teastep
82e50a632f
Fix errors and omissions in shorewall.spec
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2410 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-26 14:02:50 +00:00
teastep
b66929a65e
Large merge of function from EXPERIMENTAL to HEAD.
...
1) Elimination of the "shorewall monitor" command.
2) The /etc/shorewall/ipsec and /etc/shorewall/zones file are combined into
a single /etc/shorewall/zones file. This is done in an upwardly-compatible
way so that current users can continue to use their existing files.
3) Support has been added for the arp_ignore interface option.
4) DROPINVALID has been removed from shorewall.conf. Behavior is as if
DROPINVALID=No was specified.
5) The 'nobogons' option and BOGON_LOG_LEVEL are removed.
6) Error and warning messages have been made easier to spot by using
capitalization (e.g., ERROR: and WARNING:).
7) The /etc/shorewall/policy file now contains a new connection policy and a
policy for ESTABLISHED packets. Useful for users of snort-inline who want to
pass all packets to the QUEUE target.
8) A new 'critical' option has been added to /etc/shorewall/routestopped.
Shorewall insures communication between the firewall and 'critical' hosts
throughout start, restart, stop and clear. Useful for diskless firewall's
with NFS-mounted file systems, LDAP servers, Crossbow, etc.
9) Macros. Macros are very similar to actions but are easier to use, allow
parameter substitution and are more efficient. Almost all of the standard
actions have been converted to macros in the EXPERIMENTAL branch.
10) The default value of ADD_IP_ALIASES in shorewall.conf is changed to No.
11) If you have 'make' installed on your firewall, then when you use
the '-f' option to 'shorewall start' (as happens when you reboot),
if your /etc/shorewall/ directory contains files that were modified
after Shorewall was last restarted then Shorewall is started using
the config files rather than using the saved configuration.
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2409 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-25 23:08:09 +00:00
teastep
0d56188e7a
Add warning about function use in the 'started' extension script
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2404 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-24 23:44:19 +00:00
teastep
89eaf99906
Pretty up the output of 'show actions'
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2403 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-24 16:49:02 +00:00
teastep
aaecd53a29
Add 'shorewall show actions command'
...
Make it possible for the 'stopped' extension script to save commands in
the 'restore-tail' file by calling 'run_and_save_command' and
'save_command'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2401 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-24 16:27:21 +00:00
paulgear
d8a471e7b9
Cleaned up additional rules from Debian package. Got rid of versions
...
and paths in the header comments, since they're just as likely to be
wrong as not. Changed all service names to port numbers. eDonkey is a
big one - i wonder whether it isn't too variable for us to consider
providing a default rule.
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2395 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-23 03:09:06 +00:00
paulgear
b6649720cb
Adding extra actions provided by Debian package
...
Do not use yet - these need cleaning
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2394 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-22 23:04:36 +00:00
paulgear
cf1e462278
Adding fixed version of recent patches by Cristian & Tom
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2393 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-22 22:43:08 +00:00
teastep
f3ea3c7edb
Avoid annoying 'ipset:not found' message
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2392 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-22 22:24:28 +00:00
teastep
fbabd7d6ef
Obviate the need for 'loose'
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2389 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-21 19:48:33 +00:00
teastep
9e6161cf9d
Announce Shorewall 2.4.2
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2386 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-21 16:23:08 +00:00
paulgear
d7f9a22d77
How long have these names been hanging around? :-)
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2381 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-20 03:36:31 +00:00
teastep
8e93d3b6ec
Some documentation updates
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2380 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-20 03:18:23 +00:00
teastep
ca8e5631d3
Make \!<address> work in the SUBNET column of the masq file
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2374 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-20 01:10:28 +00:00
teastep
b0e6e3a893
Given the large number of people shooting themselves in the foot with
...
poorly-written one-to-one NAT rules, I'm changing the shorewall.conf
file to set ADD_IP_ALIASES=No in shorewall.conf. Hopefully, this will
reduce the amount of whining about routing table modification during
"shorewall [re]start".
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2372 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-19 18:41:05 +00:00
teastep
687704eff2
Add 'loose' provider option; add COPY column to providers file
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2370 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 22:40:26 +00:00
judas_iscariote
a6e682a872
add Arch Linux package...thanks JMCg..
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2369 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 21:10:21 +00:00
paulgear
c4bfded36e
Hmmm... Looks like i broke the main web site with that - need to be even more specific
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2368 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 10:31:18 +00:00
paulgear
a21550d18f
This makes publish work in a group-writable environment (now that we
...
have multiple people maintaining things). I hope you weren't depending
on the output from this script! If you were, feel free to revert it or
hack it further.
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2367 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 10:07:49 +00:00
paulgear
3b6aff596f
Make the script work outside of shorewall.net
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2366 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 09:54:30 +00:00
paulgear
fdf37a9d09
Fix another typo in my security announcement.
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2365 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 09:50:18 +00:00
teastep
3b6961aced
Correct link in MACLIST vulnerability notice
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2364 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 03:28:25 +00:00
paulgear
09aafa7575
Announcement about MACLIST security vulnerability
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2363 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 03:14:27 +00:00
teastep
1b01026e2d
Fix for 2.0 MACLIST_DISPOSITION vulnerability
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2362 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 02:25:58 +00:00
teastep
318e204358
Re-implement MACLIST_TTL
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2358 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 22:08:15 +00:00
teastep
c6e3e84352
Disable MACLIST_TTL
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2356 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 16:52:21 +00:00
paulgear
7c0e2c8f77
More disabling until i can get a clean build
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2355 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 11:37:05 +00:00
paulgear
5c01c1e6cd
Disabling the Debian-specific stuff until i can get a clean build
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2354 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 06:25:21 +00:00
teastep
b9c0bb72d1
Add link to 'Tom's Involvement' email
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2353 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-16 15:13:42 +00:00
paulgear
9348d90b3e
Correct lintian errors:
...
E: shorewall: no-template-description shorewall/upgrade_to_14
E: shorewall: unknown-field-in-templates _description
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2352 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-16 12:25:14 +00:00
paulgear
44e97f75bb
That did not work
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2351 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-16 12:18:32 +00:00
paulgear
794c7919a0
Disabled until i get the autobuild worked out
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2350 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-16 12:17:10 +00:00
paulgear
7ac72d4bb3
Slightly modified versions of Lorenzo's Debian control files for autobuild from CVS
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2349 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-16 11:36:42 +00:00
teastep
1b5ac5c7d3
Make /sbin/shorewall issue a warning whenever startup is disabled
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2348 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-15 20:50:01 +00:00
teastep
57b23fc2ba
Update hosts file comments to describe use of ipsets
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2340 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-14 16:31:55 +00:00
teastep
3492acc2e1
Correct a couple of typos in the News article on 2.4.1
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2339 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-14 13:55:55 +00:00
teastep
b25b90455a
Shorewall 2.4.1 update to web site
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2338 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-14 13:48:59 +00:00
paulgear
7d89d6e17e
Spelling correction
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2332 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-13 20:27:32 +00:00
teastep
379b58f628
A better patch to avoid blocking DHCP broadcasts during MAC verification
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2330 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-13 15:26:51 +00:00
teastep
ef9d22b647
Avoid blocking DHCP broadcasts during MAC verification
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2327 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-13 14:29:52 +00:00
teastep
d050552a36
Make TCPFLAGS_LOG_LEVEL=ULOG work with iptables-1.3.2.
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2322 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-12 00:42:08 +00:00
teastep
3c990eca5f
Warn that /etc/shorewall/routes may be removed in a future release
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2321 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-11 22:00:08 +00:00
teastep
a7ef153f4e
Update 'makeshorewall' so that it uses the EXPERIMENTAL branch when the
...
release name ends in 'ex'.
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2319 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-11 14:27:09 +00:00
teastep
7d924c3b82
A couple of little buglets. 1) detect duplicate tracked interface in providers file; 2) don't permit destination interface in PREROUTING marking rule
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2315 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 23:23:45 +00:00
teastep
d11dc2b58a
Apply Cristian's patch for default route after reboot
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2305 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 20:12:49 +00:00
paulgear
750b7c7192
Correct version number in tag
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2293 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 08:20:25 +00:00
paulgear
5a62cce275
Change build script to reflect new CVS structure
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2292 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 08:07:40 +00:00
paulgear
13c7bcb6d8
Making sure bogons is still up-to-date. The blank lines make it easier
...
to drop in contrib/iana_reserved/bogons.body.
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2288 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 06:57:12 +00:00
paulgear
92b3ee102f
Add appropriate README.txt to all branches
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2272 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 06:46:44 +00:00
paulgear
c08eb4056e
Obsoleting Shorewall2/ tree
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2270 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 06:14:45 +00:00