Commit Graph

24 Commits

Author SHA1 Message Date
teastep
b66929a65e Large merge of function from EXPERIMENTAL to HEAD.
1) Elimination of the "shorewall monitor" command.

2) The /etc/shorewall/ipsec and /etc/shorewall/zones file are combined into
a single /etc/shorewall/zones file. This is done in an upwardly-compatible
way so that current users can continue to use their existing files.

3) Support has been added for the arp_ignore interface option.

4) DROPINVALID has been removed from shorewall.conf. Behavior is as if
DROPINVALID=No was specified.

5) The 'nobogons' option and BOGON_LOG_LEVEL are removed.

6) Error and warning messages have been made easier to spot by using
capitalization (e.g., ERROR: and WARNING:).

7) The /etc/shorewall/policy file now contains a new connection policy and a
policy for ESTABLISHED packets. Useful for users of snort-inline who want to
pass all packets to the QUEUE target.

8) A new 'critical' option has been added to /etc/shorewall/routestopped.
Shorewall insures communication between the firewall and 'critical' hosts
throughout start, restart, stop and clear. Useful for diskless firewall's
with NFS-mounted file systems, LDAP servers, Crossbow, etc.

9) Macros. Macros are very similar to actions but are easier to use, allow
parameter substitution and are more efficient. Almost all of the standard
actions have been converted to macros in the EXPERIMENTAL branch.

10) The default value of ADD_IP_ALIASES in shorewall.conf is changed to No.

11) If you have 'make' installed on your firewall, then when you use
the '-f' option to 'shorewall start' (as happens when you reboot),
if your /etc/shorewall/ directory contains files that were modified
after Shorewall was last restarted then Shorewall is started using
the config files rather than using the saved configuration.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2409 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-25 23:08:09 +00:00
paulgear
2a19eb8a5a Copy latest 2.4 version from Shorewall2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2264 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 05:55:29 +00:00
paulgear
90dd62e89e Copy latest 2.2 version from STABLE2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2263 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 05:45:05 +00:00
paulgear
921a7223d4 Copy latest 2.0 code from STABLE2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2262 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 04:45:32 +00:00
teastep
d362f734d9 Destination exclude list in masq file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1085 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-22 02:06:56 +00:00
teastep
8599101182 Shorewall 1.4.9 Beta 2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1018 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-29 00:37:09 +00:00
teastep
1003cd5590 Update RFC1918 to reflect recent IANA allocations
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@751 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-02 15:07:35 +00:00
teastep
35c550990f Add RFC 3330 attribution to 192.0.2.0/24
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@741 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-09-17 22:22:59 +00:00
teastep
169f057d91 Updates to rfc1918
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@740 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-09-17 02:22:47 +00:00
teastep
21cb22303f 1) Remove trailing white space.
2) Improve detection of white space in comma-separated lists.
3) Fix a typo in the INSTALL file.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@464 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-23 14:10:37 +00:00
teastep
5fe2bef29e Remove icmp.def; change versions to 1.4
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@449 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-15 00:09:44 +00:00
teastep
5f259f6070 Reflect IANA allocation of 222/8 and 222/8 in the rfc1918 file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@447 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-14 00:22:42 +00:00
teastep
ef51c04d1d Shorewall 2.0.0 Alpha1
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@443 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-08 20:58:44 +00:00
teastep
7c5f5279a1 Reflect allocation of 82.0.0.0/8 in rfc1918
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@348 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-04 00:03:01 +00:00
teastep
652cadb22c Add loopback class A to rfc1918 file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@201 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-08-17 22:15:41 +00:00
teastep
f5829523bd Remove 69.0.0.0/8 from rfc1918 file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@186 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-08-08 14:31:13 +00:00
teastep
03f2460461 Couple of config file cleanups
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@170 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-08-02 20:58:52 +00:00
teastep
e9727a0f4c Remove 221.0.0.0/8 from rfc1918 file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@121 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-07-06 13:48:07 +00:00
teastep
c06b769a7b Acknowledge Andy Wiggin in the rfc1918 file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@65 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-06-13 14:13:10 +00:00
teastep
5c9562c20a Add 'blacklist' command to /sbin/shorewall.
Correct 'try' command.
Update rfc1918 per Suggestion from Andy Wiggin


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@56 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-06-04 15:08:50 +00:00
teastep
7b5ec93015 Update to RFC1918 from Andy Wiggin
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@54 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-06-03 02:48:32 +00:00
teastep
ca9c02ce7f Fix problem with double-counting SYN packets.
Avoid superfluous jumps to the policy chain with CONTINUE.
Add reserved networks to rfc1918.
Implement MULTIPORT option for multiport match support.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@50 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-06-02 17:05:51 +00:00
teastep
16d50cb974 Final Changes for 1.3.1
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@47 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-06-01 00:28:18 +00:00
teastep
44abd1be80 Add rfc1918 file and correct 'all->z CONTINUE' policies
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@43 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-05-31 14:33:18 +00:00