Commit Graph

12696 Commits

Author SHA1 Message Date
Tom Eastep
1fd3a6a522 Detect terminating chains
- no RETURN Rules
- last rule is terminating

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-08 16:32:24 -08:00
Tom Eastep
011dd2c901 Add a RETURNS flag to optflags indicating that there is RETURN in the chain.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-08 15:25:53 -08:00
Tom Eastep
e54563d9c1 Don't append rules that can't be matched.
Also, delete chains whose only rule is a -j RETURN

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-08 13:53:03 -08:00
Tom Eastep
5818e106a5 Don't append rules that can't be matched.
Also, delete chains whose only rule is a -j RETURN

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-08 11:33:06 -08:00
Tom Eastep
f8c1b02dba Correct test for optimization in 'check -r'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-08 09:51:32 -08:00
Tom Eastep
dece73f7b6 Another fix for *C actions in arprules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 18:59:24 -08:00
Tom Eastep
5883bc3f50 Correct typo (DNAC -> DNATC) in shorewall-arptables(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 18:33:27 -08:00
Tom Eastep
eb3b47ae24 Correctly handle *C actions in arprules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 18:29:41 -08:00
Tom Eastep
c157228f7d Correct handling of unknown ACTION in arprules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 18:21:58 -08:00
Tom Eastep
a7af052d91 Correct issue with generating ESTABLISHED rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 16:07:24 -08:00
Tom Eastep
414a74d23c Support protocol lists in most files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 16:06:54 -08:00
Tom Eastep
0526863e66 Make $section numeric
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 13:39:49 -08:00
Tom Eastep
5dbe2aa9ec Optimize a test in finish_chain_section().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-07 07:00:15 -08:00
Tom Eastep
ca202ca10b Flush the arp cache after applying the arprules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-06 17:46:40 -08:00
Tom Eastep
de4e0898b5 Catch protocol lists in contexts that don't allow them.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-06 17:23:14 -08:00
Tom Eastep
edc0a84e5d Optimize RELATED rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-06 16:48:37 -08:00
Tom Eastep
d4c9885c09 Change interpretation of the log tag when LOGTAGONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-06 13:10:18 -08:00
Tom Eastep
c41b9e596d Don't add --cstate to dropInvalid rule.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-06 09:42:55 -08:00
Tom Eastep
9fd7933b5d Make inline actions work in sections other than NEW.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-06 09:32:50 -08:00
Tom Eastep
f223e3584c Make '+' optional in the ADD and DEL statements.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-06 07:37:11 -08:00
Tom Eastep
3f24416f37 Add a warning for opcode inversion when not arptables_jf.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-05 13:14:32 -08:00
Tom Eastep
38aa7f3857 Correct opcode inversion when not ARPTABLES_JF
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-05 08:26:46 -08:00
Tom Eastep
7f6430a383 Correct address inversion in match_arp_net()
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-05 08:20:51 -08:00
Tom Eastep
4fc0dba26d Correct two-interface check in process_arprule.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-05 08:17:53 -08:00
Tom Eastep
0c7e10dbfa Add a comment to the Zones file
- define the {bridge} member.
2013-01-05 08:15:56 -08:00
Tom Eastep
97009bad79 Correct arptables_jf MAC handling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-04 17:27:16 -08:00
Tom Eastep
af7b7195d2 Fix MAC handling in the ARP module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-04 15:55:52 -08:00
Tom Eastep
a732f6e538 Add some comments to the ARP module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-01-04 15:07:51 -08:00
Tom Eastep
38657d9f98 Support for arptables.
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-04 09:17:57 -08:00
Tom Eastep
90e0c8b717 Don't update mtime on shorewall.conf during update that doesn't change the file
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-02 15:03:07 -08:00
Tom Eastep
f955abe18b Unify IPv4 and IPv6 modules.xtables files
- only difference now is xt_ipp2p

Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-01 08:44:36 -08:00
Tom Eastep
25b2341ecf Add sch_fq_codel to modules.tc
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-01 08:29:41 -08:00
Tom Eastep
aca3ce3c21 Delete blank line
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2013-01-01 08:29:02 -08:00
Tom Eastep
34f8125416 Correct a couple of issues with update -D
- shorewall.conf.bak is no longer unlinked
- The mtime of all unaltered files is no longer updated
2012-12-31 12:43:02 -08:00
Tom Eastep
87715e5f0b Correct Typo
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2012-12-31 10:36:27 -08:00
Tom Eastep
4590e25052 Correct modules.xtables
Signed-off-by: Tom Eastep <teastep@mint14.(none)>
2012-12-31 08:54:32 -08:00
Tom Eastep
5848d7cab7 Correct helper validation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-30 13:20:56 -08:00
Tom Eastep
769125903d Update Traffic Shaping Doc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 12:17:26 -08:00
Tom Eastep
5dfc27355e Correct a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 11:34:12 -08:00
Tom Eastep
115081dda5 Tweak fq_codel documentation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 11:20:16 -08:00
Tom Eastep
6d9cca1cff fq_codel
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-29 10:58:11 -08:00
Tom Eastep
51deec115b Correct handling of wildcard interfaces
- chain_base[1] renamed var_base[1]
- $chain replaced by $var in renamed functions
- replace trailing '+' by '_plus' to provide uniqueness
- add sub chain_base() to the Chains module as an identity mapper

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-28 10:39:19 -08:00
Tom Eastep
643f419264 Merge branch '4.5.11'
Conflicts:
	Shorewall/Perl/Shorewall/Rules.pm

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-28 09:02:33 -08:00
Tom Eastep
2009a66bb5 Avoid invalid function name for starting an optional interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-28 08:04:06 -08:00
Tom Eastep
ebe4267c49 Rename IGNOREOLDCAPVERSIONS to WARNOLDCAPVERSION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:58:45 -08:00
Tom Eastep
8b92a59821 Ignore '-m comment' when detecting duplicate rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:51:33 -08:00
Tom Eastep
f96bc7cc2d Cosmetic cleanup of the .conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 09:01:37 -08:00
Tom Eastep
8bb6f81dc5 Rename IGNOREOLDCAPS to IGNOREOLDCAPVERSIONS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-27 08:54:22 -08:00
Tom Eastep
01a8ff20d4 Add the xtables modules to modules.xtables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 16:06:54 -08:00
Tom Eastep
ef0102e9f1 Add the 'IGNOREOLDCAPS' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-12-26 15:48:08 -08:00