Commit Graph

11805 Commits

Author SHA1 Message Date
e9b0e2f912 Revert "Improve handling of mutex contention when 'lockfile' is installed."
This reverts commit 2f56caf8fd.

The change only worked on very recent distributions.
2012-09-12 10:03:09 -07:00
a223245c01 Don't create classic blacklist chains if no blacklist file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 07:30:34 -07:00
89289f95ba Allow specification of priority for Shorewall-generated tc filters.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 07:22:07 -07:00
2f56caf8fd Improve handling of mutex contention when 'lockfile' is installed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 07:18:26 -07:00
e431d5ab53 Document changes to filter priorities
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 17:12:59 -07:00
8c7b8c9390 Correct missing VARLIB handling in the installers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 11:12:43 -07:00
f6e3107c00 Redefine tc filter priorities
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 10:03:16 -07:00
b4098ff5dd Appease the Fedora 17 version of emacs.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 10:02:47 -07:00
9d6e0fd9ed Add a PRIORITY column to the tcfilters file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 14:48:32 -07:00
0e1e38b035 Adjust VARDIR/VARLIB for old shorewallrc files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
4.5.8-Beta3
2012-09-09 13:12:32 -07:00
5c62bf297a Document multiple GID/UIDs in the USER/GROUP column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 08:18:25 -07:00
0dd7ad7920 Re-organize Squid document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-08 08:08:16 -07:00
c13bdbd316 Correct 'setstatedir' functions in the init scripts
- Replaced g_program with PRODUCT
- Added setstatedir and call to ifupdown.sh

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-05 07:37:12 -07:00
d7354aca14 Add a warning regarding the blacklist option being deprecated.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-05 07:19:48 -07:00
ebc4ad2f1e Add warning message when an OUTPUT stopped rule is ignored due to ADMINISABSENTMINDED
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-05 07:16:40 -07:00
6614239b32 Allow multiple USER/GROUPs in a rule.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 17:03:26 -07:00
3993abad4e Revert routestopped changes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 17:03:02 -07:00
ae1c2cb0ff Use VARLIB rather than VARDIR in the ifupdown script.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 15:42:15 -07:00
5e07ad8caa Allow a directory to be specified with -e.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 14:05:52 -07:00
6aaf06c2e8 Add stoppedrules files to the samples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 09:06:45 -07:00
eb854f1dbe Only process routestopped when stoppedrules does not exist or is empty
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 08:46:04 -07:00
2050d566b8 Handle PRODUCT correctly at run-time.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
4.5.8-Beta2
2012-09-04 07:36:47 -07:00
188f05e130 Make ./firewall the default file when compile -e
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 07:35:03 -07:00
4260e5f6ba Correctly handle the product name in export shorewallrc.
- Also re-arranged the processing of the shorewallrc file to eliminate
  the kludgy shuffling of hashes.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 06:59:16 -07:00
7235d4da11 Update manpage indexes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 20:25:15 -07:00
bdd66e68c9 Have separate hashes for the two shorewallrc files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 20:09:20 -07:00
55e3b11a28 Pass both shorewallrc files to the compiler from lib.cli-std
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 15:07:50 -07:00
b8e6a812bd Specify the cwd when compiling or checking for export
Signed-off-by: Tom Eastep <teastep@shorewall.net>
4.5.8-Beta1
2012-09-03 11:33:58 -07:00
09ce6239a7 Install stoppedrules rather than routestopped
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 11:00:22 -07:00
5645d66719 Add VARDIR to the shorewallrc files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 10:52:40 -07:00
afd9875d3a Update Manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 10:52:22 -07:00
5b953cc1dd Handle different layouts on the admin system and remote firewall(s)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 09:50:07 -07:00
8e5bd3637d Implement stoppedrules file (less manpages)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 08:44:03 -07:00
01696e7298 Remove empty paragraph in shorewall-rules(5)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 05:52:40 -07:00
b922177769 Handle missing VARDIR
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 15:51:35 -07:00
c16dfc609d Documentation updates for VARLIB
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 15:43:52 -07:00
88ab423b2a Correct 'postcompile' patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 14:55:56 -07:00
e66d9e3418 Rename VARDIR to VARLIB in shorewallrc
- Done so that existing shorewallrc files are still valid.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 14:36:11 -07:00
bf70f6e71e More Shorewall-init init script corrections
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 13:43:43 -07:00
7279553be4 Revert "Add GROUP zones"
This reverts commit 4f2a4c0c6c.
2012-09-02 11:08:38 -07:00
a6740c6c53 Revert "Assign marks to according to GROUP zones"
This reverts commit 3fbfafb6e3.
2012-09-02 11:06:28 -07:00
c31c9bca9c Handle ${CONFDIR}/$PRODUCT/vardir consistently in Shorewall-init init scripts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 10:23:11 -07:00
f5e1a42ac9 Update the Shorewall-Lite article
- Mention shorewallrc
- Mention that /etc/shorewall/shorewall.conf is no longer read when the
  configuration directory has a shorewall.conf file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 09:10:19 -07:00
9c6d4f90fb Compile the firewall script if it doesn't exist
- Also cleaned up a number of defects in the init scripts

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 08:35:42 -07:00
4f54cb34df Add a postcompile script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 08:28:02 -07:00
3fbfafb6e3 Assign marks to according to GROUP zones
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 18:13:49 -07:00
34ee00a986 Document the <directory> argument to the 'try' command.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 10:53:35 -07:00
156fa5ab01 Some fixes to the Fedora Shorewall-init init script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 10:52:59 -07:00
353915fc8b Allow ipsets in the routestopped file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 10:52:37 -07:00
02e7d13710 Load iptables_raw in modules.essential
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 08:27:03 -07:00