Commit Graph

630 Commits

Author SHA1 Message Date
teastep
9a42f57a6a Allow 'ipsec' in /etc/shorewall/hosts to work in the presence of dynamic zones
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2419 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-27 17:29:20 +00:00
teastep
b66929a65e Large merge of function from EXPERIMENTAL to HEAD.
1) Elimination of the "shorewall monitor" command.

2) The /etc/shorewall/ipsec and /etc/shorewall/zones file are combined into
a single /etc/shorewall/zones file. This is done in an upwardly-compatible
way so that current users can continue to use their existing files.

3) Support has been added for the arp_ignore interface option.

4) DROPINVALID has been removed from shorewall.conf. Behavior is as if
DROPINVALID=No was specified.

5) The 'nobogons' option and BOGON_LOG_LEVEL are removed.

6) Error and warning messages have been made easier to spot by using
capitalization (e.g., ERROR: and WARNING:).

7) The /etc/shorewall/policy file now contains a new connection policy and a
policy for ESTABLISHED packets. Useful for users of snort-inline who want to
pass all packets to the QUEUE target.

8) A new 'critical' option has been added to /etc/shorewall/routestopped.
Shorewall insures communication between the firewall and 'critical' hosts
throughout start, restart, stop and clear. Useful for diskless firewall's
with NFS-mounted file systems, LDAP servers, Crossbow, etc.

9) Macros. Macros are very similar to actions but are easier to use, allow
parameter substitution and are more efficient. Almost all of the standard
actions have been converted to macros in the EXPERIMENTAL branch.

10) The default value of ADD_IP_ALIASES in shorewall.conf is changed to No.

11) If you have 'make' installed on your firewall, then when you use
the '-f' option to 'shorewall start' (as happens when you reboot),
if your /etc/shorewall/ directory contains files that were modified
after Shorewall was last restarted then Shorewall is started using
the config files rather than using the saved configuration.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2409 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-25 23:08:09 +00:00
teastep
89eaf99906 Pretty up the output of 'show actions'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2403 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-24 16:49:02 +00:00
teastep
aaecd53a29 Add 'shorewall show actions command'
Make it possible for the 'stopped' extension script to save commands in
the 'restore-tail' file by calling 'run_and_save_command' and
'save_command'


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2401 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-24 16:27:21 +00:00
teastep
f3ea3c7edb Avoid annoying 'ipset:not found' message
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2392 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-22 22:24:28 +00:00
teastep
fbabd7d6ef Obviate the need for 'loose'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2389 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-21 19:48:33 +00:00
teastep
ca8e5631d3 Make \!<address> work in the SUBNET column of the masq file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2374 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-20 01:10:28 +00:00
teastep
687704eff2 Add 'loose' provider option; add COPY column to providers file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2370 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-18 22:40:26 +00:00
teastep
318e204358 Re-implement MACLIST_TTL
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2358 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 22:08:15 +00:00
teastep
c6e3e84352 Disable MACLIST_TTL
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2356 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-17 16:52:21 +00:00
teastep
1b5ac5c7d3 Make /sbin/shorewall issue a warning whenever startup is disabled
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2348 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-15 20:50:01 +00:00
teastep
379b58f628 A better patch to avoid blocking DHCP broadcasts during MAC verification
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2330 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-13 15:26:51 +00:00
teastep
ef9d22b647 Avoid blocking DHCP broadcasts during MAC verification
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2327 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-13 14:29:52 +00:00
teastep
d050552a36 Make TCPFLAGS_LOG_LEVEL=ULOG work with iptables-1.3.2.
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2322 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-12 00:42:08 +00:00
teastep
7d924c3b82 A couple of little buglets. 1) detect duplicate tracked interface in providers file; 2) don't permit destination interface in PREROUTING marking rule
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2315 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 23:23:45 +00:00
teastep
d11dc2b58a Apply Cristian's patch for default route after reboot
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2305 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 20:12:49 +00:00
paulgear
4f8bbb5866 Copy latest development version from Shorewall2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2269 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 06:13:05 +00:00
paulgear
2a19eb8a5a Copy latest 2.4 version from Shorewall2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2264 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 05:55:29 +00:00
paulgear
90dd62e89e Copy latest 2.2 version from STABLE2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2263 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 05:45:05 +00:00
paulgear
921a7223d4 Copy latest 2.0 code from STABLE2/
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2262 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2005-07-09 04:45:32 +00:00
teastep
ccd528ec8c Shorewall 1.4.10d +
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1216 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-03-20 15:40:06 +00:00
teastep
d711731678 Fix multiple excluded zone handling in DNAT/REDIRECT
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1181 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-03-04 15:24:59 +00:00
teastep
7f19ec0c73 Fix another masq file bug
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1131 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-02-09 20:46:22 +00:00
teastep
76c135e123 Shorewall-1.4.10a
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1129 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-02-08 20:36:46 +00:00
teastep
6ae5a4eb93 Fix problem in masq file parsing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1124 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-02-05 20:19:29 +00:00
teastep
97ea8c60d7 Fix problem in masq file parsing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1123 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-02-05 20:13:24 +00:00
teastep
f67cb1eab8 Fix PROTO fix fix
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1098 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-29 23:29:50 +00:00
teastep
304a502d38 Fix PROTO fix
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1097 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-29 23:24:30 +00:00
teastep
76b5918a13 Fix handling of 'all' or '-' in the PROTO column of an action file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1096 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-29 19:11:51 +00:00
teastep
d116d04fb8 Don't add broadcasts to /0 groups
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1095 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-28 00:52:03 +00:00
teastep
b4d0cbd1b1 Don't feed the smurfs
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1093 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-27 22:33:32 +00:00
teastep
3a82d46762 1.4.10 RC2 and fixes for broadcast rejects, ratelimiting and CONTINUE rules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1092 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-27 21:16:07 +00:00
teastep
2e80e459bb RC1 and 'detectnets' option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1089 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-23 23:48:30 +00:00
teastep
22df211052 Applied Fr�d�ric LESPEZ's patch for packet marking by user/group id
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1088 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-22 20:24:56 +00:00
teastep
58ac5fd852 Correct messages generated out of setup_masq()
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1087 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-22 16:59:40 +00:00
teastep
c07e450d5a Refine masq destination list code
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1086 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-22 03:27:03 +00:00
teastep
d362f734d9 Destination exclude list in masq file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1085 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2004-01-22 02:06:56 +00:00
teastep
0c6299465d Fix SNAT handling in DNAT rules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@869 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-16 21:52:37 +00:00
teastep
9763f0caf3 Allow actions to be used in other actions
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@809 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-07 18:15:55 +00:00
teastep
7a7597466d Clean up Action Change
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@806 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-05 20:34:01 +00:00
teastep
90263f43af Add user-defined Actions
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@801 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-04 02:01:08 +00:00
teastep
380b8e2ce8 Add MODULE_SUFFIX option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@797 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-12-01 16:10:08 +00:00
teastep
9fde389c31 Log 'norfc1918'
packets out of 'rfc1918' chains


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@792 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-11-27 18:39:11 +00:00
teastep
a3eaa7f9af Rework ip_forward handling; update release file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@791 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-11-27 18:24:57 +00:00
teastep
80981e802e Fix NONE policy validation and 'routeback' for wildcard interfaces
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@786 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-11-08 02:38:30 +00:00
teastep
306ca3718f Correct handling of broadcast addresses in MAC verification
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@784 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-31 15:30:07 +00:00
teastep
f046ea3ab1 Fix route filtering
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@782 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-30 15:42:45 +00:00
teastep
0f72f92c48 Another fix for <zone>_frwd chains
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@780 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-26 16:22:01 +00:00
teastep
5448a9cc38 Expand chain naming
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@777 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-25 00:54:01 +00:00
teastep
20a23dc925 Re-add optimization for complex zones
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@771 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-19 14:57:48 +00:00
teastep
1fd0345510 Re-add optimization for complex zones
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@769 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-15 18:34:05 +00:00
teastep
ff2b9ce193 Remove 'complex zone' optimization
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@768 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-15 18:17:23 +00:00
teastep
67ad01a56f Added BLACKLISTNEWONLY
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@765 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-11 16:06:00 +00:00
teastep
55ddfb8c78 Fix error handling after 'Unable to determine the routes...'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@764 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-10 03:00:26 +00:00
teastep
97825f937c Clean up QUEUE target code
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@763 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-09 22:33:44 +00:00
teastep
c80dacd86a p2pwall integration
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@762 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-09 21:26:08 +00:00
teastep
3d7df0dd62 Correct icmp fix
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@761 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-08 18:45:26 +00:00
teastep
5b54d21d07 Don't use multiport match on ICMP
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@760 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-08 15:07:18 +00:00
teastep
9a51cb0b60 Merge Tuomo Soini's fix for /bin/ash
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@758 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-08 14:53:26 +00:00
teastep
f30faa416f Fix user/group name and qualified destination
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@752 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-03 14:39:34 +00:00
teastep
5d489f01f9 Change 'logunclean' messages to reflect LOG disposition
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@750 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-02 04:48:30 +00:00
teastep
45e63c15ac Blacklist before DHCP
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@749 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-10-01 00:07:14 +00:00
teastep
2e4f97175d Correct handling of missing common.def file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@748 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-09-27 14:54:16 +00:00
teastep
f88241a6f1 Fix rules file processing with missing policy
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@747 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-09-26 21:34:16 +00:00
teastep
ddb925c133 Reword error message
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@745 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-09-22 21:44:22 +00:00
teastep
9f14855704 Allow user:group in USER SET column of rules file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@744 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-09-19 19:42:05 +00:00
teastep
a18c573868 Beta 2 plus fix proxy ARP routes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@738 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-09-16 19:44:49 +00:00
teastep
bb20363bb2 Fix for IPV6 addresses and the 'ip' utility
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@735 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-28 18:02:59 +00:00
teastep
5e8a20b455 Fix adding range of aliases
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@733 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-27 19:37:53 +00:00
teastep
47b75c3c87 Correct backout of Smart Blacklisting
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@729 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-25 02:02:44 +00:00
teastep
29ae535021 Correct backout of Smart Blacklisting
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@728 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-25 01:49:34 +00:00
teastep
41de5afd06 Decommit per-interface dynamic blacklisting; warnings on 'unclean' dependencies
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@726 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-24 01:24:23 +00:00
teastep
54569f4782 Userset fix and logging fixes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@724 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-23 18:14:59 +00:00
teastep
3ee26da51c Henry Yang's patch plus fix LOGRATE/ratelimit conflict on rules file logging
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@723 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-22 15:27:08 +00:00
teastep
90b5b607a6 Allow chains with IP addresses as names
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@721 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-21 13:18:51 +00:00
teastep
e58b08c4b7 Redesign Accounting
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@720 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-20 16:54:27 +00:00
teastep
b5c9917c79 Add RATE LIMIT column; allow multiple chains in a 'show' command
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@718 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-15 15:54:13 +00:00
teastep
b68171cc23 Better fix for generic firewall parsing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@714 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-14 13:57:09 +00:00
teastep
3458f3e0f4 Fix generic firewall parsing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@713 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-14 02:08:51 +00:00
teastep
d55bcfca0b Rate Limiting in Rules - Part 7
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@711 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-13 21:31:02 +00:00
teastep
8d9ec49a6b Rate Limiting in Rules - Part 4
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@708 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-13 18:51:18 +00:00
teastep
e454c7fe73 Rate Limiting in Rules - Part 3
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@707 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-13 18:48:28 +00:00
teastep
88dbd252af Rate Limiting in Rules - Part 1
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@705 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-13 17:07:05 +00:00
teastep
552d738579 Allow bridge devices in /etc/shorewall/maclist
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@704 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-13 00:19:24 +00:00
teastep
a1c1785048 Allow degenerate rules; replace 'chain_exists' with 'havechain' in accounting code
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@701 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-11 17:44:23 +00:00
teastep
ab073a41a4 Added CHAIN declarations
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@698 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-11 01:36:32 +00:00
teastep
24ed025834 Conditionally create accounting chain
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@697 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-10 16:22:19 +00:00
teastep
347ed2f629 Conditionally create accounting chain
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@696 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-10 16:19:36 +00:00
teastep
7cb2d841aa Conditionally create accounting chain
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@695 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-10 16:12:30 +00:00
teastep
ac8585b68a Complete accounting support
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@694 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-10 16:01:21 +00:00
teastep
1144d736bf Correct bug in accounting file processing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@693 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-10 15:06:23 +00:00
teastep
3c24144487 Add IP accounting
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@692 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-10 01:11:50 +00:00
teastep
b235cd19e1 Add arp_filter interface option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@690 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-08 20:55:06 +00:00
teastep
4192870cb2 Add support for range lists in /etc/shorewall/masq
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@687 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-06 23:50:33 +00:00
teastep
c8b9cbfd35 Generic tunnels
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@686 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-06 00:06:44 +00:00
teastep
b2729de062 Fix adding addresses to P-T-P devices
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@683 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-08-05 15:05:45 +00:00
teastep
4c08cc4780 ADMINISABSENTMINDED Option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@681 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-29 23:04:04 +00:00
teastep
617c0d311e Remove braindead code; prevent 'stop' when 'start' is disabled
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@680 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-28 17:32:41 +00:00
teastep
f7ea7cdd41 Snapshot 1.4.6_20030726
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@678 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-26 16:44:38 +00:00
teastep
a63d259b40 Move call to determine_capabilities so that MANGLE_ENABLED is set before it is tested
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@674 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-22 14:25:36 +00:00
teastep
9188253bd4 {
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@670 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-21 22:02:34 +00:00
teastep
afd7840558 Suppress DHCP message when there are no DHCP rules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@666 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-18 23:12:34 +00:00
teastep
c89d302114 Streamline module loading
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@663 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-16 03:22:45 +00:00
teastep
0c8365f7bb Support 2.6 compressed modules; add chain name to policy display in 'check' command
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@662 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-16 03:07:38 +00:00
teastep
defe814ca5 More rule processing fixes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@659 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-14 20:25:03 +00:00
teastep
8dce6e9522 More rule processing fixes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@658 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-14 20:16:24 +00:00
teastep
528c7b549a More rule processing fixes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@657 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-14 19:51:25 +00:00
teastep
31f6e580e4 More rule processing fixes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@656 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-14 19:43:32 +00:00
teastep
94ceb711b7 Fix exclude zone processing in DNAT and REDIRECT rules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@655 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-14 16:44:35 +00:00
teastep
5b03f63961 Fix exclude zone processing in DNAT and REDIRECT rules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@654 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-14 16:20:45 +00:00
teastep
cf62edd5ca Add local variable to find_hosts_by_option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@648 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-06 16:27:40 +00:00
teastep
ed899188f8 Allow address lists in /etc/shorewall/hosts entries
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@647 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-06 16:10:23 +00:00
teastep
c615aa868a Allow address lists in /etc/shorewall/hosts entries
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@646 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-06 15:31:26 +00:00
teastep
045318946f Reword error message to use terminaolgy from documentation
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@640 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-05 20:49:23 +00:00
teastep
3c5dd9167f Remove duplicate pattern in case statement
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@639 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-05 20:36:03 +00:00
teastep
a4183f21fe Add empty variable for 'call' command
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@638 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-05 19:52:34 +00:00
teastep
24d864d427 Fix my application of Simon Matter's Patch
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@637 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-05 18:17:40 +00:00
teastep
678e23918b Add undocumented 'call' commands to /sbin/shorewall and /usr/share/shorewall/firewall
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@635 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-05 17:55:43 +00:00
teastep
17a7a0492d Take care of some ipcalc anomalies
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@634 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-05 17:41:28 +00:00
teastep
b1b3d09473 Move IP Address Manipulation Functions to /usr/share/shorewall/functions
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@631 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-05 16:24:41 +00:00
teastep
9a6c36c146 Remove requirement for XOR
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@626 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-04 15:08:29 +00:00
teastep
807e808318 Clear original dest when it is 0.0.0.0/0
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@625 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-03 16:12:28 +00:00
teastep
5b9d1f7460 Cleanup of code
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@624 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-02 23:12:14 +00:00
teastep
6a1c9df7c9 Fix DNAT[-] destination list handling; add shell validation
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@623 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-07-01 20:29:01 +00:00
teastep
fc1cc9b0eb Fix capability report -- Simon Matter
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@622 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-30 14:21:42 +00:00
teastep
06e38b587d SHOREWALL_SHELL parameter
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@621 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-28 15:22:22 +00:00
teastep
52bc8bca5e Add MULTIPORT to the list of detected capabilities
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@620 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-28 01:09:12 +00:00
teastep
7a2cad4d07 Add Conntrack Match Capability
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@618 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-27 21:02:52 +00:00
teastep
f562fa4836 Correct ip_range handling of CIDR
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@617 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-26 14:29:24 +00:00
teastep
753cf160e4 Replace multiplication by bit shift in decodeaddr()
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@616 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-25 19:20:23 +00:00
teastep
08c45deb2e Make new code work on lesser shells
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@613 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-23 23:04:50 +00:00
teastep
8683295810 More tweaking of address manipulation code
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@611 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-23 17:51:33 +00:00
teastep
c3eab43a3b Fix addition of IP addresses
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@610 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-23 00:44:53 +00:00
teastep
0b075e78b6 Fix addition of IP addresses
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@609 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-23 00:42:28 +00:00
teastep
9aaef4d05a Add load-balancing support
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@607 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-22 22:56:25 +00:00
teastep
b33ffddc7b Fix label creation for IP address ranges
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@606 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-22 21:22:57 +00:00
teastep
debf41d707 Allow IP ranges with ADD_SNAT_ALIASES=Yes; Fix add_ip_aliases to match proper subnet to add to
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@605 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-22 16:58:33 +00:00
teastep
d6262099c6 Add FIN to accepted flags for NEWNOTSYN
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@604 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-19 20:19:41 +00:00
teastep
ea38e5f72b Refine 'newnotsyn' option handling
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@602 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-18 19:55:16 +00:00
teastep
cc9fd2b4ef Refine 'newnotsyn' option handling
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@601 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-18 19:49:54 +00:00
teastep
88595aec4f Refine 'newnotsyn' option handling
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@600 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-18 19:40:35 +00:00
teastep
045263c704 Refine 'newnotsyn' option handling
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@599 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-18 19:24:16 +00:00
teastep
027e5fcd0f Implemented 'newnotsyn' interface option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@596 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-18 18:37:37 +00:00
teastep
170c3df6c4 Work around RH7.3 'service' anomaly
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@595 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-18 18:26:05 +00:00
teastep
4e26bb4ba4 Back out changes for reject processing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@589 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-11 23:57:35 +00:00
teastep
3bb2d171ae Fix REJECT processing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@588 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-11 19:46:50 +00:00
teastep
275a8ca33f Don't whine about LOG policy rule; Accept RELATED connections during [re]start
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@587 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-11 01:01:48 +00:00
teastep
1c2f75656d More cleanup
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@585 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-02 22:01:50 +00:00
teastep
70d8293d88 Re-add logging code that was mistakenly deleted
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@584 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-02 19:26:56 +00:00
teastep
2bdcada874 Fix routestopped; minor fix in rules processing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@583 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-02 18:08:35 +00:00
teastep
184d7aac40 More cleanup of rules processing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@581 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-01 18:14:57 +00:00
teastep
18cfd011c3 A small cleanup of the rules parsing code
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@580 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-01 16:51:34 +00:00
teastep
89bb721da4 More ORIGINAL DEST fixes; restore last 'Hits' report
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@579 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-06-01 03:14:20 +00:00
teastep
e3bafeecaa Make excludehosts work for OUTPUT; correct destination in DNAT rule
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@578 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-05-31 16:34:17 +00:00
teastep
d9268be1c4 List on original dest; debugging try
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@577 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-05-31 15:29:14 +00:00
teastep
df6a59cf68 Shorewall-1.4.4b
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@575 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-05-29 14:43:47 +00:00
teastep
e70a63f267 Shorewall-1.4.4a
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@573 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-05-28 19:20:23 +00:00
teastep
59660f2576 Restore 5-character zone name capability
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@572 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-05-27 17:49:13 +00:00
teastep
66337f3cda Restore 5-character zone name capability
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@570 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-05-27 17:42:12 +00:00
teastep
09392c88d3 Move DNAT and REDIRECT logging to the nat table
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@567 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-05-22 20:37:24 +00:00
teastep
e33573eff9 Change LOGMARKER/LOGFORMAT Implementation
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@566 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-05-21 21:36:05 +00:00
teastep
c15c93c7d1 Implement REDIRECT-
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@564 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-05-20 23:27:11 +00:00
teastep
019fc32d26 Enable loopback interface earlier in startup
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@550 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-05-16 15:19:57 +00:00
teastep
bbcbbca6b8 Implement LOGMARKER variable
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@546 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-04-25 16:22:18 +00:00
teastep
554970dcc4 Correct Syntax Error
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@544 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-04-21 23:04:52 +00:00
teastep
f404c75b2f Add 6to4 tunnel support
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@543 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-04-21 15:12:59 +00:00
teastep
99cb231761 Remove temporary directory at completion of 'add' and 'delete' commands
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@541 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-04-18 03:09:51 +00:00
teastep
8b5cadbdff Add a catchall rule for old REJECT handling
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@539 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-04-16 16:54:46 +00:00
teastep
a7cd930b96 Add comments to REJECT improvement
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@538 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-04-14 01:01:01 +00:00
teastep
d44564fab8 Improve REJECT processing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@537 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-04-14 00:47:47 +00:00
teastep
850f18bea6 Make a more conservative patch to fix the 'traceroute -I' problem
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@531 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-04-01 14:58:47 +00:00
teastep
e16e47893d Add 'routeback' option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@530 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-04-01 02:00:37 +00:00
teastep
02a42e2fb0 INCLUDE directive; make 'traceroute -I' work again
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@528 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-29 14:37:50 +00:00
teastep
b49e944321 Remove trailing white space
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@526 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-24 21:56:31 +00:00
teastep
777202cb11 Remove superfluous -s specification
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@525 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-24 21:55:16 +00:00
teastep
b5d3078fa6 Add intermediate input chain for complex zones
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@524 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-24 21:02:29 +00:00
teastep
886ad1e547 Add intermediate input chain for complex zones
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@523 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-24 21:01:53 +00:00
teastep
1a36e13f8c Fix 'check' command shell message
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@522 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-23 23:53:10 +00:00
teastep
04d78dc49f Re-allow Z->Z rules/policies
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@517 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-21 19:49:40 +00:00
teastep
526f0f9eb8 Re-allow Z->Z rules/policies
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@516 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-21 19:47:19 +00:00
teastep
cb5d9460b8 Cleanup new policy code
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@514 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-21 19:25:17 +00:00
teastep
e6d9dda852 Cleanup new policy code
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@513 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-21 19:23:03 +00:00
teastep
5be79ecde7 NONE Policy; Allow Intrazone connections; no bounce rules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@510 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-21 04:14:20 +00:00
teastep
8556250875 Only check 'ipchains' module on start
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@498 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-11 15:45:29 +00:00
teastep
8918a72c13 Ignore default route when detecting masq networks; refuse to start with ipchains module loaded
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@497 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-11 14:55:01 +00:00
teastep
0d7c31371a Restore the 'check' command to the comments in the 'firewall' script
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@496 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-10 00:47:12 +00:00
teastep
7fab125525 Drop INVALID state packets; rate limit NEWNOTSYN logging
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@495 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-10 00:41:39 +00:00
teastep
e2748d3245 More SHARED_DIR changes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@489 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-08 18:01:32 +00:00
teastep
6a478754ac Remove SHARED_DIR from shorewall.conf
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@488 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-08 17:55:34 +00:00
teastep
4a173940b2 Add log limiting to 'logdrop' chain and optimize code that deletes temporary rules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@486 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-08 15:48:07 +00:00
teastep
c67ef5582c Remove two superfluous calls to determine_zones
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@484 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-07 00:30:39 +00:00
teastep
09fc5e317a Process params file before shorewall.conf
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@482 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-03-06 23:21:25 +00:00
teastep
4c2b1406de Remove unused function
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@478 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-28 15:33:40 +00:00
teastep
2894700fcf Re-add 'check' -- delete trailing white space
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@475 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-27 22:28:06 +00:00
teastep
a9d201f4f6 Print the name of the ECN file during processing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@474 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-25 23:35:22 +00:00
teastep
5f0d26d1b9 Remove 'check' command
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@470 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-25 16:21:41 +00:00
teastep
99bcc9cc39 Alloc null second column in ecn file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@469 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-24 15:35:50 +00:00
teastep
08ec9ac4e0 Validate interface names in ecn file; confirm additions to ECN control chain; update to Beta2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@468 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-24 15:24:55 +00:00
teastep
5a778540da Tweak the comma-separated list parsing fix
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@466 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-23 14:22:14 +00:00
teastep
21cb22303f 1) Remove trailing white space.
2) Improve detection of white space in comma-separated lists.
3) Fix a typo in the INSTALL file.


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@464 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-23 14:10:37 +00:00
teastep
9b98ecbff5 final 1.4.0 Beta1 Changes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@461 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-21 22:55:36 +00:00
teastep
fe9b56090c Remove call to undefined function 'validate_bounce_file'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@458 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-21 17:00:10 +00:00
teastep
6cabdfae5d More 1.3.14 Changes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@456 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-19 23:52:03 +00:00
teastep
5fe2bef29e Remove icmp.def; change versions to 1.4
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@449 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-15 00:09:44 +00:00
teastep
b5c7f91e5a Run user init script before stripping files; improve comment in hosts file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@445 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-13 14:59:34 +00:00
teastep
92fc84ac14 Outbound ICMP no longer unconditionally accepted
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@444 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-11 01:34:52 +00:00
teastep
ef51c04d1d Shorewall 2.0.0 Alpha1
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@443 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-08 20:58:44 +00:00
teastep
f9918b0da8 Correct rule number calculation in 'shorewall add' code
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@436 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-08 20:44:00 +00:00
teastep
5b9a57d49e Changes for 1.3.14 RC1
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@430 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-02-04 16:59:49 +00:00
teastep
5aeecee8ab Add openvpn tunnel support
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@426 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-31 19:10:22 +00:00
teastep
4cf3600e5c Update copyrights
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@425 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-31 18:04:57 +00:00
teastep
45879f20f3 Beta 2 update
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@423 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-29 02:56:39 +00:00
teastep
fd37bd4c59 Fix VLAN Broadcast detection
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@422 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-28 14:44:40 +00:00
teastep
bf4ccb8d7a Restore support for VLAN devices
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@420 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-27 02:54:43 +00:00
teastep
cd1417ec17 Clean up release notes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@419 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-26 01:00:22 +00:00
teastep
4964497aa3 Allow labels for aliases added under ADD_SNAT_ALIASES; improve masquerade algorithm
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@417 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-24 23:43:22 +00:00
teastep
5b101f3a81 Use the routing table rather than the ip configuration to determine masquerading
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@416 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-24 22:59:49 +00:00
teastep
94c5455c9e Masquerade from all primary subnets when an interface name is in the second column of masq file entry
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@415 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-24 22:47:22 +00:00
teastep
43cc73ef47 Allow creation of an alias label when ADD_IP_ALIASE=Yes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@414 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-24 19:42:23 +00:00
teastep
0bd0a3672e Allow specification of marking chain in TC rules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@411 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-23 23:18:40 +00:00
teastep
a0cb5de22c Make FORWARDPING=Yes verboten under OLD_PING_HANDLING=No; make 'list' a synonym for 'show' in /sbin/shorewall
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@410 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-23 01:13:36 +00:00
teastep
7fe133fe4a Add OLD_PING_HANDLING option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@406 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-21 00:34:00 +00:00
teastep
3b29150cb2 Fix bug in 'shorewall add' re 'find_interfaces_by_maclist'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@405 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-20 23:06:55 +00:00
teastep
bdcf22b4f8 Add NAT support with remote IPSEC zone; add UDP 4500 to ipsecnat support
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@398 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-07 16:26:41 +00:00
teastep
feb0752113 Allow shared files to be moved easily
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@397 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-06 23:01:23 +00:00
teastep
a28dac71ec Update release notes comment -- allow '-' in ORIGINAL DEST column for consistency
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@395 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-06 14:12:59 +00:00
teastep
305c43fea2 Fix RFC1918_LOG_LEVEL
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@394 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2003-01-03 17:48:11 +00:00
teastep
b1fb6bd72c Add CLEAR_TC option
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@392 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-31 16:04:31 +00:00
teastep
9ebd6ceaae Exit status 255 from tcclear indicates that Shorewall should not clear tc
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@391 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-31 03:50:05 +00:00
teastep
144c9ab576 Add DNAT- action; 'shorewall check' prints policies
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@390 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-31 01:10:28 +00:00
teastep
6ec62fd189 Fix bug in blacklist logging
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@381 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-22 05:26:20 +00:00
teastep
ba05611498 Fix bad bug in find_hosts_by_option()
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@376 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-20 21:10:53 +00:00
teastep
43b6a8acc8 Change comment on SPT=0 trap
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@375 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-20 01:13:41 +00:00
teastep
ad6a24aa3f a) fix a silly bug and b) avoid calling separate_list on an already separated list
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@373 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-19 21:30:58 +00:00
teastep
97c6eae79e Release 1.3.12-Beta1 Changes; bug fix from Tuomo Soini
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@372 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-19 20:14:10 +00:00
teastep
c9a1bff975 More Cleanup
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@371 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-18 23:56:34 +00:00
teastep
efb857df9d Fix a couple of bugs in recent changes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@370 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-18 21:58:21 +00:00
teastep
852217c510 Break 'run_iptables' into two functions - only run_iptables2 checks for \!
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@369 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-18 21:26:03 +00:00
teastep
fa843d4139 Allow marking packets in the FORWARD chain
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@368 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-16 19:25:20 +00:00
teastep
ede456adf6 Restore fw->fw redirection; Check for SPT=0 in SYN
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@367 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-14 15:44:26 +00:00
teastep
b9891e08e2 Add ULOG Support
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@362 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-13 03:23:46 +00:00
teastep
faa859e84a Added error message for MAC address in rule destination
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@361 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-10 22:48:04 +00:00
teastep
39da3ef60f Remove redundent function - add some comments
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@358 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-10 16:03:26 +00:00
teastep
1fa9316550 Yet another speed improvement
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@357 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-09 02:42:28 +00:00
teastep
46e306eba9 Correct wording of an error message
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@356 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-07 23:33:26 +00:00
teastep
14b0682723 More [re]start speedups
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@355 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-07 03:21:32 +00:00
teastep
2528043867 Speed up 'separate_list'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@354 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-06 00:31:49 +00:00
teastep
992cc301a7 Generate error if 'lo' is defined in the interfaces file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@353 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-05 17:29:56 +00:00
teastep
7a1aa39f95 Speed up running of iptables
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@351 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-05 00:18:47 +00:00
teastep
14a20ece71 a) Rewrote 'list_count' to not require 'wc'
b) Turn off trace after error
c) Allow output ICMP unconditionally again


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@350 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-04 23:53:03 +00:00
teastep
0f33d5af0d Refresh also refreshes traffic control/shaping
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@349 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-12-04 21:17:14 +00:00
teastep
94cc75b63a Fix bug in NAT exclusion -- Roger Aich
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@344 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-11-27 19:16:06 +00:00
teastep
9a8d39bdd5 Add reverse GRE rules for PPTP server and clients
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@337 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-11-24 18:40:51 +00:00
teastep
dc0c17f075 Minor firewall cleanup
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@334 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-11-13 00:57:48 +00:00
teastep
871eeffa2c Revise 'all' in rules to never apply to intra-zone traffic
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@333 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-11-11 19:47:34 +00:00
teastep
9483f891fc Allow 'all' in rules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@332 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-11-11 19:21:47 +00:00
teastep
0ad28aae80 Correct fw->fw rule catcher
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@331 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-11-11 18:24:38 +00:00
teastep
a511b9b485 Check for fw->fw rules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@330 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-11-11 17:38:40 +00:00
teastep
18a6aff46a Add some comments in the policy chain creation/population logic
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@327 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-11-11 03:41:42 +00:00
teastep
b8f806e625 Accomodate bash clones like dash and ash
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@325 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-11-10 23:15:53 +00:00
teastep
8c3af56566 Add TCP Flags Checking
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@324 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-11-10 21:34:20 +00:00
teastep
c44cb44f7c Verify interface names in the SOURCE column of /etc/shorewall/tcrules
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@318 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-11-09 15:56:29 +00:00
teastep
507fa8069d Cosmetic cleanup in firewall script
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@317 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-11-03 15:42:23 +00:00
teastep
5ff9d1a888 Clear nat and mangle counters during 'shorewall reset'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@316 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-30 15:56:46 +00:00
teastep
eef8a3dc72 Improve comments in interfaces file re: use of aliases
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@314 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-29 01:36:06 +00:00
teastep
01a78306cf Update release and changelog files
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@312 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-24 00:47:43 +00:00
teastep
0eda4bab27 Conserve space by removing comment decorations
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@311 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-23 16:48:40 +00:00
teastep
a997c16a42 Clean up MAC Verification Code
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@310 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-23 15:58:53 +00:00
teastep
d26c6a5e92 Extend 'maclist' to the hosts file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@309 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-23 01:22:48 +00:00
teastep
347fc0da18 Adjust insertion points for dynamic zone rules based on MAC verification
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@308 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-22 18:33:37 +00:00
teastep
cd555022bf Add MAC verification
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@306 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-22 18:07:52 +00:00
teastep
9f691d20e4 Allow SNAT using primary IP and ADD_SNAT_ALIASES=Yes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@305 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-22 00:13:24 +00:00
teastep
42d7503984 Give better error message when getting the IP of a down interface
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@303 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-21 18:13:28 +00:00
teastep
23f6bb2371 Move the main firewall script to /usr/lib/shorewall
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@297 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-15 15:00:11 +00:00
teastep
c1d99fe769 Add support for PPTP client and server on the Firewall
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@295 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-14 22:26:28 +00:00
teastep
912681428b Tone down ipsecnat rules a bit
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@294 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-11 17:19:06 +00:00
teastep
2c41dc5154 Add IPSECNAT tunnel type; correct typo in spec file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@293 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-10 13:29:06 +00:00
teastep
9c0ad6d495 Fix typo in firewall script (recalculate_interfacess)
Add PATH assignment to the install script
Correct 'functions' file handling in the install script


git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@288 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-09 15:05:53 +00:00
teastep
38e5f236dc Remove iptables 1.2.7 hacks
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@286 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-05 16:36:53 +00:00
teastep
46328322db Add some comments to the Dynamic Zone code
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@282 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-02 01:24:57 +00:00
teastep
93db8120f9 Some optimizations to the Dynamic Zone code
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@281 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-01 23:58:48 +00:00
teastep
e55951ba31 Fix typo
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@280 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-01 23:49:17 +00:00
teastep
09285f8c06 Fix rule insertion algorithms for Dynamic Zones
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@279 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-01 23:43:03 +00:00
teastep
8ff1919657 Correct typo in error message
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@278 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-01 23:01:34 +00:00
teastep
73ae96bb64 More fixes for Dynamic Zones
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@277 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-01 22:27:19 +00:00
teastep
1a0534f5c0 Corrections to Dynamic Zones
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@276 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-01 21:46:48 +00:00
teastep
129cedbe8f First implementation of dynamic zones
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@275 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-10-01 20:54:42 +00:00
teastep
e7c44ec80e Fix dumb bug in 1.3.9 Tunnel Handling
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@270 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-09-30 17:48:20 +00:00
teastep
85dfee1475 Remove after error exits
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@263 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-09-29 21:28:44 +00:00
teastep
c665fec5ef Cleanup of 1.3.9 for Bering
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@261 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-09-29 21:08:25 +00:00
teastep
86d7723602 Fix problems with oddball shells; updated documentation
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@260 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-09-28 00:31:15 +00:00
teastep
f536d805b0 Move fireall, function and version to /usr/lib/shorewall
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@259 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-09-27 21:10:21 +00:00
teastep
de84a5a43e Don't insist on NEW state for odd protocols -- part 2
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@257 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-09-26 20:35:25 +00:00
teastep
ccf0e4d598 Don't insist on NEW state for odd protocols
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@256 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-09-26 20:28:49 +00:00
teastep
f2b2e84808 Add DNS Name support; remove startup_disabled on uninstall
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@255 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-09-24 23:13:36 +00:00
teastep
7ff49f05b6 Prevent pre-configuration startup; change version to 1.3.9
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@250 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-09-19 20:40:10 +00:00
teastep
7f249597b6 Fix typo in policy file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@248 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-09-19 18:36:09 +00:00
teastep
167cf45cea Allow both interface and address on source in rules file
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@247 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-09-18 23:38:09 +00:00
teastep
87890954b7 Allow RST and ACK packets under NEWNOTSYN=Yes
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@238 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-09-16 16:08:15 +00:00
teastep
53f8743591 Add ICMP and MULTIPORT support to the black list
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@237 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-09-14 23:40:46 +00:00