Commit Graph

4484 Commits

Author SHA1 Message Date
Tom Eastep
8cdc83638e Don't allow PREROUTING CLASSIFY rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-28 14:07:12 -08:00
Tom Eastep
eda918215d Option chain phase II implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-28 10:29:15 -08:00
Tom Eastep
0518def9cf Merge branch '4.4.27' 2011-12-28 09:58:19 -08:00
Tom Eastep
09f58512be Make 'audit' work on a converted blacklist file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-28 09:34:34 -08:00
Tom Eastep
eff447ac11 Phase one option chain implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 18:12:58 -08:00
Tom Eastep
53451bdaa6 Remove BLACKLIST section from rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 15:32:49 -08:00
Tom Eastep
ea9c59a297 Add an interface filter chain for each interface.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 13:52:44 -08:00
Tom Eastep
49eb84b9e2 Remove more helper/proto silliness
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 13:06:37 -08:00
Tom Eastep
8a8214704e Centralize checking for required proto with helper
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 13:04:19 -08:00
Tom Eastep
aa743f2886 Merge branch '4.4.27' 2011-12-27 13:02:08 -08:00
Tom Eastep
c5868ef6e4 Revert "Remove redundant check."
This reverts commit 53dd13cf15.
2011-12-27 13:01:27 -08:00
Tom Eastep
7721644209 Merge branch '4.4.27' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall into 4.4.27
Conflicts:
	Shorewall/Perl/Shorewall/Chains.pm
	Shorewall/Perl/Shorewall/Raw.pm
2011-12-27 12:32:13 -08:00
Tom Eastep
1c2ab238a5 Merge branch '4.4.27' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall into 4.4.27
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-26 13:22:30 -08:00
Tom Eastep
3541767881 Don't croak when adding gateway route fails for IPv6.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-26 11:58:06 -08:00
Tom Eastep
53dd13cf15 Remove redundant check.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-26 11:57:34 -08:00
Tom Eastep
6db8748ee8 Don't show IPv6 cached routes unless asked.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-26 11:57:18 -08:00
Tom Eastep
5520a6d31d Validate helper<->protocol
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-24 09:24:01 -08:00
Tom Eastep
be4cb9d26a Validate helper<->protocol
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 17:55:13 -08:00
Tom Eastep
97354c8ce8 Detect CT_TARGET when LOAD_HELPERS_ONLY=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 11:59:51 -08:00
Tom Eastep
e8c7ec38dc Allow netstat output to appear in dumps on Fedora
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 11:59:19 -08:00
Tom Eastep
b58ad8e758 Be sure to delete fooX chain on errors in determine_capabilities()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 10:55:08 -08:00
Tom Eastep
0e3ad6ff91 Omit the chain designator from an error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 07:51:12 -08:00
Tom Eastep
1c535ee0f9 Correct handling of a chain designator in CLASSIFY rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 07:44:16 -08:00
Tom Eastep
3081ab1da1 Correct RELATED_DISPOSITION error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-22 15:51:50 -08:00
Tom Eastep
ce735e9415 Allow a chain designator in CLASSIFY rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-22 15:41:16 -08:00
Tom Eastep
e93dbdcb99 Stop generation of superfluous routing rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-21 08:01:25 -08:00
Tom Eastep
ea8efd1c44 Correct 'show ipa'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-21 07:25:20 -08:00
Tom Eastep
c03fe0a076 Implement USE_LOGICAL_NAMES.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-20 16:03:56 -08:00
Tom Eastep
3e72442954 Convert sample notrack files to FORMAT 2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-20 14:38:44 -08:00
Tom Eastep
0d4a6c1c28 Replace SHOREWALL_DIR with g_shorewalldir
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-20 08:19:57 -08:00
Tom Eastep
74cee48bc0 Change /sbin/shorewall6 back into a file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-19 15:52:42 -08:00
Tom Eastep
075d7ca68b Rename $nolock to $g_nolock
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-19 06:29:05 -08:00
Tom Eastep
6b90c09c04 Correct 'show raw'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-18 15:11:56 -08:00
Tom Eastep
1c8f6d3856 Eliminate a variable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-18 15:05:03 -08:00
Tom Eastep
c00068e08d Another correction to the 'CT' target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-18 07:21:32 -08:00
Tom Eastep
a80b46be81 Allow a port number to be appended to a helper name
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-17 17:08:24 -08:00
Tom Eastep
ec848ebc01 Parenthesize qa/.../ in embedded Perl
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-17 10:09:23 -08:00
Tom Eastep
ba5db8753e Fix CT helpers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-17 08:59:27 -08:00
Tom Eastep
9d66f34932 Allow config options to be used as shell variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-15 12:52:22 -08:00
Tom Eastep
10d10b1c16 Remove a redundant capability test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-15 12:52:06 -08:00
Tom Eastep
6194eceaa4 Restore text of 'Provider "..." compiled' message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-15 12:51:39 -08:00
Tom Eastep
8ac5f6c086 use specified tool for capabilities detection 2011-12-11 16:28:40 -08:00
Tom Eastep
cc78073ce7 Merge lib.cli-lite into lib.cli
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-11 13:15:30 -08:00
Tom Eastep
4cf564e7c9 Move startup_error() to lib.cli, plus cosmetic changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-08 22:00:48 -08:00
Tom Eastep
eec8a4edaf Cosmetic cleanup
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-07 13:04:20 -08:00
Tom Eastep
eaad3d836c Correct library name in header comments
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 19:05:55 -08:00
Tom Eastep
2142baca4f Avoid inappropriate RELATED,ESTABLISHED rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 19:04:43 -08:00
Tom Eastep
645e8dfea0 Straighten out LITEDIR
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 15:39:18 -08:00
Tom Eastep
004d0bcc38 Allow rules in the RELATED section when there are non-default settions of
the new RELATED_* options.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 13:38:11 -08:00
Tom Eastep
43913915f9 Combine the CLIs into a single 'shorewall' file.
Add lib.cli-lite and lib.cli-std to contain the functions that are different
between the full products and the lite ones.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 12:54:51 -08:00