shorewall_code

Author	SHA1	Message	Date
Tom Eastep	aabb22a50f	Add the TRACK_RULES option Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-07-24 07:22:51 -07:00
Tom Eastep	3ec6745df9	Use log_irule_limit() internally where possible. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-07-02 11:48:02 -07:00
Tom Eastep	18e7e43b2f	Eliminate globals{STATEMATCH} Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-07-01 16:01:57 -07:00
Tom Eastep	53f1cd40df	Add 'unmanaged' option Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-06-10 12:36:18 -07:00
Tom Eastep	3867902b27	Use 'NONE' policies for LOOPBACK and LOCAL zones to non-firewall zones. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-06-02 07:31:32 -07:00
Tom Eastep	4865899018	Avoid a forward jump for local zones. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-05-30 06:52:09 -07:00
Tom Eastep	a48a4b7a2e	Don't allow fowarding between local zones. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-05-28 06:14:44 -07:00
Tom Eastep	2de0fbf7d0	Change 'local' to 'loopback' and add 'local' zones that match non-loopback interfaces. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-05-26 14:06:51 -07:00
Tom Eastep	dde1f0a779	Only enable helpers during a 'clear' operation. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-05-25 16:31:27 -07:00
Tom Eastep	fd11eb7d82	Omit fw->fw jumps when there is a local zone. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-05-22 09:19:34 -07:00
Tom Eastep	8df8fe990a	Allow 'local' zone to work with 'destonly' Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-05-22 07:34:04 -07:00
Tom Eastep	ac02c484f5	Change 'local' interface option to a zone type. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-05-19 15:35:20 -07:00
Tom Eastep	2e293dd356	Make 'local,destonly' work correctly. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-05-14 14:36:51 -07:00
Tom Eastep	9178ecbab0	Suppress superfluous ACCEPT rule when 'lo' is attached to a 'local' zone. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-05-12 10:38:44 -07:00
Tom Eastep	2fb01bec8d	Don't assume 'destonly' with 'local'. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-05-12 09:58:37 -07:00
Tom Eastep	1bb5b89ee1	Add the 'local' interface option. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-05-12 09:27:12 -07:00
Tom Eastep	1b9fd642bb	Add INLINE to the accounting file. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-04-20 08:02:02 -07:00
Tom Eastep	38f3ae0934	Handle 'NONE' policy correctly. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-04-11 09:35:27 -07:00
Tom Eastep	ee2e85c0fb	Correct generation of the blacklog chain when disposition is audited Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-04-10 16:43:38 -07:00
Tom Eastep	273f109daf	Correct handling of MACLIST_DISPOSITION=A_xxx when MACLIST_TABLE=mangle Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-04-09 09:37:12 -07:00
Tom Eastep	0c30e7c013	Uniform handling of VLSM width. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-03-23 09:19:26 -07:00
Tom Eastep	f44becdee1	Rename BLACKLIST_LOGLEVEL to BLACKLIST_LOG_LEVEL for consistent naming. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-02-12 07:47:02 -08:00
Tom Eastep	fc73c3934b	Replace BLACKLISTNEWONLY with BLACKLIST Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-01-30 08:00:47 -08:00
Tom Eastep	af83989465	Update copyright dates. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-01-11 16:01:10 -08:00
Tom Eastep	414a74d23c	Support protocol lists in most files. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2013-01-07 16:06:54 -08:00
Tom Eastep	38657d9f98	Support for arptables. Signed-off-by: Tom Eastep <teastep@mint14.(none)>	2013-01-04 09:17:57 -08:00
Tom Eastep	51deec115b	Correct handling of wildcard interfaces - chain_base[1] renamed var_base[1] - $chain replaced by $var in renamed functions - replace trailing '+' by '_plus' to provide uniqueness - add sub chain_base() to the Chains module as an identity mapper Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-12-28 10:39:19 -08:00
Tom Eastep	4393a6c603	Eliminate redundant calls to clear_comment. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-12-24 12:35:08 -08:00
Tom Eastep	14f8947012	Remove old COMMENT/FORMAT handling Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-12-24 09:31:20 -08:00
Tom Eastep	15817078b8	Use 'our' for globals to aid debugging. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-12-23 13:16:54 -08:00
Tom Eastep	41b4485310	Implement ?COMMENT directive Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-12-22 15:47:03 -08:00
Tom Eastep	71bbc632ce	Handle 'fw' correctly in the SOURCE column of the stoppedrules file. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-11-23 08:35:51 -08:00
Tom Eastep	b89e05740d	Insure that nested zone exclusions go in the proper place in raw PREROUTING Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-11-21 14:49:21 -08:00
Tom Eastep	54dadcc546	Ensure that zone-specific rules come before 'all' rules. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-11-21 14:20:30 -08:00
Tom Eastep	ffcf262de4	Ensure that the 1:1 NAT chain jumps always come last in PREROUTING. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-09-26 15:46:52 -07:00
Tom Eastep	a223245c01	Don't create classic blacklist chains if no blacklist file. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-09-12 07:30:34 -07:00
Tom Eastep	ebc4ad2f1e	Add warning message when an OUTPUT stopped rule is ignored due to ADMINISABSENTMINDED Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-09-05 07:16:40 -07:00
Tom Eastep	3993abad4e	Revert routestopped changes. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-09-04 17:03:02 -07:00
Tom Eastep	eb854f1dbe	Only process routestopped when stoppedrules does not exist or is empty Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-09-04 08:46:04 -07:00
Tom Eastep	8e5bd3637d	Implement stoppedrules file (less manpages) Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-09-03 08:44:03 -07:00
Tom Eastep	353915fc8b	Allow ipsets in the routestopped file. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-09-01 10:52:37 -07:00
Tom Eastep	e2c7284529	Correct handling of 'source' with ADMINISABSENTMINDED=No Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-09-01 08:26:31 -07:00
Tom Eastep	1e11109bb2	Don't combine rules with '-m policy' Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-08-16 08:34:30 -07:00
Tom Eastep	b372163122	Enable automatic helper association during 'stop'. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-08-12 08:42:53 -07:00
Tom Eastep	ee28638604	Add HELPERS to rules file Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-08-08 07:23:20 -07:00
Tom Eastep	ccf517307e	Handle raw table zones from VSERVERS Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-08-07 14:51:58 -07:00
Tom Eastep	55b527d065	Eliminate a local variable. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-07-15 20:22:19 -07:00
Tom Eastep	1db79a91eb	'rpfilter' option Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-07-15 10:05:32 -07:00
Tom Eastep	1f54d19981	Split add_input_jumps() into two functions - Added add_forward_jump() - Added lots of comments Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-06-09 17:21:59 -07:00
Tom Eastep	a2f32f25c5	Add some comments. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2012-06-09 06:20:40 -07:00

1 2 3 4

163 Commits