holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity
11,805 Commits 104 Branches 736 Tags
Commit Graph

11805 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Eastep
e9b0e2f912 Revert "Improve handling of mutex contention when 'lockfile' is installed." 
This reverts commit 2f56caf8fd23593d963cc671ad8bb145976a912a.

The change only worked on very recent distributions.
 2012-09-12 10:03:09 -07:00
Tom Eastep
a223245c01 Don't create classic blacklist chains if no blacklist file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-12 07:30:34 -07:00
Tom Eastep
89289f95ba Allow specification of priority for Shorewall-generated tc filters. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-12 07:22:07 -07:00
Tom Eastep
2f56caf8fd Improve handling of mutex contention when 'lockfile' is installed. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-12 07:18:26 -07:00
Tom Eastep
e431d5ab53 Document changes to filter priorities 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-10 17:12:59 -07:00
Tom Eastep
8c7b8c9390 Correct missing VARLIB handling in the installers. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-10 11:12:43 -07:00
Tom Eastep
f6e3107c00 Redefine tc filter priorities 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-10 10:03:16 -07:00
Tom Eastep
b4098ff5dd Appease the Fedora 17 version of emacs. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-10 10:02:47 -07:00
Tom Eastep
9d6e0fd9ed Add a PRIORITY column to the tcfilters file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-09 14:48:32 -07:00
Tom Eastep
0e1e38b035 Adjust VARDIR/VARLIB for old shorewallrc files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
4.5.8-Beta3 		2012-09-09 13:12:32 -07:00
Tom Eastep
5c62bf297a Document multiple GID/UIDs in the USER/GROUP column 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-09 08:18:25 -07:00
Tom Eastep
0dd7ad7920 Re-organize Squid document 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-08 08:08:16 -07:00
Tom Eastep
c13bdbd316 Correct 'setstatedir' functions in the init scripts 
- Replaced g_program with PRODUCT
- Added setstatedir and call to ifupdown.sh

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-05 07:37:12 -07:00
Tom Eastep
d7354aca14 Add a warning regarding the blacklist option being deprecated. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-05 07:19:48 -07:00
Tom Eastep
ebc4ad2f1e Add warning message when an OUTPUT stopped rule is ignored due to ADMINISABSENTMINDED 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-05 07:16:40 -07:00
Tom Eastep
6614239b32 Allow multiple USER/GROUPs in a rule. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-04 17:03:26 -07:00
Tom Eastep
3993abad4e Revert routestopped changes. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-04 17:03:02 -07:00
Tom Eastep
ae1c2cb0ff Use VARLIB rather than VARDIR in the ifupdown script. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-04 15:42:15 -07:00
Tom Eastep
5e07ad8caa Allow a directory to be specified with -e. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-04 14:05:52 -07:00
Tom Eastep
6aaf06c2e8 Add stoppedrules files to the samples 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-04 09:06:45 -07:00
Tom Eastep
eb854f1dbe Only process routestopped when stoppedrules does not exist or is empty 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-04 08:46:04 -07:00
Tom Eastep
2050d566b8 Handle PRODUCT correctly at run-time. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
4.5.8-Beta2 		2012-09-04 07:36:47 -07:00
Tom Eastep
188f05e130 Make ./firewall the default file when compile -e 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-04 07:35:03 -07:00
Tom Eastep
4260e5f6ba Correctly handle the product name in export shorewallrc. 
- Also re-arranged the processing of the shorewallrc file to eliminate
  the kludgy shuffling of hashes.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-04 06:59:16 -07:00
Tom Eastep
7235d4da11 Update manpage indexes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-03 20:25:15 -07:00
Tom Eastep
bdd66e68c9 Have separate hashes for the two shorewallrc files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-03 20:09:20 -07:00
Tom Eastep
55e3b11a28 Pass both shorewallrc files to the compiler from lib.cli-std 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-03 15:07:50 -07:00
Tom Eastep
b8e6a812bd Specify the cwd when compiling or checking for export 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
4.5.8-Beta1 		2012-09-03 11:33:58 -07:00
Tom Eastep
09ce6239a7 Install stoppedrules rather than routestopped 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-03 11:00:22 -07:00
Tom Eastep
5645d66719 Add VARDIR to the shorewallrc files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-03 10:52:40 -07:00
Tom Eastep
afd9875d3a Update Manpages 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-03 10:52:22 -07:00
Tom Eastep
5b953cc1dd Handle different layouts on the admin system and remote firewall(s) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-03 09:50:07 -07:00
Tom Eastep
8e5bd3637d Implement stoppedrules file (less manpages) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-03 08:44:03 -07:00
Tom Eastep
01696e7298 Remove empty paragraph in shorewall-rules(5) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-03 05:52:40 -07:00
Tom Eastep
b922177769 Handle missing VARDIR 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-02 15:51:35 -07:00
Tom Eastep
c16dfc609d Documentation updates for VARLIB 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-02 15:43:52 -07:00
Tom Eastep
88ab423b2a Correct 'postcompile' patch 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-02 14:55:56 -07:00
Tom Eastep
e66d9e3418 Rename VARDIR to VARLIB in shorewallrc 
- Done so that existing shorewallrc files are still valid.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-02 14:36:11 -07:00
Tom Eastep
bf70f6e71e More Shorewall-init init script corrections 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-02 13:43:43 -07:00
Tom Eastep
7279553be4 Revert "Add GROUP zones" 
This reverts commit 4f2a4c0c6c70b5d83557374e11505727e9e88692.
 2012-09-02 11:08:38 -07:00
Tom Eastep
a6740c6c53 Revert "Assign marks to according to GROUP zones" 
This reverts commit 3fbfafb6e31cc1ea76ff647d2bea8aaee8409d1a.
 2012-09-02 11:06:28 -07:00
Tom Eastep
c31c9bca9c Handle ${CONFDIR}/$PRODUCT/vardir consistently in Shorewall-init init scripts 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-02 10:23:11 -07:00
Tom Eastep
f5e1a42ac9 Update the Shorewall-Lite article 
- Mention shorewallrc
- Mention that /etc/shorewall/shorewall.conf is no longer read when the
  configuration directory has a shorewall.conf file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-02 09:10:19 -07:00
Tom Eastep
9c6d4f90fb Compile the firewall script if it doesn't exist 
- Also cleaned up a number of defects in the init scripts

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-02 08:35:42 -07:00
Tom Eastep
4f54cb34df Add a postcompile script 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-02 08:28:02 -07:00
Tom Eastep
3fbfafb6e3 Assign marks to according to GROUP zones 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-01 18:13:49 -07:00
Tom Eastep
34ee00a986 Document the <directory> argument to the 'try' command. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-01 10:53:35 -07:00
Tom Eastep
156fa5ab01 Some fixes to the Fedora Shorewall-init init script 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-01 10:52:59 -07:00
Tom Eastep
353915fc8b Allow ipsets in the routestopped file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-01 10:52:37 -07:00
Tom Eastep
02e7d13710 Load iptables_raw in modules.essential 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-01 08:27:03 -07:00