Tom Eastep
b7a9a48508
Handle COUNT:<level> correctly
2011-01-03 14:29:10 -08:00
Tom Eastep
8400a2ab31
Handle ':' in a param
2011-01-03 12:18:04 -08:00
Tom Eastep
33b54e4ebe
Version to 4.4.16
2011-01-03 09:00:39 -08:00
Tom Eastep
fe86964fd6
Move and reword an error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-01-02 08:42:09 -08:00
Tom Eastep
f6228ca31b
Two error messages:
...
- Disallow server port in ACTION rule.
- Add server IP address in message re: REDIRECT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-01-02 08:20:28 -08:00
Tom Eastep
9777f4989f
Update release notes
2011-01-02 07:12:25 -08:00
Tom Eastep
b3598f3766
Validate action names
2011-01-02 07:09:42 -08:00
Tom Eastep
faa541ee1f
Update release notes
2011-01-01 18:58:08 -08:00
Tom Eastep
cb372cf2cd
Change a couple of comments
2011-01-01 16:13:38 -08:00
Tom Eastep
d64edf3470
Clone a small function
2011-01-01 11:19:53 -08:00
Tom Eastep
8f0d0ac5a7
Use external representation in recursive call message
2011-01-01 09:18:10 -08:00
Tom Eastep
d71c11791f
Report normalized action names in recursive call message
2011-01-01 09:06:11 -08:00
Tom Eastep
4da682365d
Restore ability to detect recursive action invocations
2011-01-01 08:58:00 -08:00
Tom Eastep
ed3b336a81
Correct prototype
2011-01-01 06:55:10 -08:00
Tom Eastep
fc2d76aa7a
Move a function; don't export %policy_actions
2010-12-31 16:58:06 -08:00
Tom Eastep
e1b4e345fb
Add Eclipse files to project
2010-12-31 15:19:56 -08:00
Tom Eastep
8e6fdceeb5
Back out useless change
2010-12-31 14:30:31 -08:00
Tom Eastep
b36ad0d065
Change several more compiler progress messages
2010-12-31 14:19:31 -08:00
Tom Eastep
f8e04b4110
Change a couple of compiler progress messages
2010-12-31 14:12:57 -08:00
Tom Eastep
e0d2eb997d
Restore the name 'process_rule1'
2010-12-31 12:41:01 -08:00
Tom Eastep
1bdaf862d3
Populate %targets out of new_action()
2010-12-31 10:36:07 -08:00
Tom Eastep
6c14c76ab5
Another comment
2010-12-31 08:37:56 -08:00
Tom Eastep
aa6754cb40
Add a comment
2010-12-31 07:51:15 -08:00
Tom Eastep
d4d1bb7b41
Bump version of the Zones module
2010-12-30 13:14:07 -08:00
Tom Eastep
33ff6db6bc
Whitespace changes
2010-12-30 12:25:22 -08:00
Tom Eastep
3f9cd713c3
Correct known problems
2010-12-30 12:01:46 -08:00
Tom Eastep
aaf2834917
Update known problems
2010-12-30 11:47:25 -08:00
Tom Eastep
c1cae8a1aa
Update release notes
2010-12-30 11:45:40 -08:00
Tom Eastep
cd7f94dbdb
Merge branch 'master' into 4.4.16
2010-12-30 10:37:15 -08:00
Tom Eastep
746c2a5163
Correct comment about the action member of the chain structure
2010-12-30 10:36:03 -08:00
Tom Eastep
cb751bd225
Remove extraneous change log entries
2010-12-30 10:02:39 -08:00
Tom Eastep
91227b6d13
Don't log jumps to NAT actions
2010-12-30 09:56:44 -08:00
Tom Eastep
d8541e4a58
Update problems corrected
2010-12-30 08:05:04 -08:00
Tom Eastep
527ea7de3f
A couple of more version changes
2010-12-30 07:34:09 -08:00
Tom Eastep
e3d1032ab3
Set version to Beta 8
2010-12-30 07:32:30 -08:00
Tom Eastep
ad32ce6986
Update release file
2010-12-30 07:04:38 -08:00
Tom Eastep
3c4cddeeeb
Eliminate process_action3()
2010-12-30 06:56:21 -08:00
Tom Eastep
d767d9fea3
Better Editing of BLACKLIST_DISPOSITION
2010-12-29 18:43:14 -08:00
Tom Eastep
1c55143524
Allow parameterized Limit to use log tags
2010-12-29 12:20:18 -08:00
Tom Eastep
230d284980
Correct a couple of comments
2010-12-29 11:36:59 -08:00
Tom Eastep
b7d936dd8e
Merge levels in process_action2()
2010-12-29 08:23:44 -08:00
Tom Eastep
a4bf11c7d5
Some cosmetic cleanup
2010-12-28 17:18:43 -08:00
Tom Eastep
d90d56161c
Improve readability
2010-12-28 16:42:28 -08:00
Tom Eastep
7d41e4b38c
Restore level merge behavior with nested actions
2010-12-28 16:04:55 -08:00
Tom Eastep
17ed14a895
Update comments in the Rules module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-28 16:02:10 -08:00
Tom Eastep
2805d16246
Update change log
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-28 16:01:30 -08:00
Tom Eastep
c135a7e594
Update change log
2010-12-28 14:06:02 -08:00
Tom Eastep
17a3ca62d5
Eliminate the Actions module
2010-12-28 13:51:45 -08:00
Tom Eastep
3d4aaad0eb
Remove a couple of superfluous tests
2010-12-28 12:53:16 -08:00
Tom Eastep
4a8f724f9b
Handle duplicate chain name for action chain
2010-12-28 12:18:42 -08:00
Tom Eastep
6f7a1c7fd0
Update release docs
2010-12-28 07:49:55 -08:00
Tom Eastep
50a3b76e40
Rename a variable; reformat an error message
2010-12-28 07:49:35 -08:00
Tom Eastep
cc30fc4dbb
Eliminate max nest level on actions
2010-12-27 17:16:34 -08:00
Tom Eastep
0c3ed598ca
Improve diagnostic
2010-12-27 17:02:06 -08:00
Tom Eastep
297df02047
Catch loops in action invocation graph
2010-12-27 16:41:53 -08:00
Tom Eastep
6a1487d628
Correct existing optimization issue
2010-12-27 12:31:34 -08:00
Tom Eastep
215c05d12b
Add some comments -- fix logging with NAT actions
2010-12-27 09:05:44 -08:00
Tom Eastep
d5ac12a8ff
Bump version to RC 1
2010-12-27 07:49:52 -08:00
Tom Eastep
311797e0bf
Create nat chain during pre-processing of nat action
2010-12-27 07:47:16 -08:00
Tom Eastep
79cbfd0126
Allow '--' to specify '-' as an action parameter
2010-12-26 17:03:05 -08:00
Tom Eastep
4111432a52
Implement optional action parameters
2010-12-26 16:13:53 -08:00
Tom Eastep
d8bcbffb88
Dead code removal
2010-12-26 12:08:10 -08:00
Tom Eastep
d1d9518c42
Move process_action2()
2010-12-26 11:44:15 -08:00
Tom Eastep
088480e5d9
Fix a couple of bugs
2010-12-26 11:34:58 -08:00
Tom Eastep
8f9d5a967b
Simplify variable substitution
2010-12-26 11:07:00 -08:00
Tom Eastep
d4d285af39
Revert version to Beta 7
2010-12-26 09:01:15 -08:00
Tom Eastep
31bd00e42e
Document parameterized actions
2010-12-26 08:59:31 -08:00
Tom Eastep
4fdec73808
Fix target of <action(params)>
2010-12-26 07:58:20 -08:00
Tom Eastep
758a50fa84
Extantiate params during module processing
2010-12-25 14:48:14 -08:00
Tom Eastep
bdc3ca16a4
Finish revision of action processing
2010-12-25 14:28:57 -08:00
Tom Eastep
8218cb3444
Pass normalized action name to process_rule_common()
2010-12-25 10:15:08 -08:00
Tom Eastep
39f4f03b60
Segregate process_action1() from process_actions1()
2010-12-25 08:21:32 -08:00
Tom Eastep
1285b73d52
Simplify detection of action self-invocation
2010-12-25 08:10:23 -08:00
Tom Eastep
6240d41754
Add new progress message
2010-12-25 07:41:18 -08:00
Tom Eastep
ce8f33b623
Add a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-23 15:38:47 -08:00
Tom Eastep
5e642a1406
Update a comment
2010-12-23 15:34:07 -08:00
Tom Eastep
b100991cfa
Add a couple of comments; move a declaration; simplify a statement
2010-12-23 14:17:22 -08:00
Tom Eastep
8ad7300165
Fix NONAT and NATONLY rules in an action
2010-12-23 07:49:20 -08:00
Tom Eastep
37a383ea4d
Used normalized names in requires list
2010-12-22 16:57:59 -08:00
Tom Eastep
a51eac91b0
Add documentation for parameterized actions
2010-12-22 15:09:54 -08:00
Tom Eastep
c6e35be8bc
Update version to RC 1
2010-12-22 14:37:10 -08:00
Tom Eastep
350f20fc7e
Add a comment
2010-12-22 14:35:19 -08:00
Tom Eastep
e8de4ce563
Add an <action> member to the chain table
2010-12-22 10:59:02 -08:00
Tom Eastep
e52feb7da7
Fix another bug
2010-12-21 17:50:35 -08:00
Tom Eastep
f3abf56cac
Restore proper NAT in action handling
2010-12-21 15:20:19 -08:00
Tom Eastep
b8d5e09b58
Put a couple of routines back in the Rules module
2010-12-21 14:57:46 -08:00
Tom Eastep
7052738cd0
Remove param manipulation routines for now
2010-12-21 13:38:10 -08:00
Tom Eastep
ffbcd1b1fe
Catch an action that invokes itself
2010-12-21 13:20:44 -08:00
Tom Eastep
ac42fddbce
Finish (unpublished) parameterized actions
2010-12-21 12:29:52 -08:00
Tom Eastep
6263689c3e
Allow Limit to accept parameters
2010-12-21 11:38:54 -08:00
Tom Eastep
7989f5094e
Implement a better solution to down shared gateways
2010-12-21 11:15:41 -08:00
Tom Eastep
9a78a0242f
Revise wildcard fix description in the release notes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-21 10:01:45 -08:00
Tom Eastep
25e93b4df3
Change dummy MAC address.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-21 09:22:58 -08:00
Tom Eastep
242a9f5a98
Remove trailing whitespace
2010-12-20 15:16:20 -08:00
Tom Eastep
ef9caf3588
Update module versions
2010-12-20 15:10:23 -08:00
Tom Eastep
7b8522f756
Supply dummy MAC for unreachable gateway
2010-12-20 15:07:53 -08:00
Tom Eastep
c63bb70585
Bump version to Beta 6
2010-12-20 13:17:35 -08:00
Tom Eastep
708e7672a3
More wildcard optimization
2010-12-20 13:00:48 -08:00
Tom Eastep
7061997324
Optimize wildcard resolution.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-20 12:22:26 -08:00
Tom Eastep
ebbf381e27
Rename %logactionchains -> %usedactions
2010-12-20 10:32:04 -08:00
Tom Eastep
8c8e4d1654
Unconditionally cache interface lookup results
2010-12-20 10:31:14 -08:00
Tom Eastep
7a1a303265
Unconditionally cache the result of wildcard lookups
2010-12-20 10:07:19 -08:00
Tom Eastep
433b3fbd87
Add some insurance against wildcard interfaces
2010-12-20 08:45:10 -08:00
Tom Eastep
5c890938ed
Document fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-20 08:01:55 -08:00
Tom Eastep
b56b81ef74
Elmininate export of %usedactions
2010-12-19 18:18:37 -08:00
Tom Eastep
262b4044f8
Fix more physical name issues
2010-12-19 16:38:24 -08:00
Tom Eastep
44f001388a
Only call normalized_action_name() when needed
2010-12-19 13:32:08 -08:00
Tom Eastep
7be3ed33d5
Fix undef access out of notrack file
2010-12-19 13:30:02 -08:00
Tom Eastep
c302e82233
Disallow wildcard interfaces in additional contexts
2010-12-19 10:46:35 -08:00
Tom Eastep
54c57e3bc7
Disallow wildcard interfaces in additional contexts
2010-12-19 10:43:03 -08:00
Tom Eastep
55452c6e59
Disallow wildcards in the proxyarp file
2010-12-19 08:55:03 -08:00
Tom Eastep
8526dafc5d
Don't allow interface that is identical to the root of a wildcard
2010-12-19 08:10:41 -08:00
Tom Eastep
45faba0b7c
Enable parameters for actions
2010-12-18 16:29:29 -08:00
Tom Eastep
4b22bbd90d
Add logic for parameterized actions
2010-12-18 16:16:29 -08:00
Tom Eastep
4573b5ba8e
Generate normalized name in process_rule_common()
2010-12-18 13:32:53 -08:00
Tom Eastep
21166e07f3
Add action normalization routines
2010-12-18 12:31:37 -08:00
Tom Eastep
c659f05491
Make generate_matrix locals more obvious
2010-12-17 20:16:09 -08:00
Tom Eastep
b9a086c7f2
Fix fly-speck in prog.header
2010-12-16 09:55:31 -08:00
Tom Eastep
9d0bff62fa
Finish code re-org
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-15 12:57:55 -08:00
Tom Eastep
92894a7482
Step 1 of module re-org
2010-12-15 11:57:51 -08:00
Tom Eastep
9db42bf3da
Update wording in the release notes
2010-12-14 11:28:46 -08:00
Tom Eastep
880a94e42f
Update documentation regarding Hack removal
2010-12-14 11:19:17 -08:00
Tom Eastep
999ef7105b
Eliminate process_macro1() and process_action1()
...
They are replaced with process_macro() and process_rule_common() respectively.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-14 08:55:30 -08:00
Tom Eastep
94faafd662
Reorg export list
2010-12-13 21:05:21 -08:00
Tom Eastep
9e684a80c1
Move more code from Rules.pm to Actions.pm
2010-12-13 17:54:53 -08:00
Tom Eastep
5b0d8922e7
Consolidate definitions of rule exception command handling
2010-12-13 17:29:22 -08:00
Tom Eastep
0ec68c7407
Prune the Actions.pm export list
2010-12-13 16:55:00 -08:00
Tom Eastep
09bb5bb9b3
Use $macro_commands when splitting action file records
2010-12-13 16:46:40 -08:00
Tom Eastep
aba63d5c9b
More action/macro documentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-13 09:06:29 -08:00
Tom Eastep
9ba8823011
Document Action Changes in the release documents
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-13 08:45:58 -08:00
Tom Eastep
c18154cedc
NAT in Actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-13 08:26:24 -08:00
Tom Eastep
ff402dcf09
Add a comment to the params for process_rule_common()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-12 13:02:27 -08:00
Tom Eastep
2e7dd0de97
Use process_rule_common() to process entries in action files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-12 12:55:32 -08:00
Tom Eastep
444a38ae2e
Add a chain reference argument to process_rule_common()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-12 12:22:12 -08:00
Tom Eastep
dfa47cc300
Implement format-2 Actions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-12 12:09:48 -08:00
Tom Eastep
1bbe95ead8
Allow wide macros in actions
2010-12-12 10:14:47 -08:00
Tom Eastep
acbbdc1690
Bump version in the Proxyarp module
2010-12-12 08:56:12 -08:00
Tom Eastep
13c4d21762
Replace a couple of lists of scalars with arrays; document move of process_rules1()
2010-12-12 07:29:46 -08:00
Tom Eastep
138e49276d
Rename process_rule1() to process_rule_common()
2010-12-11 17:19:43 -08:00
Tom Eastep
7b86c699b6
Move process_rule1() from Rules.pm to Actions.pm
2010-12-11 17:16:50 -08:00
Tom Eastep
48b00d719e
Complete Proxy NDP implementation
2010-12-11 10:04:07 -08:00
Tom Eastep
147e4da223
Ensure that interfaces listed in the tcinterfaces file are known
2010-12-11 07:39:16 -08:00
Tom Eastep
0344cdb294
Correct handling of proxyndp
2010-12-11 07:10:50 -08:00
Tom Eastep
1f4b218cde
Ensure that interfaces listed in the proxyarp (proxyndp) file are known
2010-12-11 07:10:23 -08:00
Tom Eastep
caa4a54e38
Implement IPv6 proxyndp
2010-12-10 19:06:44 -08:00
Tom Eastep
2ae809888c
Document fix for logical naming
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-10 12:19:43 -08:00
Tom Eastep
0a4e098c69
Fix broken logical naming in Proxy ARP
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-10 07:52:54 -08:00
Tom Eastep
fc6dbb3d56
Bump version to Beta 4
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-10 06:53:36 -08:00
Tom Eastep
6d65100457
Add PPP support in RedHat and SuSE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-05 09:11:08 -08:00
Tom Eastep
b9ee064284
Update version to Beta 4
2010-12-04 11:40:34 -08:00
Tom Eastep
19f40ab721
Bump version to Beta 3
2010-12-03 13:43:46 -08:00
Tom Eastep
2e35ad0a1b
Fix params parsing on older distros
2010-12-03 13:40:11 -08:00
Tom Eastep
5458d9367f
Bump version and document bug catcher
2010-12-03 09:17:26 -08:00
Tom Eastep
8ce1755f8e
Add bug-catcher to get_params()
2010-12-03 08:05:11 -08:00
Tom Eastep
04537b8f2d
Add some comments
2010-12-02 16:10:35 -08:00
Tom Eastep
79c87b2c72
Document fixes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-02 12:26:58 -08:00
Tom Eastep
4cd77bf9aa
Correct handling of params file opens.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-12-02 10:14:45 -08:00
Tom Eastep
ec75c8aa86
Redirect params output to stderr
2010-12-01 15:04:33 -08:00
Tom Eastep
f68bfde86f
Continue to fine-tune params processing
2010-12-01 13:57:16 -08:00
Tom Eastep
d33491d6c6
Continue to enhance params procesing
2010-12-01 13:18:10 -08:00
Tom Eastep
49cdc5d9eb
Make new get_params work with bash
2010-12-01 10:41:49 -08:00
Tom Eastep
22580c5be0
More parameter processing improvements
2010-12-01 10:11:02 -08:00
Tom Eastep
901a986b18
Update release notes regarding suppressed warning
2010-12-01 09:21:46 -08:00
Tom Eastep
b224eb80d5
Omit warning message
2010-12-01 09:21:23 -08:00
Tom Eastep
cdb75bfd96
Better solution to multi-line exported symbols issue
2010-12-01 09:14:09 -08:00
Tom Eastep
5761bfd7d1
Document change to params processing
2010-12-01 08:16:41 -08:00
Tom Eastep
0455673bcb
Remove fly speck from release notes
2010-12-01 07:27:31 -08:00
Tom Eastep
cae5ddc7e0
Initiate 4.4.16
2010-11-30 17:30:11 -08:00
Tom Eastep
6ef0f0f9d3
Document addition of startup_error()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-29 16:02:35 -08:00
Tom Eastep
6dc65e2811
Update Rules.pm version
2010-11-28 19:21:31 -08:00
Tom Eastep
81cc39049c
Cosmetic change
2010-11-28 09:22:03 -08:00
Tom Eastep
f45af8ff0a
Localize $current_params
2010-11-28 09:14:52 -08:00
Tom Eastep
ecb71f7791
Eliminate @param_stack
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-28 08:06:58 -08:00
Tom Eastep
195c0cdaca
Document fix of root cause
2010-11-28 07:48:03 -08:00
Tom Eastep
4db68697b2
Fix root cause of macro.JAP failure
2010-11-28 07:42:12 -08:00
Tom Eastep
d5b5e7fa75
Document correction to macro.JAP
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-28 07:07:58 -08:00
Tom Eastep
3a8634934a
Correct macro.JAP
2010-11-28 07:05:18 -08:00
Tom Eastep
b771ce2925
Clarify 'switch' in the Fool's firewall article
2010-11-27 10:28:44 -08:00
Tom Eastep
1ae9a3185a
Disallow standard providers in the routes file
2010-11-26 16:41:30 -08:00
Tom Eastep
053da3a2c0
Fix undefined value on HEADER_MATCH
2010-11-26 16:41:07 -08:00
Tom Eastep
d5fc0150d0
Set version to 4.4.15
2010-11-26 09:49:40 -08:00
Tom Eastep
81622fe63b
Add new Macros
2010-11-26 08:32:54 -08:00
Tom Eastep
00cedeeda3
Update macro template for HEADERS column
2010-11-24 11:23:37 -08:00
Tom Eastep
2702d7f208
Implement header matching
2010-11-24 10:46:06 -08:00
Tom Eastep
70453f2648
Avoid regression in fixing syn flood chain names
2010-11-22 14:34:58 -08:00
Tom Eastep
f2f2ef713d
Update version of a couple of Perl Modules
2010-11-22 13:23:15 -08:00
Tom Eastep
93d165d3ec
Document Munin Macro
2010-11-22 13:04:21 -08:00
Tom Eastep
6f6b417232
Add Munin Macro
2010-11-22 13:01:38 -08:00
Tom Eastep
9427510e8f
Update version to RC 1
2010-11-22 13:01:12 -08:00
Tom Eastep
93f9e8914c
Add another SNAT virtual alias example
2010-11-22 11:59:59 -08:00
Tom Eastep
2e4da207de
Update version to Beta 3
2010-11-21 09:52:34 -08:00
Tom Eastep
befdbb4a04
Move version_command() to where it belongs
2010-11-21 07:41:29 -08:00
Tom Eastep
d08f8d6ac3
Update release documents
2010-11-19 17:53:58 -08:00
Tom Eastep
3ca3d64efe
Generate correct name for synflood chains
2010-11-18 20:32:20 -08:00
Tom Eastep
407b92829f
Another Perl 5.12 issue
2010-11-18 20:12:13 -08:00
Tom Eastep
63e5f6aff9
Correct handling of family switch in tcfilters processing
2010-11-18 06:56:07 -08:00
Tom Eastep
63fd81f9ec
Simplify getparams
2010-11-17 17:26:41 -08:00
Tom Eastep
5e1c8f8d2a
Add DEVICE column to routes file
2010-11-17 08:35:20 -08:00
Tom Eastep
421b1e745d
Update release documents with /etc/shorewall/routes information
2010-11-16 21:02:50 -08:00
Tom Eastep
71eb783fcd
Implement explicit provider routing
2010-11-16 20:38:54 -08:00
Tom Eastep
81e6e0889c
Initiate Beta 2
2010-11-15 15:09:22 -08:00
Tom Eastep
3c5cadb02c
Add another variable to the preceding optimization
2010-11-15 08:42:58 -08:00
Tom Eastep
64e49229f8
Simply variable initialization
2010-11-15 08:14:31 -08:00
Tom Eastep
7507f67d9a
Now that I've RTFM, simplify the rule for skipping over the IPv6 header
2010-11-15 07:40:50 -08:00
Tom Eastep
94e827862e
Fix typo in release notes
2010-11-15 07:40:18 -08:00
Tom Eastep
31bcb8727e
Update release documents
2010-11-14 15:54:58 -08:00
Tom Eastep
5d0e719d03
Prevent suprious 'fi' in filter output
2010-11-14 10:51:42 -08:00
Tom Eastep
0e5dc41d31
Fix 'Shared' traffic shaping
2010-11-14 09:31:00 -08:00
Tom Eastep
997a697a65
Fix required/optional interface with physical eq '+'
2010-11-14 08:43:20 -08:00
Tom Eastep
9568a6ef59
Add getparams to the .spec file - Take 2
2010-11-14 08:10:05 -08:00
Tom Eastep
59f6b10a55
Add getparams to the .spec file
2010-11-14 08:03:14 -08:00
Tom Eastep
2d8785d574
Add 'TC_ENABLED=Shared' support
2010-11-14 07:52:51 -08:00
Tom Eastep
5bae689fe1
Generate distinct progress messages for IPv4 and IPv6 filters
2010-11-14 07:38:01 -08:00
Tom Eastep
ff571cb83b
Give IPv6 filters a distinct priority
2010-11-14 06:55:09 -08:00
Tom Eastep
1d93a18b8d
IPV6 now working -- BOTH still broken
2010-11-13 18:08:19 -08:00
Tom Eastep
3f6cce10d2
Protect against accidental output from params file
2010-11-13 16:16:58 -08:00
Tom Eastep
19122512d0
Fix new params file processing for INCLUDE
2010-11-13 10:59:09 -08:00
Tom Eastep
b20ed2d4de
Simply another RE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-11 14:03:00 -08:00
Tom Eastep
775bee278a
Fix for unexpected /usr/share/shorewall/init
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-11 13:03:00 -08:00
Tom Eastep
ff61d4dba4
Correct documentation of NULL_ROUTE_RFC1918 fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-11-10 14:18:33 -08:00
Tom Eastep
0602b619bd
Fix NULL_ROUTE_RFC1918=Yes
2010-11-09 15:20:23 -08:00
Tom Eastep
8a9aaff4e8
Change shell variable resolution order
2010-11-07 13:28:03 -08:00
Tom Eastep
1e6b7c8130
Simplify an RE
2010-11-06 20:25:46 -07:00
Tom Eastep
092f032b8e
Realign precedence of environment inheritance
2010-11-06 19:02:14 -07:00
Tom Eastep
25397e8284
Document params file processing change
2010-11-06 18:33:41 -07:00
Tom Eastep
69c3600107
Modernize processing of params file
2010-11-06 17:12:05 -07:00
Tom Eastep
7c4bc900d6
Belated update to Perl module versions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-30 10:45:14 -07:00
Tom Eastep
dcf2d633b1
Don't save ipsets if there are no dynamic zones or ipset rules
2010-10-30 10:35:52 -07:00
Tom Eastep
d4f857f877
Update version to 4.4.15-Beta1
2010-10-30 07:12:03 -07:00
Tom Eastep
4daf4c372e
Initialize release documents for 4.4.15
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-29 08:28:58 -07:00
Tom Eastep
1db13849ab
Clear VERBOSE and VERBOSITY at CLI startup
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-28 15:17:37 -07:00
Tom Eastep
5cf0cd2c33
Document VERBOSITY fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-28 11:41:38 -07:00
Tom Eastep
8758d3a834
Insure that VERBOSITY=0 when interrogating compiled script version
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-28 11:25:56 -07:00
Tom Eastep
20bb781874
Document fix for 10+ TC interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-28 10:33:17 -07:00
Tom Eastep
bc406b39bc
Fix > 10 TC interfaces
2010-10-28 10:27:55 -07:00
Tom Eastep
6c90046ab5
Document fix for split_list()
2010-10-26 06:55:01 -07:00
Tom Eastep
f2ab068044
Fix split_list()
2010-10-26 06:49:55 -07:00
Tom Eastep
1060b201dd
Update version to 4.4.14
2010-10-23 21:40:22 -07:00
Tom Eastep
ded852e0ee
Fix compilation warning
2010-10-19 08:42:35 -07:00
Tom Eastep
3ec6185f72
Run update-rc.d on Debian
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-13 08:42:35 -07:00
Tom Eastep
28e473d9a1
Document change to FORWARD_CLEAR_MARK default
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-10 07:49:17 -07:00
Tom Eastep
11f2c7772a
Clear FORWARD_CLEAR_MARK setting in the remaining config files
2010-10-09 11:28:13 -07:00
Tom Eastep
17860cacd8
Move dump_command() to a more logical place in the file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-07 14:36:05 -07:00
Tom Eastep
033d43b014
Implement undocumented dumpfilter extension file
2010-10-07 14:35:51 -07:00
Tom Eastep
f0ef27b3e5
Update version to RC1
2010-10-06 16:16:37 -07:00
Tom Eastep
b9602d9a6a
Correct typo in the release notes
2010-10-06 11:24:45 -07:00
Tom Eastep
3d90c63528
Improve validation and reporting in the net list processing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-05 16:20:07 -07:00
Tom Eastep
a10ced2da2
Make exclusion of set lists more consistent
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-05 12:22:27 -07:00
Tom Eastep
7767d30c7c
Improve error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-05 11:25:18 -07:00
Tom Eastep
587dacdae0
Allow set lists with "!"
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-05 08:38:30 -07:00
Tom Eastep
8fd221ef30
Refine source/dest network parsing in expand_rule()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-04 18:57:11 -07:00
Tom Eastep
e74f48410f
Correct handling of exclusion with ipset lists
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-04 14:29:50 -07:00
Tom Eastep
38851fe446
Delete obsolete options from shorewall.conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-04 07:44:28 -07:00
Tom Eastep
cee05d9763
Refine -lite handling of scfilter.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-03 12:52:30 -07:00
Tom Eastep
b3d0447ef2
Reword scfilter -lite explaination
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-03 11:00:51 -07:00
Tom Eastep
432534a650
Eliminate need to restart -lite to extract scfilter
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-03 10:56:55 -07:00
Tom Eastep
994ea3cce6
Document -lite log reading fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-03 08:35:17 -07:00
Tom Eastep
f9af35ffbe
Document -lite fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-02 07:22:37 -07:00
Tom Eastep
b27fd07e9f
Don't indent the embedded scfilter file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 13:20:36 -07:00
Tom Eastep
ac71868cc1
Package the scfilter along with the generated script for -lite
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 10:59:15 -07:00
Tom Eastep
6e9fc12517
Update version to Beta 4
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 09:31:11 -07:00
Tom Eastep
468af44876
Add support for 'scfilter' script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 09:15:58 -07:00
Tom Eastep
2fa7e11976
Add 'scfilter' extension script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-10-01 07:38:14 -07:00
Tom Eastep
3898edfddb
Make 'show connections' work on ancient distros
2010-09-30 17:18:58 -07:00
Tom Eastep
077aa18a2d
Update release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-30 15:03:02 -07:00
Tom Eastep
e795a9995b
Update release documents
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-30 14:17:51 -07:00
Tom Eastep
1218ccf0cb
More optimization performance improvements
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-30 14:15:19 -07:00
Tom Eastep
252a9f2205
More speedup of optimization level 8
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-29 13:30:10 -07:00
Tom Eastep
46f1074422
Reduce the cost of optimization substantially.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-29 11:54:39 -07:00
Tom Eastep
8017f603a0
Add progress message for each optimization pass.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 12:20:35 -07:00
Tom Eastep
6171d938f7
Correction to last change -- move two declarations to an outer block.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 12:20:06 -07:00
Tom Eastep
48c3200a5a
Issue error message when required file is missing or has zero size.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 11:22:47 -07:00
Tom Eastep
68f537ac5b
Bypass processing logic when an optional config file is absent.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 10:48:44 -07:00
Tom Eastep
47fbc83419
Don't add trailing whitespace to DNAT/REDIRECT target
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-28 09:27:42 -07:00
Tom Eastep
91aabfc078
Revise fix for extraneous progress messages
2010-09-27 16:18:11 -07:00
Tom Eastep
0109b8113a
Prevent random progress messages during compilation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 15:56:22 -07:00
Tom Eastep
75d50d126c
Make zones with 'mss' complex.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 13:57:56 -07:00
Tom Eastep
f7eb3c3d8c
Periodic elimination of trailing white space
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 11:16:18 -07:00
Tom Eastep
f33912d5f7
Correct/update release notes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-27 09:11:17 -07:00
Tom Eastep
ac646930a3
Tighter validation of ipset names in the hosts file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-26 08:36:27 -07:00
Tom Eastep
066c772fcd
Correct minor issue with previous error message improvement change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-26 08:28:25 -07:00
Tom Eastep
0becb39202
Bump version to Beta 3
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-26 08:15:32 -07:00
Tom Eastep
2828b65326
Improve error message generated when a token beginning with '+' reaches validate_net()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-26 07:56:55 -07:00
Tom Eastep
74f1cb2443
Mention maclist file in shorewall-ipsets(5)
2010-09-25 16:07:56 -07:00
Tom Eastep
f07ec1e9d3
Clean up untidiness where Shorewall6 tries to start on a system with an old kernel
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-25 08:46:14 -07:00
Tom Eastep
e018ee6adc
Don't create <zone>_frwd when unnecessary
...
- Set the zone {complex} flag based on ipsec options rather than the presense of any options.
- Generate forwarding blacklist rules in lieu of creating<zone>_frwd
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-24 15:25:57 -07:00
Tom Eastep
b5fdb089bc
Fix syntax error in blacklist fix
2010-09-24 13:42:05 -07:00
Tom Eastep
0768235278
Correct blacklisting in simple configurations
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-24 13:41:54 -07:00
Tom Eastep
03161ed57d
Bump version to 4.4.14 Beta 2
2010-09-23 19:33:37 -07:00
Tom Eastep
0f4d8eb929
Use 'conntrack' for 'show connections'
2010-09-23 19:08:40 -07:00
Tom Eastep
6702fbbd40
Make timestamps in log uniform
2010-09-23 07:40:27 -07:00
Tom Eastep
2c7b1b5d7b
Add more comments
2010-09-22 15:26:01 -07:00
Tom Eastep
9d5642aedd
Update Version to 4.4.14-Beta1
2010-09-21 11:34:26 -07:00
Tom Eastep
dbd7914ee6
More fiddling with move_rules()
...
- Assert that the chain being moved has no blacklist jumps
- delete duplicate rules in case the destination chain has such a jump
2010-09-20 18:00:39 -07:00
Tom Eastep
271154ed60
Rename DESTIFAC_DISALLOW -> DESTIFACE_DISALLOW
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-20 09:45:48 -07:00
Tom Eastep
bde0a297f9
Misc cleanup for 4.4.13
...
1. Replace statement with equivalent function call in promote_blacklist_rules()
2. Bump version of Tunnels.pm
3. Fix typo in comment in Zones.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-20 09:45:38 -07:00
Tom Eastep
7baa1839cf
Tighen up parsing of bracketed lists -- Take 2
2010-09-20 07:24:22 -07:00
Tom Eastep
f64993fe40
Tighen up parsing of bracketed lists
2010-09-20 07:05:23 -07:00
Tom Eastep
0ed33a0552
Document fix for '*' in interface names
2010-09-19 15:55:09 -07:00
Tom Eastep
9335ef5745
Don't allow '*' in interface names
2010-09-19 15:10:21 -07:00
Tom Eastep
25ca73ca54
Support alternative syntax for ipet lists
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-19 13:22:12 -07:00
Tom Eastep
0c6882c3a8
Merge branch '4.4.13'
2010-09-19 12:55:08 -07:00
Tom Eastep
c7fc4ce1f5
Correct order of release note entries
2010-09-19 12:54:54 -07:00
Tom Eastep
9111540a7f
Support ipset lists
2010-09-19 12:36:20 -07:00
Tom Eastep
35a686eaa1
Add delete_reference() function.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-19 08:28:29 -07:00
Tom Eastep
9ba82bec1f
Add warning about redundant 'blacklist' option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-19 08:28:05 -07:00
Tom Eastep
e06ca34298
Add redundancy warning re 'blacklst'
2010-09-19 08:03:01 -07:00
Tom Eastep
b3d6ae78ba
Add redundancy warning re 'blacklst'
2010-09-19 07:57:36 -07:00
Tom Eastep
940ccf2c34
Document for tcfilter port ranges
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 15:11:41 -07:00
Tom Eastep
c0382b8cb9
Adjust reference count in move rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 15:11:17 -07:00
Tom Eastep
ce9b5ee944
Make blacklist rule promotion much more effecient.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 13:35:24 -07:00
Tom Eastep
74abd4ad54
In copy_rules(), handle the unlikely case where both chains have blacklist jumps.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 12:26:07 -07:00
Tom Eastep
f7db24f756
Merge branch '4.4.13'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 09:29:50 -07:00
Tom Eastep
f25b9e1967
Allow :<port> in tcfilters
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 09:26:29 -07:00
Tom Eastep
0e9c704069
Don't scan the filter table for jumps to 'blacklst' if the 'blacklst' chain does not exist
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 08:42:21 -07:00
Tom Eastep
c3299d5f89
Enable blacklist rule promotion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 08:38:22 -07:00
Tom Eastep
6f0893cd7a
Correct Chains::promote_blacklist_rules()
...
- Interate through chains that jump to 'blacklst' until no rule is promoted
This is required to promote jumps past exclusion chains
- Correct reference counting; the first cut was horribly wrong
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 08:38:14 -07:00
Tom Eastep
c040344bc1
Promote 'in' blacklist rules to the head of the interface chain
...
- Added Chains::promote_blacklist_rules()
- Called the function from Rules::generate_matrix()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 08:38:02 -07:00
Tom Eastep
2fa16f6d08
Enable blacklist rule promotion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 08:36:59 -07:00
Tom Eastep
578fc6c521
Correct Chains::promote_blacklist_rules()
...
- Interate through chains that jump to 'blacklst' until no rule is promoted
This is required to promote jumps past exclusion chains
- Correct reference counting; the first cut was horribly wrong
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 08:36:35 -07:00
Tom Eastep
fd6ff1849a
Promote 'in' blacklist rules to the head of the interface chain
...
- Added Chains::promote_blacklist_rules()
- Called the function from Rules::generate_matrix()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-18 07:37:42 -07:00
Tom Eastep
801c1cb6b3
Update release docs
2010-09-17 17:44:05 -07:00
Tom Eastep
fd568ece47
Clear raw table on 'clear'
2010-09-17 17:43:57 -07:00
Tom Eastep
1588c700c5
Fix blacklisting vs vservers
2010-09-17 17:43:40 -07:00
Tom Eastep
6106dd3ada
Zero out {frozen} in a deleted chain entry
2010-09-17 17:43:04 -07:00
Tom Eastep
9946fbd3b5
Update release docs
2010-09-17 17:37:07 -07:00
Tom Eastep
580c561a51
Clear raw table on 'clear'
2010-09-17 17:12:34 -07:00
Tom Eastep
a42576aef8
Fix blacklisting vs vservers
2010-09-17 16:38:34 -07:00
Tom Eastep
79bb47582a
Zero out {frozen} in a deleted chain entry
2010-09-17 16:00:36 -07:00
Tom Eastep
596d207dfc
Simplify a test
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 15:43:56 -07:00
Tom Eastep
8cdbe5f88d
Fix an optimization bug with the new blacklisting code
2010-09-17 15:43:47 -07:00
Tom Eastep
402b3b929e
Restore trace output in move_rules()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 15:43:03 -07:00
Tom Eastep
c5bb3ecfac
Simplify a test
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 15:42:05 -07:00
Tom Eastep
c9e876fcf5
Fix an optimization bug with the new blacklisting code
2010-09-17 15:10:02 -07:00
Tom Eastep
85430e459c
Restore trace output in move_rules()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 14:35:25 -07:00
Tom Eastep
ad660d7fe5
Simplify move_rules()
2010-09-17 13:53:10 -07:00
Tom Eastep
3d0f8e962e
Simplify move_rules()
2010-09-17 13:49:32 -07:00
Tom Eastep
7a6943fa54
Disallow mss and blacklist on firewall and vserver zones
2010-09-17 12:54:58 -07:00
Tom Eastep
b76ee408a5
Emit clearer error messages
2010-09-17 12:54:54 -07:00
Tom Eastep
2e3635ff50
Be sure that {frozen} is defined
2010-09-17 12:54:44 -07:00
Tom Eastep
28aa7b8267
Re-add OPTIONS column to blacklist templates
2010-09-17 12:54:38 -07:00
Tom Eastep
ab78aac3a4
Disallow mss and blacklist on firewall and vserver zones
2010-09-17 12:46:38 -07:00
Tom Eastep
330afe1701
Emit clearer error messages
2010-09-17 12:35:34 -07:00
Tom Eastep
239b4a2356
Be sure that {frozen} is defined
2010-09-17 12:08:48 -07:00
Tom Eastep
65de1e4e6e
Re-add OPTIONS column to blacklist templates
2010-09-17 11:56:47 -07:00
Tom Eastep
7175f8a63e
Revert versions on Rules and Zones modules
2010-09-17 11:08:45 -07:00
Tom Eastep
d898c87617
Eliminate a parameter to add_jump()
2010-09-17 11:08:12 -07:00
Tom Eastep
07930fc535
Revert versions on Rules and Zones modules
2010-09-17 11:06:32 -07:00
Tom Eastep
5357f4c347
Eliminate a parameter to add_jump()
2010-09-17 11:05:35 -07:00
Tom Eastep
af24baaecd
Update version to RC1 (one more time)
2010-09-17 09:14:56 -07:00
Tom Eastep
e61230a3db
Update version to Beta 6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 08:23:24 -07:00
Tom Eastep
8e2c8e5a8f
Document use of state match for NOTRACK
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 08:21:16 -07:00
Tom Eastep
882970a598
Use state match for UNTRACKED
2010-09-17 07:58:21 -07:00
Tom Eastep
2ce3c8aa88
Ensure that blacklist rules are before the other interface-oriented rules
2010-09-16 18:19:16 -07:00
Tom Eastep
27c445381e
Treat 'blacklist' uniformly in hosts and zones
2010-09-16 15:48:12 -07:00
Tom Eastep
67b9ae0d2c
Update release documents
2010-09-16 15:47:05 -07:00
Tom Eastep
1c870b532a
Preserve dynamic blacklist during stop/clear/restore
2010-09-16 12:17:04 -07:00
Tom Eastep
a8c9fc1859
Implement new Blacklisting Scheme
2010-09-16 09:40:28 -07:00
Tom Eastep
3c1cff0794
First steps toward zone-based blacklisting
2010-09-16 06:55:48 -07:00
Tom Eastep
1d650b41cd
Remove blacklisting by destination IP address support
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 15:24:58 -07:00
Tom Eastep
3ad3f0d9e0
Allow floating point numbers in tcinterfaces fields other than <rate>
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 14:07:21 -07:00
Tom Eastep
ba89ec39b5
Add :<burst> to /etc/shorewall/tcdevices
2010-09-15 11:56:14 -07:00
Tom Eastep
69a2fa1907
Replace to/from with dst/src
2010-09-15 11:25:46 -07:00
Tom Eastep
f925b335ef
Ignore the 'blacklist' host option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 08:10:57 -07:00
Tom Eastep
373fc87165
More blacklisting wrapup
...
- Deprecate 'blacklist' in the hosts file
- Base blacklisting on interfaces alone
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 07:38:20 -07:00
Tom Eastep
4d0e8d129b
Add dup blacklist message
2010-09-14 18:04:27 -07:00
Tom Eastep
10a9ae496a
More manpage updates for 4.4.13
2010-09-14 16:47:45 -07:00
Tom Eastep
94cdc73ec2
Restore setpolicy() to prog.header*
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-14 13:50:22 -07:00
Tom Eastep
c4a40d8c7b
Set version to RC1 (again)
2010-09-14 13:09:50 -07:00
Tom Eastep
c6960f1ac2
Edit release notes
2010-09-14 07:36:29 -07:00
Tom Eastep
1f2691b052
Another fix for blacklisting; correct composition of $hosts1
2010-09-14 06:47:29 -07:00
Tom Eastep
0f913fca2f
Don't create blackout unnecessarily
2010-09-13 18:15:50 -07:00
Tom Eastep
82bccf16b5
Avoid internal error when there are no 'to' entries
2010-09-13 17:55:20 -07:00
Tom Eastep
bb38ed16b0
Document ipset creation fix
2010-09-13 15:54:44 -07:00
Tom Eastep
b1e9bff382
Create new ipsets on 'start'
2010-09-13 15:46:04 -07:00
Tom Eastep
a6194fabd2
Delete blank line
2010-09-13 14:15:47 -07:00
Tom Eastep
33adbe7a27
Update documentation for net TC features
2010-09-13 13:51:25 -07:00
Tom Eastep
1729da87f1
Allow both 'to' and 'from' in blacklist
2010-09-13 12:51:10 -07:00
Tom Eastep
9b4c3e22dd
Allow floating point numbers in TC rates
2010-09-13 12:50:50 -07:00
Tom Eastep
cb1f7adea3
Add :<burst> to IN-BANDWIDTH
2010-09-13 11:23:37 -07:00
Tom Eastep
283eda2fa5
Cosmetic change to OUT-BANDWIDTH code
2010-09-12 16:33:19 -07:00
Tom Eastep
bd9041306c
Add undocumented OUT-BANDWIDTH column to tcinterfaces
2010-09-12 16:25:45 -07:00
Tom Eastep
a3b7b9c11b
Delete unused functions from prog.header*
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-12 10:07:26 -07:00
Tom Eastep
931c5a8d0a
Add an assertion
2010-09-11 16:24:27 -07:00
Tom Eastep
50fc972d2a
Fix another SAME defect :-(
2010-09-11 16:15:09 -07:00
Tom Eastep
512cd7b08e
Bump version to 4.4.13 RC 1
2010-09-11 15:46:14 -07:00
Tom Eastep
aad7b70e18
Rename constant
2010-09-11 15:31:43 -07:00
Tom Eastep
c6c6503d83
Clean up a remaining issue with SAME
2010-09-11 15:24:01 -07:00
Tom Eastep
f004916055
Disallow a DEST interface in mangle OUTPUT rules
2010-09-11 14:10:05 -07:00
Tom Eastep
3ea7808b38
Disallow a DEST interface in mangle PREROUTING rules
2010-09-11 14:02:09 -07:00
Tom Eastep
37a5a01185
Correct INPUT marking documentation
2010-09-11 12:47:32 -07:00
Tom Eastep
e93a7fe9df
Avoid recent problems by not padding $target in process_tc_rule()
2010-09-11 11:03:28 -07:00
Tom Eastep
d9ced1051a
One more fix for SAME
2010-09-11 10:35:45 -07:00
Tom Eastep
367fc041b8
Correct handling of SAME -- Take 2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-11 09:36:19 -07:00
Tom Eastep
83ae6d6eba
Document fix for 'SAME'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-11 09:04:42 -07:00
Tom Eastep
dbc9f6ac8f
Correct handling of SAME
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-11 08:56:22 -07:00
Tom Eastep
05b6947aac
Document fix for ipset invocation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-11 08:55:35 -07:00
Tom Eastep
8dd42c9e19
Correct handling of dst/src list in ipset invocation
2010-09-11 07:41:01 -07:00
Tom Eastep
99f8f84024
Fix name of F chain in secmarks
2010-09-10 16:45:22 -07:00
Tom Eastep
69817007bf
Some more fixes for blacklisting
2010-09-09 14:53:12 -07:00
Tom Eastep
50300a60b7
A number of corrections to split blacklisting.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-09 11:20:49 -07:00
Tom Eastep
64544f4ab5
Correct comparison in 'blacklist' handling
2010-09-09 10:22:48 -07:00
Tom Eastep
cd4b5d80ed
Reduce patch footprint by two lines
2010-09-09 09:00:28 -07:00
Tom Eastep
df1e17eaa8
Re-enable 'blacklist' on bridge ports
2010-09-09 07:09:08 -07:00
Tom Eastep
828d190436
Change example
2010-09-07 19:14:43 -07:00
Tom Eastep
7dbd994f51
Update installers for secmarks
2010-09-07 07:56:11 -07:00
Tom Eastep
50b4bd8dfe
More Blacklist and Secmark documentation updates
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-06 17:26:49 -07:00
Tom Eastep
f3255cd83a
Rework blacklisting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-06 15:29:20 -07:00
Tom Eastep
c6f58ba924
Enhance SELinux support:
...
- Add state match
- Add user/group match
- Add examples to the man pages
2010-09-06 09:06:40 -07:00
Tom Eastep
33dc8de8fb
Allow dash's in ipset names
2010-09-05 11:41:35 -07:00
Tom Eastep
23e94e136c
Allow COMMENT, SAVE and RESTORE to work correctly in secmarks
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-05 08:17:58 -07:00
Tom Eastep
629290259d
Allow secmarks without TC_ENABLED
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-05 07:49:03 -07:00
Tom Eastep
b139ff7e90
Update docs and implementation of SECMARK
2010-09-04 16:08:29 -07:00
Tom Eastep
28ff3548ff
Bump version to 4.4.13-Beta4
2010-09-04 15:30:02 -07:00
Tom Eastep
15d8d6d8b7
Add SECMARK and CONNSECMARK support
2010-09-04 15:12:08 -07:00
Tom Eastep
6caff51c98
Modify a comment are delete a silly identity assignment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-01 11:24:19 -07:00
Tom Eastep
62fcf1ae8b
Adjust version of Raw.pm
2010-08-31 16:52:48 -07:00
Tom Eastep
dfebe5a35e
Correct error message
2010-08-31 16:33:15 -07:00
Tom Eastep
8f94137007
Fix last change
2010-08-30 16:47:45 -07:00
Tom Eastep
1da6d51d1a
Reduce the Beta3 patch footprint by making the second arg to known_interface() optional
2010-08-30 16:43:30 -07:00
Tom Eastep
add76ed14e
Bump version to 4.4.13 Beta 3
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-30 12:33:10 -07:00
Tom Eastep
7f0f4516d7
Rework handle_optional_interfaces() somewhat
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-30 12:29:39 -07:00
Tom Eastep
c18d206726
Use a function to generate the list of interfaces with an L3 address
2010-08-29 20:13:56 -07:00
Tom Eastep
57c54af6ed
Re-implement optional interface handling
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-29 12:32:44 -07:00
Tom Eastep
d94f2cc86d
Insure that the mapping to base names is deterministic
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-29 07:28:06 -07:00
Tom Eastep
be0231578f
Insure uniqueness of chain_base mapping
2010-08-28 20:47:39 -07:00
Tom Eastep
95a09b996f
Fix test for KLUDGEFREE
2010-08-28 20:47:15 -07:00
Tom Eastep
1531ad3bcd
Re-implement interface->shell-variable mapping
2010-08-28 15:15:41 -07:00
Tom Eastep
3a36a9de4b
Fix shell-variable creation
2010-08-28 14:48:47 -07:00
Tom Eastep
d8846b92d8
Fix optional 'upnpclient' interfaces - take 2
2010-08-28 14:46:29 -07:00
Tom Eastep
a440e7023e
Fix optional 'upnpclient' interfaces
2010-08-28 14:18:48 -07:00
Tom Eastep
f45879c4f4
split_list1 removes () -- take 2
2010-08-28 13:40:44 -07:00
Tom Eastep
2a54e8cd24
split_list1 removes ()
2010-08-28 13:37:19 -07:00
Tom Eastep
c2558af9c8
Document and correct implementation of EXCLUSION_MASK
...
1. Require KLUDGEFREE if existing rule uses mark match
2. Pretty up the code
3. Use MASK_BITS rather than TC_BITS when calculating the offset of EXCLUSION_MASK
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-28 08:29:47 -07:00
Tom Eastep
c98cf8aea6
Re-implement exclusion in CONTINUE/NONAT/ACCEPT+ rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-27 10:09:42 -07:00
Tom Eastep
57bcfee559
Add 'Mark in any table' capability
2010-08-27 08:35:33 -07:00
Tom Eastep
a1cd2ba0f3
Bring 'multiple space before comment' fix forward to master
...
Probably unneeded but better be safe
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-27 06:59:52 -07:00
Tom Eastep
12f48e1b97
Don't pass '-j' in target arg to expand_rule()
...
- use the target to locate chain for reference tracking
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-26 10:37:07 -07:00
Tom Eastep
15fbbdaac7
Fix exclusion in blacklist
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-26 10:33:57 -07:00
Tom Eastep
bd8bcabdf0
Use the 'disposition' argument to expand_rule() to specify the target chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-26 08:40:24 -07:00
Tom Eastep
dc74b88445
Fix typo in release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-26 07:16:28 -07:00
Tom Eastep
75e12148ac
Bump version to Beta 2
2010-08-25 09:58:07 -07:00
Tom Eastep
4a865e0a6d
Pretty up some come
2010-08-24 13:08:21 -07:00
Tom Eastep
91c5a2f80b
Fix old ipset detection bug
2010-08-24 13:08:06 -07:00
Tom Eastep
5c49aa843c
Generate warning when a rules file entry generates no iptables-restore input
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-24 08:38:49 -07:00
Tom Eastep
383e792807
Restore wildcard properties to zone lists
2010-08-24 06:52:53 -07:00
Tom Eastep
5a92c3262f
Fix REQUIRE_INTERFACE=Yes
2010-08-23 17:19:41 -07:00
Tom Eastep
d74af30368
Fix zone-exclusion bug
2010-08-23 16:31:46 -07:00
Tom Eastep
8f94240e8f
Fix a couple of optimization bugs
2010-08-23 16:00:40 -07:00
Tom Eastep
160ad231df
Fix an old optimization bug
2010-08-23 15:14:09 -07:00
Tom Eastep
ec09b92c4c
Correct Release Notes
2010-08-23 12:38:58 -07:00
Tom Eastep
647f4bf6eb
Update release notes
2010-08-22 14:35:01 -07:00
Tom Eastep
335ac8cdca
Improve IPSEC accounting.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-20 10:07:19 -07:00
Tom Eastep
e70d9c82d8
Revise and document IPSEC Accounting
...
- Place accounting rules in accipsecin and accipsecout
- Add warning when rule inserted into unreferenced accounting chain
- Add warning when an accounting chain has no references
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-20 08:24:45 -07:00
Tom Eastep
33ee9b1481
Add IPSEC Accounting (again)
2010-08-20 06:53:31 -07:00
Tom Eastep
d9d31ff132
Remove another 'our' variable
2010-08-19 15:34:04 -07:00
Tom Eastep
c80b1b3585
Correct types in do_ipsec()
2010-08-19 15:33:49 -07:00
Tom Eastep
af77eb08bc
Back out IPSEC accounting rules
2010-08-19 15:13:01 -07:00
Tom Eastep
2a9bbbfe62
Eliminate an ugly 'our' variable.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-19 12:00:52 -07:00
Tom Eastep
676da7a2f1
More reorganization of process_rule()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-19 11:53:26 -07:00
Tom Eastep
d997ef1653
First cut at IPSEC support in the accounting file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-19 11:46:26 -07:00
Tom Eastep
4322d7b2af
Zone exclusion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 16:10:58 -07:00
Tom Eastep
4460b49842
Complete Zone list Support
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 14:38:53 -07:00
Tom Eastep
fafb0dea73
Update version to 4.4.13-Beta1
2010-08-18 12:40:34 -07:00
Tom Eastep
66d4379962
Reorder sections of the Release Notes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 12:22:42 -07:00
Tom Eastep
255cd6cf9c
Implement zone lists in rules file entries
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-18 12:18:58 -07:00
Tom Eastep
7a17b65368
Allow simple zone lists in rules
2010-08-18 07:26:38 -07:00
Tom Eastep
12aecdef37
Use '&' trick to avoid prototype matching
2010-08-17 09:17:25 -07:00
Tom Eastep
a0dffa787d
Add an assertion
2010-08-16 19:17:44 -07:00
Tom Eastep
2919c48ba0
Avoid forward reference to ensure_chain()
2010-08-16 13:25:01 -07:00
Tom Eastep
00837ed503
Add Shorewall::Chains::find_chain()
2010-08-16 13:12:12 -07:00
Tom Eastep
633eba6c90
Set version to 4.4.12
2010-08-15 08:50:45 -07:00
Tom Eastep
42362ea318
Document fix for AUTOMAKE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-14 07:55:45 -07:00
Tom Eastep
72b8393c3a
Fix AUTOMAKE=Yes
2010-08-14 07:32:53 -07:00
Tom Eastep
1510e111c4
Fix typo in conf basics doc
2010-08-13 20:27:14 -07:00
Tom Eastep
b7f638ddb3
Document status command change
2010-08-12 19:46:57 -07:00
Tom Eastep
7281c9166e
Record the config directory in the state file
2010-08-12 17:54:07 -07:00
Tom Eastep
15eec24672
Simplify logic for generating all parent zones
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-12 15:15:19 -07:00
Tom Eastep
7168257152
Document port range editing fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-12 11:52:43 -07:00
Tom Eastep
49053afdcb
Fix port range validate issue
2010-08-12 09:49:26 -07:00
Tom Eastep
92eed0d23c
Document fix for any bug
2010-08-12 07:35:45 -07:00
Tom Eastep
69eaf84078
Fix bug with 'any'
2010-08-12 07:31:37 -07:00
Tom Eastep
aa00acc310
Correct typo in release notes
2010-08-11 16:09:12 -07:00
Tom Eastep
e0780b9a84
Rename the first column of the masq file for clarity
2010-08-11 15:34:27 -07:00
Tom Eastep
965ad7ced1
Minor tweaks to the IPAddrs module
2010-08-11 11:46:26 -07:00
Tom Eastep
0234564a1b
Add destination IP blacklisting
2010-08-10 17:33:50 -07:00
Tom Eastep
d9cbbea36a
Delete extra item in enhancement list
2010-08-07 14:06:20 -07:00
Tom Eastep
da91ef8d2c
Fix typo in install.sh
2010-08-07 10:56:15 -07:00
Tom Eastep
1a4d84d502
Document fix to install.sh
2010-08-07 09:34:19 -07:00
Tom Eastep
8d4498c9b8
Update Version to 4.4.12 RC 1
2010-08-06 19:31:36 -07:00
Tom Eastep
59829565f5
Add COMPLETE to release notes
2010-08-06 19:30:33 -07:00
Tom Eastep
0f02ee2628
Fix issue with set match generation
2010-08-06 10:17:54 -07:00
Tom Eastep
364ad41cf5
Add support for new ipset match syntax
2010-08-03 21:06:17 -07:00
Tom Eastep
2774ee1bd6
Make 'icmp' a synonym for 'ipv6-icmp' in IPv6 compilations
2010-08-02 08:04:55 -07:00
Tom Eastep
3ce8ff5741
Bump version to Beta 4
2010-08-01 16:10:32 -07:00
Tom Eastep
967629569b
Taylor Universal config to work with Shorewall-init and streamline ruleset
...
- Make interface 'all' optional and set REQUIRE_INTERFACE=Yes
- Add COMPLETE option
- Set FASTACCEPT in Universal samples
- Reset SUBSYSLOCK in Universal samples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-01 08:36:56 -07:00
Tom Eastep
a88e2afa69
Tweak the Universal documentation
2010-07-31 18:43:54 -07:00
Tom Eastep
2f08ec4dd6
Update version in release notes
2010-07-31 14:06:49 -07:00
Tom Eastep
0b9aa0f84b
Fix the dump command
2010-07-31 13:52:28 -07:00
Tom Eastep
0b3dfcc844
Revert version to Beta 3
2010-07-31 13:23:53 -07:00
Tom Eastep
fdcc263023
Fix a couple of minor bugs
2010-07-31 13:11:46 -07:00
Tom Eastep
bebeba8cae
Document Universal Configuration and allow for empty LOGFILE
2010-07-31 12:45:43 -07:00
Tom Eastep
4e02031985
Document Universal Configuration
2010-07-31 11:59:25 -07:00
Tom Eastep
0174045181
Fixes for Universal Sample
2010-07-31 10:49:49 -07:00
Tom Eastep
beeeb6efbc
Allow '+' as a physical interface
2010-07-31 10:08:45 -07:00
Tom Eastep
fdeb9006fa
Correct module versions
2010-07-31 09:02:51 -07:00
Tom Eastep
005b6f7b45
Use new hashlimit match syntax if available
2010-07-31 07:19:41 -07:00
Tom Eastep
637cfdaa14
Handle case where old hashlimit match is no longer supported
2010-07-29 17:14:36 -07:00
Tom Eastep
e598dc77b7
Correct/improve LOGLIMIT handling
2010-07-29 16:50:17 -07:00
Tom Eastep
0b8ddeeed4
Correct typo in release notes
2010-07-29 12:49:26 -07:00
Tom Eastep
8f531355c9
Update known problems for RC1
2010-07-29 12:40:46 -07:00
Tom Eastep
a639b75e36
Bump version to RC1
2010-07-29 11:40:15 -07:00
Tom Eastep
e00517f075
Add Vserver support as a release highlight
2010-07-29 11:38:43 -07:00
Tom Eastep
6a1fea3a40
Add 'user marks'
2010-07-27 11:02:36 -07:00
Tom Eastep
0c38ba815c
Add LOGLIMIT to .conf files while deleting LOGRATE and LOGBURST
2010-07-27 06:44:10 -07:00
Tom Eastep
f1a8da61bc
Use global log rate limiting, if any, for synflood logging
2010-07-26 14:58:38 -07:00
Tom Eastep
8f27a2461d
Fix syntax diagram
2010-07-25 13:08:15 -07:00
Tom Eastep
bd5facda30
Implement per-IP log rate limiting
2010-07-25 12:42:39 -07:00
Tom Eastep
9bf06caa35
Bump version to Beta 2
2010-07-25 08:11:49 -07:00
Tom Eastep
1528cc2094
Correct RE in split_action()
2010-07-24 11:50:10 -07:00
Tom Eastep
e956068959
Make default setting of MANGLE_ENABLED depend on the capability with the same name
2010-07-24 09:27:21 -07:00
Tom Eastep
e5a7d2ae69
Fix syntax error in generated script
2010-07-23 11:24:42 -07:00
Tom Eastep
9eedf155bc
Fix syntax error in generated script
2010-07-23 11:23:23 -07:00
Tom Eastep
55b596ddb2
Update release notes version and document Shorewall-init fixes
2010-07-23 11:09:05 -07:00
Tom Eastep
2c6d1c8d14
Many fixes for Shorewall-init
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-23 09:26:47 -07:00
Tom Eastep
898274dd77
Syncronize shorewall-lite activities
2010-07-22 17:00:34 -07:00
Tom Eastep
3248fc8ab1
Add additional progress messages to updown()
2010-07-22 15:11:19 -07:00
Tom Eastep
49a8861f5b
Pretty up the code
2010-07-22 13:57:34 -07:00
Tom Eastep
7db9645225
Avoid an extra blank line
2010-07-22 13:51:47 -07:00
Tom Eastep
666cc35b46
Don't slow down stop with 'wait'
2010-07-22 12:56:49 -07:00
Tom Eastep
055f92c3d2
Document fix for :random with REDIRECT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-22 07:28:43 -07:00
Tom Eastep
4e33efd8a6
Allow :random to work with REDIRECT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-22 07:26:38 -07:00
Tom Eastep
8959245375
Update version to 4.4.12-Beta1
2010-07-21 20:35:36 -07:00
Tom Eastep
411d392ccd
Additional progress messages during up/down processing
2010-07-21 20:35:03 -07:00
Tom Eastep
d897635af5
Allow bizarre overriding of SOURCE/DEST with ipsets
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-20 16:03:12 -07:00
Tom Eastep
1de257be19
Make ADD and DELETE work with any type of ipset.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-20 15:42:11 -07:00
Tom Eastep
79128605b1
Validate all IPSET Names
2010-07-18 17:18:10 -07:00
Tom Eastep
cbb524b067
Implement ADD/DEL commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-18 08:46:38 -07:00
Tom Eastep
47961f3fd5
Update release notes to mention link local network error
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-16 10:19:29 -07:00
Tom Eastep
d99aff5e09
Use Perl Constants rather literals for IPv6 Networks
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-16 10:06:29 -07:00
Tom Eastep
27937f32e3
Document IPv6 multicast network fix
2010-07-16 09:37:38 -07:00
Tom Eastep
17bdcc1360
Eradicate incorrect multicast network address
2010-07-16 09:33:17 -07:00
Tom Eastep
e0ae48f4c4
Document fix for IPv6 shorecap program
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-15 13:32:10 -07:00
Tom Eastep
f92f75196c
Correct accidental modification of action.Drop
2010-07-14 06:27:27 -07:00
Tom Eastep
a29921c9d2
Reverse order of ICMPv6 and Multicast/anycast filtering
2010-07-13 13:03:55 -07:00
Tom Eastep
b52b7c422f
Drop multicast and anycast in Drop and Reject actions
2010-07-12 16:44:34 -07:00
Tom Eastep
c1b212225e
Use uniform coding style in latest changes
2010-07-12 13:07:11 -07:00
Tom Eastep
328e1b7f6a
Don't generate rules to link local net from vserver zones
2010-07-12 12:39:51 -07:00
Tom Eastep
59189d6324
Don't generate rules from link local net to vserver zones
2010-07-12 11:52:56 -07:00
Tom Eastep
4792d1e5f1
Fix nets= in Shorewall6
2010-07-11 19:52:18 -07:00
Tom Eastep
5a5546ef1b
Set version to 4.4.11
2010-07-09 09:01:08 -07:00
Tom Eastep
d0c1c3d69c
Change comment to clarify assumption about function arguments
2010-07-08 17:45:18 -07:00
Tom Eastep
9eca7fb37b
Simplify logic in loopback helper functions
2010-07-08 17:11:27 -07:00
Tom Eastep
591a4bc7f6
Revert version of modules with only whitespace changes; rename a couple of functions for clarity
2010-07-07 06:43:07 -07:00
Tom Eastep
02fab09a14
Add PERL= option to shorewall.conf and shorewall6.conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-05 13:11:52 -07:00
Tom Eastep
4547067da9
Document fix for missing closing quote
2010-07-05 11:43:37 -07:00
Tom Eastep
31a9d24164
Fix missing quote when REQUIRE_INTERFACE=Yes
2010-07-05 09:47:03 -07:00
Tom Eastep
f977631af9
Just reset provider bits in FORWARD chain
2010-07-05 09:46:24 -07:00
Tom Eastep
b445b4fdd9
Fix compiler detection of FWMARK_RT_MASK -- take 2
2010-07-05 08:51:13 -07:00
Tom Eastep
0e87ccbcfd
Fix compiler detection of FWMARK_RT_MASK
2010-07-05 08:39:32 -07:00
Tom Eastep
542557069e
Back out a couple of harmless but unintended changes
2010-07-05 08:02:51 -07:00
Tom Eastep
aa6bb6e911
Improve wording of FORWARD_CLEAR_MARK description
2010-07-05 07:53:31 -07:00
Tom Eastep
898c3a045f
Bump version to RC1
2010-07-05 07:08:06 -07:00
Tom Eastep
6a644716c9
Unconditionally use /usr/bin/perl
2010-07-04 17:13:33 -07:00
Tom Eastep
312624cef5
Fix NET3 bug (netmap)
2010-07-04 15:58:37 -07:00
Tom Eastep
7689831cd7
Minor cleanup of 4.4.11 Beta 3.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-04 09:29:16 -07:00
Tom Eastep
2ee4fd8f5a
Add FWMARK_RT_MASK capability.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-04 09:08:04 -07:00
Tom Eastep
d3e30b5fe4
Add FORWARD_CLEAR_MARK option
2010-07-03 17:03:42 -07:00
Tom Eastep
5d1e19364a
Bump version to Beta 3
2010-07-03 10:54:39 -07:00
Tom Eastep
148b251766
Only send loopback traffic to the 'loopback' chain
2010-07-03 10:53:25 -07:00
Tom Eastep
21ce6f9b84
Add new zone-list function to return all but firewall zone.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-03 08:33:10 -07:00
Tom Eastep
c8274f0538
Minor vserver doc update
2010-07-02 13:34:21 -07:00
Tom Eastep
63154367ad
Forbid 'ipsec' in a vserver host entry
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 13:12:23 -07:00
Tom Eastep
e5d3ce582a
Correct Old Defect in ipsec match generation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 13:11:57 -07:00
Tom Eastep
9e81a5101f
Cleaner fix for ipsec/vserver issue
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 12:24:58 -07:00
Tom Eastep
261af19b4e
Fix invalid policy match with vserver zone.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 12:18:18 -07:00
Tom Eastep
364cddf99b
Update release documents for find_hosts_by_option() fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 07:40:30 -07:00
Tom Eastep
f2ca9e25c9
Make find_hosts_by_option() work with options specified on the interface
2010-07-02 07:19:52 -07:00
Tom Eastep
db8dba66db
Correct defect in the handling of 'trace' and 'debug'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-01 15:56:57 -07:00
Tom Eastep
338c021272
Fix refression in handling of mss=
2010-07-01 09:05:25 -07:00
Tom Eastep
64decb25fe
Bump version to 4.4.11-Beta2
2010-07-01 07:08:11 -07:00
Tom Eastep
9f15ccb24f
Update Raw.pm version.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-30 20:40:26 -07:00
Tom Eastep
e4afc15370
Finish Vserver Implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-30 20:35:46 -07:00
Tom Eastep
9e37fe1ffa
Deimplement flawed rate limiting with simple TC
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-26 07:42:08 -07:00
Tom Eastep
fc95cb8dc6
Run insserv when installed on Debian
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-26 07:34:34 -07:00
Tom Eastep
914d752f1d
Fix latency parsing
2010-06-25 16:10:26 -07:00
Tom Eastep
fe27554fd0
Document undefined value issue
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-24 14:18:48 -07:00
Tom Eastep
2909b6fd92
Quiet down the Perl interpreter on some boxen
2010-06-24 13:58:46 -07:00
Tom Eastep
cc376ab72e
Update release documents for REQUIRE_INTERFACE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-23 13:00:00 -07:00
Tom Eastep
3cda3d0315
Add REQUIRE_INTERFACE to shorewall*.conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-23 12:58:35 -07:00
Tom Eastep
1cb22d0bcf
First feeble steps toward vserver zones
2010-06-22 16:42:20 -07:00
Tom Eastep
d5aaa97d4e
Update release documents for changes ported from the 4.4.10 branch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-22 08:40:07 -07:00
Tom Eastep
efa4cfa921
Update release documents for 4.4.11 Beta 1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-18 12:09:43 -07:00
Tom Eastep
dbbe6b264d
Fix the IPSET fix
2010-06-18 12:06:12 -07:00
Tom Eastep
e7340dabc0
Fix IPSET issue
2010-06-18 12:05:44 -07:00
Tom Eastep
503b1cf795
Update release note version banner
2010-06-16 16:46:56 -07:00
Tom Eastep
32d8a9d996
Allow patch from Gabriel
2010-06-12 14:10:40 -07:00
Tom Eastep
d58127e51c
Allow networks to be specified in a NETMAP rule
2010-06-12 13:50:58 -07:00
Tom Eastep
9acec39898
Fix a couple of issues with Simple TC
2010-06-12 13:50:11 -07:00
Tom Eastep
625f254d02
Add tcfilters to manpage index
2010-06-10 06:15:15 -07:00
Tom Eastep
6040f02bb0
Don't set variables needlessly
2010-06-08 16:33:54 -07:00
Tom Eastep
32d575a8c8
Remove extra logic
2010-06-08 16:18:23 -07:00
Tom Eastep
dcd64cd096
Move ipset-load code to Chains.pm. Better there than in Compiler.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-08 16:18:14 -07:00
Tom Eastep
a5816c23d4
Move save_dynamic_chains to Chains.pm where it belongs.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-08 16:17:57 -07:00
Tom Eastep
6537c1e55a
Improve readability
2010-06-08 16:16:23 -07:00
Tom Eastep
52a80e69a9
More tweaks to saving/restoring dynamic chains
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-08 11:27:09 -07:00
Tom Eastep
ec3fdbde98
More changes having to do with with dynamic chains
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-08 11:26:53 -07:00
Tom Eastep
aa4b0f71af
Much cleaner implementation of save_dynamic_chains()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-07 10:11:33 -07:00
Tom Eastep
0978f3d41a
More periodic removal of trailing white space
2010-06-07 09:16:56 -07:00
Tom Eastep
3467969c26
Periodic removal of trailing white space
2010-06-07 07:30:56 -07:00
Tom Eastep
04de6fac6d
Make dynamic chain saving work with IPv6
...
Also, use hidden files to save the chain contents.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-07 07:18:21 -07:00
Tom Eastep
b741ff2a81
Document first 4.4.11 features
2010-06-06 20:40:39 -07:00
Tom Eastep
db138edbd1
Update versions of modified modules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-06 13:49:26 -07:00
Tom Eastep
b3370dfd78
Initiate 4.4.11
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-06 13:36:45 -07:00
Tom Eastep
17b6e370af
Purge saved dynamic blacklist if the chain doesn't exist
2010-06-06 13:24:09 -07:00
Tom Eastep
25c0e3c7b3
Retain UPnP and dynamic blacklist over 'restart'
2010-06-06 13:23:49 -07:00
Tom Eastep
ca7d145746
Don't enter command mode for upnpclient rule for non-optional interface
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-06 08:05:19 -07:00
Tom Eastep
99a0226a43
Slight improvement of regular expression used to insert chain name into rules after '-A'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-06 08:04:28 -07:00
Tom Eastep
fdc3b698a9
Version to 4.4.10 (again)
2010-06-05 15:58:23 -07:00
Tom Eastep
d388b29d70
Let Zones.pm export chain_base rather than Chains.pm
2010-06-05 08:40:00 -07:00
Tom Eastep
0e995d65ac
Version to 4.4.10-RC2
2010-06-04 16:19:15 -07:00
Tom Eastep
742a3b2eef
Make wait and required work on wildcard interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-04 10:35:45 -07:00
Tom Eastep
82a74d7534
Resolve Optional/Required interfaces with wildcard names
...
Optional is allowed
Required is not
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-04 08:46:29 -07:00
Tom Eastep
165535cd8b
Disallow wildcard optional/required interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-04 07:18:55 -07:00
Tom Eastep
7625b4069b
Delete references to prenet subsystem locks.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-03 12:31:39 -07:00
Tom Eastep
43afd03b9b
Bump version to 4.4.10
2010-06-03 11:18:02 -07:00
Tom Eastep
f29b06ec07
Update .spec files to use DESTDIR
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-01 07:18:37 -07:00
Tom Eastep
91840acb18
Remove unused RUNLEVELS variable from the install scripts.
...
Add some documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-01 07:12:19 -07:00
Tom Eastep
fe55fa0f31
Rename PREFIX->DESTDIR
...
If DESTDIR is not supplied, look for PREFIX
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-01 06:42:11 -07:00
Tom Eastep
c52d0c4d9f
Update release notes for 'version -a'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-31 08:05:33 -07:00
Tom Eastep
858a422da3
Extend 'version -a' behavior to all CLIs
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-31 07:32:17 -07:00
Tom Eastep
47c4cbd85a
Remove extra step in DSL modem access
2010-05-30 11:31:41 -07:00
Tom Eastep
347757a190
Yet more updates for build on the Mac
2010-05-29 10:57:27 -07:00
Tom Eastep
58ad0bc9e0
More updates for build on the Mac
2010-05-29 10:50:39 -07:00
Tom Eastep
226eb6ca3e
Cleanup of optimization fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 09:56:14 -07:00
Tom Eastep
5bd1bac70d
Document fix for optimization bug
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 09:13:52 -07:00
Tom Eastep
e29d6d080d
Restore -a functionality to the version command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 08:59:45 -07:00
Tom Eastep
50ce5bab68
Fix Optimization Bug
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 08:58:16 -07:00
Tom Eastep
d58480943a
Bump version to 4.4.10 RC 1
2010-05-27 17:21:11 -07:00
Tom Eastep
3125a4d0d3
Restore RPM RedHat compatibility
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-27 06:49:49 -07:00
Tom Eastep
cc269d5d19
Make RPM SuSE-only
2010-05-26 18:49:33 -07:00
Tom Eastep
e627e0ea76
Bump version to 4.4.10-Beta4
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-26 16:47:49 -07:00
Tom Eastep
84909de8b9
Fixes for Debian
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-25 16:02:57 -07:00
Tom Eastep
cdcb42ce9c
Increment version to 4.4.10-Beta3.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-25 07:17:57 -07:00
Tom Eastep
3db31f2f65
Add SAFESTOP setting to /etc/default/shorewall*.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-25 07:16:02 -07:00
Tom Eastep
2d19cd1ebb
Add options to readlink
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-24 06:37:02 -07:00
Tom Eastep
9c0564831a
Fix syntax error in generated shell script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-24 06:23:45 -07:00
Tom Eastep
620f5cf76b
More build fixes
2010-05-23 17:12:42 -07:00
Tom Eastep
0f7b4cf7f4
Fix logrotate issue
2010-05-23 17:01:31 -07:00
Tom Eastep
0ef4cd1653
Allow Debian install with PREFIX
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-23 16:10:36 -07:00
Tom Eastep
60c751b98f
First stage rework of Shorewall install script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-23 16:02:28 -07:00
Tom Eastep
d32ed01cf0
Use readlink(1) where appropriate
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-23 13:37:26 -07:00
Tom Eastep
1d87fc0102
Update .spec files with virtual requires/provides
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-21 10:12:37 -07:00
Tom Eastep
eaad566978
Update documents for Shorewall-lite
2010-05-20 17:06:53 -07:00
Tom Eastep
4264524448
Bump Version to 4.4.10-Beta2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-20 14:13:38 -07:00
Tom Eastep
2a870088d8
Remove 'close' from CLI programs
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-20 14:09:40 -07:00
Tom Eastep
182f433772
Add note about supported distributions to release notes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-20 06:32:34 -07:00
Tom Eastep
50dc02da07
Implement the 'REQUIRE_INTERFACE' option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-19 07:32:02 -07:00
Tom Eastep
06a17c8973
Adjust manpage specifications in spec file
2010-05-18 20:59:24 -07:00
Tom Eastep
4e748f9255
Add Shorewall-init manpage and update release notes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 20:40:03 -07:00
Tom Eastep
4690075ed8
Start firewall on up event for optional interface.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 20:29:03 -07:00
Tom Eastep
1eb5e5b081
Fail the install on unknown distros.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 15:30:53 -07:00
Tom Eastep
9c5fb89b4c
Improve documentation in the release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 14:55:16 -07:00
Tom Eastep
0c9a0150d2
Document Shorewall-init; delete old auto-stop code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 14:42:39 -07:00
Tom Eastep
5b2affbd01
Changes to make RedHat work with NetworkManager
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 13:41:01 -07:00
Tom Eastep
f9d187c288
Correct issues found in Fedora Testing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-18 10:27:12 -07:00
Tom Eastep
499b0cddaa
Log the text from startup errors.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-17 07:02:30 -07:00
Tom Eastep
a534bca914
Fix an existing bug in Shorewall6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-16 19:28:49 -07:00
Tom Eastep
a501222194
Fix some bugs in the Shorewall-init implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-16 17:41:09 -07:00
Tom Eastep
4f428d8135
De-implement 'close'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-16 15:31:41 -07:00
Tom Eastep
749d6be64e
Add 'optional' interfaces to updown processing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 17:06:00 -07:00
Tom Eastep
a3589dc6e9
Implement the 'up' and 'down' script commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 12:48:04 -07:00
Tom Eastep
ff388ca5c4
Detect the 'closed' state in the status command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 12:46:47 -07:00
Tom Eastep
88188202cc
Add 'wait' interface option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 09:52:46 -07:00
Tom Eastep
16e451a7d8
Add 'required' interface option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-15 09:04:32 -07:00
Tom Eastep
a2758421ed
Bump version to 4.4.10-Beta1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-13 17:03:14 -07:00
Tom Eastep
529f9a07b4
Update Rules.pm version to 4.4.10
2010-05-13 16:39:52 -07:00
Tom Eastep
a04d8126e1
Finish implementing 'close'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-13 16:39:01 -07:00
Tom Eastep
1d0b8b1cec
Correct syntax error in generated code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-13 16:32:42 -07:00
Tom Eastep
449ca038ba
Implement 'close' command
2010-05-13 16:29:25 -07:00
Tom Eastep
74c515016e
Add back stuff merged earlier:
2010-05-08 16:32:03 -07:00
Tom Eastep
679ad6cf04
Allow OS X to be an Administrative System
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-06 09:07:16 -07:00
Tom Eastep
65a5d34276
Update Module Versions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 12:46:29 -07:00
Tom Eastep
96bef5bd49
Assume 'routeback' in routestopped based on interface config.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 12:31:11 -07:00
Tom Eastep
fca404eeaf
Update version to 4.4.9
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 10:02:02 -07:00
Tom Eastep
c7848be266
Back out the rest of the original change for dup / -[psiod]
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-03 09:59:25 -07:00
Tom Eastep
70c6a2cdf3
Update version to 4.4.9-RC2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-02 07:25:50 -07:00
Tom Eastep
7d2df848c9
Tighten up the new mDNS rule
2010-05-01 12:13:02 -07:00
Tom Eastep
9bcd9fd12b
Allow for mDNS multicast responses
2010-05-01 12:01:58 -07:00
Tom Eastep
639b3ea57d
Simplify checking for /! -[piosd] /
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 09:13:16 -07:00
Tom Eastep
311372013d
More fixes to optimization
...
Only disallow / ! -[piosd] / if the target is a chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 08:58:41 -07:00
Tom Eastep
518416ec2e
Add a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 08:08:39 -07:00
Tom Eastep
94c6b37e8e
Avoid leaving an orphan '!' behind.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 07:51:24 -07:00
Tom Eastep
219b2e0761
A more comprehensive solution to multiple -[piosd] matches.
...
- eliminate duplicate -[piosd] matches in merged rules
- avoid tracing !* unconditionally
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 07:26:25 -07:00
Tom Eastep
16161d9cfc
Add new trace types.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-01 06:43:09 -07:00
Tom Eastep
1173518d78
More minor cleanup of first code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-30 07:22:09 -07:00
Tom Eastep
2864841a9e
Correct release notes
...
update version to RC1
correct typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-29 11:21:31 -07:00
Tom Eastep
076da4bd5c
Couple of tweaks to my earliest code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-29 11:19:50 -07:00
Tom Eastep
a997d6507d
Update release notes with more common example of failure.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-28 08:09:10 -07:00
Tom Eastep
039668b333
Update release notes to reflect reality.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-28 06:57:45 -07:00
Tom Eastep
2c1cede54e
Revise addressless bridge change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 15:23:38 -07:00
Tom Eastep
d8b0f496df
Allow simple configuration of a bridge with no IP address
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-27 12:26:58 -07:00
Tom Eastep
988f7c4d7e
More fixes for bad NAT optimization
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:50:18 -07:00
Tom Eastep
f49848bd5b
Document rare optimization fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:32:53 -07:00
Tom Eastep
0e4698d57c
Fix rare optimization bug
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-26 16:19:58 -07:00
Tom Eastep
6d61e962eb
Use -m conntrack if available in place of -m state
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-25 13:35:41 -07:00
Tom Eastep
21e0c68ef2
Bump version to 4.4.9 RC1
2010-04-25 09:37:17 -07:00
Tom Eastep
fb2ddcee7b
Bump Version to 4.4.9 Beta 5
2010-04-24 21:53:12 -07:00
Tom Eastep
6053352f8c
A better fix for find_first_interface_address()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-23 20:06:45 -07:00
Tom Eastep
2cb3bac946
Document fix for find_first_interface_address()
2010-04-23 12:18:51 -07:00
Tom Eastep
232fc21fe2
Allow find_first_interface_address[_if_any] to work properly in the params file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-23 11:54:36 -07:00
Tom Eastep
b821bdcdfd
One more pass at improving regex's for target isolation and matching
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 14:45:34 -07:00
Tom Eastep
64bf772594
Set OUTPUT policy to ACCEPT when optimize_chain deletes all of its rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 13:38:38 -07:00
Tom Eastep
b0b39cfc39
Document optimization level 2 fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 11:55:13 -07:00
Tom Eastep
fb754b3a2e
Don't remove a lone ACCEPT rule from the OUTPUT chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-22 11:35:14 -07:00
Tom Eastep
0dde75d345
Fix install scripts (again)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-19 13:08:03 -07:00
Tom Eastep
a0abb11f67
Extend 'show log <ipaddr>' to search for a regular expression.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-19 13:02:21 -07:00
Tom Eastep
8c09f21e5d
Implement 'show log <token>'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-19 10:20:28 -07:00
Tom Eastep
a1a78cf09b
Abandon the fantesy that multiple optimize 8 passes will achieve anything.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 17:12:08 -07:00
Tom Eastep
938cfd7ba4
Don't create fw-><bport> chains and rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 12:29:51 -07:00
Tom Eastep
c52a3dcd14
Don't generate policy chains for fw to bridgeport zones.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:56:11 -07:00
Tom Eastep
1030c852f9
Simplify a test
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:21:30 -07:00
Tom Eastep
e7a4aaafc1
Modify optimization 8 loop to continue until no chains are combined.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:17:57 -07:00
Tom Eastep
8e1284f74c
Document OPTIMIZE=15
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 09:17:12 -07:00
Tom Eastep
4f00de0c57
Make additional optimize 8 passes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 08:42:25 -07:00
Tom Eastep
21b44ac42b
Change version to 4.4.9-Beta4
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-16 07:25:53 -07:00
Tom Eastep
82d6ba511f
Unify the REs that look for '-[jg] <chain>'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 18:02:31 -07:00
Tom Eastep
cec59360f6
Use '-j' rather than '-g' when jumping to tcpre, just to be safe
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 14:14:13 -07:00
Tom Eastep
46d207a86f
Restore original amount of whitespace in maclist rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 14:13:37 -07:00
Tom Eastep
e9a94b0cfb
Unify reference count adjustment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 14:12:48 -07:00
Tom Eastep
cf59d9ec68
Fix an optimize 8 bug.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 12:45:00 -07:00
Tom Eastep
dde540c42d
Update release notes for optimize 4 problems.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 12:44:37 -07:00
Tom Eastep
c1bcf360ee
Fix another 'add_rule' that should have been an 'add_jump'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 09:59:57 -07:00
Tom Eastep
f7e48a94da
Fix install scripts.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 09:39:21 -07:00
Tom Eastep
96d69bd8c3
Centralize message generation; optimize optimization-8 loop
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 09:29:37 -07:00
Tom Eastep
9ad5ee1818
Add correct release id.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-15 07:25:35 -07:00
Tom Eastep
aeb90969f7
Optimize 8 Documentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-14 17:12:25 -07:00
Tom Eastep
cff6f0010f
Remove chain name after '-A' (again).
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-14 17:05:03 -07:00
Tom Eastep
f8bacb54ef
Optimize 8
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-14 13:21:10 -07:00
Tom Eastep
4137961169
Speed up the replace_references* functions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-11 09:00:24 -07:00
Tom Eastep
715ea9ef32
Speed up delete_jumps()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-11 08:38:14 -07:00
Tom Eastep
91a711b34f
Document startup log fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 11:54:54 -07:00
Tom Eastep
4365b83b15
Rationalize init logs
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 11:46:50 -07:00
Tom Eastep
76b9ef7005
Use unshift rather than splice for readability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 09:25:29 -07:00
Tom Eastep
2e443df8e3
Adjust references in move_rules()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 09:09:46 -07:00
Tom Eastep
ff73d802da
More cleanup of rule and chain deletion:
...
- Rename purge_jumps() to delete_jumps()
- Add delete_chain() function
- Remove an unnecessary assertion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-10 08:37:17 -07:00
Tom Eastep
1de304bfd9
Relocate purge_jumps() and change the loop exit condition to be a bit safer.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 13:51:44 -07:00
Tom Eastep
14477d61fe
Verify that purge_jumps() reset the 'to' chain's referenced flag.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 12:28:01 -07:00
Tom Eastep
2ff1df53da
Unify chain deletion.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 11:38:18 -07:00
Tom Eastep
7a831107c7
Replace the complex rule deletion loops with C-stype for loops.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 09:58:32 -07:00
Tom Eastep
9dc8267888
Don't apply RE to rules that we've already checked.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 09:46:07 -07:00
Tom Eastep
1e078b8c8d
Use splice() to delete rules from chains
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 09:38:03 -07:00
Tom Eastep
2f3f591af1
Document removal of fallback scripts.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 07:43:36 -07:00
Tom Eastep
56bc28a182
Prepare 4.4.9 Beta 3
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-09 07:32:21 -07:00
Tom Eastep
c2c0fb0dd2
Fix deletion of only rule in a chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 17:20:11 -07:00
Tom Eastep
ab1a27ca2a
Update version to 4.4.9 Beta 2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 13:14:51 -07:00
Tom Eastep
9a00191c88
Remove a 'defined' test that is no longer needed.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 13:12:17 -07:00
Tom Eastep
359c221783
Keep rules arrays compressed throughout the compilation process
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 12:53:30 -07:00
Tom Eastep
3937c10251
Keep rule arrays compressed during optimization
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 11:35:15 -07:00
Tom Eastep
9126cc63d9
Delete unused rules arrays
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-08 10:55:31 -07:00
Tom Eastep
c668707aac
Update release docs with optimize 4 fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 20:18:56 -07:00
Tom Eastep
cca2c18370
Another case where reference counts are wrong
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 20:07:03 -07:00
Tom Eastep
aeb3b277b0
Fix reference count issue
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 19:47:49 -07:00
Tom Eastep
9d7d7e06d8
Update release documents
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 14:43:50 -07:00
Tom Eastep
3711e64d71
Fix for 0 values propagated to the script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 14:38:29 -07:00
Tom Eastep
3092a85999
SWAG regarding LOG_VERBOSITY issue
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 13:43:57 -07:00
Tom Eastep
c49e3076ec
Recode fix for find_first_interface_address()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 13:28:07 -07:00
Tom Eastep
62c9cb7b36
Change 'first_install' tests
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 13:16:16 -07:00
Tom Eastep
f17365cf6d
Fix find_first_interface_address()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-07 13:05:42 -07:00
Tom Eastep
3b317afb2f
Add mDNS macro from Vincent Smeets.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-04-03 15:57:50 -07:00
Tom Eastep
427b14b21d
Clean up file headers in the .conf files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 11:53:36 -07:00
Tom Eastep
af893b6296
Add 'N' trace records for chain creation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 07:32:38 -07:00
Tom Eastep
c57ee7d68d
Update release notes with additional trace information.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 07:23:17 -07:00
Tom Eastep
b2d8039ff6
Remove unnecessary text and 'before' images from trace entries
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-30 07:12:22 -07:00
Tom Eastep
7e97e9519d
Conditionally trace writes by copy2().
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 11:56:26 -07:00
Tom Eastep
51d4bf19b5
Conditionally trace writes by copy2().
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 11:56:06 -07:00
Tom Eastep
dc7d4bdb09
Document CS->GS trace change.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 09:50:42 -07:00
Tom Eastep
350a89e449
More complete generated script trace
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 09:48:23 -07:00
Tom Eastep
5c91fb40e2
Remove unneeded test; correct typo
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 09:04:45 -07:00
Tom Eastep
db2bed06d8
Add 'T' to the documented netfilter trace types.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 08:31:12 -07:00
Tom Eastep
b261a5b2ec
Document netfilter trace types.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-29 07:23:17 -07:00
Tom Eastep
6d7226ae93
Remove special trace entries
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 16:31:03 -07:00
Tom Eastep
1fd656b8c9
Tweak trace facility
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 15:31:05 -07:00
Tom Eastep
3b07053d3b
Document new 'trace' facility
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 14:37:22 -07:00
Tom Eastep
b0733d93ee
Implement a more robust trace
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 13:09:04 -07:00
Tom Eastep
ef4237f5a0
Avoid verbosity overflow/underflow
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-28 07:27:27 -07:00
Tom Eastep
3e215d0482
Minor cleanup in the Chains module.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-27 08:18:41 -07:00
Tom Eastep
1153ff0c75
Avoid a shell warning when brctl is not installed.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-27 07:33:40 -07:00
Tom Eastep
f30cd7e287
Clarify provisional policy handling.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-26 08:02:49 -07:00
Tom Eastep
5a36606167
Document fix of EXTERNAL handling in proxyarp.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-25 12:13:52 -07:00
Tom Eastep
6cdc1ab7a2
Allow a logical interface name in the EXTERNAL column of the proxyarp file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-25 11:41:06 -07:00
Tom Eastep
a0a5c55a63
Add omitted defect to 4.4.8 problems corrected
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-25 10:14:39 -07:00
Tom Eastep
7d91edc6ec
Remove redundant line of code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-23 12:49:06 -07:00
Tom Eastep
626b28fcd0
Auto-detect bridge when no options specified. Remove extra logic.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-23 09:28:11 -07:00
Tom Eastep
05752dcf0b
Auto-detection of bridges -- release documents.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-23 08:58:44 -07:00
Tom Eastep
5e9aceae68
Detect bridges
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-23 08:38:54 -07:00
Tom Eastep
914d829a49
Don't optimize the 'blacklst' chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-22 06:47:39 -07:00
Tom Eastep
6ac549ef4e
Add a comment explaining why avoiding creation of the blacklst chain
...
and branching to it is a bad idea.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-21 07:24:29 -07:00
Tom Eastep
6fc347b9be
Prepare 4.4.9-Beta1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-20 07:06:47 -07:00
Tom Eastep
9a88156769
Back off on not jumping to the blacklist chain when there are no blacklist entries.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 11:32:22 -07:00
Tom Eastep
fae29bcf6f
Change version to 4.4.8
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 10:17:32 -07:00
Tom Eastep
508475d80b
Avoid panic among the user base by suppressing missing table error messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 10:10:20 -07:00
Tom Eastep
b22b279bd1
Some additional idiot-proofing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 10:01:02 -07:00
Tom Eastep
a71f5df64f
Fix indentation and quoting in TC progress messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-19 06:59:58 -07:00
Tom Eastep
f44dbcf20b
More copyright updates
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-18 11:13:51 -07:00
Tom Eastep
91bc3b3293
Mark a restored configuration as 'Restored' rather than 'Started'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-17 10:10:56 -07:00
Tom Eastep
1177540fd8
Update version to RC2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 12:39:35 -07:00
Tom Eastep
66c883de2c
Fix UDPLITE handling of source port when no dest port given.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 10:45:31 -07:00
Tom Eastep
b2a56cd542
Copyright update
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 09:53:51 -07:00
Tom Eastep
a01fa345b7
Add support for UDP Lite
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 09:42:50 -07:00
Tom Eastep
5ac2b16936
Correct typo in comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 08:49:17 -07:00
Tom Eastep
16bbe780c7
Try to avoid printing import banners unnecessarily
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 07:23:02 -07:00
Tom Eastep
787cec4fe7
Fix 'uninitialized variable' bug in Config::copy2
...
Bug reported by Tuomo Soini
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-16 07:12:39 -07:00
Tom Eastep
a2ac726ce9
Add changelog entry
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-11 18:16:31 -08:00
Tom Eastep
196cd5417f
Allow 'default' optimizations to be disabled by specifying optimization 4096.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-11 17:15:44 -08:00
Tom Eastep
57dc5731b2
Add change log entry
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-10 17:31:35 -08:00
Tom Eastep
249f9412f6
Add undocumented OPTIMIZE=-1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-10 17:31:08 -08:00
Tom Eastep
4f32be03d7
Fix typo in comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-08 15:34:38 -08:00
Tom Eastep
93494c6ae3
Eliminate nested function declarations in generate_matrix()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-08 13:11:10 -08:00
Tom Eastep
fb4f7ebd67
Update release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-08 08:18:10 -08:00
Tom Eastep
07cba9e066
Bump version to RC1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-08 08:11:00 -08:00
Tom Eastep
efed2286b0
Move qt1() to lib.common
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-07 11:50:54 -08:00
Tom Eastep
ce8d1cbc59
Change port range in release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-07 08:39:09 -08:00
Tom Eastep
f246f728e7
Flag '-' used as a port range separator
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-07 08:36:26 -08:00
Tom Eastep
4e18414fd7
Uninstall the logrotate scripts
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 09:24:51 -08:00
Tom Eastep
5671a7ae2f
Add new options to online usage info.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 08:45:43 -08:00
Tom Eastep
88447bfc7d
Avoid dropping first line of library source text
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 08:45:21 -08:00
Tom Eastep
2d458b46b4
Update help text in prog.header*
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 08:13:33 -08:00
Tom Eastep
928b162d3c
Fix bug in handling of -p option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 08:12:04 -08:00
Tom Eastep
7557b4b5fb
Update version to 4.4.8 Beta 3
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 07:41:29 -08:00
Tom Eastep
fe089ddc36
Don't copy headers in imported libraries
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-06 07:40:43 -08:00
Tom Eastep
c8d8d75cae
Cosmetic change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-05 10:40:18 -08:00
Tom Eastep
35974535b2
More removal/relocation of functions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-05 07:29:27 -08:00
Tom Eastep
f8c7a284a5
Remove duplicate/unneeded functions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-05 07:02:00 -08:00
Tom Eastep
8e5114859c
Only load lib.base and lib.cli (lib.base loads lib.common)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-05 06:51:13 -08:00
Tom Eastep
b4d4cedef9
Fix silly bug in 'show dynamic <zone>'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 19:05:47 -08:00
Tom Eastep
abb943bfb7
Do library consolidation on IPv6 and load lib.cli into shorecap.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 13:11:33 -08:00
Tom Eastep
50330f71f6
Move many routines into lib.common.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 12:38:02 -08:00
Tom Eastep
3e4d9b3118
Rename lib.run -> lib.common
2010-03-04 12:13:41 -08:00
Tom Eastep
7757c0bc20
Rename lib.run to lib.common
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:54:56 -08:00
Tom Eastep
41d709b043
Allow 'get_script_version' to correctly handle point releases
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:40:48 -08:00
Tom Eastep
7b52d812ae
Generate correct library path name
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:40:18 -08:00
Tom Eastep
24432a5f76
Back out dumb change to install.sh
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:17:57 -08:00
Tom Eastep
4c081e5998
Add lib.run
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-04 09:12:48 -08:00
Tom Eastep
5d87983803
Update change log. Remove anacronistic comment.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 16:14:15 -08:00
Tom Eastep
1d52683af8
Don't display 'Old' capabilities that are not enabled.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 15:28:49 -08:00
Tom Eastep
a963c8f955
Don't export CONFDIR or SHAREDIR
...
Document CONFDIR, SHAREDIR and VARDIR
Add FILEMODE to the old reserved variable names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 11:46:23 -08:00
Tom Eastep
a4414a9695
Delete references to unimplemented functions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 10:53:40 -08:00
Tom Eastep
3f73b3c408
Export *DIR variables
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 10:39:18 -08:00
Tom Eastep
49c1350aa0
Documentation for final cleanup of variable names
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 10:28:09 -08:00
Tom Eastep
c6981de0e5
Complete elimination of globals that are not .conf options
...
Documentation to follow
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 09:50:07 -08:00
Tom Eastep
ee74696747
IPv6 work to only export when necessary
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 08:59:58 -08:00
Tom Eastep
234e4fa754
Update module versions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 08:51:55 -08:00
Tom Eastep
7457f643ee
Don't export globals when the script is 4.4.8 or later
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-03 08:51:40 -08:00
Tom Eastep
70296b4bd6
Some fixes for -lite changes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 17:16:11 -08:00
Tom Eastep
78a39ccad5
Centralize exporting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 16:03:44 -08:00
Tom Eastep
cce4bf277a
Reduce export usage; Allow PURGE and RESTOREFILE to be specified on the run-line
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 14:49:31 -08:00
Tom Eastep
2656a9b0c7
Eliminate use of PRODUCT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 12:34:36 -08:00
Tom Eastep
5613d0105a
Remove all reliance on HOSTNAME
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 11:59:38 -08:00
Tom Eastep
68f5215f07
Remove Reliance on HOSTNAME in generated programs
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 11:45:35 -08:00
Tom Eastep
3ea6f6792f
Eliminate VERSION reserved variable name
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 08:02:10 -08:00
Tom Eastep
5fc6d58e19
Eliminate STOPPING variable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 07:37:30 -08:00
Tom Eastep
d4936f4bad
Tweak to an RE used in optimization
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-02 06:58:09 -08:00
Tom Eastep
169f97d76b
Fix typo
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 11:28:54 -08:00
Tom Eastep
8cfcacc862
Update release document with fix for multiple policy matches
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 08:40:20 -08:00
Tom Eastep
f11bfd3890
Eliminate redundate setting of PRODUCT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 08:32:59 -08:00
Tom Eastep
cfa09dce22
Avoid multiple policy matches with OPTIMIZE=7 and not KLUDGEFREE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 08:32:37 -08:00
Tom Eastep
3ba797cb14
Correct several bugs in the VERBOSITY overhaul
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-03-01 06:57:04 -08:00
Tom Eastep
53c73bc8e9
Eliminate VERBOSE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 17:58:01 -08:00
Tom Eastep
14f83759ae
Propagate VERBOSITY even though we don't use it yet
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 17:39:35 -08:00
Tom Eastep
546a48543d
Propagate LOG_VERBOSITY
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 17:30:11 -08:00
Tom Eastep
39883aa690
Eliminate LOG_VERBOSE
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 16:58:30 -08:00
Tom Eastep
fb55d63eaf
Allow verbosity to be separate from -V
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 16:42:50 -08:00
Tom Eastep
333ac21c2f
Prepare the footers for 4.6.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 15:25:25 -08:00
Tom Eastep
83ed0a401b
I'll eventually get it the way I like it
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 13:45:33 -08:00
Tom Eastep
585711caa8
Even simpler RE for detecting builtins
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 13:29:26 -08:00
Tom Eastep
693d0e5d4c
Make new test in add_jump() a bit safer.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 12:44:29 -08:00
Tom Eastep
91a14b4e82
Make -s the default on Debian; Issue message when installing in a distro-specific way
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 09:15:11 -08:00
Tom Eastep
d2992c21f4
Update version to Beta 2
2010-02-28 09:04:37 -08:00
Tom Eastep
c9c957c5b8
HKP Macro
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-28 07:37:16 -08:00
Tom Eastep
3c4b41fbe0
Implement -s option in the major installers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-27 11:48:39 -08:00
Tom Eastep
643d4831ab
More all-caps variable elimination
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-26 17:05:35 -08:00
Tom Eastep
061d850c16
Rename RESTOREPATH to g_restorepath
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-26 08:35:50 -08:00
Tom Eastep
c1ac19a81e
Correct a couple of typos
2010-02-25 16:35:19 -08:00
Tom Eastep
8aaddf368b
More reserved variable names documented
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 12:37:22 -08:00
Tom Eastep
e66b8759d6
Document variable name changes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 12:18:41 -08:00
Tom Eastep
7fe7ebc891
Fix Handling of NFQUEUE(queue-num) in policies
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 08:44:28 -08:00
Tom Eastep
4059fe6956
Belatedly update some version numbers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-25 08:43:32 -08:00
Tom Eastep
4415050fd2
Eliminate another reserved variable name
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-23 17:00:26 -08:00
Tom Eastep
bffb1793d7
More global variable renaming
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-23 07:52:35 -08:00
Tom Eastep
70a246501e
Update version of Tc.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-23 07:08:48 -08:00
Tom Eastep
b2350829b9
Rename 'debugging' to 'g_debugging'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 16:43:38 -08:00
Tom Eastep
3fc10cd94b
Prepend 'SW_' to constructed shell variable names.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 10:27:59 -08:00
Tom Eastep
88d29d2e35
Eliminate a couple of more all-caps variable name restrictions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 08:24:29 -08:00
Tom Eastep
55c9cf3e99
Eliminate some of the reserved all-caps variable names
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-22 08:05:23 -08:00
Tom Eastep
2a965d42b9
Add a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-21 07:57:34 -08:00
Tom Eastep
e690303937
Modify Roberto's patch for 'show <chain>' error reporting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 19:09:54 -08:00
Tom Eastep
8baa4e60c9
Merge branch 'master' of ssh://teastep@shorewall.git.sourceforge.net/gitroot/shorewall/shorewall
2010-02-20 18:59:17 -08:00
Roberto C. Sanchez
6a3b2b0dee
Clarify error message when user asks shorewall to show a non-existent chain
2010-02-20 21:57:45 -05:00
Tom Eastep
6307653a01
Pick up one fix from 4.4.7.4 regarding CONTINUE rules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 09:42:58 -08:00
Tom Eastep
5696742ef3
Update release Document with 4.4.7.5 changes and Debian Init Script Fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 08:34:47 -08:00
Tom Eastep
a83663bf25
Return failure status when a supported command fails.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-20 08:20:42 -08:00
Tom Eastep
edaf541850
Don't apply rate limiting twice in ACCEPT+ rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-19 14:01:45 -08:00
Tom Eastep
ceff8adc78
Restore duplicate interface detection in tcinterfaces.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 16:11:30 -08:00
Tom Eastep
3a2173ddb4
Some code cleanup in Tc.pm.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 15:56:59 -08:00
Tom Eastep
ea8be87720
Use Hex representation of device numbers > 9 in simple TC.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 12:53:01 -08:00
Tom Eastep
4e0225a4c3
Update Documentation for per-IP rate limiting fixes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-18 07:12:36 -08:00
Tom Eastep
ea8a6c837f
Document per-IP rate change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 15:41:12 -08:00
Tom Eastep
00b0490cd7
Create a unique hashtable for each instance of a per-IP rate limit
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 15:39:21 -08:00
Tom Eastep
625963a4f0
Final (hopefully) fix for SFQ handle assignment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 09:02:18 -08:00
Tom Eastep
41bb0782a3
Another tweak to SFQ handle assignment.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 08:06:27 -08:00
Tom Eastep
5649dbf9a8
Improve assignment of class ID for SFQ classses
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 07:41:30 -08:00
Tom Eastep
115ce7b87d
Update release documents for bug fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-17 06:49:13 -08:00
Tom Eastep
eaafeb8c2b
Add --hashlimit-htable-expire if the units are minutes or larger
2010-02-17 06:43:52 -08:00
Tom Eastep
375160d733
Avoid duplicate SFQ class numbers
2010-02-17 06:43:16 -08:00
Tom Eastep
167b29c2c5
Bump module version in Compiler.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 14:24:52 -08:00
Tom Eastep
8aaf4aab3a
Don't create log chain for 'RETURN' rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 14:24:00 -08:00
Tom Eastep
4546394531
Cosmetic changes to Compiler.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 14:07:35 -08:00
Tom Eastep
5d08d51fe5
Add $remote_fs to Required-Start and Required-Stop for Debian
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-15 08:39:50 -08:00
Tom Eastep
12d3420a5d
Detect FLOW_FILTER when LOAD_HELPERS_ONLY=No
2010-02-14 10:34:19 -08:00
Tom Eastep
0624451537
Fix for OLD_HL_MATCH.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-14 07:22:12 -08:00
Tom Eastep
5e9ecf1491
Update version of Config module
2010-02-13 11:00:34 -08:00
Tom Eastep
50d246c8be
A little cleanup of compiler.pl
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-13 10:03:32 -08:00
Tom Eastep
ec95e5b32c
Document fix for rate limiting of NAT rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-13 09:11:14 -08:00
Tom Eastep
1258149e0e
Don't apply rate limiting twice in NAT rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-13 07:21:27 -08:00
Tom Eastep
ea5a6c79bc
Bump CAPVERSION
2010-02-11 16:22:47 -08:00
Tom Eastep
5a96771e07
Start 4.4.8 Beta 1
2010-02-11 15:46:57 -08:00
Tom Eastep
757fea7467
Update documentation regarding FLOW_FILTER
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-11 14:35:12 -08:00
Tom Eastep
b35f20b403
Avoid CAPVERSION bump to implement FLOW_FILTER detection
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-11 07:29:41 -08:00
Tom Eastep
b8c195f570
Accurately detect 'flow' availability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-10 14:50:26 -08:00
Tom Eastep
b1c64913b4
Reformat column header in tcinterfaces
2010-02-10 12:00:17 -08:00
Tom Eastep
433fc385bc
'bridge' implies 'routeback'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-09 14:04:36 -08:00
Tom Eastep
21d4c8ba21
Document workaround for lack of 'flow'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-08 10:03:10 -08:00
Tom Eastep
46e2afcf16
Ignore TYPE if old distro
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-08 07:13:20 -08:00
Tom Eastep
b45a70f98a
Make 'nosmurfs' work correctly on IPv6 with Address Type Match
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-08 07:12:58 -08:00
Tom Eastep
18d03a61f5
Make 'nosmurfs' work with Address Type Match on IPv6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-07 08:43:31 -08:00
Tom Eastep
11a2ec9f7c
Update version to 4.4.7
2010-02-05 16:40:48 -08:00
Tom Eastep
e64af57cae
Give smurf logging chain a fixed name.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-03 16:04:59 -08:00
Tom Eastep
f4e175f149
Fix IPv6 'nosmurfs'. Make 'nosmurfs' logging more efficient.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-03 15:03:15 -08:00
Tom Eastep
97f3e5b8de
Clear known problems.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-03 07:18:55 -08:00
Tom Eastep
52880a8822
Clean up generate_matrix() fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-03 06:57:51 -08:00
Tom Eastep
9d288241da
Fix issues in generate_matrix().
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 19:42:54 -08:00
Tom Eastep
096fb29203
DEBUG and PURGE -- take 2.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 13:57:50 -08:00
Tom Eastep
1d8a7ad09f
Clear DEBUG and PURGE shell variables
...
Delete a blank line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 13:55:29 -08:00
Tom Eastep
753eb97667
Update version to 4.4.7 RC2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 10:30:53 -08:00
Tom Eastep
ede17e2da0
Set ADD_IP_ALIASES=No in all shorewall.conf files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-02 08:16:41 -08:00
Tom Eastep
dd60f04a9f
Work around lack of MARK Target support
2010-02-01 16:22:57 -08:00
Tom Eastep
58f6e57286
Update known problems
2010-02-01 16:19:36 -08:00
Tom Eastep
d354560863
Finish last change.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-01 14:25:51 -08:00
Tom Eastep
f0d101605b
Don't try to combine nat chains that include '-s'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-02-01 14:24:07 -08:00
Tom Eastep
1981372c94
Make search for "-j ACCEPT" a little tighter
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-31 08:27:30 -08:00
Tom Eastep
f2709dd525
Correct release notes to match implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-30 20:31:39 -08:00
Tom Eastep
3d39a47582
Set $have_ipsec after completing parse of the hosts file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-30 07:26:35 -08:00
Tom Eastep
659f774451
Sort %detect_capability for easier verification.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-29 13:09:53 -08:00
Tom Eastep
9d2decd26d
Modify determine_capabilities to use detect_capability()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-29 10:38:22 -08:00
Tom Eastep
b8ec2be516
Clean up handling of %detect_capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-28 16:39:45 -08:00
Tom Eastep
ecc7861115
Validate LOAD_HELPERS_ONLY before detecting capabilities.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-28 08:05:24 -08:00
Tom Eastep
ebd847ef70
Don't display capabilties if they have not been determined
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-28 08:04:54 -08:00
Tom Eastep
05f2bb4b3a
Correction to last patch.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 17:52:27 -08:00
Tom Eastep
103a1660bc
Update release notes for RC 1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 12:57:47 -08:00
Tom Eastep
9d25318d80
Fix detection of HASHLIMIT_MATCH on old kernels.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 12:53:31 -08:00
Tom Eastep
be117f6638
Remove traffic shaping modules from 'helpers'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 10:37:42 -08:00
Tom Eastep
2069855e44
Restore module loader to lib.base (it is needed by shorecap).
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 10:09:12 -08:00
Tom Eastep
846715b009
Remove module loading code from lib.base
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 09:58:14 -08:00
Tom Eastep
54456de888
Update module versions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 09:01:00 -08:00
Tom Eastep
c05c1a6f50
Update version to 4.4.7 RC1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-27 06:58:44 -08:00
Tom Eastep
1556002b54
A couple of tweaks to the LOAD_HELPERS_ONLY optimization change.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-25 15:59:31 -08:00
Tom Eastep
fb007bc1c7
Bump version to Beta 4
2010-01-25 12:25:01 -08:00
Tom Eastep
9408a114c6
Don't load unused modules when LOAD_HELPERS_ONLY=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-25 10:50:49 -08:00
Tom Eastep
d933aa602b
Eliminate 'ORIGINAL_POLICY_MATCH'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-25 08:13:22 -08:00
Tom Eastep
90b68a05de
Don't export %capabilities
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-25 07:56:16 -08:00
Tom Eastep
bfdc6719c1
Fix DropBcasts()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-24 12:16:15 -08:00
Tom Eastep
e14d48c2cf
Bump version to 4.4.7-Beta3
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-22 16:46:29 -08:00
Tom Eastep
0d63182ab4
Fix ambiguous syntax in Config.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-22 16:44:45 -08:00
Tom Eastep
199a50e1c7
Update version to 4.4.7 Beta 2
...
Add problems corrected to the release notes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-22 10:35:27 -08:00
Tom Eastep
8def4d03c3
Document LOAD_HELPERS_ONLY=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 20:17:25 -08:00
Tom Eastep
8f85c75264
Implement LOAD_HELPERS_ONLY for IPv6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 15:49:44 -08:00
Tom Eastep
efc43b1b24
Add implementation of LOAD_HELPERS_ONLY
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 15:49:35 -08:00
Tom Eastep
a248acb4d4
Add LOAD_HELPERS_ONLY Option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 15:49:23 -08:00
Tom Eastep
4303ad0a3e
Add Module Helpers File
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 15:48:24 -08:00
Tom Eastep
10fe25050f
Add TC_PRIOMAP fix to change log
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 10:39:40 -08:00
Tom Eastep
a7d4207bf5
Add TC_PRIOMAP to shorewall*.conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-21 10:38:32 -08:00
Tom Eastep
6b9afd6a82
Remove "-common" from installer messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-19 08:28:08 -08:00
Tom Eastep
9788e057bf
Correct filenames in install.sh -- Take 2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-18 09:29:14 -08:00
Tom Eastep
1716995d75
Correct filenames in install.sh
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-18 09:20:09 -08:00
Tom Eastep
5cc2edf15a
Add the new tc files to the repository
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-18 09:03:05 -08:00
Tom Eastep
8798d3cdb4
Install tcinterfaces and tcpri
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-18 07:39:36 -08:00
Tom Eastep
4453bb7dc8
More updates from 4.5
2010-01-17 16:18:44 -08:00
Tom Eastep
eb790c6d89
Add IPMARK and TPROXY modules to load list
2010-01-17 15:51:19 -08:00
Tom Eastep
e119037dea
Make 'is_isable()' work with 'lo'
2010-01-17 15:38:20 -08:00
Tom Eastep
f072c10b18
Set version to 4.4.7 Beta1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-17 09:10:48 -08:00
Tom Eastep
957de4b057
Add new options to shorewall[6].conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-17 08:50:32 -08:00
Tom Eastep
146a738e4c
Document TPROXY
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-17 08:20:15 -08:00
Tom Eastep
f4102417ff
Shorewall::Config changes for TPROXY from 4.5
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-17 08:15:14 -08:00
Tom Eastep
07cdb8ca82
Backport TPROXY from 4.5
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-17 08:12:44 -08:00
Tom Eastep
47007c5dbd
Allow protocol to be expressed in octal or hex
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 14:20:47 -08:00
Tom Eastep
aad8ea837a
Allow port numbers to be specified in Hex
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 14:00:47 -08:00
Tom Eastep
5ec7759d81
Don't pass an undefined value to fatal_error when numeric conversion fails.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 12:35:18 -08:00
Tom Eastep
fddb85189e
Update release documents for functionality backported from 4.5.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 11:32:50 -08:00
Tom Eastep
4bf0b8e1dd
Add new configuration options and optimization changes from 4.5
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 09:53:53 -08:00
Tom Eastep
d5cc302ad9
Start 4.4.7
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 08:11:13 -08:00
Tom Eastep
45d975cb45
Final editing of release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-14 08:25:32 -08:00
Tom Eastep
6e998edd48
Correct typo -- TC_EXPORT -> TC_EXPERT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-14 07:48:19 -08:00
Tom Eastep
ebf1e55609
Version to 4.4.6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 15:38:19 -08:00
Tom Eastep
1f1812b786
Document mDNS change in the release notes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 13:24:24 -08:00
Tom Eastep
bffe8ce4c6
Add multicast address to mDNS macro
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 13:20:07 -08:00
Tom Eastep
79f8031267
Add IGMP to the mDNS macro.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 13:03:34 -08:00
Tom Eastep
b8b7555ff9
Add "[ <device> ]" to "show tc" usage syntax
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 12:28:20 -08:00
Tom Eastep
880cd269c7
More mark geometry misses
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 12:16:40 -08:00
Tom Eastep
72de96760f
One more 0xFF -> $globals{TC_MASK} fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 12:11:00 -08:00
Tom Eastep
890cbfbd5d
Document TRACK_PROVIDERS change in the release notes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 10:59:34 -08:00
Tom Eastep
10c5630786
A few more instances of TC_MASK
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 10:50:14 -08:00
Tom Eastep
555133fa3c
Bump version to 4.4.6-Beta2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 10:14:31 -08:00
Tom Eastep
b4b6dce7c8
Add some comments
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 08:12:00 -08:00
Tom Eastep
4821d5e8b7
Change quantum to 1875 for simple TC SFQ.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 08:11:49 -08:00
Tom Eastep
55e41483de
Update Release Documents
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 20:12:31 -08:00
Tom Eastep
db2a1fe749
Add lib.cli changes to 4.4.6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 18:57:04 -08:00
Tom Eastep
f69a741691
Port Simplified TC to 4.4.6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 17:01:20 -08:00
Tom Eastep
7e183e8eb4
Change version to 4.4.6-Beta1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 15:57:55 -08:00
Tom Eastep
57672d096c
Don't invoke 4.5 optimization under 4.4.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 15:47:14 -08:00
Tom Eastep
ae31a09e8b
Move code and add comments:
...
- Declare all of the 'preview' helpers together in Chains.pm
- Add some clarifying comments in the compiler.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 15:32:59 -08:00
Tom Eastep
4420eed8d7
Allow users to preview the generated ruleset.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 15:32:50 -08:00
Tom Eastep
818dfb6295
Document 'show macro' in the release docs.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 13:46:14 -08:00
Tom Eastep
6c62f14749
Add 'show macro' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 13:40:25 -08:00
Tom Eastep
4464094773
Update release documents for DHCPfwd
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 07:51:20 -08:00
Tom Eastep
b6a7723c05
Add DHCPfwd macro
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 07:48:55 -08:00
Tom Eastep
baa893773d
Apply Macro changes from Tuomo Soini
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 07:35:41 -08:00
Tom Eastep
6b085b7897
Update module versions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 18:54:23 -08:00
Tom Eastep
5b4e9eb8e6
Revert change with migration issue
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 15:30:33 -08:00
Tom Eastep
0b549c7a15
Suppress mark geometry output
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 14:55:42 -08:00
Tom Eastep
fc8bfdcbf9
Update release documents
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 14:49:45 -08:00
Tom Eastep
1a74dbf93e
Add mark geometry changes to Shorewall::Chains and Shorewall::Compiler
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 14:39:22 -08:00
Tom Eastep
01293427f5
Add Mark Geometry changes to Shorewall::Tc
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 14:29:34 -08:00
Tom Eastep
4f5bb5e90b
Add new mark geometry changes to Shorewall::Providers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 14:22:01 -08:00
Tom Eastep
d2d2912534
Add New mark geometry variables to Shorewall::Config
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 14:16:03 -08:00
Tom Eastep
4e50ea14ea
Back out EXMARK detection since it is unused in 4.4.
...
Long overdue change to LIBVERSION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-09 09:30:25 -08:00
Tom Eastep
b0feeb805d
Fix typo in clear_firewall()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-09 07:28:57 -08:00
Tom Eastep
54b21365c2
Update release documents for [...] change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-08 13:58:15 -08:00
Tom Eastep
e6c0c8f6b7
Allow both <...> and [...] for IPv6 Addresses
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-08 13:55:13 -08:00
Tom Eastep
83c2473d78
Correct typo in error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-06 08:26:13 -08:00
Tom Eastep
ca4eee3ae4
Correct handling of 'refresh' failures
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-06 08:01:46 -08:00
Tom Eastep
db819b1d3f
Update release notes to qualify when ipsets are restored by 'restore'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-06 07:57:02 -08:00
Tom Eastep
605da92eca
Don't try to restore ipsets when 'restore' is being used to recover
...
from a start/restart failure.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-06 07:44:34 -08:00
Tom Eastep
d362af9fb6
Set CAPSVERSION to 4.4.7 just to be safe.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-05 10:00:29 -08:00
Tom Eastep
ab1dc03986
Implement EXMARK capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-05 09:35:11 -08:00
Tom Eastep
d6123a8fbc
Improve IPSET_SAVE restore logic:
...
- Call startup_error() rather than fatal_error()
- Call startup_error when restore-ipsets file exists but Shorewall is running
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-04 14:23:33 -08:00
Tom Eastep
84051ca19a
Update the release notes regarding SAVE_IPSETS and save/restore
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-04 12:49:58 -08:00
Tom Eastep
4e0f9b2ef3
Make save/restore work with SAVE_IPSETS=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-04 12:43:12 -08:00
Tom Eastep
e3c75dcfcc
Document the restoration of SAVE_IPSETS=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-04 11:54:59 -08:00
Tom Eastep
1aa55779e2
Re-enable SAVE_IPSETS=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-04 11:14:45 -08:00