Commit Graph

4512 Commits

Author SHA1 Message Date
Tom Eastep
84dc26b82c Create lib.core
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-03 13:06:00 -08:00
Tom Eastep
7d756f51ac More unification of prog.header and prog.header6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-03 08:39:18 -08:00
Tom Eastep
4216d80c12 Allow Provider name in 'disable'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-02 15:25:43 -08:00
Tom Eastep
018ba394e3 Move common code from prog.header[6] to lib.common 2012-01-02 14:13:19 -08:00
Tom Eastep
a39f4699dc Update versions and copyrights
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-02 07:43:13 -08:00
Tom Eastep
48a59e032e Add Shorewall-common
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-01 20:30:09 -08:00
Tom Eastep
72699a6af6 4.4.28->4.5.0
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-01 07:36:46 -08:00
Tom Eastep
288c7b06dc Place sfilter jumps in the option chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-31 14:47:36 -08:00
Tom Eastep
4b8fb130ba Update copyright dates.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-31 14:15:25 -08:00
Tom Eastep
c2293f3d64 Eliminate the $blrules global in Shorewall::Rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-31 13:16:04 -08:00
Tom Eastep
d6bac484dc Allow the timeout to be specified in that 'safe' commands.
Also, allow a suffix (s, m or h) in the <timeout> paramater to the 'try' command.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-31 09:40:36 -08:00
Tom Eastep
64d3ac036b Disable BLACKLIST section 2011-12-30 20:25:54 -08:00
Tom Eastep
28f27c65aa Use SHA1 to shorten digests.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 14:58:49 -08:00
Tom Eastep
4d9a43a4dd Delete some 'dont_move' flags
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 11:31:08 -08:00
Tom Eastep
1d9a4c58e9 Cosmetic change with comments.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 10:59:23 -08:00
Tom Eastep
6f61293b08 Reduce the size of many configs by not copying long chains multiple times.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 10:27:58 -08:00
Tom Eastep
b63c7e0016 A bit of optimization in add_interface_options()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 08:08:28 -08:00
Tom Eastep
6bed5e5e55 Merge branch '4.4.27'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 07:28:14 -08:00
Tom Eastep
5b2f960db3 Disallow :P in CLASSIFY rules and complain if :F is used when the SOURCE or DEST is $FW.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 07:22:14 -08:00
Tom Eastep
1da7f52ed5 Copy output interface options rather than jump
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 18:49:47 -08:00
Tom Eastep
39f214208a Fix silly bug in the new option chain implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 17:57:39 -08:00
Tom Eastep
6926bcdbb9 More refinements of the option chain stuff.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 14:52:07 -08:00
Tom Eastep
f9960a0c94 Restore blacklst and blackout chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 13:45:35 -08:00
Tom Eastep
2c441b5393 Copy option rules into interface chains if no blacklist
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 09:32:16 -08:00
Tom Eastep
bddfb4f41c Add output option chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 08:22:00 -08:00
Tom Eastep
03610181fd Disallow :P in CLASSIFY rules and complain if :F is used when the SOURCE or DEST is $FW.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 07:49:53 -08:00
Tom Eastep
3ca9577f04 Cruft removal
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-28 16:22:11 -08:00
Tom Eastep
8cdc83638e Don't allow PREROUTING CLASSIFY rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-28 14:07:12 -08:00
Tom Eastep
a98c85cbc4 Make 'audit' work on a converted blacklist file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-28 10:30:24 -08:00
Tom Eastep
eda918215d Option chain phase II implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-28 10:29:15 -08:00
Tom Eastep
0518def9cf Merge branch '4.4.27' 2011-12-28 09:58:19 -08:00
Tom Eastep
09f58512be Make 'audit' work on a converted blacklist file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-28 09:34:34 -08:00
Tom Eastep
eff447ac11 Phase one option chain implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 18:12:58 -08:00
Tom Eastep
53451bdaa6 Remove BLACKLIST section from rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 15:32:49 -08:00
Tom Eastep
ea9c59a297 Add an interface filter chain for each interface.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 13:52:44 -08:00
Tom Eastep
49eb84b9e2 Remove more helper/proto silliness
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 13:06:37 -08:00
Tom Eastep
8a8214704e Centralize checking for required proto with helper
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 13:04:19 -08:00
Tom Eastep
aa743f2886 Merge branch '4.4.27' 2011-12-27 13:02:08 -08:00
Tom Eastep
c5868ef6e4 Revert "Remove redundant check."
This reverts commit 53dd13cf15.
2011-12-27 13:01:27 -08:00
Tom Eastep
7721644209 Merge branch '4.4.27' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall into 4.4.27
Conflicts:
	Shorewall/Perl/Shorewall/Chains.pm
	Shorewall/Perl/Shorewall/Raw.pm
2011-12-27 12:32:13 -08:00
Tom Eastep
1c2ab238a5 Merge branch '4.4.27' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall into 4.4.27
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-26 13:22:30 -08:00
Tom Eastep
3541767881 Don't croak when adding gateway route fails for IPv6.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-26 11:58:06 -08:00
Tom Eastep
53dd13cf15 Remove redundant check.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-26 11:57:34 -08:00
Tom Eastep
6db8748ee8 Don't show IPv6 cached routes unless asked.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-26 11:57:18 -08:00
Tom Eastep
5520a6d31d Validate helper<->protocol
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-24 09:24:01 -08:00
Tom Eastep
be4cb9d26a Validate helper<->protocol
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 17:55:13 -08:00
Tom Eastep
97354c8ce8 Detect CT_TARGET when LOAD_HELPERS_ONLY=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 11:59:51 -08:00
Tom Eastep
e8c7ec38dc Allow netstat output to appear in dumps on Fedora
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 11:59:19 -08:00
Tom Eastep
b58ad8e758 Be sure to delete fooX chain on errors in determine_capabilities()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 10:55:08 -08:00
Tom Eastep
0e3ad6ff91 Omit the chain designator from an error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 07:51:12 -08:00