Commit Graph

176 Commits

Author SHA1 Message Date
Tom Eastep
a1e3683651 Documentation updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-10 14:38:55 -08:00
Tom Eastep
489364a1a0 Correct zone manpages re: blacklist vs zone type
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 13:57:03 -07:00
Tom Eastep
611c33e052 Add rule order warning to secmark manpages 2010-09-23 11:31:56 -07:00
Tom Eastep
b3d6ae78ba Add redundancy warning re 'blacklst' 2010-09-19 07:57:36 -07:00
Tom Eastep
c7373ada46 Add advice about SAVE/RESTORE 2010-09-17 09:22:48 -07:00
Tom Eastep
44665775b2 Documentation corrections to the blacklist files 2010-09-16 09:46:46 -07:00
Tom Eastep
a8c9fc1859 Implement new Blacklisting Scheme 2010-09-16 09:40:28 -07:00
Tom Eastep
1d650b41cd Remove blacklisting by destination IP address support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 15:24:58 -07:00
Tom Eastep
bea4ce4ca6 Add tc-tbf link to tcinterfaces manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 14:07:42 -07:00
Tom Eastep
8147671eb2 Document JUMP 2010-09-15 09:49:37 -07:00
Tom Eastep
f925b335ef Ignore the 'blacklist' host option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 08:10:57 -07:00
Tom Eastep
373fc87165 More blacklisting wrapup
- Deprecate 'blacklist' in the hosts file
- Base blacklisting on interfaces alone

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 07:38:20 -07:00
Tom Eastep
10a9ae496a More manpage updates for 4.4.13 2010-09-14 16:47:45 -07:00
Tom Eastep
33adbe7a27 Update documentation for net TC features 2010-09-13 13:51:25 -07:00
Tom Eastep
3f93ebdda8 Update blacklist manpages 2010-09-13 13:23:32 -07:00
Tom Eastep
37a5a01185 Correct INPUT marking documentation 2010-09-11 12:47:32 -07:00
Tom Eastep
828d190436 Change example 2010-09-07 19:14:43 -07:00
Tom Eastep
46bbb26b6b Tweak secmarks example to use ESTABLISHED,RELATED 2010-09-07 13:59:33 -07:00
Tom Eastep
ee83b7f022 Add link to James Morris blog re SECMARK 2010-09-07 13:52:43 -07:00
Tom Eastep
ab87d8800a List secmarks as SEE ALSO 2010-09-07 12:27:39 -07:00
Tom Eastep
8d63e04926 Yet more docunentation updates 2010-09-06 20:37:34 -07:00
Tom Eastep
50b4bd8dfe More Blacklist and Secmark documentation updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-06 17:26:49 -07:00
Tom Eastep
f3255cd83a Rework blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-06 15:29:20 -07:00
Tom Eastep
c6f58ba924 Enhance SELinux support:
- Add state match
- Add user/group match
- Add examples to the man pages
2010-09-06 09:06:40 -07:00
Tom Eastep
b139ff7e90 Update docs and implementation of SECMARK 2010-09-04 16:08:29 -07:00
Tom Eastep
15d8d6d8b7 Add SECMARK and CONNSECMARK support 2010-09-04 15:12:08 -07:00
Tom Eastep
5aceddbf37 Update Accounting Documents 2010-08-22 16:40:04 -07:00
Tom Eastep
e70d9c82d8 Revise and document IPSEC Accounting
- Place accounting rules in accipsecin and accipsecout
- Add warning when rule inserted into unreferenced accounting chain
- Add warning when an accounting chain has no references

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-20 08:24:45 -07:00
Tom Eastep
33ee9b1481 Add IPSEC Accounting (again) 2010-08-20 06:53:31 -07:00
Tom Eastep
4322d7b2af Zone exclusion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 16:10:58 -07:00
Tom Eastep
255cd6cf9c Implement zone lists in rules file entries
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 12:18:58 -07:00
Tom Eastep
36054b7784 Add additional vserver notes in rules manpages 2010-08-12 17:52:22 -07:00
Tom Eastep
e35e9d2c99 Clarify nesting of vserver zones
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-12 15:26:30 -07:00
Tom Eastep
0234564a1b Add destination IP blacklisting 2010-08-10 17:33:50 -07:00
Tom Eastep
967629569b Taylor Universal config to work with Shorewall-init and streamline ruleset
- Make interface 'all' optional and set REQUIRE_INTERFACE=Yes
- Add COMPLETE option
- Set FASTACCEPT in Universal samples
- Reset SUBSYSLOCK in Universal samples

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-01 08:36:56 -07:00
Tom Eastep
bd5facda30 Implement per-IP log rate limiting 2010-07-25 12:42:39 -07:00
Tom Eastep
d447482dd6 Fix typo in rules manpages 2010-07-13 07:37:14 -07:00
Tom Eastep
eff84ae8a6 Add warning about ff80::/10 in shorewall6-interfaces manpage 2010-07-12 11:19:11 -07:00
Tom Eastep
8d5f04d5a5 Correct TC_PRIO description in shorewall.conf and shorewall6.conf manpages 2010-07-07 15:35:26 -07:00
Tom Eastep
02fab09a14 Add PERL= option to shorewall.conf and shorewall6.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-05 13:11:52 -07:00
Tom Eastep
d3e30b5fe4 Add FORWARD_CLEAR_MARK option 2010-07-03 17:03:42 -07:00
Tom Eastep
e4afc15370 Finish Vserver Implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-30 20:35:46 -07:00
Tom Eastep
925de3cee9 Fix typo in tcrules manpages 2010-05-26 06:42:37 -07:00
Tom Eastep
896e18be00 Document REQUIRE_INTERFACE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-19 07:37:49 -07:00
Tom Eastep
b42d80cb29 Update 'wait' documentation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 09:59:57 -07:00
Tom Eastep
88188202cc Add 'wait' interface option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 09:52:46 -07:00
Tom Eastep
16e451a7d8 Add 'required' interface option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 09:04:32 -07:00
Tom Eastep
96bef5bd49 Assume 'routeback' in routestopped based on interface config.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 12:31:11 -07:00
Tom Eastep
013567496c Update manpages for addressless bridge
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 12:40:57 -07:00
Tom Eastep
0a9b7c75d0 Delete misleading wording in the explaination of rate limiting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 06:24:35 -07:00