teastep
91fb066029
Add GPG Signing to makeshorewall
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2420 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-27 18:01:51 +00:00
teastep
9a42f57a6a
Allow 'ipsec' in /etc/shorewall/hosts to work in the presence of dynamic zones
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2419 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-27 17:29:20 +00:00
teastep
7652794fe4
Update routing document for 2.4.2
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2417 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-27 00:12:11 +00:00
teastep
a2bd8f9f68
Correct minor faux pas in last patch
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2416 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-26 20:43:30 +00:00
teastep
f24f84df2d
1) Use the developer CVS repository rather than the anonymous one.
...
2) Make the script runnable by non-root by default
3) GPG sign rpm if RPM is configured properly.
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2415 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-26 20:03:42 +00:00
teastep
03c0415eb5
Fix errors and omissions in shorewall.spec
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2414 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-26 14:22:29 +00:00
teastep
dca0b27564
Fix errors and omissions in shorewall.spec
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2413 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-26 14:09:57 +00:00
teastep
f442002d3b
Fix errors and omissions in shorewall.spec
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2412 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-26 14:09:57 +00:00
teastep
2a3353ebe7
Fix errors and omissions in shorewall.spec
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2411 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-26 14:05:23 +00:00
teastep
82e50a632f
Fix errors and omissions in shorewall.spec
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2410 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-26 14:02:50 +00:00
teastep
b66929a65e
Large merge of function from EXPERIMENTAL to HEAD.
...
1) Elimination of the "shorewall monitor" command.
2) The /etc/shorewall/ipsec and /etc/shorewall/zones file are combined into
a single /etc/shorewall/zones file. This is done in an upwardly-compatible
way so that current users can continue to use their existing files.
3) Support has been added for the arp_ignore interface option.
4) DROPINVALID has been removed from shorewall.conf. Behavior is as if
DROPINVALID=No was specified.
5) The 'nobogons' option and BOGON_LOG_LEVEL are removed.
6) Error and warning messages have been made easier to spot by using
capitalization (e.g., ERROR: and WARNING:).
7) The /etc/shorewall/policy file now contains a new connection policy and a
policy for ESTABLISHED packets. Useful for users of snort-inline who want to
pass all packets to the QUEUE target.
8) A new 'critical' option has been added to /etc/shorewall/routestopped.
Shorewall insures communication between the firewall and 'critical' hosts
throughout start, restart, stop and clear. Useful for diskless firewall's
with NFS-mounted file systems, LDAP servers, Crossbow, etc.
9) Macros. Macros are very similar to actions but are easier to use, allow
parameter substitution and are more efficient. Almost all of the standard
actions have been converted to macros in the EXPERIMENTAL branch.
10) The default value of ADD_IP_ALIASES in shorewall.conf is changed to No.
11) If you have 'make' installed on your firewall, then when you use
the '-f' option to 'shorewall start' (as happens when you reboot),
if your /etc/shorewall/ directory contains files that were modified
after Shorewall was last restarted then Shorewall is started using
the config files rather than using the saved configuration.
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2409 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-25 23:08:09 +00:00
teastep
0d56188e7a
Add warning about function use in the 'started' extension script
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2404 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-24 23:44:19 +00:00
teastep
89eaf99906
Pretty up the output of 'show actions'
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2403 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-24 16:49:02 +00:00
teastep
aaecd53a29
Add 'shorewall show actions command'
...
Make it possible for the 'stopped' extension script to save commands in
the 'restore-tail' file by calling 'run_and_save_command' and
'save_command'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2401 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-24 16:27:21 +00:00
paulgear
d8a471e7b9
Cleaned up additional rules from Debian package. Got rid of versions
...
and paths in the header comments, since they're just as likely to be
wrong as not. Changed all service names to port numbers. eDonkey is a
big one - i wonder whether it isn't too variable for us to consider
providing a default rule.
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2395 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-23 03:09:06 +00:00
paulgear
b6649720cb
Adding extra actions provided by Debian package
...
Do not use yet - these need cleaning
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2394 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-22 23:04:36 +00:00
paulgear
cf1e462278
Adding fixed version of recent patches by Cristian & Tom
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2393 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-22 22:43:08 +00:00
teastep
f3ea3c7edb
Avoid annoying 'ipset:not found' message
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2392 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-22 22:24:28 +00:00
teastep
fbabd7d6ef
Obviate the need for 'loose'
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2389 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-21 19:48:33 +00:00
teastep
9e6161cf9d
Announce Shorewall 2.4.2
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2386 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-21 16:23:08 +00:00
paulgear
d7f9a22d77
How long have these names been hanging around? :-)
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2381 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-20 03:36:31 +00:00
teastep
8e93d3b6ec
Some documentation updates
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2380 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-20 03:18:23 +00:00
teastep
ca8e5631d3
Make \!<address> work in the SUBNET column of the masq file
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2374 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-20 01:10:28 +00:00
teastep
b0e6e3a893
Given the large number of people shooting themselves in the foot with
...
poorly-written one-to-one NAT rules, I'm changing the shorewall.conf
file to set ADD_IP_ALIASES=No in shorewall.conf. Hopefully, this will
reduce the amount of whining about routing table modification during
"shorewall [re]start".
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2372 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-19 18:41:05 +00:00
teastep
687704eff2
Add 'loose' provider option; add COPY column to providers file
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2370 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 22:40:26 +00:00
judas_iscariote
a6e682a872
add Arch Linux package...thanks JMCg..
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2369 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 21:10:21 +00:00
paulgear
c4bfded36e
Hmmm... Looks like i broke the main web site with that - need to be even more specific
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2368 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 10:31:18 +00:00
paulgear
a21550d18f
This makes publish work in a group-writable environment (now that we
...
have multiple people maintaining things). I hope you weren't depending
on the output from this script! If you were, feel free to revert it or
hack it further.
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2367 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 10:07:49 +00:00
paulgear
3b6aff596f
Make the script work outside of shorewall.net
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2366 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 09:54:30 +00:00
paulgear
fdf37a9d09
Fix another typo in my security announcement.
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2365 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 09:50:18 +00:00
teastep
3b6961aced
Correct link in MACLIST vulnerability notice
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2364 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 03:28:25 +00:00
paulgear
09aafa7575
Announcement about MACLIST security vulnerability
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2363 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 03:14:27 +00:00
teastep
1b01026e2d
Fix for 2.0 MACLIST_DISPOSITION vulnerability
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2362 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 02:25:58 +00:00
teastep
318e204358
Re-implement MACLIST_TTL
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2358 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 22:08:15 +00:00
teastep
c6e3e84352
Disable MACLIST_TTL
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2356 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 16:52:21 +00:00
paulgear
7c0e2c8f77
More disabling until i can get a clean build
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2355 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 11:37:05 +00:00
paulgear
5c01c1e6cd
Disabling the Debian-specific stuff until i can get a clean build
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2354 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 06:25:21 +00:00
teastep
b9c0bb72d1
Add link to 'Tom's Involvement' email
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2353 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-16 15:13:42 +00:00
paulgear
9348d90b3e
Correct lintian errors:
...
E: shorewall: no-template-description shorewall/upgrade_to_14
E: shorewall: unknown-field-in-templates _description
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2352 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-16 12:25:14 +00:00
paulgear
44e97f75bb
That did not work
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2351 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-16 12:18:32 +00:00
paulgear
794c7919a0
Disabled until i get the autobuild worked out
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2350 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-16 12:17:10 +00:00
paulgear
7ac72d4bb3
Slightly modified versions of Lorenzo's Debian control files for autobuild from CVS
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2349 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-16 11:36:42 +00:00
teastep
1b5ac5c7d3
Make /sbin/shorewall issue a warning whenever startup is disabled
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2348 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-15 20:50:01 +00:00
teastep
57b23fc2ba
Update hosts file comments to describe use of ipsets
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2340 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-14 16:31:55 +00:00
teastep
3492acc2e1
Correct a couple of typos in the News article on 2.4.1
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2339 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-14 13:55:55 +00:00
teastep
b25b90455a
Shorewall 2.4.1 update to web site
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2338 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-14 13:48:59 +00:00
paulgear
7d89d6e17e
Spelling correction
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2332 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-13 20:27:32 +00:00
teastep
379b58f628
A better patch to avoid blocking DHCP broadcasts during MAC verification
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2330 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-13 15:26:51 +00:00
teastep
ef9d22b647
Avoid blocking DHCP broadcasts during MAC verification
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2327 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-13 14:29:52 +00:00
teastep
d050552a36
Make TCPFLAGS_LOG_LEVEL=ULOG work with iptables-1.3.2.
...
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2322 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-12 00:42:08 +00:00