e9b0e2f912
Revert "Improve handling of mutex contention when 'lockfile' is installed."
...
This reverts commit 2f56caf8fd
2012-09-12 10:03:09 -07:00
a223245c01
Don't create classic blacklist chains if no blacklist file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-12 07:30:34 -07:00
89289f95ba
Allow specification of priority for Shorewall-generated tc filters.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-12 07:22:07 -07:00
2f56caf8fd
Improve handling of mutex contention when 'lockfile' is installed.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-12 07:18:26 -07:00
e431d5ab53
Document changes to filter priorities
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-10 17:12:59 -07:00
8c7b8c9390
Correct missing VARLIB handling in the installers.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-10 11:12:43 -07:00
f6e3107c00
Redefine tc filter priorities
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-10 10:03:16 -07:00
b4098ff5dd
Appease the Fedora 17 version of emacs.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-10 10:02:47 -07:00
9d6e0fd9ed
Add a PRIORITY column to the tcfilters file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-09 14:48:32 -07:00
0e1e38b035
Adjust VARDIR/VARLIB for old shorewallrc files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-09 13:12:32 -07:00
5c62bf297a
Document multiple GID/UIDs in the USER/GROUP column
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-09 08:18:25 -07:00
0dd7ad7920
Re-organize Squid document
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-08 08:08:16 -07:00
c13bdbd316
Correct 'setstatedir' functions in the init scripts
...
- Replaced g_program with PRODUCT
- Added setstatedir and call to ifupdown.sh
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-05 07:37:12 -07:00
d7354aca14
Add a warning regarding the blacklist option being deprecated.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-05 07:19:48 -07:00
ebc4ad2f1e
Add warning message when an OUTPUT stopped rule is ignored due to ADMINISABSENTMINDED
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-05 07:16:40 -07:00
6614239b32
Allow multiple USER/GROUPs in a rule.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-04 17:03:26 -07:00
3993abad4e
Revert routestopped changes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-04 17:03:02 -07:00
ae1c2cb0ff
Use VARLIB rather than VARDIR in the ifupdown script.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-04 15:42:15 -07:00
5e07ad8caa
Allow a directory to be specified with -e.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-04 14:05:52 -07:00
6aaf06c2e8
Add stoppedrules files to the samples
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-04 09:06:45 -07:00
eb854f1dbe
Only process routestopped when stoppedrules does not exist or is empty
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-04 08:46:04 -07:00
2050d566b8
Handle PRODUCT correctly at run-time.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-04 07:36:47 -07:00
188f05e130
Make ./firewall the default file when compile -e
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-04 07:35:03 -07:00
4260e5f6ba
Correctly handle the product name in export shorewallrc.
...
- Also re-arranged the processing of the shorewallrc file to eliminate
the kludgy shuffling of hashes.
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-04 06:59:16 -07:00
7235d4da11
Update manpage indexes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-03 20:25:15 -07:00
bdd66e68c9
Have separate hashes for the two shorewallrc files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-03 20:09:20 -07:00
55e3b11a28
Pass both shorewallrc files to the compiler from lib.cli-std
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-03 15:07:50 -07:00
b8e6a812bd
Specify the cwd when compiling or checking for export
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-03 11:33:58 -07:00
09ce6239a7
Install stoppedrules rather than routestopped
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-03 11:00:22 -07:00
5645d66719
Add VARDIR to the shorewallrc files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-03 10:52:40 -07:00
afd9875d3a
Update Manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-03 10:52:22 -07:00
5b953cc1dd
Handle different layouts on the admin system and remote firewall(s)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-03 09:50:07 -07:00
8e5bd3637d
Implement stoppedrules file (less manpages)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-03 08:44:03 -07:00
01696e7298
Remove empty paragraph in shorewall-rules(5)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-03 05:52:40 -07:00
b922177769
Handle missing VARDIR
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-02 15:51:35 -07:00
c16dfc609d
Documentation updates for VARLIB
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-02 15:43:52 -07:00
88ab423b2a
Correct 'postcompile' patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-02 14:55:56 -07:00
e66d9e3418
Rename VARDIR to VARLIB in shorewallrc
...
- Done so that existing shorewallrc files are still valid.
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-02 14:36:11 -07:00
bf70f6e71e
More Shorewall-init init script corrections
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-02 13:43:43 -07:00
7279553be4
Revert "Add GROUP zones"
...
This reverts commit 4f2a4c0c6c
2012-09-02 11:08:38 -07:00
a6740c6c53
Revert "Assign marks to according to GROUP zones"
...
This reverts commit 3fbfafb6e3
2012-09-02 11:06:28 -07:00
c31c9bca9c
Handle ${CONFDIR}/$PRODUCT/vardir consistently in Shorewall-init init scripts
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-02 10:23:11 -07:00
f5e1a42ac9
Update the Shorewall-Lite article
...
- Mention shorewallrc
- Mention that /etc/shorewall/shorewall.conf is no longer read when the
configuration directory has a shorewall.conf file.
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-02 09:10:19 -07:00
9c6d4f90fb
Compile the firewall script if it doesn't exist
...
- Also cleaned up a number of defects in the init scripts
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-02 08:35:42 -07:00
4f54cb34df
Add a postcompile script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-02 08:28:02 -07:00
3fbfafb6e3
Assign marks to according to GROUP zones
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-01 18:13:49 -07:00
34ee00a986
Document the <directory> argument to the 'try' command.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-01 10:53:35 -07:00
156fa5ab01
Some fixes to the Fedora Shorewall-init init script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-01 10:52:59 -07:00
353915fc8b
Allow ipsets in the routestopped file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-01 10:52:37 -07:00
02e7d13710
Load iptables_raw in modules.essential
...
Signed-off-by: Tom Eastep <teastep@shorewall.net >
2012-09-01 08:27:03 -07:00
