Tom Eastep
81f92546d8
Merge branch '4.5.8'
2012-09-29 08:08:00 -07:00
Tom Eastep
91e2c31a58
Correct handling of new ipv6 net syntax in the hosts file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-27 14:51:28 -07:00
Tom Eastep
9c893a0e21
Restore the original calling sequences of validate_[46]net()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-27 07:22:40 -07:00
Tom Eastep
ffcf262de4
Ensure that the 1:1 NAT chain jumps always come last in PREROUTING.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-26 15:46:52 -07:00
Tom Eastep
bac0f36818
Yet another fix for TTL/HL
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 16:23:15 -07:00
Tom Eastep
b451e10dd8
More fixes for HL and TTL
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 14:25:31 -07:00
Tom Eastep
6d0142525c
Merge branch '4.5.8'
2012-09-24 08:44:07 -07:00
Tom Eastep
cf130a7e16
Correct handling of {+-}0 in the TTL and HL tcrule actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-24 07:14:44 -07:00
Tom Eastep
70c76f577c
Permit "[<ipv6 address>]/vlsm" in addition to "[<ipv6 address>/vlsm]"
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-23 12:16:17 -07:00
Tom Eastep
607c93125c
Don't unconditionally detect helpers when LOAD_HELPERS_ONLY=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
Conflicts:
docs/Internals.xml
2012-09-23 06:55:00 -07:00
Tom Eastep
32f89fa24b
Don't unconditionally detect helpers when LOAD_HELPERS_ONLY=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-22 09:27:13 -07:00
Tom Eastep
4aeebb0b15
Merge branch '4.5.8'
2012-09-19 10:07:31 -07:00
Tom Eastep
e14f5e5199
Swicth from postincrement to preincrement when bumping 'filterpri'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-17 10:46:31 -07:00
Tom Eastep
483374d356
Continue development of the Internals document
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-17 07:52:18 -07:00
Tom Eastep
fc361afbc3
Disallow ':' as the only contents of the USER/GROUP column
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-16 16:25:41 -07:00
Tom Eastep
124dafbf52
Delete IPAddrs dependency from Compiler.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-16 15:48:06 -07:00
Tom Eastep
78f3255bf0
Correct getparams.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-16 09:06:32 -07:00
Tom Eastep
adc983bccb
Issue progress messages to display the priority of Shorewall-generated filters
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-15 07:25:16 -07:00
Tom Eastep
e0f85edab3
Assign sequential priorities to filters
...
- Also remove a redundant 0x prefix from a table number.
Signed-off-by: Tom Eastep <teastep@shorewall.net
2012-09-13 09:30:11 -07:00
Tom Eastep
14073e8943
Change TOS priority offset from 10 to 15
...
- Make it distinct from tcp-ack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 08:25:05 -07:00
Tom Eastep
75953a87cb
Optional priority on hfsc classes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 13:39:54 -07:00
Tom Eastep
a223245c01
Don't create classic blacklist chains if no blacklist file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 07:30:34 -07:00
Tom Eastep
89289f95ba
Allow specification of priority for Shorewall-generated tc filters.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 07:22:07 -07:00
Tom Eastep
f6e3107c00
Redefine tc filter priorities
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 10:03:16 -07:00
Tom Eastep
b4098ff5dd
Appease the Fedora 17 version of emacs.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 10:02:47 -07:00
Tom Eastep
9d6e0fd9ed
Add a PRIORITY column to the tcfilters file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 14:48:32 -07:00
Tom Eastep
0e1e38b035
Adjust VARDIR/VARLIB for old shorewallrc files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 13:12:32 -07:00
Tom Eastep
d7354aca14
Add a warning regarding the blacklist option being deprecated.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-05 07:19:48 -07:00
Tom Eastep
ebc4ad2f1e
Add warning message when an OUTPUT stopped rule is ignored due to ADMINISABSENTMINDED
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-05 07:16:40 -07:00
Tom Eastep
6614239b32
Allow multiple USER/GROUPs in a rule.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 17:03:26 -07:00
Tom Eastep
3993abad4e
Revert routestopped changes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 17:03:02 -07:00
Tom Eastep
eb854f1dbe
Only process routestopped when stoppedrules does not exist or is empty
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 08:46:04 -07:00
Tom Eastep
4260e5f6ba
Correctly handle the product name in export shorewallrc.
...
- Also re-arranged the processing of the shorewallrc file to eliminate
the kludgy shuffling of hashes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 06:59:16 -07:00
Tom Eastep
bdd66e68c9
Have separate hashes for the two shorewallrc files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 20:09:20 -07:00
Tom Eastep
55e3b11a28
Pass both shorewallrc files to the compiler from lib.cli-std
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 15:07:50 -07:00
Tom Eastep
5b953cc1dd
Handle different layouts on the admin system and remote firewall(s)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 09:50:07 -07:00
Tom Eastep
8e5bd3637d
Implement stoppedrules file (less manpages)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 08:44:03 -07:00
Tom Eastep
7279553be4
Revert "Add GROUP zones"
...
This reverts commit 4f2a4c0c6c
.
2012-09-02 11:08:38 -07:00
Tom Eastep
a6740c6c53
Revert "Assign marks to according to GROUP zones"
...
This reverts commit 3fbfafb6e3
.
2012-09-02 11:06:28 -07:00
Tom Eastep
3fbfafb6e3
Assign marks to according to GROUP zones
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 18:13:49 -07:00
Tom Eastep
353915fc8b
Allow ipsets in the routestopped file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 10:52:37 -07:00
Tom Eastep
e2c7284529
Correct handling of 'source' with ADMINISABSENTMINDED=No
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 08:26:31 -07:00
Tom Eastep
4f2a4c0c6c
Add GROUP zones
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-31 17:37:01 -07:00
Tom Eastep
deea614677
Placate the latest Emacs WRT qw/.../
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-31 17:36:38 -07:00
Tom Eastep
9b05146a85
New documents (WIP)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-30 10:06:58 -07:00
Tom Eastep
09a6f8bc16
Revert non-fatal error implementation
...
- In the end, I didn't like the way this worked.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-29 11:35:11 -07:00
Tom Eastep
303dc65d13
Merge branch '4.5.7'
2012-08-28 11:46:04 -07:00
Tom Eastep
d838cf41bf
Allow TTL and HL in the PREROUTING chain.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-28 11:45:32 -07:00
Tom Eastep
84e24325de
Merge branch '4.5.7'
2012-08-27 07:30:21 -07:00
Tom Eastep
3aca90811c
Clear the current comment at the end of the blrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-27 07:29:47 -07:00