Commit Graph

10652 Commits

Author SHA1 Message Date
Tom Eastep
5e190f4e4e Implement '_i' equivalents of all do_ functions.
Also implements handling of long port lists in new-format rules.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-22 06:22:52 -07:00
Tom Eastep
0791ea6698 Make 'KLUDGEFREE' a global to make it faster to test.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-21 12:57:20 -07:00
Tom Eastep
4eeb233d95 A little reorg to prepare for moving long port list remediation to the new chain structure.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-20 18:52:20 -07:00
Tom Eastep
705ffbca49 Fix for LOGMARK(<list>)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-20 17:33:31 -07:00
Tom Eastep
a7ab53e135 Trap '!' in port columns.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-20 15:55:18 -07:00
Tom Eastep
32a8b254a0 Some optimizations in the new rule infrastructure
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-20 15:53:00 -07:00
Tom Eastep
ca655a6f52 Use add_ijump for all jump 'irules'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-20 07:30:49 -07:00
Tom Eastep
12b5aa687b More conversion to new rule interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-19 11:58:10 -07:00
Tom Eastep
f8be76f471 Make LOGMARK work without a parameter.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-19 11:57:12 -07:00
Tom Eastep
8b56e16bf9 Fix LOGMARK
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-19 06:54:41 -07:00
Tom Eastep
58de3dd3c1 Fix :persistent and :random in /etc/shorewall/masq
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-18 15:35:07 -07:00
Tom Eastep
346df62cc6 Support long-form iptables options.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-18 13:47:52 -07:00
Tom Eastep
796f3b6668 Correct cmdlevel settings in irules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-18 10:05:39 -07:00
Tom Eastep
1e89074bf8 Correct tracing of nested rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-18 09:46:41 -07:00
Tom Eastep
a80b04bd74 Correct formatting of empty arguments to add_commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-18 09:45:59 -07:00
Tom Eastep
bfd69c33c7 Correctly format empty arguments to add_commands()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-18 09:19:52 -07:00
Tom Eastep
043fb8757c Convert Rules.pm infrastructure to use the new rule interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-18 08:29:42 -07:00
Tom Eastep
7aa7cd54c2 Convert Providers.pm to use the new rules interface.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-18 07:43:25 -07:00
Tom Eastep
3c60f107b7 Convert generate_matrix() to use the new rules interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-18 07:24:21 -07:00
Tom Eastep
2efa2796d3 More new rule interface calls in the Misc module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-17 15:12:58 -07:00
Tom Eastep
b2305ca9cf Convert Tunnels file to use irules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-17 11:33:01 -07:00
Tom Eastep
a211f8fd0f Infrastructure for new rule interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-17 10:37:15 -07:00
Tom Eastep
f3f535abac POC of new rule interface
Also removed FAKE_AUDIT option

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-17 08:35:09 -07:00
Tom Eastep
950c32d46b Convert add_commands() calls to the equivalent add_rule() calls.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-16 16:31:29 -07:00
Tom Eastep
03913019d8 Mark DHCP rules for the convenience of move_rules().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-16 15:34:57 -07:00
Tom Eastep
27621fa0f9 Impose some structure on setting rule options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-16 14:46:34 -07:00
Tom Eastep
0f742187ae Implement intermediate rule representation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-16 09:41:53 -07:00
Tom Eastep
15a88f962f Add a FAQ regarding $FW
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-14 07:48:51 -07:00
Tom Eastep
9661b445f2 Make install/uninstall files version independent
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-13 07:29:47 -07:00
Tom Eastep
d1b8d7b953 Make perl modules version-neutral
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-10 15:10:27 -07:00
Tom Eastep
11c580de54 Fix exclusion in IPv6 hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 17:27:09 -07:00
Tom Eastep
e21ff03339 Fix ipsets in IPv6 hosts file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 16:17:35 -07:00
Tom Eastep
fbeddca6a4 Another IPv6 ipset issue (z:!+set in the DEST column)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 15:40:18 -07:00
Tom Eastep
0ab7e06f84 Document renaming of scripts in the Build document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 15:15:06 -07:00
Tom Eastep
92e244f1b8 Mention reversed interfaces in FAQ 1b.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 09:32:38 -07:00
Tom Eastep
a998476d00 Correct Accounting module version
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 07:08:47 -07:00
Tom Eastep
6c802d3353 Tighten up source and dest checking in expand_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-09 07:08:39 -07:00
Tom Eastep
1f30976790 Correct change that tightened editing of IPv6 addresses
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 18:34:33 -07:00
Tom Eastep
22f1d1ba89 Another fix for IPv6 and IPSETs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 16:31:35 -07:00
Tom Eastep
290e5d3cfd Add the release repository to the Build document
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 16:03:10 -07:00
Tom Eastep
a8daff0008 Correct handling of <interface>:+<ipset> in Shorewall6.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 15:57:08 -07:00
Tom Eastep
47bbf35535 Add symbolic link to the release directory
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 10:46:01 -07:00
Tom Eastep
3312395039 Remove release-oriented files from the main tree
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 10:45:01 -07:00
Tom Eastep
b70666eaf6 Move .spec files to release/
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 10:07:08 -07:00
Tom Eastep
7cb3392e3d Expand explaination of rate limiting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 09:53:56 -07:00
Tom Eastep
27b99a62d0 Move known problems file to release sub-directory
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-08 09:14:54 -07:00
Tom Eastep
76c97a1cc4 Move release documents to their own directory 2011-07-07 15:51:50 -07:00
Tom Eastep
7fa59706c5 Correct TPROXY/IPv6 address fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-07 14:50:44 -07:00
Tom Eastep
3f903fe3f1 Allow IPv6 Address as the third argument to TPROXY
- also update the manpages to describe TPROXY

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-07 06:43:16 -07:00
Tom Eastep
aa31e52b96 Show alternative message for partial PORT or PASV reply
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-07-07 06:43:07 -07:00