Commit Graph

1600 Commits

Author SHA1 Message Date
Tom Eastep
b015bc3c0d Fix exclusion in IPv6 hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 17:27:56 -07:00
Tom Eastep
f73b98668d Fix ipsets in IPv6 hosts file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 16:16:28 -07:00
Tom Eastep
3991b44de0 Another IPv6 ipset issue (z:!+set in the DEST column)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 15:36:07 -07:00
Tom Eastep
eebe693c3a Correct Accounting module version
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 07:07:52 -07:00
Tom Eastep
b1a883ecaf Tighten up source and dest checking in expand_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 06:50:23 -07:00
Tom Eastep
14206dde87 Correct change that tightened editing of IPv6 addresses
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 18:34:01 -07:00
Tom Eastep
cf9a8d51aa Another fix for IPv6 and IPSETs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 16:32:03 -07:00
Tom Eastep
0e81d6c90c Correct handling of <interface>:+<ipset> in Shorewall6.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 15:55:58 -07:00
Tom Eastep
b90f6e38bc Correct TPROXY/IPv6 address fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-07 18:11:54 -07:00
Tom Eastep
6154959d97 Allow IPv6 Address as the third argument to TPROXY
- also update the manpages to describe TPROXY

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-07 06:33:13 -07:00
Tom Eastep
6ab1cc4fac Version to 4.4.21
Also update the release notes to mention that the ipset modules are now
loaded by Shorewall6.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-06 10:59:00 -07:00
Tom Eastep
c1b64e0ddd Version to RC 3
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-04 07:17:59 -07:00
Tom Eastep
f05b72327e Corrections to dropBcast/allowBcast
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 15:54:24 -07:00
Tom Eastep
79653e942f Version to RC 1 -- again
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 12:25:22 -07:00
Tom Eastep
5287e85eb4 Correct handling of IPv6 dropped/accepted broadcast packets
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 09:36:04 -07:00
Tom Eastep
584040b413 Bump Version to RC 2 2011-07-03 09:04:35 -07:00
Tom Eastep
9691a8ceb3 Don't collapse '-' and '--' in @actparms
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 08:47:53 -07:00
Tom Eastep
d31e2d67ba DEFAULTS directive enforces max number of parameters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 07:22:29 -07:00
Tom Eastep
62c62441bb Eliminate duplicate function definitions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 07:04:52 -07:00
Tom Eastep
5b06e88b3d Push/Pop comment during action processing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 06:37:41 -07:00
Tom Eastep
7e3f97c154 Prepare for more parameterized actions
- Export add_commands, incr_cmd_level and decr_cmd_level by default
- Move ensure_audit_chain and require_audit from Rules.pm to Chains.pm
- Add get_action_logging() function
- Export require_capability and have_capability by default

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-03 06:22:51 -07:00
Tom Eastep
ad71faacaa Correct push_action_params()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-02 17:02:39 -07:00
Tom Eastep
42aa3724af Trace system calls when debugging
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-02 08:37:57 -07:00
Tom Eastep
bd9bf3d43a Rename & export get_actionchain() -> get_action_chain()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-02 07:02:18 -07:00
Tom Eastep
c309ca3075 Revert "Simplify push_action_params()"
This reverts commit 89ee25dde2.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-01 16:23:39 -07:00
Tom Eastep
8ab45b4de3 Save current action chain along with params. Add get_action_chain()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-01 16:21:36 -07:00
Tom Eastep
89ee25dde2 Simplify push_action_params()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-01 15:38:39 -07:00
Tom Eastep
ea22d79aeb Update the version of Providers.pm 2011-06-30 18:40:48 -07:00
Tom Eastep
6ff02dbaa3 Make 'fallback' and 'balance' mutually exclusive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-30 10:00:01 -07:00
Tom Eastep
f09d286738 Correct script generation problem with TPROXY
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-29 20:05:27 -07:00
Tom Eastep
cbeebb6bf8 Bump version to 4.4.21.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-29 11:36:04 -07:00
Tom Eastep
ea038bcecb Correct regular expression in process_shorewall_conf()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-28 06:42:41 -07:00
Tom Eastep
05103bacd0 Don't expand single-quoted .conf option values
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-26 07:45:09 -07:00
Tom Eastep
0b431aa8c1 Minor tweaks to Config.pm
- Add/revise comments
- Rename $line -> $lineref in expand_variables()
- Collapse 3 lines into one in process_shorewall_conf()
2011-06-26 06:50:22 -07:00
Tom Eastep
7507c81882 Remove some whitespace
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-25 21:55:49 -07:00
Tom Eastep
9f37f09b28 Clean up variable expansion:
1) Centralize code in function expand_variables()
2) Eliminate %rawconfig
3) Correct logic in update_config_file() - the defect was not observable
   but the code was clearly silly
2011-06-25 21:08:32 -07:00
Tom Eastep
47c759d93c Convert %actparms to an array
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-25 11:39:13 -07:00
Tom Eastep
5740b69dc6 Fix another empty parameter list issue 2011-06-25 09:46:58 -07:00
Tom Eastep
19c1f388a7 Modify Debian test in update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-24 15:01:25 -07:00
Tom Eastep
fb2085b0c3 Support 'update' on Debian
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-24 13:40:32 -07:00
Tom Eastep
ca9276fd7e Add quotes on deprecated and obsolete options if appropriate
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-24 11:47:34 -07:00
Tom Eastep
129d1739d1 Cosmetic changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-24 07:58:46 -07:00
Tom Eastep
7583a5c7a3 Use updated values in configuration verification
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-24 07:22:41 -07:00
Tom Eastep
11b847f3a4 Correct spelling in an error message (FOREWARD -> FORWARD)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-24 06:22:16 -07:00
Tom Eastep
6f68ed5508 Initiate 4.4.21 RC 1 2011-06-23 16:23:52 -07:00
Tom Eastep
ba9a0016a8 Move update_config_file() to before process_shorewall_conf()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-23 06:37:21 -07:00
Tom Eastep
de7d95e7ff Rename 'ipset v4' -> 'ipset v5'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-23 06:36:35 -07:00
Tom Eastep
04d551d8ca Detect ipset V4 and use its syntax
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-22 16:43:42 -07:00
Tom Eastep
7ef7490cd6 Change the compiler's default for LEGACY_FASTSTART
- No visible effect since the compiler doesn't use this option
2011-06-22 13:56:17 -07:00
Tom Eastep
1b3d7947b8 Update the .conf file before validating ('update' command)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-22 12:31:58 -07:00