Commit Graph

536 Commits

Author SHA1 Message Date
Tom Eastep
48d301b2cf
Rename the policy LIMIT column to RATE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-12 10:17:43 -08:00
Tom Eastep
735919d8d3
Add LOG_LEVEL option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-12 09:52:55 -08:00
Tom Eastep
09fda9eb6c
Manpage updates:
- interfaces: Clarify the 'bridge' option
- rtrules:    Warn about similar rules with same priority
2017-02-10 11:43:04 -08:00
Tom Eastep
7e984af094
Some cleanup of policy actions
- Allow '+' in policy file action list

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-07 13:19:53 -08:00
Tom Eastep
e91f414223
Document policy action changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 17:09:23 -08:00
Tom Eastep
5cd2f26b51
Correct shorewall.conf(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 14:46:10 -08:00
Tom Eastep
079d862bb3
Document default-action lists
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-02-06 10:51:57 -08:00
Tom Eastep
70a395892f
Make BLACKLIST work correctly in the blrules file
- Add the 'section' action option

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-23 15:03:02 -08:00
Tom Eastep
e6933f4c8d
Add BLACKLIST policy
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-18 10:55:15 -08:00
Tom Eastep
cc3b8793e0
Make BALANCE_PROVIDERS default the setting of USE_DEFAULT_RT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-17 15:02:16 -08:00
Tom Eastep
45b9ddf188
Add BALANCE_PROVIDERS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-17 08:58:09 -08:00
Tom Eastep
2d16fac9ed
Revert "Implement USE_DEFAULT_RT=Exact"
This reverts commit 2ca1ae734a.
2017-01-17 08:25:33 -08:00
Tom Eastep
2ca1ae734a
Implement USE_DEFAULT_RT=Exact
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-14 08:14:08 -08:00
Tom Eastep
64c249a174
Set logmartians along with routefilter.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-11 15:53:55 -08:00
Tom Eastep
73772efb85
Correct typo in shorewall-interfaces(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-11 11:20:07 -08:00
Tom Eastep
b8c322a05f
Ignore SUBSYSLOCK when $SERVICEDIR is non-empty
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-06 15:50:26 -08:00
Tom Eastep
f68d3fd9fa
Revert "Remove SUBSYSLOCK"
This reverts commit 386b137e9b.
2017-01-06 09:49:40 -08:00
Tom Eastep
386b137e9b
Remove SUBSYSLOCK
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-05 10:03:03 -08:00
Tom Eastep
c4bbb46e3f
Eliminate rawpost table support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-26 14:20:08 -08:00
Tom Eastep
08c6b80e1e
Correct typo in the snat manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-11 14:32:27 -08:00
Tom Eastep
cb7ab3908a
SOURCE/DEST changes in the mangle manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-11 14:06:59 -08:00
Tom Eastep
b756c63b1e
More SOURCE/DEST manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-10 14:41:08 -08:00
Tom Eastep
eea9882953
Implement CPU Fanout for NFQUEUE.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-09 10:46:39 -08:00
Tom Eastep
5ea3334a66
Support a richer SOURCE and DEST syntax
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-09 09:43:10 -08:00
Tom Eastep
a2e040998b
Move shorewall(8) to shorewall.core
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-04 18:03:18 -08:00
Tom Eastep
77e83f0afd
Eliminate the CHAIN_SCRIPTS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-29 16:33:23 -08:00
Tom Eastep
a45fe692cc
Add a SWITCH column to the mangle files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-29 16:13:44 -08:00
Tom Eastep
799b17210c
Enhanced syntax for SOURCE and DEST columns in the rules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-25 15:10:14 -08:00
Tom Eastep
01306e1230
Try another approach to the RCP_/RSH_COMMAND formatting issue
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-23 14:48:28 -08:00
Tom Eastep
87870ac46e
Clean up formatting of the RCP_/RSH_COMMAND manpage descriptions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-23 14:08:13 -08:00
Tom Eastep
38c9165c39
More shorewall(8) documentation updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-21 13:57:06 -08:00
Tom Eastep
dae060bbb4
Update shorewall(8) for single CLI
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-20 13:03:13 -08:00
Tom Eastep
de553e7b18
Add the -l option
- Update shorewall(8)

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-20 09:16:16 -08:00
Tom Eastep
6095d05af9
Update manpages for 'update' improvements
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-07 13:50:11 -08:00
Tom Eastep
3f68814a38
Disallow more than one address[-range] in SNAT rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-31 15:15:35 -07:00
Tom Eastep
46c8147521
Deprecate INLINE_MATCHES=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-27 13:55:11 -07:00
Tom Eastep
0e7d5f3972
Support '+' in SNAT action invocation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 16:00:36 -07:00
Tom Eastep
5b5f91f75f
SNAT option documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 15:32:22 -07:00
Tom Eastep
f3dd77a3f1
Merge branch '5.0.13' 2016-10-16 16:36:08 -07:00
Tom Eastep
2c191bf595
Correct .conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 15:07:34 -07:00
Tom Eastep
86c4333f8f
Correct the shorewall-snat(5) examples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 14:58:49 -07:00
Tom Eastep
43fdddb438
Add 'snat' config file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 11:38:52 -07:00
Tom Eastep
49fae96b09
Update the manpages for 'blacklist' verbosity
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-10 19:45:42 -07:00
Tom Eastep
b5e7e41708
Correct NFQUEUE! manpage description
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-07 05:50:24 -07:00
Tom Eastep
14e8568d9e
Add the FIREWALL .conf option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 15:03:54 -07:00
Tom Eastep
ca7ca4bdfe
Add a 'timeout' option to DYNAMIC_BLACKLIST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 12:56:47 -07:00
Tom Eastep
8d731c81e4
Add 'disconnect' option to ipset-based dynamic blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-04 09:09:45 -07:00
Tom Eastep
6ad7d47eb6
Correct DYNAMIC_BLACKLISTING documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-03 08:19:19 -07:00
Tom Eastep
97186e5402
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2016-10-02 14:04:02 -07:00
Roberto C. Sánchez
64ab43f14f
Fix typos 2016-10-02 17:01:46 -04:00
Tom Eastep
f989c2f5f6
Document 'persistent'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-30 11:34:57 -07:00
Tom Eastep
792b3b696c
Add ZERO_MARKS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-26 16:04:26 -07:00
Tom Eastep
3f8ddb11ab
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2016-09-25 08:00:43 -07:00
Tom Eastep
ef4b1c2030
Add a TIME Columns section to the config file basics doc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-22 15:45:18 -07:00
Tom Eastep
8065e62f12
Support for the 'contiguous' option in TIME columns
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-22 14:22:11 -07:00
Tom Eastep
e81a4788c6
Implement DEFAULT_PAGER in shorewallrc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-21 10:20:48 -07:00
Tom Eastep
d854185c56
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2016-09-20 08:47:07 -07:00
Tom Eastep
8bb7c2363b
Support '+' after a zone list in the policy files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-10 10:06:38 -07:00
Tom Eastep
7e32a10176
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2016-09-10 08:48:48 -07:00
Tom Eastep
2c90a8bfb5
Allow zone lists in the SOURCE and DEST columns of the policy files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-10 08:47:48 -07:00
Tom Eastep
5ea91f21f4
Correct the mangle manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-05 19:20:25 -07:00
Tom Eastep
a05b957498
Corrections in the shorewall[6].conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-15 10:24:23 -07:00
Tom Eastep
0b9cd93769
Default DSCP rules to the POSTROUTING chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-27 13:59:15 -07:00
Tom Eastep
4a6338d857
Correct/complete Scott Sumate's LOGFILE enhancement
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-15 14:25:02 -07:00
Tom Eastep
e71fb3249a
Add 'dbl' interface option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-15 16:35:41 -07:00
Tom Eastep
4869f61a25
'allow' now works with ipset-based dynamic blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-09 08:44:25 -07:00
Tom Eastep
590243a787 Add NFLOG as a supported mangle action
- Also document nflog-parameters
- Correct range of nflog groups

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-03 11:27:34 -07:00
Tom Eastep
b7de785396 Correct typo in manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-30 08:34:43 -07:00
Tom Eastep
24d40f4cc2 Add VERBOSE_MESSAGES option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-30 08:00:56 -07:00
Tom Eastep
71bd7a4647 Update the STARTUP_LOG description in shorewall[6].conf
- Update list of commands

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-19 07:49:37 -07:00
Tom Eastep
2b7ef0fe32 Update the tcclasses manpage to discuss fw mark filter priority
- Also correct default priorities for tos= and tcp-ack

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-18 09:18:48 -07:00
Tom Eastep
32f888a7d4 Add an ENVIRONMENT section to the CLI manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-15 15:41:55 -07:00
Tom Eastep
dbd42e1d5d More ipset fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-12 16:29:13 -07:00
Tom Eastep
deaaecdf1c Add 'nodbl' interface option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 16:09:39 -07:00
Tom Eastep
05e4049174 Ipset-based blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 16:07:56 -07:00
Tom Eastep
ef10515a42 Correct FASTACCEPT description
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 07:20:45 -07:00
Tom Eastep
be58d530c4 Document 'logjump'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-08 09:09:59 -07:00
Tom Eastep
e9467326f3 Allow allow REJECT to take a parameter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-05 11:20:44 -07:00
Tom Eastep
3cbfdadb32 Merge branch '5.0.7' 2016-04-01 09:46:53 -07:00
Tom Eastep
81d76e3817 Document + in the MODULESDIR setting.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-01 09:43:06 -07:00
Tom Eastep
df1b1f6768 Add MINIUPNPD option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-01 08:57:08 -07:00
Roberto C. Sánchez
899a317c95 Fix typos 2016-03-26 22:25:30 -04:00
Tom Eastep
273c89a753 Implement MARK and CONNMARK in the rules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 11:42:58 -07:00
Tom Eastep
eed7692952 Document the state action option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-14 15:15:32 -07:00
Tom Eastep
95da427ea8 Update manpages for 'audit' actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-13 15:53:31 -07:00
Tom Eastep
ec9148637f Inline mangle actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-09 10:28:02 -08:00
Tom Eastep
1add0487f6 Document Mangle Actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-07 14:56:20 -08:00
Tom Eastep
d4e2508a90 Clarify USE_DEFAULT_RT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-04 14:26:42 -08:00
Tom Eastep
90d254f0c3 Add PAGER option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-02 08:32:49 -08:00
Tom Eastep
71d64ab380 Add DOCKER network support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-02-27 13:36:47 -08:00
Tom Eastep
6c88eb6916 Add an ECN action to shorewall-mangle(8)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-02-26 09:33:16 -08:00
Tom Eastep
e66d9f6547 Add DOCKER option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-02-19 17:42:54 -08:00
Tom Eastep
94cfe54f92 Allow routing tables with no default route
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-02-17 11:49:09 -08:00
Tom Eastep
9b3b4579a2 Change TRACK_RULES setting from Internal to File
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-24 16:15:36 -08:00
Tom Eastep
3e404b765f Make .ip[6]tables-restore-input comments conditional
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-23 17:04:52 -08:00
Tom Eastep
12513e24a3 Revert "Implement dynamic actions"
This reverts commit 8075ba719a.
2016-01-13 11:04:41 -08:00
Tom Eastep
8075ba719a Implement dynamic actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-13 09:33:38 -08:00
Tom Eastep
3828eb856b Rename HADIVERT to DIVERTHA
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-08 15:36:10 -08:00
Tom Eastep
e29e2d117d Documentation updates
- update LSM section of the Multi-ISP article
- Correct formatting of HAPROXY examples

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-08 08:33:42 -08:00
Tom Eastep
ad2f20b824 Finish HAProxy support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-01-06 09:12:33 -08:00