holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity
12,385 Commits 104 Branches 736 Tags 54 MiB
9499a47a0d
Commit Graph

5673 Commits

Author SHA1 Message Date
Tom Eastep
ea0325a1f5 Clarify IPv6 again. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-17 11:29:36 -08:00
Tom Eastep
066c159b4d Provide instructions for changing DISABLE_IPV6 from Yes to No 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-17 10:21:08 -08:00
Tom Eastep
724115bcbf Add macro.ActiveDir 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-15 13:21:37 -08:00
Tom Eastep
89a09f0256 Implement DEFER_DNS_RESOLUTION 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-13 17:00:14 -08:00
Tom Eastep
54dbbaaa2d Don't resolve DNS names at compile time. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-13 10:34:31 -08:00
Tom Eastep
90bd19feb9 Convert DNS names into ip addresses in validate_net(). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-13 07:39:27 -08:00
Tom Eastep
853b9ce916 Enable DNS names without an interface name. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-12 14:38:26 -08:00
Tom Eastep
c61d51363d Correct generation of rules in the ESTABLISHED section of the rules file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-12 06:49:32 -08:00
Tom Eastep
af83989465 Update copyright dates. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-11 16:01:10 -08:00
Tom Eastep
b53fd39b49 Avoid a fatal Perl error in Config::cleanup when an fatal error occurs 
while compiling a default action.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-11 15:50:23 -08:00
Tom Eastep
38097bef5d Correct an optimizer bug. 
- delete_chain_and_references() was only deleting the downward references
  and not the upward ones.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-11 14:55:43 -08:00
Tom Eastep
76a63fb7e8 Don't flush 'noarp' ARP entries 
= doing so kills the loopback interface

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-10 17:14:40 -08:00
Tom Eastep
f41b2fbffc Clarify the LENGTH column of the tcrules file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-09 16:22:38 -08:00
Tom Eastep
15ca9edf8a Allow delete_tc1() to work on devices which an @ suffix in their reported names. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-09 14:09:07 -08:00
Tom Eastep
199bce925f Don't add chains with RETURNs to %terminating. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-09 12:54:29 -08:00
Tom Eastep
1fd3a6a522 Detect terminating chains 
- no RETURN Rules
- last rule is terminating

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-08 16:32:24 -08:00
Tom Eastep
011dd2c901 Add a RETURNS flag to optflags indicating that there is RETURN in the chain. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-08 15:25:53 -08:00
Tom Eastep
e54563d9c1 Don't append rules that can't be matched. 
Also, delete chains whose only rule is a -j RETURN

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-08 13:53:03 -08:00
Tom Eastep
f8c1b02dba Correct test for optimization in 'check -r' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-08 09:51:32 -08:00
Tom Eastep
dece73f7b6 Another fix for *C actions in arprules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-07 18:59:24 -08:00
Tom Eastep
5883bc3f50 Correct typo (DNAC -> DNATC) in shorewall-arptables(5) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-07 18:33:27 -08:00
Tom Eastep
eb3b47ae24 Correctly handle *C actions in arprules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-07 18:29:41 -08:00
Tom Eastep
c157228f7d Correct handling of unknown ACTION in arprules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-07 18:21:58 -08:00
Tom Eastep
a7af052d91 Correct issue with generating ESTABLISHED rules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-07 16:07:24 -08:00
Tom Eastep
414a74d23c Support protocol lists in most files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-07 16:06:54 -08:00
Tom Eastep
0526863e66 Make $section numeric 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-07 13:39:49 -08:00
Tom Eastep
5dbe2aa9ec Optimize a test in finish_chain_section(). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-07 07:00:15 -08:00
Tom Eastep
ca202ca10b Flush the arp cache after applying the arprules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-06 17:46:40 -08:00
Tom Eastep
de4e0898b5 Catch protocol lists in contexts that don't allow them. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-06 17:23:14 -08:00
Tom Eastep
edc0a84e5d Optimize RELATED rules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-06 16:48:37 -08:00
Tom Eastep
d4c9885c09 Change interpretation of the log tag when LOGTAGONLY=Yes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-06 13:10:18 -08:00
Tom Eastep
c41b9e596d Don't add --cstate to dropInvalid rule. 
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
 2013-01-06 09:42:55 -08:00
Tom Eastep
9fd7933b5d Make inline actions work in sections other than NEW. 
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
 2013-01-06 09:32:50 -08:00
Tom Eastep
f223e3584c Make '+' optional in the ADD and DEL statements. 
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
 2013-01-06 07:37:11 -08:00
Tom Eastep
3f24416f37 Add a warning for opcode inversion when not arptables_jf. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-05 13:14:32 -08:00
Tom Eastep
38aa7f3857 Correct opcode inversion when not ARPTABLES_JF 
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
 2013-01-05 08:26:46 -08:00
Tom Eastep
7f6430a383 Correct address inversion in match_arp_net() 
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
 2013-01-05 08:20:51 -08:00
Tom Eastep
4fc0dba26d Correct two-interface check in process_arprule. 
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
 2013-01-05 08:17:53 -08:00
Tom Eastep
0c7e10dbfa Add a comment to the Zones file 
- define the {bridge} member.
 2013-01-05 08:15:56 -08:00
Tom Eastep
97009bad79 Correct arptables_jf MAC handling. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-04 17:27:16 -08:00
Tom Eastep
af7b7195d2 Fix MAC handling in the ARP module 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-04 15:55:52 -08:00
Tom Eastep
a732f6e538 Add some comments to the ARP module 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-04 15:07:51 -08:00
Tom Eastep
38657d9f98 Support for arptables. 
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
 2013-01-04 09:17:57 -08:00
Tom Eastep
90e0c8b717 Don't update mtime on shorewall.conf during update that doesn't change the file 
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
 2013-01-02 15:03:07 -08:00
Tom Eastep
f955abe18b Unify IPv4 and IPv6 modules.xtables files 
- only difference now is xt_ipp2p

Signed-off-by: Tom Eastep <teastep@mint14.(none)>
 2013-01-01 08:44:36 -08:00
Tom Eastep
25b2341ecf Add sch_fq_codel to modules.tc 
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
 2013-01-01 08:29:41 -08:00
Tom Eastep
aca3ce3c21 Delete blank line 
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
 2013-01-01 08:29:02 -08:00
Tom Eastep
34f8125416 Correct a couple of issues with update -D 
- shorewall.conf.bak is no longer unlinked
- The mtime of all unaltered files is no longer updated
 2012-12-31 12:43:02 -08:00
Tom Eastep
87715e5f0b Correct Typo 
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
 2012-12-31 10:36:27 -08:00
Tom Eastep
4590e25052 Correct modules.xtables 
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
 2012-12-31 08:54:32 -08:00
Tom Eastep
5848d7cab7 Correct helper validation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-30 13:20:56 -08:00
Tom Eastep
5dfc27355e Correct a comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-29 11:34:12 -08:00
Tom Eastep
115081dda5 Tweak fq_codel documentation. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-29 11:20:16 -08:00
Tom Eastep
6d9cca1cff fq_codel 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-29 10:58:11 -08:00
Tom Eastep
51deec115b Correct handling of wildcard interfaces 
- chain_base[1] renamed var_base[1]
- $chain replaced by $var in renamed functions
- replace trailing '+' by '_plus' to provide uniqueness
- add sub chain_base() to the Chains module as an identity mapper

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-28 10:39:19 -08:00
Tom Eastep
643f419264 Merge branch '4.5.11' 
Conflicts:
	Shorewall/Perl/Shorewall/Rules.pm

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-28 09:02:33 -08:00
Tom Eastep
2009a66bb5 Avoid invalid function name for starting an optional interface 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-28 08:04:06 -08:00
Tom Eastep
ebe4267c49 Rename IGNOREOLDCAPVERSIONS to WARNOLDCAPVERSION 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-27 09:58:45 -08:00
Tom Eastep
8b92a59821 Ignore '-m comment' when detecting duplicate rules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-27 09:51:33 -08:00
Tom Eastep
f96bc7cc2d Cosmetic cleanup of the .conf manpages 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-27 09:01:37 -08:00
Tom Eastep
8bb6f81dc5 Rename IGNOREOLDCAPS to IGNOREOLDCAPVERSIONS 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-27 08:54:22 -08:00
Tom Eastep
01a8ff20d4 Add the xtables modules to modules.xtables 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-26 16:06:54 -08:00
Tom Eastep
ef0102e9f1 Add the 'IGNOREOLDCAPS' option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-26 15:48:08 -08:00
Tom Eastep
14bbda14a2 Add some comments describing Config.pm globals 
- Also changed $shell from 'my' to 'our'.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-26 10:55:13 -08:00
Tom Eastep
62406e261d Correct typo in shorewall-masq(5) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-26 07:43:06 -08:00
Tom Eastep
bfeea76cf2 Disallow ?FORMAT when $max_format == 1 
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/Perl/Shorewall/Config.pm
 2012-12-26 07:37:23 -08:00
Tom Eastep
100e03cf93 Don't set $nocomment in in-line action 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-26 07:06:29 -08:00
Tom Eastep
84cc78c58e Eliminate @comments 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-25 17:00:24 -08:00
Tom Eastep
3f28af80d2 Disallow ?FORMAT when $max_format == 1 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-25 08:10:48 -08:00
Tom Eastep
6126ae67e6 Don't apply AUTOCOMMENT or comment continuation to inline actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-24 13:50:26 -08:00
Tom Eastep
575020c851 More comment handling 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-24 13:35:42 -08:00
Tom Eastep
1c212e878f Restore SECTION handling in Accounting File 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-24 13:33:44 -08:00
Tom Eastep
4393a6c603 Eliminate redundant calls to clear_comment. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-24 12:35:08 -08:00
Tom Eastep
fca5b75c5b Merge branch '4.5.11' 2012-12-24 10:30:43 -08:00
Tom Eastep
c942a95d3c Allow ?COMMENT in accounting. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-24 10:15:23 -08:00
Tom Eastep
89ea37e088 Correct nested comments. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-24 10:11:53 -08:00
Tom Eastep
14f8947012 Remove old COMMENT/FORMAT handling 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-24 09:31:20 -08:00
Tom Eastep
15817078b8 Use 'our' for globals to aid debugging. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-23 13:16:54 -08:00
Tom Eastep
0acd93a032 Ensure that action and macro files always allow comment directives. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-23 12:19:30 -08:00
Tom Eastep
4d2379f542 Implement update -D 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-23 10:50:31 -08:00
Tom Eastep
c9eccaf3b8 Implement ?COMMENT directive 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-23 10:49:32 -08:00
Tom Eastep
44a4f6d77d Move COMMENT handling to the Config module. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-22 13:51:24 -08:00
Tom Eastep
e4e61c4193 A more uniform way of handling $max_format 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-22 11:57:25 -08:00
Tom Eastep
0cd0675c98 Always push $file_format and $max_format onto the include stack. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-22 08:15:46 -08:00
Tom Eastep
bc230c00a3 Optimizations in process_compiler_directive() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-22 08:14:46 -08:00
Tom Eastep
96b61ea05c Update documentation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-21 16:13:23 -08:00
Tom Eastep
dbd55acba2 Update samples, standard Actions and Macros to use ?FORMAT 2012-12-21 15:51:14 -08:00
Tom Eastep
10108b2d6a Convert file processors to use ?FORMAT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-21 15:49:28 -08:00
Tom Eastep
35aeaf340f Implement ?FORMAT directive 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-21 15:31:42 -08:00
Tom Eastep
0eb041d2d1 Correct ?SET error message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-21 15:23:26 -08:00
Tom Eastep
a5debe793f Add $file_format exported variable and handle in the include stack. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-21 15:14:23 -08:00
Tom Eastep
eb20283a55 Replace $1-$5 with @1-@5 in the standard actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-21 14:00:05 -08:00
Tom Eastep
df7785f2e9 Implement user-defined address variables. 
- Also correct handling of ${0} & ${chain} in a SWITCH column.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-18 17:58:20 -08:00
Tom Eastep
2869a9a94d Rename add_quotes to join_parts 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-15 16:12:03 -08:00
Tom Eastep
3fbe3aad09 Merge branch '4.5.10' 2012-12-14 06:34:45 -08:00
Tom Eastep
7c6fcfccd5 Fix typo on line 21 on the conntrack file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-14 06:33:54 -08:00
Tom Eastep
1cbeaa6a9f Apply Tuomo Soini's tabs patches for the rules files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-13 09:26:09 -08:00
Tom Eastep
b6e699ca5c Factor some common code into a function. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-13 06:46:57 -08:00
Tom Eastep
743478614b Make @0 work correctly again. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-12 13:13:17 -08:00
Tom Eastep
5944b4fc7b Make @chain (@{chain}) a synonym for @0 (@{0}) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-12 11:55:04 -08:00
Tom Eastep
8a0abab4cc Rename 'ALLOWUNKNOWNVARIABLES' to 'IGNOREUNKNOWNVARIABLES' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-12 11:51:31 -08:00
Tom Eastep
5da7db3d5f Implement @-variables. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-12 11:46:38 -08:00
Tom Eastep
14cdaf21fc Handle nested params in push_action_params() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-09 10:45:29 -08:00
Tom Eastep
88d4814209 Merge branch '4.5.10' 
Conflicts:
	Shorewall/Perl/Shorewall/Config.pm
 2012-12-08 20:54:33 -08:00
Tom Eastep
4d064d6713 Replace spaces with tabs in rules files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-07 16:48:55 -08:00
Tom Eastep
6ab5cfd63a Use split_list2 in isolate_basic_target() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-06 19:12:44 -08:00
Tom Eastep
7190cd1265 Handle nested parens when pushing action parameters. 
- Add an optional argument to split_list1 that causes parens to be retained.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:

	Shorewall/Perl/Shorewall/Config.pm
 2012-12-06 15:20:10 -08:00
Tom Eastep
61d67a4741 Remove extraneous comment from the rule generated by action.RST 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-06 15:13:46 -08:00
Tom Eastep
5f48e4e531 Handle nested parens when pushing action parameters. 
- Add an optional argument to split_list1 that causes parens to be retained.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-06 15:13:14 -08:00
Tom Eastep
0a31d9ba41 Remove extraneous comment from the rule generated by action.RST 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-06 15:10:53 -08:00
Tom Eastep
fdadb57e82 Minor readability improvement 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-05 19:41:18 -08:00
Tom Eastep
56d7b6248b Begin Action Documentaiton Update 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-05 19:07:42 -08:00
Tom Eastep
8139f2ad91 Rename process_conditional() to process_compiler_directive() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-05 14:53:03 -08:00
Tom Eastep
189cd59650 Improve expression evaluation 
- Only quote values when there is not an odd number of preceding quotes
- Make address family test return a numeric value
- Unconditionally trace the generated expression if debugging is set.
- Convert an empty expression into '' rather than generate an error.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-05 08:37:50 -08:00
Tom Eastep
4ec47783f1 Detect missing target in merge_levels() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-05 07:52:07 -08:00
Tom Eastep
2875fbb521 Cosmetic change (add a blank line). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-05 07:51:41 -08:00
Tom Eastep
25c53f5a60 Detect missing target in merge_levels() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-05 07:51:21 -08:00
Tom Eastep
c61c9ba7eb Make expression evaluation more deterministic. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-04 18:10:19 -08:00
Tom Eastep
2fbbc70e83 Only do SET and RESET when we aren't omitting. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-04 16:27:18 -08:00
Tom Eastep
c18996b6f5 Implement ?set and ?reset directives 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-04 14:28:03 -08:00
Tom Eastep
02cbd72a91 Merge branch '4.5.10' 2012-12-04 10:56:09 -08:00
Tom Eastep
60012d1208 Add additional space for the OPTIONS column 
- actions and actions.std problem

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-04 10:54:32 -08:00
Tom Eastep
903e25a91a Add ALLOWUNKNOWNVARIABLES to the sample configurations. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-04 09:04:34 -08:00
Tom Eastep
8f1e8bf475 Add 'ALLOWUNKNOWNVARIABLES' to the manpages. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-04 08:50:23 -08:00
Tom Eastep
fb2d876683 Rename $loglevel and $logtag to $_loglevel and $_logtag respectively. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-04 08:49:59 -08:00
Tom Eastep
a25b3c68ee Rename %symbols to %variables 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-04 08:49:25 -08:00
Tom Eastep
314632f1f4 Unified symbol table for shell variables. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-03 17:18:21 -08:00
Tom Eastep
409f5f2aab Expand variables from the shorewallrc1 then shorewallrc hashes 2012-12-03 15:33:33 -08:00
Tom Eastep
fb0035bdf3 Add ALLOWUNKNOWNVARIABLES option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-03 14:43:35 -08:00
Tom Eastep
72aabef0fa Add $logaction and $logtag as variables usable within actions 
- Also make action variables usable in ?if and ?elsif expressions.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-03 12:31:47 -08:00
Tom Eastep
fc3606a489 Prepare for multiple options in actions files 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-03 08:17:55 -08:00
Tom Eastep
ad4709cb6d Small effeciency improvement 
- Don't check for 'bad match' until it is known that the matches are the same.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-03 06:54:44 -08:00
Tom Eastep
c0abdc1fe8 Add some comments in and around delete_duplicates() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-02 17:31:13 -08:00
Tom Eastep
cd5e9be467 Carefully suppress duplicate rules in all tables 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-02 12:20:24 -08:00
Tom Eastep
c05c928c6c Delete adjacent duplicate rules in tables other than 'raw' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-02 09:21:04 -08:00
Tom Eastep
a33cf5cc91 Fix AUTOCOMMENT=No 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-02 08:26:54 -08:00
Tom Eastep
9da507ae98 Remove error messages from 6 actions regarding in-line. 
- The compiler now ignores 'inline' for these actions.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-02 07:13:09 -08:00
Tom Eastep
e0e7b2a9f2 Correct action.DropSmurfs 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-02 07:11:58 -08:00
Tom Eastep
65676cb865 Support passing log levels inside parameters. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-01 15:06:51 -08:00
Tom Eastep
8ebbdee20f Only look for numerics if a shell variable begins with a number. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-01 12:52:26 -08:00
Tom Eastep
6c1a5b8051 Be more agressive about detecting action recursion. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-01 12:10:06 -08:00
Tom Eastep
cc657e571d Update action templates with new columns. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-01 10:25:10 -08:00
Tom Eastep
f358a78eca Revise the description of 'noinline' to match the changed implementation. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-01 09:33:38 -08:00
Tom Eastep
b9adc2ebec Remove another vestage of CONDITION_INIT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-01 09:33:01 -08:00
Tom Eastep
44f00cd0aa Restore original $actionfile logic in process_actions() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-01 08:09:20 -08:00
Tom Eastep
ae5680401f Remove questionable autocreate of an action in createlogactionchain() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-01 08:04:29 -08:00
Tom Eastep
8cbe26e32c Ignore 'inline' for certain actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-12-01 07:54:42 -08:00
Tom Eastep
146402d9be Yet another correction to the same line :-( 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-30 09:55:24 -08:00
Tom Eastep
70f26d8bb2 Correct line in prior commit. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-30 09:30:27 -08:00
Tom Eastep
893d054cb8 Reduce the block levels in define_firewall() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-30 08:46:49 -08:00
Tom Eastep
53fd0e7c8c Don't require functions called from Shorewall::Compiler::compiler to know the current indentation. 
Also, add an optional 'times' parameter to push_indent() and pop_indent().

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-30 07:49:42 -08:00
Tom Eastep
6702bb1989 Revert condition initialization patch. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-30 07:31:29 -08:00
Tom Eastep
e60369728a Only initialize switches that survived optimization 
- Also use push_indent to make things more readable

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-29 15:25:28 -08:00
Tom Eastep
7d4bc568d8 Include initialization in condition match if supported 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-29 14:54:09 -08:00
Tom Eastep
11d4e92a29 Correct check for leading zeros in action variables. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-29 14:39:02 -08:00
Tom Eastep
409c427134 Add support for future condition initial values. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-29 12:15:15 -08:00
Tom Eastep
7bdce1bc97 Disallow superfluous leading zeros in action parameter numbers. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-29 08:29:20 -08:00
Tom Eastep
e1524763ad Also substute the chain name for '@0'. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-29 08:28:52 -08:00
Tom Eastep
15121e0743 Also substitute the chain name for '@0' in SWITCH names. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-29 08:05:49 -08:00
Tom Eastep
9c0d8a2533 Use '@{0}' as the chain name surrogate in SWITCH columns 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-29 07:17:13 -08:00
Tom Eastep
bff91cd325 Allow overriding 'inline' on some standard actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-28 15:03:08 -08:00
Tom Eastep
8006d150f1 Allow switch initialization. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-27 16:17:43 -08:00
Tom Eastep
e44acdc6af Corrections to in-line actions. 
- Avoid reference to uninitialized variable.
- Remove another vestage of multi-parameter macros.
- Correct a typo.
- Correct handling of SOURCE and DEST in an in-line action body.
- Correct a comment.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-27 12:56:14 -08:00
Tom Eastep
e2297f2582 Remove meaningless type from an error message. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-27 12:53:47 -08:00
Tom Eastep
d7096ae52e Back out default-action macros and document in-line actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-27 10:53:18 -08:00
Tom Eastep
6bf996d4b8 Implement inline actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-27 10:32:48 -08:00
Tom Eastep
85a46690c0 Improve optimize level 16 fix. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-26 15:11:07 -08:00
Tom Eastep
a4dcd1071a Revert change to macro level merging. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-26 13:41:12 -08:00
Tom Eastep
78ba8bac50 Replace '@' by the chain name in SWITCH columns. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-26 13:28:23 -08:00
Tom Eastep
bf75b2b919 $0 expands to the current action chain name. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-26 13:23:20 -08:00
Tom Eastep
7673b1ac4b Support multiple parameters in macros. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-26 11:04:19 -08:00
Tom Eastep
fc87576005 Back out silly change for output interfaces in the conntrack file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-26 09:47:42 -08:00
Tom Eastep
3f550622bd Only use routing table for OUTPUT interface in the raw table. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-26 07:51:55 -08:00
Tom Eastep
21c2963691 Correct Format-3 syntax for the SOURCE column of the conntrack file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-26 07:48:43 -08:00
Tom Eastep
e7dee420ee Allow interfaces in the DEST column of the conntrack file when the chain is OUTPUT. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-25 18:37:23 -08:00
Tom Eastep
e45fe53705 Correct another optimizer defect. 
- Don't declare command-mode rules as duplicates.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-25 18:00:26 -08:00
Tom Eastep
697fc001c3 Return to zone-based handling of 'all'. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-25 16:31:05 -08:00
Tom Eastep
642f192b3d Disallow destination interface in the OUTPUT chain. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-25 15:37:53 -08:00
Tom Eastep
7b0578fa84 Fix AUDIT on IPv6. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-25 12:09:18 -08:00
Tom Eastep
5acf0f60e7 Only apply log level to bare LOG rules in default-action macro. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-25 10:17:03 -08:00
Tom Eastep
fb3194d96b Correct handling of default-action macro when specified as "macro.Name" 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-25 10:16:43 -08:00
Tom Eastep
629717f7cc Correct policy manpages. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-25 09:33:46 -08:00
Tom Eastep
8e239c90c1 Update columns in the macro template file. 
- It was missing SWITCH and HELPER
 2012-11-25 08:54:19 -08:00
Tom Eastep
8c2db40783 Correct errors in the conntrack manpages. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-25 08:52:51 -08:00
Tom Eastep
066a017420 Correct typo in Raw.pm 
- The OUTPUT chain designator test was using '0' (zero) rather than 'O'.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-25 08:52:33 -08:00
Tom Eastep
1870c281a9 Make AUDIT support params again. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-25 08:26:44 -08:00
Tom Eastep
dbfc805707 Add 'IU' state in secmarks 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-25 08:10:53 -08:00
Tom Eastep
748d532175 Correct the explaination of ULOG and NFLOG in the manpages. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-24 09:11:28 -08:00
Tom Eastep
b7e2b28562 Transfer tag when merging into an NFLOG/ULOG rule. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-24 09:04:56 -08:00
Tom Eastep
67e1e6cf91 Allow WHITELIST in IPv6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-23 14:19:14 -08:00
Tom Eastep
cd2854cad0 Fix NFLOG/ULOG implementation. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-23 13:49:43 -08:00
Tom Eastep
75c148a2dd Enable 'debug' on the try, stop and clear commands. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-23 11:46:14 -08:00
Tom Eastep
71bbc632ce Handle 'fw' correctly in the SOURCE column of the stoppedrules file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-23 08:35:51 -08:00
Tom Eastep
b6a1a7d538 Make NFLOG and ULOG built-ins. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-23 08:14:24 -08:00
Tom Eastep
30de211bda Implement format-3 conntrack files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-22 20:56:56 -08:00
Tom Eastep
3f7425b6a0 Purge %renamed before each table is processed. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-22 17:27:09 -08:00
Tom Eastep
8a744de906 Document semantic change to 'all' handling in the conntrack file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-22 09:10:07 -08:00
Tom Eastep
26dee73895 Support the audited targets on IPv6 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-22 08:24:51 -08:00
Tom Eastep
df7ce1a7d1 Add the AUDIT built-in and delete the Audit action. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-22 08:24:33 -08:00
Tom Eastep
4a05571e7e Add forward prototype for process_macro() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-22 08:00:15 -08:00
Tom Eastep
b89e05740d Insure that nested zone exclusions go in the proper place in raw PREROUTING 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-21 14:49:21 -08:00
Tom Eastep
3040156981 Add SWITCH column to the conntrack file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-21 14:20:56 -08:00
Tom Eastep
54dadcc546 Ensure that zone-specific rules come before 'all' rules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-21 14:20:30 -08:00
Tom Eastep
952aed225d Improve handling of 'all' in the conntrack file. 
- Also added 'all-' to represent all off-firewall zones.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-21 13:07:01 -08:00
Tom Eastep
7bfbf522bc Document that parameters are allowed in default actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-21 11:12:55 -08:00
Tom Eastep
1efd47a7e9 Apply Tuomo Soini's fix for RHEL5 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-21 10:34:00 -08:00
Tom Eastep
c0a2f19500 Add an Audit action. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-21 10:24:14 -08:00
Tom Eastep
374489c3cf Revert "Fix RHEL5 issue with route marking." 
This reverts commit 77f342b0e0.
 2012-11-21 10:19:24 -08:00
Tom Eastep
77f342b0e0 Fix RHEL5 issue with route marking. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-21 09:08:15 -08:00
Tom Eastep
8f52c9744e Correct some issues with default action macros. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-21 08:29:35 -08:00
Tom Eastep
1957af04fd Don't create a _weight file for an optional non-provider interface. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-20 16:10:30 -08:00
Tom Eastep
a0faba2a03 Correct interface/provider handling. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-20 13:27:15 -08:00
Tom Eastep
c798200b20 Another correction to CHECKSUM detection. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-20 10:09:28 -08:00
Tom Eastep
67ae9df0f8 Correct handling of unknown interfaces in TC. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-20 08:07:42 -08:00
Tom Eastep
ebb4e1f6e4 Don't generate start/stop functions for wildcard optional interfaces 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-20 07:06:27 -08:00
Tom Eastep
f458e99390 Correct the compiler's CHECKSUM detection 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-20 06:59:40 -08:00
Tom Eastep
5b049d7e9e Improve readability in Rules module 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-20 06:59:13 -08:00
Tom Eastep
3b20c0db54 Allow Macros to be used as Default Actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-19 16:52:10 -08:00
Tom Eastep
0d8931e49f Don't use ':' as a join character in contatenated macro ACTION expansion. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-19 12:58:29 -08:00
Tom Eastep
47791add99 Fix formatting of a line of code. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-19 12:30:25 -08:00
Tom Eastep
be587726f4 Merge branch '4.5.9' 2012-11-19 08:22:05 -08:00
Tom Eastep
60a509c926 Add new macros and alphabetize the ACTION list in the rules manpages. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-19 08:19:12 -08:00
Tom Eastep
b25ece75de Don't leave temporary chain in the raw table when LOAD_HELPERS_ONLY=No 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-19 08:18:32 -08:00
Tom Eastep
e9ef03f723 Add a ULOG Macro. 
- Also remove 'DEFAULT' from NFLOG macro.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-19 07:15:50 -08:00
Tom Eastep
0db7b6c58a Don't require a parameter with '&' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-18 15:45:58 -08:00
Tom Eastep
57e913d86e Merge branch '4.5.9' 2012-11-18 15:02:46 -08:00
Tom Eastep
263f4e57cb Add an NFLOG Macro 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-18 14:52:53 -08:00
Tom Eastep
a4294658b6 Add a capability to use log levels as a target. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-18 14:50:59 -08:00
Tom Eastep
65e1b1c9e7 Allow NFLOG as a target 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-18 13:15:24 -08:00
Tom Eastep
a07cfb0885 Allow NFLOG as a target 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-18 13:13:43 -08:00
Tom Eastep
9dac330756 Remove references to USE_ACTIONS 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-18 13:13:20 -08:00
Tom Eastep
dfd02c932e Correct typo in shorewall(8) and shorewall6(8). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-18 13:12:03 -08:00
Tom Eastep
c6ffdd67e2 Add DROP target to the conntrack file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-18 11:35:40 -08:00
Tom Eastep
5265cd5bb7 Add UNTRACKED match to the secmarks file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-18 11:01:49 -08:00
Tom Eastep
ab381ed95e Expand the description of enable/disable on optional non-provider interfaces. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-18 09:01:38 -08:00
Tom Eastep
0277d6628e Correct typo in shorewall(8) and shorewall6(8). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-18 08:30:47 -08:00
Tom Eastep
5712438bcb Eliminate Shell syntax error when a provider and its interface have the same name. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-16 09:50:36 -08:00
Tom Eastep
a2b14c37ed Treat optional interfaces as pseudo-providers. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-16 09:48:21 -08:00
Tom Eastep
b1ffcd8628 Apply provider mask in 'routemark' chain. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-14 11:20:30 -08:00
Tom Eastep
34e3e4bf82 Merge branch '4.5.9' 2012-11-14 11:17:18 -08:00
Tom Eastep
06a4994488 Make exclusion work correctly with TPROXY. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-14 11:16:52 -08:00
Tom Eastep
391113dfe3 Apply provider mask in 'routemark' chain. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-13 06:55:59 -08:00
Tom Eastep
3c58d2180d Improve the efficiency of tcrule processing. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-13 06:55:35 -08:00
Tom Eastep
32c9e4274f Rename 'mysplit' to 'split_host_list' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-11 08:42:01 -08:00
Tom Eastep
896d874aab Set VARLIB in the script's initialize() function. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-09 12:29:19 -08:00
Tom Eastep
5fcdfd779c Don't default IPSET to 'ipset'. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-09 08:54:54 -08:00
Tom Eastep
860ee6de27 Eliminate nonsensical warning message. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-06 07:36:36 -08:00
Tom Eastep
4b6fdf8b72 Update masq manpage to expunge exclusion with an interface name in the SOURCE column. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-04 09:11:37 -08:00
Tom Eastep
ec17ea1dee Remove superfluous check 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-03 08:19:46 -07:00
Tom Eastep
2e211bc2b6 Correct handling of wildcard interfaces in rules. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-11-03 07:24:41 -07:00