holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity
14,412 Commits 104 Branches 736 Tags 54 MiB
941604ad01
Commit Graph

3635 Commits

Author SHA1 Message Date
Tom Eastep
f6b7eb4ea0 Correct handling of persistent provider with no IP address 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-25 12:27:00 -07:00
Tom Eastep
800c06e8c9 Rename lib.core to lib.runtime 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-21 08:12:41 -07:00
Tom Eastep
f16e3f1fbe Issue warning when enable/disable won't work correctly 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-19 10:42:50 -07:00
Tom Eastep
0faf3b6db1 Send INFO messages to STDERR rather than STDOUT 2016-04-18 13:59:29 -07:00
Tom Eastep
3253c882e9 Merge branch '5.0.8' 2016-04-18 12:36:28 -07:00
Tom Eastep
5212dba7cb Add an ESTABLISHED,RELATED rule for docker0 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-18 10:13:05 -07:00
Tom Eastep
35a22eedac Reword error message when tcclass MARK is too large 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-18 10:06:04 -07:00
Tom Eastep
b53de922d1 Catch 0 in the MARK column of the tcclasses file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-18 08:50:10 -07:00
Tom Eastep
ae852b513d Correct indentation issue 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-17 10:23:18 -07:00
Tom Eastep
9611b588e3 Use a uniform format for log timestamps 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-16 09:52:35 -07:00
Tom Eastep
fb8dbcf44b Use a uniform format for log timestamps 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-16 09:49:38 -07:00
Tom Eastep
335f2968f8 Implement ?INFO and ?WARNING 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-16 09:20:09 -07:00
Tom Eastep
c725372639 Correct logging of 'reloaded' message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-15 14:46:21 -07:00
Tom Eastep
524838ae47 Implement $SW_LOGGERTAG 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-15 14:29:51 -07:00
Tom Eastep
6aa0ecae4f Re-factor the code for saving/loading ipsets 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-14 15:15:47 -07:00
Tom Eastep
434e042494 Add the deprecated/ directories to the CONFIG_PATH 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-14 14:17:06 -07:00
Tom Eastep
9fa0df2fd1 Move the code that generates zap_ipsets() to after save_ipsets() generation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-14 09:56:48 -07:00
Tom Eastep
216bc715e8 Clean up V4/V5 ipset enforcement 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-14 09:00:38 -07:00
Tom Eastep
dbd42e1d5d More ipset fixes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-12 16:29:13 -07:00
Tom Eastep
2cf3706864 Correct handling of a zone with two interfaces 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-11 10:32:26 -07:00
Tom Eastep
3028dafbac Correct DBL 'src-dst' handling 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-11 09:13:17 -07:00
Tom Eastep
16a31c3d29 Make MINIUPNPD work with DOCKER 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-11 09:02:44 -07:00
Tom Eastep
d3f377e915 Don't double-save the dynamic blacklisting ipset 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-11 08:37:39 -07:00
Tom Eastep
6c00f72f44 Create ipsets with the 'counters' option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-10 18:09:41 -07:00
Tom Eastep
deaaecdf1c Add 'nodbl' interface option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-10 16:09:39 -07:00
Tom Eastep
05e4049174 Ipset-based blacklisting 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-10 16:07:56 -07:00
Tom Eastep
5db6cb1b7d Correct load_ipsets() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-09 16:07:10 -07:00
Tom Eastep
321476fd51 Tweak terminating() implementation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-08 08:24:57 -07:00
Tom Eastep
bd6b32eb25 Add a progress message for REJECT_ACTION processing 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-07 10:30:54 -07:00
Tom Eastep
4fdf54eca1 Tweak process_reject_action() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-07 10:02:48 -07:00
Tom Eastep
70bbd21b35 Ensure that the REJECT_ACTION is terminating 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-07 09:34:38 -07:00
Tom Eastep
87a9b95f73 Catch case where a transformed rule jumps to its own chain 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-07 08:58:50 -07:00
Tom Eastep
ecd7261365 Use -g when target is a terminating chain 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-07 08:48:36 -07:00
Tom Eastep
293cd1d66a Always go to the reject chain rather than jump to it 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-06 09:14:06 -07:00
Tom Eastep
436b5d89ce Correct comment 
- The chain will only exist if logging wasn't specified for the same
  disposition.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-06 08:50:29 -07:00
Tom Eastep
26795cf082 Correct setup of $usedactions{A_REJECT} 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-06 08:18:36 -07:00
Tom Eastep
3ac3ae279f Add A_REJECT action 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-05 16:38:39 -07:00
Tom Eastep
e9467326f3 Allow allow REJECT to take a parameter 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-05 11:20:44 -07:00
Tom Eastep
75df718865 Reword comment in push_action_params() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-04 09:41:28 -07:00
Tom Eastep
ae8e2f70ea Efficiency change to known_interface() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-03 17:34:02 -07:00
Tom Eastep
39f5b77e5f Fix known_interface() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-03 16:31:45 -07:00
Tom Eastep
cb5a2519f3 Keep hyphens in @chain 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-03 16:30:31 -07:00
Tom Eastep
4151f7c504 Revert change to log_[i]rule_limit 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-03 16:29:52 -07:00
Tom Eastep
054837aeea Use the real chain name in log messages 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-03 13:04:25 -07:00
Tom Eastep
b637d303b9 Correct use of a physical interface name in the hosts file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-02 17:27:20 -07:00
Tom Eastep
0dbf42424d Make physical name a synonym for the correcponding logical name. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-02 10:04:05 -07:00
Tom Eastep
f22e8d6d55 Allow physical interface to work in the ecn file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-01 15:10:49 -07:00
Tom Eastep
d98305c6f4 Correct default for MINIUPNOD 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-01 12:20:42 -07:00
Tom Eastep
3cbfdadb32 Merge branch '5.0.7' 2016-04-01 09:46:53 -07:00
Tom Eastep
df1b1f6768 Add MINIUPNPD option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-04-01 08:57:08 -07:00
Tom Eastep
3881b38e02 Fix similar INTERFACE column issue in the nat and netmap files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-31 14:16:43 -07:00
Tom Eastep
8a8f3b6f59 Merge branch '5.0.7' 2016-03-31 12:55:16 -07:00
Tom Eastep
b9bed00123 Correct handling of a physical name in a masq rule 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-31 12:52:30 -07:00
Tom Eastep
38aa7797c4 Allow protocol and user lists in actions and macros 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-30 08:34:42 -07:00
Tom Eastep
404540ffe1 Merge branch '5.0.7' 2016-03-30 08:17:19 -07:00
Tom Eastep
dd3c0daa08 Handle inline matches correctly in the mangle file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-29 13:33:47 -07:00
Tom Eastep
4fddfcfba0 More complete fix for inline matches 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-29 13:15:01 -07:00
Tom Eastep
421d5f6043 Move Raw matches to last. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-29 09:31:27 -07:00
Tom Eastep
382ab380a2 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2016-03-29 07:36:49 -07:00
Tuomo Soini
2342c7cd9c Perl/Shorewall/Chains.pm: Fix warning with older perl 2016-03-29 09:58:33 +03:00
Tom Eastep
66ae4975b2 Allow :R with DIVERT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-28 15:52:49 -07:00
Tom Eastep
5b7a9db170 Correct clearing of inline matches 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-28 15:48:59 -07:00
Tom Eastep
ad87d94e33 Small efficiency change 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-26 13:12:33 -07:00
Tom Eastep
f86abf9552 Eliminate @columnstack -- simple save the columns array on the call stack. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-22 10:49:40 -07:00
Tom Eastep
9fe1a34412 Tighten up editing of configuration options 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-21 12:03:45 -07:00
Tom Eastep
abe533b6e3 Correct the action on ingress filters 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-19 13:45:33 -07:00
Tom Eastep
1c3140789c Add stab to ingress qdiscs 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-19 13:25:39 -07:00
Tom Eastep
0399a346d0 Replace a silly line of code. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-19 12:05:45 -07:00
Tom Eastep
6ed3861d76 Correct Mangle Action Handling for second visit to the same action 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-18 15:25:52 -07:00
Tom Eastep
7a18847c14 Correct handling of log level in a _DEFAULT setting. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-18 15:25:14 -07:00
Tom Eastep
273c89a753 Implement MARK and CONNMARK in the rules file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-18 11:42:58 -07:00
Tom Eastep
2bebf1c95a Make '&' and '|' work with CONNMARK 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-18 11:30:52 -07:00
Tom Eastep
18573037f9 More 'check -r' fixes around Docker 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-18 11:09:39 -07:00
Tom Eastep
818628138b Add MARK and CONNMARK to the %targets table 
- Also, sort the table entries

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-18 10:21:35 -07:00
Tom Eastep
2adec0eb65 Implement a filename cache for find_file() 
- Don't need to search the CONFIG_PATH for re-open of same file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-18 09:45:41 -07:00
Tom Eastep
6ae94767b7 Correct a comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-18 08:31:52 -07:00
Tom Eastep
9ab2310dc8 Correct an incorrect comment in process_rules() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-17 08:47:33 -07:00
Tom Eastep
da0653cb2f Declare passed() in Shorewall::User rather than importing it from Config 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-15 14:16:15 -07:00
Tom Eastep
65ce6ed226 Update modules to use passed() for parameter testing 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-15 12:06:32 -07:00
Tom Eastep
eb9dd3e485 Implement passed() in Config.pm 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-15 12:00:56 -07:00
Tom Eastep
796f191d48 Don't re-stat action files in process_action() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-15 09:03:36 -07:00
Tom Eastep
71c26beab4 Remove dead code (caused by bad test) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-14 17:56:34 -07:00
Tom Eastep
6f04902963 Make use of 'state=' in actions a fatal error 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-14 17:55:54 -07:00
Tom Eastep
901c6d34f6 Correct typo in Rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-14 15:56:57 -07:00
Tom Eastep
741da14789 Ignore 'state' in the actions file with a warning 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-14 15:46:29 -07:00
Tom Eastep
dd547c90a8 Implement the 'state' action option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-14 14:30:36 -07:00
Tom Eastep
35fac8c2ea Avoid repeated %actions lookup in process_action() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-14 12:37:45 -07:00
Tom Eastep
513b828788 Pass '$prerule' to process_inline() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-14 10:56:07 -07:00
Tom Eastep
28e0cb5335 Use filename stored in the actions table 
- Avoid a find_file call on each action invocation

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-14 10:55:39 -07:00
Tom Eastep
c631173310 Eliminate the %inlines table 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-14 10:47:18 -07:00
Tom Eastep
2c14b7c9e3 Rename %actparms to %actparams 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-13 15:36:38 -07:00
Tom Eastep
8e7af2e95e Additional editing of audit action parameters. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-13 15:28:49 -07:00
Tom Eastep
44c0bffcd3 Add 'audit' option to actions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-13 14:39:46 -07:00
Tom Eastep
2c3644a510 Make Action/Inline binary options into a bitmap 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-13 14:15:43 -07:00
Tom Eastep
407bc8f8db More prerule fixes in expand_rule() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-13 12:57:23 -07:00
Tom Eastep
2743a411ae Add a jump to DOCKER from OUTPUT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-13 12:51:36 -07:00
Tom Eastep
c2fd48c4c6 Include pre-rule matches when the target is a chain 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-13 10:08:17 -07:00
Tom Eastep
5f01bc75bd Better fix for $current_param in the INLINE block of process_rule() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-12 18:28:27 -08:00
Tom Eastep
0e59b82503 Handle '+' in inline matches the mangle and masq files 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-12 17:14:15 -08:00
Tom Eastep
90ace544eb Implement '+' to specify inline matches as "early" 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2016-03-12 16:39:46 -08:00