Commit Graph

6337 Commits

Author SHA1 Message Date
Tom Eastep
9947f4d968 Re-enable SECTION PREROUTING in the accounting file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-10 12:53:08 -07:00
Tom Eastep
9e039e30e5 Issue warning message when /etc/iproute2/rt_tables is not writeable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-02 08:11:33 -07:00
Tom Eastep
771e487b02 Merge branch '4.6.3' 2014-09-01 09:10:55 -07:00
Tom Eastep
0b66c475a7 Make <command> replacable in the run synopsis
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 09:10:03 -07:00
Tom Eastep
8727a6f1d8 Correct 'run' command synopsis in the shorewall[6] manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:52:09 -07:00
Tom Eastep
f9a62e1650 Correct builtin example in the actions manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:29:29 -07:00
Tom Eastep
6851744cb7 Implement the 'terminating' action option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:16:42 -07:00
Tom Eastep
f963adccf5 Correct silly typo in Chains.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-31 16:57:24 -07:00
Tom Eastep
48549b35ac Correct inaccuracy in default.debian
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-30 08:25:58 -07:00
Tom Eastep
9001643996 Merge branch 'master' into 4.6.3 2014-08-30 07:18:55 -07:00
Tom Eastep
4bacfced82 Another attempt to fix formatting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 11:59:51 -07:00
Tom Eastep
7c1bbd4dc7 Fix formatting in shorewall[6]-rules(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 11:29:44 -07:00
Tom Eastep
4347190f82 Clarify REJECT handling in IP[6]TABLE rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 09:10:10 -07:00
Tom Eastep
fa8c3b3b6c Correct typo in error messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 08:34:33 -07:00
Tom Eastep
045d5ac048 Correct typo in error messages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 08:34:04 -07:00
Tom Eastep
e4a8cb31ba Clean up the Goto Meeting macro a bit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 08:16:11 -07:00
Tom Eastep
9e6fffc231 Goto-Meeting Macro from Eric Teeter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-23 16:05:38 -07:00
Tom Eastep
3030219740 Tighten the check for DNSAmp
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-21 10:36:44 -07:00
Tom Eastep
602ecad712 Cleaner code in expand_variables()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-20 11:25:49 -07:00
Tom Eastep
6f777098d7 Add 'wildcard' member to the interface table
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-12 06:51:17 -07:00
Tom Eastep
e545329eb9 Modify the preceding fix to work with wildcard interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-12 06:50:59 -07:00
Tom Eastep
aedd9b5a76 Add 'wildcard' member to the interface table
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-11 08:30:44 -07:00
Tom Eastep
427f38109e Some cosmetic cleanup
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-10 07:20:23 -07:00
Tom Eastep
0e1a1a3f44 Modify the preceding fix to work with wildcard interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-08 10:34:29 -07:00
Tom Eastep
b6161b8be7 Merge branch '4.6.2' 2014-08-08 08:30:04 -07:00
Tom Eastep
d3209ca624 Correct handling of a physical name in the provider INTERFACE column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-08 08:15:26 -07:00
Tom Eastep
34ecbb9074 Correct Cygwin64 detection in the Shorewall installer
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-07 07:17:34 -07:00
Tom Eastep
beb70854ef Correct Cygwin64 detection in the Shorewall installer
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-07 06:40:34 -07:00
Tom Eastep
7030fad572 Revert "Install the core components along with Shorewall"
This reverts commit c653a04a43.
2014-08-07 06:36:23 -07:00
Tom Eastep
c653a04a43 Install the core components along with Shorewall
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-06 12:59:12 -07:00
Tom Eastep
5ef5aa8cdb Allow inline matches in an action file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-05 07:34:24 -07:00
Tom Eastep
0ca12bd86f Correct syntax error caused by replacing '%%' with '??'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-03 15:29:58 -07:00
Tom Eastep
a2f1c57246 Add DNSAmp action
- Allow escaping '@' allowing u32 in action body
- Allow inline matches in actions

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-03 15:11:25 -07:00
Tom Eastep
fd42fa9f74 Make 'detect_configuration' work in the 'run' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-01 07:34:40 -07:00
Tom Eastep
e49832f4b5 Run the 'init' script in the 'run' command.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-30 10:25:00 -07:00
Tom Eastep
0bf80c15d8 Detect missing <commmand> in the generated scrip
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-29 11:35:32 -07:00
Tom Eastep
4e9a0b989d Update 'run' help text
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-29 10:46:28 -07:00
Tom Eastep
31e5aeeaea Refine the 'run' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-29 10:30:07 -07:00
Tom Eastep
eb5026d3b7 Merge branch '4.6.2' 2014-07-28 14:47:23 -07:00
Tom Eastep
a799d74901 Correct typo and link in the shorewall-mangle manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-28 08:39:07 -07:00
Tom Eastep
a7b18ca875 Implement 'run' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-28 07:04:56 -07:00
Tom Eastep
ad6c91bcbd Allow optimize level 8 to work with Perl 5.20.0.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-25 21:03:48 -07:00
Tom Eastep
848078873d Update tcfilters manpages to mention BASIC_FILTERS=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-22 07:19:10 -07:00
Tom Eastep
461f7b10ba Detect Arptables JF capability when LOAD_HELPERS_ONLY = No.
- Move detection of Header Match to its proper ordinal.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-20 07:19:02 -07:00
Tom Eastep
2c9eda9cee Add some white space for readability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 18:33:02 -07:00
Tom Eastep
64fc3d2e43 Correct a typo that caused iset couter match to be mis-detected
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 10:27:29 -07:00
Tom Eastep
d0aed87546 Correct IPV6 ipset capabilities checking on 3.14 kernels
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 10:25:46 -07:00
Tom Eastep
56fa6bd78a Revert "Correct ipset detection on later kernels."
This reverts commit b207f64a85.
2014-07-19 10:22:12 -07:00
Tom Eastep
b207f64a85 Correct ipset detection on later kernels.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 08:55:02 -07:00
Tom Eastep
9f381209d5 Detect HEADER_MATCH when LOAD_MODULES_ONLY=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 07:20:28 -07:00
Tom Eastep
29e6bc9379 Merge branch '4.6.2' of ssh://server.shorewall.net/home/teastep/shorewall/code into 4.6.2 2014-07-18 15:15:33 -07:00
Tom Eastep
4b3196b959 Add refmiscinfo to the shorewall-tcrules manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-18 13:49:30 -07:00
Tom Eastep
6771dc54ad Streamline some code from the last commit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-18 12:58:49 -07:00
Tom Eastep
ba69708092 Merge branch '4.6.2' of ssh://server.shorewall.net/home/teastep/shorewall/code into 4.6.2 2014-07-18 08:45:06 -07:00
Tom Eastep
417bd0138e Correct two problems with tcrules processing:
- SAVE and RESTORE didn't work
- '|' and '&' were ignored


Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-18 08:32:22 -07:00
Tom Eastep
a97e2fd3d9 Update manpages regarding 'status -i'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-12 19:37:05 -07:00
Tom Eastep
53dda803e2 More Cygwin64 changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-09 11:28:45 -07:00
Tom Eastep
cc935009ce Correct install problems under Cygwin
- configure.pl doesn't understand CYGWIN return from uname
- shorewall-core install.sh doesn't understand CYGWIN return from uname
- shorewall install.sh generates 'mkdir -p //etc/shorewall' which is
  broken under Cygwin

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-09 10:48:03 -07:00
Tom Eastep
a7856e4dd6 Update another copyright
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-06 15:11:16 -07:00
Tom Eastep
4a4cea46c0 Update copyrights in the Sample files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-06 13:44:34 -07:00
Tom Eastep
2ed523101c Allow specification of the MAC address of a gateway
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-06 09:54:53 -07:00
Tom Eastep
c663a14c4d Correct TIME column handling in IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-04 08:17:19 -07:00
Tom Eastep
8bfff55ed2 Add a TIME column to the mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-04 08:01:14 -07:00
Tom Eastep
b1a6ec7f03 Merge branch '4.6.1' 2014-07-02 21:41:27 -07:00
Tom Eastep
cad8443e01 Allow SAVE/RESTORE rules in the OUTPUT chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-02 12:38:02 -07:00
Tom Eastep
2ad81f1a81 Apply Thibaut Chèze's patch for DSCP names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-02 12:37:50 -07:00
Tom Eastep
166e1a3df9 Allow SAVE/RESTORE rules in the OUTPUT chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-01 06:54:54 -07:00
Tom Eastep
84437ea689 Apply Thibaut Chèze's patch for DSCP names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-01 06:52:58 -07:00
Tuomo Soini
87b5751a49 macro.IPMI: add missing ports from Asus, Supermicro, and Dell documentation
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2014-07-01 13:14:01 +03:00
Tuomo Soini
49aada0f9c macro.ILO: add support for HP Integrated Lights-Out
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2014-07-01 12:25:26 +03:00
Tom Eastep
7fdc398a5e Revert "Revert "Revert "Add a TIME column to the mangle file"""
This reverts commit 1165b2689c.
2014-06-27 08:23:04 -07:00
Tom Eastep
1165b2689c Revert "Revert "Add a TIME column to the mangle file""
This reverts commit 9c7fcd09fd.
2014-06-27 08:14:28 -07:00
Tom Eastep
2701b0a756 Correct number of columns in split_line2() calls.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-25 08:22:09 -07:00
Tom Eastep
9c7fcd09fd Revert "Add a TIME column to the mangle file"
This reverts commit 824b14b714.
2014-06-25 07:33:42 -07:00
Tom Eastep
80c09c4747 Merge branch '4.6.1' 2014-06-25 07:31:36 -07:00
Tom Eastep
824b14b714 Add a TIME column to the mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-25 07:05:12 -07:00
Tom Eastep
122d58b122 Clear inline matches in perl_action_tcp_helper
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-21 07:58:27 -07:00
Tom Eastep
61bb73fd8c Correct handling of matches in action_tcp_helper()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-20 14:28:17 -07:00
Tom Eastep
ff8d354c1c Allow INLINE_MATCHES=Yes and AUTOHELPERS=No to work correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-20 07:01:31 -07:00
Tom Eastep
7b0cf2b665 Add 'show bl' to the usage output
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 15:16:07 -07:00
Tom Eastep
6ad9b95351 Implement 'show bl'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 13:27:25 -07:00
Tom Eastep
ac4bf15606 Implement 'status -i'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 11:07:37 -07:00
Tom Eastep
4e5d24fd9b Currect masq manpages
Describe the SOURCE column as optional

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-16 07:27:05 -07:00
Tom Eastep
2610dd4744 Merge branch 'master' into 4.6.1 2014-06-12 16:39:01 -07:00
Roberto C. Sanchez
b3acb4d30d Fix typo 2014-06-12 18:58:59 -04:00
Tom Eastep
36e31ed839 Correct typo in error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-08 09:40:50 -07:00
Tom Eastep
b55b6a913c Insert the server address list into the error message in DNAT/REDIRECT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-08 09:36:18 -07:00
Tom Eastep
9c9ae04c86 Raise an error when a server list is specified in a DNAT or REDIRECT rule
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-08 08:52:41 -07:00
Tom Eastep
c898129ad6 Correct pi-rho's patch to not deal with the loopback interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-06 13:12:02 -07:00
Tom Eastep
7adc16ace9 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2014-06-06 12:45:36 -07:00
Tuomo Soini
7b38bc9558 remove optional SSH and WS-MAN from IPMI macro and only document
vendors which are tested to work

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2014-06-06 22:15:37 +03:00
Tom Eastep
2cd5c41ec0 Clean up white space in pi-rho's patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-06 10:44:33 -07:00
Tom Eastep
bea5434de6 Merge branch '4.5.21' 2014-06-06 10:05:02 -07:00
Tom Eastep
8657dd97f7 Apply pi-rho's patch for rpfilter.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-06 10:04:42 -07:00
Tom Eastep
ef038d5eab Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2014-06-04 15:21:05 -07:00
Tuomo Soini
b6ea20e7df Added macro IPMI for Remote Console Protocl (RMCP)
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2014-06-02 23:48:30 +03:00
Tom Eastep
6632afaf6a Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2014-06-02 12:21:18 -07:00
Tuomo Soini
0f55863076 Add new macros for AMQP, MongoDB, Redis, and Sieve
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2014-06-02 21:24:09 +03:00
Tom Eastep
954cddc37a Enable 1:1 NAT in IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-25 12:50:00 -07:00
Tom Eastep
24721e01b6 Document nat vs. subzone restriction.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-25 10:07:07 -07:00
Tom Eastep
5a22b14947 Enable 1:1 NAT in IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-25 08:57:01 -07:00
Tom Eastep
89c5d5080b A couple more tweaks to the masq manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-22 11:14:46 -07:00
Tom Eastep
66b3d9aeb5 Correct the heading of the SOURCE masq column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-22 09:07:00 -07:00
Tom Eastep
966926fac5 RHE7 support -- first cut
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-19 15:15:52 -07:00
Tom Eastep
dcc2fb27c5 Apply Tuomo Soini's whitespace patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-19 14:18:48 -07:00
Tom Eastep
6d3b1d80d4 Make 'update -A' convert the tcrules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-16 14:46:15 -07:00
Tom Eastep
d5e83a5295 Delete extra blank line from the IPv4 mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-16 12:11:11 -07:00
Tom Eastep
7835feb45e Apply Simon Mater's cosmetic fix to the 'mangle' files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-16 07:31:44 -07:00
Tom Eastep
c6565f051e Clean up checking for chain designators with SOURCE $FW.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-16 07:18:35 -07:00
Tom Eastep
c9b6d4a670 Correct CHECKSUM handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-16 07:18:06 -07:00
Tom Eastep
00d3a94bfd Make all actions FORMAT-2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-09 09:01:29 -07:00
Tom Eastep
d15956feea Deprecate FORMAT-1 actions and macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-08 14:30:33 -07:00
Tom Eastep
f717d097d7 Apply Tuomo Soini's Macro format patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-07 12:19:24 -07:00
Tom Eastep
670c33d20b Update install files to secure the .service files as 644 rather than 600.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-01 11:43:59 -07:00
Tom Eastep
bcbb48d16e Update install files to secure the .service files as 644 rather than 600.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-01 11:43:00 -07:00
Tom Eastep
2b43c28e98 Add tabs to mangle files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-20 07:56:43 -07:00
Tom Eastep
ba3a7d0621 Do not deprecate USE_DEFAULT_RT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-19 07:53:18 -07:00
Tom Eastep
15507aa265 Update sample rules files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-19 07:48:42 -07:00
Tom Eastep
4d4e8b3df4 Do nothing when a rules file section is empty.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-18 14:13:34 -07:00
Tom Eastep
240d3d8cab Improve interface option inheritence
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-18 13:36:06 -07:00
Tom Eastep
acda5482c4 If USE_DEFAULT_RT isn't specified, make it 'No'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-18 13:22:58 -07:00
Tom Eastep
e731ea1ca8 Revert "Always inherit interface options"
This reverts commit 65cde3475f.
2014-04-15 11:54:58 -07:00
Tom Eastep
65cde3475f Always inherit interface options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-15 11:37:51 -07:00
Tom Eastep
b3cd9ab15a Default to LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-12 11:05:28 -07:00
Tom Eastep
fdc391cf49 Change all *.conf files to reflect ZONE2ZONE=-
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-11 20:44:15 -07:00
Tom Eastep
58700b2301 Correct the behavior of rpfilter when FASTACCEPT=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-31 07:29:29 -07:00
Tom Eastep
a9ac9c274e Correct the behavior of rpfilter when FASTACCEPT=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-31 07:28:30 -07:00
Tom Eastep
72869adcd6 Correct missing comment in trace entry.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-28 08:55:55 -07:00
Tom Eastep
0c8365001d Avoid spurious comments on jumps to section chains.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-28 08:55:48 -07:00
Tom Eastep
6274f8444f Correct missing comment in trace entry.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-28 08:55:23 -07:00
Tom Eastep
05816e94ee Avoid spurious comments on jumps to section chains.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-28 08:55:00 -07:00
Tom Eastep
0561b10adb Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2014-03-22 08:58:20 -07:00
Tom Eastep
db1b25b4d7 Restore small mark verification.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-22 08:38:57 -07:00
Tom Eastep
4de651ff55 Add a comment line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-19 10:38:41 -07:00
Tom Eastep
5981ce59e3 Include -t <table> in debug_restore_input() error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-19 10:25:37 -07:00
Tom Eastep
54a5e4af52 A couple of minor tweaks to the Chains module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-19 10:24:30 -07:00
Tom Eastep
4bd8d9791c Include -t <table> in debug_restore_input() error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-18 07:28:14 -07:00
Tom Eastep
eb70234c52 Correct some typos in the .conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-12 14:50:15 -07:00
Tom Eastep
39b7527cb6 Include rule priority in delete of generated address route rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-10 08:25:59 -07:00
Tom Eastep
08d29edf1a Include rule priority in delete of generated address route rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-10 08:24:38 -07:00
Tom Eastep
20b10582b4 Moew deprecation of USE_DEFAULT_RT=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-10 08:24:12 -07:00
Tom Eastep
093ff580b5 Deprecate USE_DEFAULT_RT=No.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-09 07:48:05 -07:00
Tom Eastep
cea237620a Change USE_DEFAULT_RT default to 'Yes'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-09 07:42:22 -07:00
Tom Eastep
c9d7370fb4 Merge branch '4.5.21'
Conflicts:
	Shorewall/manpages/shorewall.conf.xml
	Shorewall6/manpages/shorewall6.conf.xml

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-05 09:00:34 -08:00
Tom Eastep
8b4d8bfa16 Finish ADMINISABSENDMINDED change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-05 08:57:03 -08:00
Tom Eastep
caa72fb7d2 Correct routestopped files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-02 10:39:12 -08:00
Tom Eastep
4eadec234a Revert "Correct the behavior of ADMINISABSENTMINDED"
This reverts commit ded747a51a.
2014-03-02 08:25:05 -08:00
Tom Eastep
2b489993ca Revert "Correct the behavior of ADMINISABSENTMINDED"
This reverts commit df09e0ccc5.
2014-03-02 08:23:23 -08:00
Tom Eastep
ded747a51a Correct the behavior of ADMINISABSENTMINDED
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-28 10:14:33 -08:00
Tom Eastep
df09e0ccc5 Correct the behavior of ADMINISABSENTMINDED
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-28 10:14:08 -08:00
Tom Eastep
454e53bcfa Reformat preceding patch and correct syntax errors.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-25 13:21:23 -08:00
Tom Eastep
66fdc9f6a7 Call directive_callback for directives without '?'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-25 12:48:25 -08:00
Tom Eastep
c74235a200 Correct typos
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-17 14:17:49 -08:00
Tom Eastep
1759fc75b0 Correctly handle alternate specification with ';' in 'update -t'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-17 14:10:17 -08:00
Tom Eastep
3e87efc82b Document -t option
- Also copy compiler directives to the mangle file.
2014-02-17 12:50:59 -08:00
Tom Eastep
a011ad8efe Add raw matches to the converted mangle file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-16 09:59:13 -08:00
Tom Eastep
0e40a42729 Allow SAVE and RESTORE in the postrouting chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-16 09:50:43 -08:00
Tom Eastep
69fe94ef08 Document the -t option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-16 09:25:58 -08:00
Tom Eastep
669d15e2cf Implement the -t update option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-15 09:36:13 -08:00
Tom Eastep
708d58da21 Revert "Replace SECTION with ?SECTION in the rules file."
This reverts commit 34207fef1a.
2014-02-13 08:23:34 -08:00
Tom Eastep
34207fef1a Replace SECTION with ?SECTION in the rules file. 2014-02-12 13:25:36 -08:00
Tom Eastep
2dbcd36a9c Implement BASIC_FILTERS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 16:34:03 -08:00
Tom Eastep
0383ca7de6 Correct semantics of ipset lists in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 12:27:46 -08:00
Tom Eastep
7ddc65133e Support ipset lists in the tcfilters file.
- Also document the fact that ipset match options are not available in
  the tcfilters file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 12:16:35 -08:00
Tom Eastep
1d4a87a0d0 Excape an opening parehthesis.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 12:15:35 -08:00
Tom Eastep
3b3608ad65 Correct ICMP handling in basic filters.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 07:16:41 -08:00
Tom Eastep
081a387f1d Fix some bugs in basic filter generation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-03 14:59:27 -08:00
Tom Eastep
fbb03248c4 Correct 'dump' help text
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-02 13:01:42 -08:00
Tom Eastep
033a1a0367 Correct 'dump' help text
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-02 13:00:41 -08:00
Tom Eastep
c08655e0bc Document ipset use in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-01 09:40:39 -08:00
Tom Eastep
50fb8e3f2f Use HEX representation for matching IPv6 addresses in basic filters.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-31 12:49:47 -08:00
Tom Eastep
f029f5b483 Correct handling of logging of a non-terminating target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-29 08:22:31 -08:00
Tom Eastep
86f667afd4 Correct handling of logging of a non-terminating target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-29 08:19:53 -08:00
Tom Eastep
8a63053c13 Correct defects found in unit testing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-21 20:19:56 -08:00
Tom Eastep
62557cb98e Correct defects found during testing of ematch.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-21 12:53:33 -08:00
Tom Eastep
9c4089fc99 Initial basic filter implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-20 18:40:40 -08:00
Tom Eastep
44e0d48fc5 Add <refmiscinfo>...</refmiscinfo> to remaining manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-16 08:32:57 -08:00
Tom Eastep
5a649dc205 Add <refmiscinfo>...</refmiscinfo>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-16 07:44:23 -08:00
Tom Eastep
89fd5ced15 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2014-01-12 14:05:48 -08:00
Roberto C. Sanchez
b1a490b50a Cleanup links in manpages so that hrefs in generated HTML don't take the user to a different server 2014-01-12 16:40:03 -05:00
Tom Eastep
a35b7821bf Correct stoppedrules manpages re DROP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:30:09 -08:00
Tom Eastep
fd28a12653 Allow DROP in the stoppedrules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:19:49 -08:00
Tom Eastep
7e6fc3229d Correct handling of default chain when a mark range is specified.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:15:51 -08:00
Tom Eastep
42dd8dfee9 Change license to GPLv2+ and update copyrights
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-04 09:48:27 -08:00
Tom Eastep
5a7e458104 Backout ematch stuff for now
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-03 12:01:56 -08:00
Tom Eastep
7e1a310929 Implement ipset matches in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-03 09:35:34 -08:00
Tom Eastep
78ecf9bdc8 Finish up ipset extensions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-03 09:23:14 -08:00
Tom Eastep
1771bb75cf Finish ipset match option implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-02 14:43:55 -08:00
Tom Eastep
b4847d6a01 New IPSET MATCH extensions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-02 09:36:35 -08:00
Tom Eastep
48ceed9ecb Make tcpflags the default.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 15:10:38 -08:00
Tom Eastep
1083dd8c26 Allow ?COMMENT in the mangle file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 08:02:17 -08:00
Tom Eastep
5e7cd855c2 Correct typo in Tc.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:53:38 -08:00
Tom Eastep
623bdd2ff1 Manpage corrections.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:41:28 -08:00
Tom Eastep
b61ee2d75e Manpage updates for IP[6]TABLES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:18:54 -08:00
Tom Eastep
2c2aaf262c Add IP[6]TABLES support for the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:18:36 -08:00
Tom Eastep
6c990a7253 Logically OR builtin definitions from the actions file if the builtin exists
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:18:00 -08:00
Tom Eastep
f7bbac6ea8 Make tcrules/mangle similar to notrack/conntrack.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:15:56 -08:00
Tom Eastep
4c1b83beef Tweaks to the Tc.pm module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-31 11:42:38 -08:00
Tom Eastep
ac6a506e35 Allow logging from the RAW table
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-31 11:04:43 -08:00
Tom Eastep
11e61ec6e5 Add chain information to the builtin_target table.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-31 08:22:58 -08:00