Tom Eastep
|
93b3fd9be5
|
Correct IPv6 address checking (again)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-13 13:37:26 -08:00 |
|
Tom Eastep
|
138638cb1a
|
Effectively use the specified directory as the CONFIG_PATH til .conf is read
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-13 07:45:24 -08:00 |
|
Tom Eastep
|
c5bb16ac26
|
Another fix for IPv6 address lists.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-13 07:44:19 -08:00 |
|
Tom Eastep
|
f44becdee1
|
Rename BLACKLIST_LOGLEVEL to BLACKLIST_LOG_LEVEL for consistent naming.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-12 07:47:02 -08:00 |
|
Tom Eastep
|
84c5822c20
|
Correct IPv6 List Handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-11 16:45:03 -08:00 |
|
Tom Eastep
|
b4977db5b2
|
Add %section_states that maps sections to their related state(s).
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-11 14:59:48 -08:00 |
|
Tom Eastep
|
8d0a80a7e2
|
Merge branch '4.5.13'
|
2013-02-11 06:40:11 -08:00 |
|
Tom Eastep
|
b9d5b92f1b
|
Correct handling of expressions consisting of a single number.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-10 15:19:30 -08:00 |
|
Tom Eastep
|
b349cc0f22
|
A better fix for inline default action with parameters.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-10 09:29:30 -08:00 |
|
Tom Eastep
|
a312bfbb42
|
Add a section => name function map
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-10 09:27:43 -08:00 |
|
Tom Eastep
|
c35e753b1d
|
A better fix for inline default action with parameters.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-10 09:16:18 -08:00 |
|
Tom Eastep
|
8b4349b356
|
Merge branch '4.5.13'
|
2013-02-10 09:05:41 -08:00 |
|
Tom Eastep
|
54c43396f0
|
Correct default action handling:
- isolate basic target before testing for action/inline
- delete the action chain if appropriate.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-10 09:00:13 -08:00 |
|
Tom Eastep
|
f9dc89dc61
|
Allow arbitrary $n variables when IGNOREUNKNOWNVARIABLES=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-10 07:56:04 -08:00 |
|
Tom Eastep
|
60e3f1015e
|
Allow arbitrary $n variables when IGNOREUNKNOWNVARIABLES=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-10 07:51:35 -08:00 |
|
Tom Eastep
|
8e0a90e077
|
Merge branch '4.5.13'
|
2013-02-09 17:54:06 -08:00 |
|
Tom Eastep
|
cadf2747fe
|
Correct reset_optflags()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-09 17:53:40 -08:00 |
|
Tom Eastep
|
810ebe32ce
|
Merge branch '4.5.13'
|
2013-02-09 13:15:44 -08:00 |
|
Tom Eastep
|
c04c61b314
|
Correct typos in check_rules().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-09 11:42:54 -08:00 |
|
Tom Eastep
|
a8fdfa4e48
|
Create an ESTABLISHED chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-09 09:32:12 -08:00 |
|
Tom Eastep
|
a4297381e9
|
Don't ACCEPT untracked packets unless UNTRACKED_DISPOSITION=ACCEPT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-09 09:15:05 -08:00 |
|
Tom Eastep
|
eaa6d72a4f
|
Allow parameters to be omitted in action invocations.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-09 07:07:01 -08:00 |
|
Tom Eastep
|
62a567b550
|
Treat each -m conntrack subtype as a separate match
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-08 10:08:23 -08:00 |
|
Tom Eastep
|
e4f1c62e71
|
Improve handling of nested state actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-08 09:09:20 -08:00 |
|
Tom Eastep
|
b9e504683e
|
Prevent a state action from invoking another one.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-07 16:52:06 -08:00 |
|
Tom Eastep
|
aae6e001fe
|
Convert dropInvalid and allowInvalid to inline actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-07 11:21:13 -08:00 |
|
Tom Eastep
|
aa528dd075
|
Revert "Convert allowInvalid and dropInvalid into macros"
This reverts commit 272e1d330c.
|
2013-02-07 09:09:56 -08:00 |
|
Tom Eastep
|
e4ae242123
|
Another tweak to check_state()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-06 12:07:51 -08:00 |
|
Tom Eastep
|
272e1d330c
|
Convert allowInvalid and dropInvalid into macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-06 09:54:12 -08:00 |
|
Tom Eastep
|
a66256b25b
|
Additional refinements of check_state()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-06 08:16:42 -08:00 |
|
Tom Eastep
|
11b976fb36
|
Correct reference type in check_state()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-05 19:55:22 -08:00 |
|
Tom Eastep
|
a6ccd53fe0
|
Unconditionally use '-j' to branch to a state chain or DISPOSITION.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-04 15:17:49 -08:00 |
|
Tom Eastep
|
b22b63b1c3
|
Don't use '-g' when DISPOSITION is CONTINUE.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-04 15:09:17 -08:00 |
|
Tom Eastep
|
615df6ab8f
|
Handle 'RETURN' in state chain with terminating disposition.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-04 15:08:20 -08:00 |
|
Tom Eastep
|
d8214885f2
|
Assume that the conntrack state value in a rule is not a reference.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-04 08:29:50 -08:00 |
|
Tom Eastep
|
475942deb9
|
Normalize rules prior to combine_state tests.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-03 18:14:14 -08:00 |
|
Tom Eastep
|
f1707d2ace
|
More state rule check fixes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-03 18:02:02 -08:00 |
|
Tom Eastep
|
30d96afb69
|
Push/pop $actionresult.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-03 12:43:28 -08:00 |
|
Tom Eastep
|
014b4ddc50
|
Combine adjacent rules differing only in conntrack state match.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-03 09:03:22 -08:00 |
|
Tom Eastep
|
5b9d1a6159
|
Handle UNTRACKED_DISPOSITION=ACCEPT correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-03 07:59:47 -08:00 |
|
Tom Eastep
|
752463bfab
|
Fix TCPFlags
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-02 22:19:13 -08:00 |
|
Tom Eastep
|
ebef29e161
|
Handle port numbers being passed to one of the tcp-specific actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-02 12:48:54 -08:00 |
|
Tom Eastep
|
9b30f48ba0
|
Correct handling of actions when @chain is altered.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-02 10:57:08 -08:00 |
|
Tom Eastep
|
8249831e6d
|
Detect some state conflicts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-02 09:32:57 -08:00 |
|
Tom Eastep
|
cc1054be66
|
Correct handling of audited dispositions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-02 09:30:25 -08:00 |
|
Tom Eastep
|
c68d4c6e27
|
Simplify Perl from actions even further.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-01 15:55:39 -08:00 |
|
Tom Eastep
|
752e960f2f
|
Allow specification of the action type via perl_action_helper().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-01 12:59:48 -08:00 |
|
Tom Eastep
|
a5d3b1f470
|
Remove requirement that matches and proto end with a space in perl helper API.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-02-01 12:29:30 -08:00 |
|
Tom Eastep
|
abca3a2024
|
Improve maintainability of @colums vis a vis @rulecolumns.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-30 10:47:40 -08:00 |
|
Tom Eastep
|
755d605578
|
Make %statetable global
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2013-01-30 08:26:47 -08:00 |
|