Commit Graph

3775 Commits

Author SHA1 Message Date
Tom Eastep
7e984af094
Some cleanup of policy actions
- Allow '+' in policy file action list

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-07 13:19:53 -08:00
Tom Eastep
dab9e1d7c4
Assume no default actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 14:45:43 -08:00
Tom Eastep
b9471a2499
Correct parsing of the POLICY column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 14:15:24 -08:00
Tom Eastep
b2553fb008
Another change to allow builtin actions as default actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 13:25:10 -08:00
Tom Eastep
92133e5a6b
Default-action lists
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 10:11:48 -08:00
Tom Eastep
686ca9d3a3
Allow builtin actions in xxx_DEFAULT settings.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-05 15:21:57 -08:00
Tom Eastep
70a395892f
Make BLACKLIST work correctly in the blrules file
- Add the 'section' action option

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-23 15:03:02 -08:00
Tom Eastep
2bbb5c8c1e
Add hack to distinguish between the BLACKLIST macro and action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-23 09:23:26 -08:00
Tom Eastep
33b4ee4d31
Don't quote variable values in ERROR/WARNING/INFO directives
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-23 09:00:18 -08:00
Tom Eastep
71dd5d016b
Add ?REQUIRE compiler directive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-22 14:48:18 -08:00
Tom Eastep
9c3a82f628
Add BLACKLIST action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-19 14:08:15 -08:00
Tom Eastep
e6933f4c8d
Add BLACKLIST policy
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-18 10:55:15 -08:00
Tom Eastep
cc3b8793e0
Make BALANCE_PROVIDERS default the setting of USE_DEFAULT_RT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-17 15:02:16 -08:00
Tom Eastep
ac5fd195ec
Correct provider/routefilter check wrt optional interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-17 09:34:13 -08:00
Tom Eastep
45b9ddf188
Add BALANCE_PROVIDERS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-17 08:58:09 -08:00
Tom Eastep
2d16fac9ed
Revert "Implement USE_DEFAULT_RT=Exact"
This reverts commit 2ca1ae734a.
2017-01-17 08:25:33 -08:00
Tom Eastep
f23970b4f7
Include LOG_MARTIANS in test for setting log_martians with routefilter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-14 13:03:24 -08:00
Tom Eastep
04112647d3
Correct provider/routefilter checking
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-14 12:40:39 -08:00
Tom Eastep
2ca1ae734a
Implement USE_DEFAULT_RT=Exact
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-14 08:14:08 -08:00
Tom Eastep
64c249a174
Set logmartians along with routefilter.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-11 15:53:55 -08:00
Tom Eastep
0019ca53e5
Include ROUTE_FILTER in routefilter/provider checks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-11 15:39:13 -08:00
Tom Eastep
0d2a5089a9
Merge branch '5.1.0' 2017-01-11 12:29:57 -08:00
Tom Eastep
50d09e76cb
Catch 'routefilter' with provider interfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-11 11:47:10 -08:00
Tom Eastep
568f461763
Propogate PAGER to -lite systems
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-11 11:18:57 -08:00
Tom Eastep
cb150f9c09
Allow compact IPv6 addresses in IP6TABLES() rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-07 10:01:03 -08:00
Tom Eastep
19ce2093d8
Correct splitting of IP(6)TABLES options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-07 10:00:37 -08:00
Tom Eastep
b8c322a05f
Ignore SUBSYSLOCK when $SERVICEDIR is non-empty
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-06 15:50:26 -08:00
Tom Eastep
f68d3fd9fa
Revert "Remove SUBSYSLOCK"
This reverts commit 386b137e9b.
2017-01-06 09:49:40 -08:00
Tom Eastep
386b137e9b
Remove SUBSYSLOCK
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-05 10:03:03 -08:00
Tom Eastep
638c7c5bca
Implement NETMAP_TARGET capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-27 08:26:51 -08:00
Tom Eastep
c4bbb46e3f
Eliminate rawpost table support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-26 14:20:08 -08:00
Tom Eastep
541291b729
Add do_condition() call in process_mangle_rule1()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-21 08:46:16 -08:00
Tom Eastep
9dcac6012b
Remove redundent test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-20 14:41:29 -08:00
Tom Eastep
4af278338f
Correct intra-zone handling in policies
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-19 09:11:41 -08:00
Tom Eastep
a9583aaf3a
Correct merge compatibility change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-18 19:00:37 -08:00
Tom Eastep
c2c2dc0b22
Exercise care when merging rules including -m multiport
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-18 18:39:19 -08:00
Tom Eastep
095c9212f4
Fatal error for empty action file
- Issue error if a file with the name of the action exists on the
  CONFIG_PATH

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-12 16:31:46 -08:00
Tom Eastep
eea9882953
Implement CPU Fanout for NFQUEUE.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-09 10:46:39 -08:00
Tom Eastep
cc937ffaba
NFQUEUE should be non-terminating
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-09 09:49:23 -08:00
Tom Eastep
5ea3334a66
Support a richer SOURCE and DEST syntax
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-09 09:43:10 -08:00
Tom Eastep
53adfbe863
Normalize parameters by removing trailing omitted args
- Avoids needless duplicate action chains
2016-12-03 11:34:02 -08:00
Tom Eastep
4a0a906510
Correct progress message in optimize_level4()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-03 08:28:14 -08:00
Tom Eastep
7ceb0228e9
Merge branch 'master' into 5.1.0 2016-12-02 15:27:16 -08:00
Tom Eastep
f537e3e15c
Fix optimization bug in merge_rules()
- Reset the simple member if a unique option is merged

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-02 14:47:03 -08:00
Tom Eastep
5ae062317f
Merge branch 'master' into 5.1.0 2016-12-01 19:35:14 -08:00
Tom Eastep
a1981823f4
Correct typo (syntax error!)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-01 15:21:25 -08:00
Tom Eastep
77e83f0afd
Eliminate the CHAIN_SCRIPTS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-29 16:33:23 -08:00
Tom Eastep
a45fe692cc
Add a SWITCH column to the mangle files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-29 16:13:44 -08:00
Tom Eastep
799b17210c
Enhanced syntax for SOURCE and DEST columns in the rules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-25 15:10:14 -08:00
Tom Eastep
963dea54c5
Modify update defaults for LOGPREFIX and LOGLIMIT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-23 14:30:07 -08:00