
|
Mark a rule as complex if an option value is a reference.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-21 14:44:30 -07:00 |
|
Tom Eastep
|
5ad69aa650
|
Add CHAIN_SCRIPTS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-21 07:30:31 -07:00 |
|
Tom Eastep
|
1b9fd642bb
|
Add INLINE to the accounting file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-20 08:02:02 -07:00 |
|
Tom Eastep
|
7c8f1ae020
|
Correct HELPERS handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-19 16:35:19 -07:00 |
|
Tom Eastep
|
1fd62e1612
|
Restore order in the NFACCT target.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-19 11:11:37 -07:00 |
|
Tom Eastep
|
6c2679ce75
|
Allow incrementing an nfacct object when an ipset matches.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-19 10:44:57 -07:00 |
|
Tom Eastep
|
610bdf1aac
|
Correct merge_rules() for LAST matches.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-19 08:40:01 -07:00 |
|
Tom Eastep
|
cbdca08fea
|
Fix for multiple nfacct patch.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-18 16:37:54 -07:00 |
|
Tom Eastep
|
b87b4b61d8
|
Allow multiple nfacct matches in one accounting rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-18 16:14:57 -07:00 |
|
Tom Eastep
|
9c010691a3
|
Always place 'nfacct' last
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-18 15:26:34 -07:00 |
|
Tom Eastep
|
8ef11a376b
|
Document 'HELPERS=none'.
- Also make 'check -u' work correctly regarding HELPERS=
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-18 11:30:47 -07:00 |
|
Tom Eastep
|
4d686e873b
|
Implement 'HELPERS=none'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-18 10:30:56 -07:00 |
|
Tom Eastep
|
f55e34dd8b
|
Don't allow options on targets that don't accept them.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-17 17:18:01 -07:00 |
|
Tom Eastep
|
668bd4a1a4
|
Accept complex log levels with INLINE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-17 16:59:14 -07:00 |
|
Tom Eastep
|
5d5f168f25
|
Don't clone rule unconditionally in format_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-17 13:35:32 -07:00 |
|
Tom Eastep
|
938bd72844
|
Better handling of the matches rule member.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-17 10:39:32 -07:00 |
|
Tom Eastep
|
8b91575c9e
|
Maintain order when multiple instances of a match are separated.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-17 06:52:32 -07:00 |
|
Tom Eastep
|
0da38cc38e
|
Order matches in rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-12 11:37:29 -07:00 |
|
Tom Eastep
|
6950cd2576
|
Allow '-' in a match name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-11 18:30:02 -07:00 |
|
Tom Eastep
|
ff4fb21044
|
Require that the '-j' part of a free-form rule be known.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-11 18:29:45 -07:00 |
|
Tom Eastep
|
614c5e6155
|
Assume LOG if a level is specified with INLINE.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-11 14:16:34 -07:00 |
|
Tom Eastep
|
35b0b4a4f9
|
Support A_ACCEPT!
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-11 13:37:49 -07:00 |
|
Tom Eastep
|
c34cf333ba
|
Allow both {...} and ';' with INLINE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-11 12:57:59 -07:00 |
|
Tom Eastep
|
b33bdeaa02
|
Allow a parameter to INLINE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-11 11:54:58 -07:00 |
|
Tom Eastep
|
38f3ae0934
|
Handle 'NONE' policy correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-11 09:35:27 -07:00 |
|
Tom Eastep
|
beec4a188f
|
Implement INLINE action (again).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-11 09:15:59 -07:00 |
|
Tom Eastep
|
f85d548d40
|
Correct handling of MACLIST_DISPOSITION with MACLIST_TABLE=mangle
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-11 06:23:22 -07:00 |
|
Tom Eastep
|
ee2e85c0fb
|
Correct generation of the blacklog chain when disposition is audited
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-10 16:43:38 -07:00 |
|
Tom Eastep
|
186f71fa96
|
Add NEW_TOS_MATCH capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-09 14:04:16 -07:00 |
|
Tom Eastep
|
477e2bc455
|
Additional corrections to INLINE action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-09 09:41:43 -07:00 |
|
Tom Eastep
|
273f109daf
|
Correct handling of MACLIST_DISPOSITION=A_xxx when MACLIST_TABLE=mangle
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-09 09:37:12 -07:00 |
|
Tom Eastep
|
50494f667c
|
Implement INLINE action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-08 17:30:00 -07:00 |
|
Tom Eastep
|
183a0a75a1
|
Implement 'builtin' actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-08 16:14:26 -07:00 |
|
Tom Eastep
|
9e10c38e26
|
Don't emit 'quantum' calculation unless the qdisc is 'htb'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-03 08:39:18 -07:00 |
|
Tom Eastep
|
ee66a45e2e
|
Correct comments in the Chains module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-02 12:52:10 -07:00 |
|
Tom Eastep
|
c200efa6d7
|
Revert "Disable script generation while processing TC"
This reverts commit 5b18ff91ca .
|
2013-04-01 15:23:16 -07:00 |
|
Tom Eastep
|
5b18ff91ca
|
Disable script generation while processing TC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-04-01 09:05:12 -07:00 |
|
Tom Eastep
|
ef5818ce7e
|
Merge branch '4.5.15'
|
2013-03-31 07:08:49 -07:00 |
|
Tom Eastep
|
58ef8e0ec3
|
Correct bounds check in do_dscp()
- "< 0x2f" s/b "< 0x3f"
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-03-31 07:07:21 -07:00 |
|
Tom Eastep
|
8a84c1c371
|
Avoid 'echo' failure during 'enable'.
- in the case where the kernel doesn't know about
/proc/sys/net/ipv6/conf/x/accept_ra
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-03-31 07:02:11 -07:00 |
|
Tom Eastep
|
1db5741edd
|
Merge branch '4.5.15'
Conflicts:
Shorewall/Perl/Shorewall/Proc.pm
|
2013-03-30 18:08:17 -07:00 |
|
Tom Eastep
|
1139e1a09c
|
Establish /proc/sys/net/ipv6/conf/X/forwarding during 'enable'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-03-30 17:26:50 -07:00 |
|
Tom Eastep
|
d415de1883
|
Add the accept_ra Shorewall6 interface option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-03-30 16:44:18 -07:00 |
|
Tom Eastep
|
448d957e48
|
Fix use of names for DSCP.
- From Thibaut Chèze
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-03-30 07:20:10 -07:00 |
|
Tom Eastep
|
8fe7963631
|
Revert another replace->add change.
- Also includes a cosmetic change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-03-27 06:57:49 -07:00 |
|
Tom Eastep
|
6334b09653
|
Add a comment about why the 'id' member of builtin tables is initialized in process_providers()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-03-26 14:30:42 -07:00 |
|
Tom Eastep
|
e572d6ce50
|
Use the 'id' member in copy_and_edit_table().
- Also add prohibit and unreachable to the existing blackhole case.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-03-26 07:38:13 -07:00 |
|
Tom Eastep
|
792a19bf4b
|
Initialize the 'id' member of reserved tables after .conf has been read.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-03-26 07:36:57 -07:00 |
|
Tom Eastep
|
61e21de41b
|
Revert bad hunk from last change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-03-26 07:00:16 -07:00 |
|