Commit Graph

2801 Commits

Author SHA1 Message Date
Tom Eastep
49c1350aa0 Documentation for final cleanup of variable names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 10:28:09 -08:00
Tom Eastep
c6981de0e5 Complete elimination of globals that are not .conf options
Documentation to follow

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 09:50:07 -08:00
Tom Eastep
ee74696747 IPv6 work to only export when necessary
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 08:59:58 -08:00
Tom Eastep
234e4fa754 Update module versions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 08:51:55 -08:00
Tom Eastep
7457f643ee Don't export globals when the script is 4.4.8 or later
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 08:51:40 -08:00
Tom Eastep
70296b4bd6 Some fixes for -lite changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 17:16:11 -08:00
Tom Eastep
78a39ccad5 Centralize exporting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 16:03:44 -08:00
Tom Eastep
cce4bf277a Reduce export usage; Allow PURGE and RESTOREFILE to be specified on the run-line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 14:49:31 -08:00
Tom Eastep
2656a9b0c7 Eliminate use of PRODUCT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 12:34:36 -08:00
Tom Eastep
5613d0105a Remove all reliance on HOSTNAME
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 11:59:38 -08:00
Tom Eastep
68f5215f07 Remove Reliance on HOSTNAME in generated programs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 11:45:35 -08:00
Tom Eastep
3ea6f6792f Eliminate VERSION reserved variable name
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 08:02:10 -08:00
Tom Eastep
5fc6d58e19 Eliminate STOPPING variable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 07:37:30 -08:00
Tom Eastep
d4936f4bad Tweak to an RE used in optimization
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 06:58:09 -08:00
Tom Eastep
169f97d76b Fix typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 11:28:54 -08:00
Tom Eastep
8cfcacc862 Update release document with fix for multiple policy matches
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 08:40:20 -08:00
Tom Eastep
f11bfd3890 Eliminate redundate setting of PRODUCT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 08:32:59 -08:00
Tom Eastep
cfa09dce22 Avoid multiple policy matches with OPTIMIZE=7 and not KLUDGEFREE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 08:32:37 -08:00
Tom Eastep
3ba797cb14 Correct several bugs in the VERBOSITY overhaul
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 06:57:04 -08:00
Tom Eastep
53c73bc8e9 Eliminate VERBOSE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 17:58:01 -08:00
Tom Eastep
14f83759ae Propagate VERBOSITY even though we don't use it yet
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 17:39:35 -08:00
Tom Eastep
546a48543d Propagate LOG_VERBOSITY
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 17:30:11 -08:00
Tom Eastep
39883aa690 Eliminate LOG_VERBOSE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 16:58:30 -08:00
Tom Eastep
fb55d63eaf Allow verbosity to be separate from -V
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 16:42:50 -08:00
Tom Eastep
333ac21c2f Prepare the footers for 4.6.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 15:25:25 -08:00
Tom Eastep
83ed0a401b I'll eventually get it the way I like it
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 13:45:33 -08:00
Tom Eastep
585711caa8 Even simpler RE for detecting builtins
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 13:29:26 -08:00
Tom Eastep
693d0e5d4c Make new test in add_jump() a bit safer.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 12:44:29 -08:00
Tom Eastep
91a14b4e82 Make -s the default on Debian; Issue message when installing in a distro-specific way
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 09:15:11 -08:00
Tom Eastep
d2992c21f4 Update version to Beta 2 2010-02-28 09:04:37 -08:00
Tom Eastep
c9c957c5b8 HKP Macro
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 07:37:16 -08:00
Tom Eastep
3c4b41fbe0 Implement -s option in the major installers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-27 11:48:39 -08:00
Tom Eastep
643d4831ab More all-caps variable elimination
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-26 17:05:35 -08:00
Tom Eastep
061d850c16 Rename RESTOREPATH to g_restorepath
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-26 08:35:50 -08:00
Tom Eastep
c1ac19a81e Correct a couple of typos 2010-02-25 16:35:19 -08:00
Tom Eastep
8aaddf368b More reserved variable names documented
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 12:37:22 -08:00
Tom Eastep
e66b8759d6 Document variable name changes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 12:18:41 -08:00
Tom Eastep
7fe7ebc891 Fix Handling of NFQUEUE(queue-num) in policies
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 08:44:28 -08:00
Tom Eastep
4059fe6956 Belatedly update some version numbers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 08:43:32 -08:00
Tom Eastep
4415050fd2 Eliminate another reserved variable name
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-23 17:00:26 -08:00
Tom Eastep
bffb1793d7 More global variable renaming
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-23 07:52:35 -08:00
Tom Eastep
70a246501e Update version of Tc.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-23 07:08:48 -08:00
Tom Eastep
b2350829b9 Rename 'debugging' to 'g_debugging'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 16:43:38 -08:00
Tom Eastep
3fc10cd94b Prepend 'SW_' to constructed shell variable names.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 10:27:59 -08:00
Tom Eastep
88d29d2e35 Eliminate a couple of more all-caps variable name restrictions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 08:24:29 -08:00
Tom Eastep
55c9cf3e99 Eliminate some of the reserved all-caps variable names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 08:05:23 -08:00
Tom Eastep
2a965d42b9 Add a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-21 07:57:34 -08:00
Tom Eastep
e690303937 Modify Roberto's patch for 'show <chain>' error reporting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 19:09:54 -08:00
Tom Eastep
8baa4e60c9 Merge branch 'master' of ssh://teastep@shorewall.git.sourceforge.net/gitroot/shorewall/shorewall 2010-02-20 18:59:17 -08:00
Roberto C. Sanchez
6a3b2b0dee Clarify error message when user asks shorewall to show a non-existent chain 2010-02-20 21:57:45 -05:00
Tom Eastep
6307653a01 Pick up one fix from 4.4.7.4 regarding CONTINUE rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 09:42:58 -08:00
Tom Eastep
5696742ef3 Update release Document with 4.4.7.5 changes and Debian Init Script Fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 08:34:47 -08:00
Tom Eastep
a83663bf25 Return failure status when a supported command fails.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 08:20:42 -08:00
Tom Eastep
edaf541850 Don't apply rate limiting twice in ACCEPT+ rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-19 14:01:45 -08:00
Tom Eastep
ceff8adc78 Restore duplicate interface detection in tcinterfaces.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 16:11:30 -08:00
Tom Eastep
3a2173ddb4 Some code cleanup in Tc.pm.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 15:56:59 -08:00
Tom Eastep
ea8be87720 Use Hex representation of device numbers > 9 in simple TC.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 12:53:01 -08:00
Tom Eastep
4e0225a4c3 Update Documentation for per-IP rate limiting fixes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 07:12:36 -08:00
Tom Eastep
ea8a6c837f Document per-IP rate change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 15:41:12 -08:00
Tom Eastep
00b0490cd7 Create a unique hashtable for each instance of a per-IP rate limit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 15:39:21 -08:00
Tom Eastep
625963a4f0 Final (hopefully) fix for SFQ handle assignment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 09:02:18 -08:00
Tom Eastep
41bb0782a3 Another tweak to SFQ handle assignment.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 08:06:27 -08:00
Tom Eastep
5649dbf9a8 Improve assignment of class ID for SFQ classses
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 07:41:30 -08:00
Tom Eastep
115ce7b87d Update release documents for bug fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 06:49:13 -08:00
Tom Eastep
eaafeb8c2b Add --hashlimit-htable-expire if the units are minutes or larger 2010-02-17 06:43:52 -08:00
Tom Eastep
375160d733 Avoid duplicate SFQ class numbers 2010-02-17 06:43:16 -08:00
Tom Eastep
167b29c2c5 Bump module version in Compiler.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 14:24:52 -08:00
Tom Eastep
8aaf4aab3a Don't create log chain for 'RETURN' rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 14:24:00 -08:00
Tom Eastep
4546394531 Cosmetic changes to Compiler.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 14:07:35 -08:00
Tom Eastep
5d08d51fe5 Add $remote_fs to Required-Start and Required-Stop for Debian
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 08:39:50 -08:00
Tom Eastep
12d3420a5d Detect FLOW_FILTER when LOAD_HELPERS_ONLY=No 2010-02-14 10:34:19 -08:00
Tom Eastep
0624451537 Fix for OLD_HL_MATCH.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-14 07:22:12 -08:00
Tom Eastep
5e9ecf1491 Update version of Config module 2010-02-13 11:00:34 -08:00
Tom Eastep
50d246c8be A little cleanup of compiler.pl
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-13 10:03:32 -08:00
Tom Eastep
ec95e5b32c Document fix for rate limiting of NAT rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-13 09:11:14 -08:00
Tom Eastep
1258149e0e Don't apply rate limiting twice in NAT rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-13 07:21:27 -08:00
Tom Eastep
ea5a6c79bc Bump CAPVERSION 2010-02-11 16:22:47 -08:00
Tom Eastep
5a96771e07 Start 4.4.8 Beta 1 2010-02-11 15:46:57 -08:00
Tom Eastep
757fea7467 Update documentation regarding FLOW_FILTER
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-11 14:35:12 -08:00
Tom Eastep
b35f20b403 Avoid CAPVERSION bump to implement FLOW_FILTER detection
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-11 07:29:41 -08:00
Tom Eastep
b8c195f570 Accurately detect 'flow' availability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-10 14:50:26 -08:00
Tom Eastep
b1c64913b4 Reformat column header in tcinterfaces 2010-02-10 12:00:17 -08:00
Tom Eastep
433fc385bc 'bridge' implies 'routeback'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-09 14:04:36 -08:00
Tom Eastep
21d4c8ba21 Document workaround for lack of 'flow'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-08 10:03:10 -08:00
Tom Eastep
46e2afcf16 Ignore TYPE if old distro
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-08 07:13:20 -08:00
Tom Eastep
b45a70f98a Make 'nosmurfs' work correctly on IPv6 with Address Type Match
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-08 07:12:58 -08:00
Tom Eastep
18d03a61f5 Make 'nosmurfs' work with Address Type Match on IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-07 08:43:31 -08:00
Tom Eastep
11a2ec9f7c Update version to 4.4.7 2010-02-05 16:40:48 -08:00
Tom Eastep
e64af57cae Give smurf logging chain a fixed name.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-03 16:04:59 -08:00
Tom Eastep
f4e175f149 Fix IPv6 'nosmurfs'. Make 'nosmurfs' logging more efficient.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-03 15:03:15 -08:00
Tom Eastep
97f3e5b8de Clear known problems.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-03 07:18:55 -08:00
Tom Eastep
52880a8822 Clean up generate_matrix() fix.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-03 06:57:51 -08:00
Tom Eastep
9d288241da Fix issues in generate_matrix().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 19:42:54 -08:00
Tom Eastep
096fb29203 DEBUG and PURGE -- take 2.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 13:57:50 -08:00
Tom Eastep
1d8a7ad09f Clear DEBUG and PURGE shell variables
Delete a blank line

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 13:55:29 -08:00
Tom Eastep
753eb97667 Update version to 4.4.7 RC2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 10:30:53 -08:00
Tom Eastep
ede17e2da0 Set ADD_IP_ALIASES=No in all shorewall.conf files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 08:16:41 -08:00
Tom Eastep
dd60f04a9f Work around lack of MARK Target support 2010-02-01 16:22:57 -08:00
Tom Eastep
58f6e57286 Update known problems 2010-02-01 16:19:36 -08:00
Tom Eastep
d354560863 Finish last change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-01 14:25:51 -08:00