holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity
12,394 Commits 104 Branches 736 Tags 54 MiB
7da10ff923
Commit Graph

5681 Commits

Author SHA1 Message Date
Tom Eastep
7da10ff923 Additional change to copy blackhole routes. 
- Add 'blackhole' to the outer case statement
- Add RFC1918 blackhole routes before starting providers.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-03-07 07:01:58 -08:00
Tom Eastep
ace9a49106 Allow addition of blackhole routes. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-03-07 07:01:41 -08:00
Tom Eastep
7f2c933cb3 Copy blackhole routes to secondary tables. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-03-07 07:01:18 -08:00
Tom Eastep
e12bc47546 Remove duplicate interface names in generated case statement. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-03-06 08:28:12 -08:00
Tom Eastep
384c179dd6 Avoid duplicate echo command in generated script. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-03-06 08:28:03 -08:00
Tom Eastep
0857eb27d5 Another case of detecting invalid server IP address. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-03-02 09:08:13 -08:00
Tom Eastep
69f6149d4c Detect missing, NIL or ALL server IP address in a DNAT rule. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-03-02 09:00:08 -08:00
Tom Eastep
5ca3b795fc Correct IPv6 REDIRECT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-03-01 16:44:49 -08:00
Tom Eastep
9499a47a0d Revert "Use '--to-dest' for IPv6 rather than '--to-destination'" 
This reverts commit c9d8c22b60.
 2013-03-01 10:44:40 -08:00
Tom Eastep
c9d8c22b60 Use '--to-dest' for IPv6 rather than '--to-destination' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-03-01 09:03:22 -08:00
Tom Eastep
8960f72532 Handle DNAT with no port correctly. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-03-01 07:58:58 -08:00
Tom Eastep
ee091d09eb Allow ports with UDPLITE 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-28 06:27:51 -08:00
Tom Eastep
22c614d30b Don't allow :persistent in a MASQUERADE rule. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-27 12:48:27 -08:00
Tom Eastep
418034579f Support IPv6 Masquerade 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-27 09:25:26 -08:00
Tom Eastep
78babf0941 Fixes for IPv6 DNAT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-26 10:24:25 -08:00
Tom Eastep
45d53bdb1d Delete superfluous statement. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-25 17:50:33 -08:00
Tom Eastep
fb17de0595 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2013-02-25 17:29:49 -08:00
Tom Eastep
6ed1caedd0 Validate IPv4 port range in ADDRESSES column 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-25 17:29:33 -08:00
Tom Eastep
1d4f189b5f Don't allow interior brackets in an address range. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-25 17:26:17 -08:00
Tom Eastep
7006c62892 Correct port pair handling in the snat ADDRESS column. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-25 15:31:36 -08:00
Tom Eastep
6b825abeb4 Catch ::<port-range> in /etc/shorewall6/snat 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-25 13:41:43 -08:00
Tom Eastep
f2ee46b83e Correct IPv6 address range parsing in handle_one_masq1 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-25 13:37:22 -08:00
Tom Eastep
e873cb28f4 Correctly handle a port number/range with an address variable 
- ADDRESSES column of the masq/snat files.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-25 08:00:15 -08:00
Tom Eastep
de1a5a8024 Handle SNAT 'ADDRESS' without enclosing [...] 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-25 06:42:19 -08:00
Tom Eastep
34c6013f1b Handle missing provider in a masq/snat entry. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-24 08:12:02 -08:00
Tom Eastep
82f9ba8bb7 Correct detection of IPv6 PERSISTENT_SNAT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-23 12:59:38 -08:00
Tom Eastep
6035d49ede Correct NAT capability required error message. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-23 11:57:32 -08:00
Tom Eastep
67ef1f8b93 Correct detection of IPv6 NAT_ENABLED. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-23 11:57:07 -08:00
Tom Eastep
8ed6642387 Modify reload_command() and export_command() to directly call compiler() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-22 16:15:41 -08:00
Tom Eastep
0afcf3c40c Merge branch '4.5.13' 2013-02-22 13:39:42 -08:00
Tom Eastep
64a52356e3 Replace g_directory with g_shorewalldir 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-22 13:37:31 -08:00
Tom Eastep
e14fe242bd Merge branch '4.5.13' 
Conflicts:
	Shorewall/lib.cli-std
 2013-02-20 14:41:30 -08:00
Tom Eastep
d2a221a9cd Correct handling of capbilities file in load/reload. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-20 14:40:23 -08:00
Tom Eastep
01fdfc4375 Merge branch '4.5.13' 2013-02-20 14:34:57 -08:00
Tom Eastep
0f0a66c2ab Correct handling of capbilities file in load/reload. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-20 14:34:32 -08:00
Tom Eastep
849813484c Merge branch '4.5.13' 2013-02-20 09:44:23 -08:00
Tom Eastep
2147a421f0 Correct Protocol in macro.DCC 
- From Orion Poplawski

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-20 09:41:24 -08:00
Tom Eastep
0349a9a88c Rename the IPv6 masq file 'snat'. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-19 13:05:24 -08:00
Tom Eastep
524d6242b0 More SNAT/DNAT manpage updates 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-19 12:42:09 -08:00
Tom Eastep
2591a17946 Cosmetic change to the output with the '-r' option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-19 11:59:57 -08:00
Tom Eastep
b562f7f311 Allow specification of destination addresses in Shorewall6 masq. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-19 08:34:03 -08:00
Tom Eastep
ce28c70c60 SNAT and DNAT support for IPv6. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-19 07:08:08 -08:00
Tom Eastep
d0b2d05d5b Add optional argument to have_capability(). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-18 15:15:26 -08:00
Tom Eastep
010c44d07a Correct description of the 'sourceroute' interface option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-18 11:33:19 -08:00
Tom Eastep
088fc1a3a3 Report used/required capabilities 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-18 08:48:18 -08:00
Tom Eastep
6d92d293b8 Use 'here documents' in the usage() function. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-17 07:44:10 -08:00
Tom Eastep
bb5b6e42d6 Replace death sequences with calls to fatal_error() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-16 07:32:47 -08:00
Tom Eastep
ab5a11e91b Correct IPv6 address checking (again) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-15 14:26:08 -08:00
Tom Eastep
bfc958b94f Remove macros during uninstall. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-15 08:21:58 -08:00
Tom Eastep
acb72e7213 Give address-family specific help text for 'iptrace'. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-15 08:21:51 -08:00