Tom Eastep
|
79bb47582a
|
Zero out {frozen} in a deleted chain entry
|
2010-09-17 16:00:36 -07:00 |
|
Tom Eastep
|
596d207dfc
|
Simplify a test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-17 15:43:56 -07:00 |
|
Tom Eastep
|
8cdbe5f88d
|
Fix an optimization bug with the new blacklisting code
|
2010-09-17 15:43:47 -07:00 |
|
Tom Eastep
|
402b3b929e
|
Restore trace output in move_rules()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-17 15:43:03 -07:00 |
|
Tom Eastep
|
c5bb3ecfac
|
Simplify a test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-17 15:42:05 -07:00 |
|
Tom Eastep
|
c9e876fcf5
|
Fix an optimization bug with the new blacklisting code
|
2010-09-17 15:10:02 -07:00 |
|
Tom Eastep
|
85430e459c
|
Restore trace output in move_rules()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-17 14:35:25 -07:00 |
|
Tom Eastep
|
ad660d7fe5
|
Simplify move_rules()
|
2010-09-17 13:53:10 -07:00 |
|
Tom Eastep
|
3d0f8e962e
|
Simplify move_rules()
|
2010-09-17 13:49:32 -07:00 |
|
Tom Eastep
|
7a6943fa54
|
Disallow mss and blacklist on firewall and vserver zones
|
2010-09-17 12:54:58 -07:00 |
|
Tom Eastep
|
b76ee408a5
|
Emit clearer error messages
|
2010-09-17 12:54:54 -07:00 |
|
Tom Eastep
|
2e3635ff50
|
Be sure that {frozen} is defined
|
2010-09-17 12:54:44 -07:00 |
|
Tom Eastep
|
28aa7b8267
|
Re-add OPTIONS column to blacklist templates
|
2010-09-17 12:54:38 -07:00 |
|
Tom Eastep
|
ab78aac3a4
|
Disallow mss and blacklist on firewall and vserver zones
|
2010-09-17 12:46:38 -07:00 |
|
Tom Eastep
|
330afe1701
|
Emit clearer error messages
|
2010-09-17 12:35:34 -07:00 |
|
Tom Eastep
|
239b4a2356
|
Be sure that {frozen} is defined
|
2010-09-17 12:08:48 -07:00 |
|
Tom Eastep
|
65de1e4e6e
|
Re-add OPTIONS column to blacklist templates
|
2010-09-17 11:56:47 -07:00 |
|
Tom Eastep
|
7175f8a63e
|
Revert versions on Rules and Zones modules
|
2010-09-17 11:08:45 -07:00 |
|
Tom Eastep
|
d898c87617
|
Eliminate a parameter to add_jump()
|
2010-09-17 11:08:12 -07:00 |
|
Tom Eastep
|
07930fc535
|
Revert versions on Rules and Zones modules
|
2010-09-17 11:06:32 -07:00 |
|
Tom Eastep
|
5357f4c347
|
Eliminate a parameter to add_jump()
|
2010-09-17 11:05:35 -07:00 |
|
Tom Eastep
|
af24baaecd
|
Update version to RC1 (one more time)
|
2010-09-17 09:14:56 -07:00 |
|
Tom Eastep
|
e61230a3db
|
Update version to Beta 6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-17 08:23:24 -07:00 |
|
Tom Eastep
|
8e2c8e5a8f
|
Document use of state match for NOTRACK
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-17 08:21:16 -07:00 |
|
Tom Eastep
|
882970a598
|
Use state match for UNTRACKED
|
2010-09-17 07:58:21 -07:00 |
|
Tom Eastep
|
2ce3c8aa88
|
Ensure that blacklist rules are before the other interface-oriented rules
|
2010-09-16 18:19:16 -07:00 |
|
Tom Eastep
|
27c445381e
|
Treat 'blacklist' uniformly in hosts and zones
|
2010-09-16 15:48:12 -07:00 |
|
Tom Eastep
|
67b9ae0d2c
|
Update release documents
|
2010-09-16 15:47:05 -07:00 |
|
Tom Eastep
|
1c870b532a
|
Preserve dynamic blacklist during stop/clear/restore
|
2010-09-16 12:17:04 -07:00 |
|
Tom Eastep
|
a8c9fc1859
|
Implement new Blacklisting Scheme
|
2010-09-16 09:40:28 -07:00 |
|
Tom Eastep
|
3c1cff0794
|
First steps toward zone-based blacklisting
|
2010-09-16 06:55:48 -07:00 |
|
Tom Eastep
|
1d650b41cd
|
Remove blacklisting by destination IP address support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-15 15:24:58 -07:00 |
|
Tom Eastep
|
3ad3f0d9e0
|
Allow floating point numbers in tcinterfaces fields other than <rate>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-15 14:07:21 -07:00 |
|
Tom Eastep
|
ba89ec39b5
|
Add :<burst> to /etc/shorewall/tcdevices
|
2010-09-15 11:56:14 -07:00 |
|
Tom Eastep
|
69a2fa1907
|
Replace to/from with dst/src
|
2010-09-15 11:25:46 -07:00 |
|
Tom Eastep
|
f925b335ef
|
Ignore the 'blacklist' host option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-15 08:10:57 -07:00 |
|
Tom Eastep
|
373fc87165
|
More blacklisting wrapup
- Deprecate 'blacklist' in the hosts file
- Base blacklisting on interfaces alone
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-15 07:38:20 -07:00 |
|
Tom Eastep
|
4d0e8d129b
|
Add dup blacklist message
|
2010-09-14 18:04:27 -07:00 |
|
Tom Eastep
|
10a9ae496a
|
More manpage updates for 4.4.13
|
2010-09-14 16:47:45 -07:00 |
|
Tom Eastep
|
94cdc73ec2
|
Restore setpolicy() to prog.header*
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-14 13:50:22 -07:00 |
|
Tom Eastep
|
c4a40d8c7b
|
Set version to RC1 (again)
|
2010-09-14 13:09:50 -07:00 |
|
Tom Eastep
|
c6960f1ac2
|
Edit release notes
|
2010-09-14 07:36:29 -07:00 |
|
Tom Eastep
|
1f2691b052
|
Another fix for blacklisting; correct composition of $hosts1
|
2010-09-14 06:47:29 -07:00 |
|
Tom Eastep
|
0f913fca2f
|
Don't create blackout unnecessarily
|
2010-09-13 18:15:50 -07:00 |
|
Tom Eastep
|
82bccf16b5
|
Avoid internal error when there are no 'to' entries
|
2010-09-13 17:55:20 -07:00 |
|
Tom Eastep
|
bb38ed16b0
|
Document ipset creation fix
|
2010-09-13 15:54:44 -07:00 |
|
Tom Eastep
|
b1e9bff382
|
Create new ipsets on 'start'
|
2010-09-13 15:46:04 -07:00 |
|
Tom Eastep
|
a6194fabd2
|
Delete blank line
|
2010-09-13 14:15:47 -07:00 |
|
Tom Eastep
|
33adbe7a27
|
Update documentation for net TC features
|
2010-09-13 13:51:25 -07:00 |
|
Tom Eastep
|
1729da87f1
|
Allow both 'to' and 'from' in blacklist
|
2010-09-13 12:51:10 -07:00 |
|
Tom Eastep
|
9b4c3e22dd
|
Allow floating point numbers in TC rates
|
2010-09-13 12:50:50 -07:00 |
|
Tom Eastep
|
cb1f7adea3
|
Add :<burst> to IN-BANDWIDTH
|
2010-09-13 11:23:37 -07:00 |
|
Tom Eastep
|
283eda2fa5
|
Cosmetic change to OUT-BANDWIDTH code
|
2010-09-12 16:33:19 -07:00 |
|
Tom Eastep
|
bd9041306c
|
Add undocumented OUT-BANDWIDTH column to tcinterfaces
|
2010-09-12 16:25:45 -07:00 |
|
Tom Eastep
|
a3b7b9c11b
|
Delete unused functions from prog.header*
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-12 10:07:26 -07:00 |
|
Tom Eastep
|
931c5a8d0a
|
Add an assertion
|
2010-09-11 16:24:27 -07:00 |
|
Tom Eastep
|
50fc972d2a
|
Fix another SAME defect :-(
|
2010-09-11 16:15:09 -07:00 |
|
Tom Eastep
|
512cd7b08e
|
Bump version to 4.4.13 RC 1
|
2010-09-11 15:46:14 -07:00 |
|
Tom Eastep
|
aad7b70e18
|
Rename constant
|
2010-09-11 15:31:43 -07:00 |
|
Tom Eastep
|
c6c6503d83
|
Clean up a remaining issue with SAME
|
2010-09-11 15:24:01 -07:00 |
|
Tom Eastep
|
f004916055
|
Disallow a DEST interface in mangle OUTPUT rules
|
2010-09-11 14:10:05 -07:00 |
|
Tom Eastep
|
3ea7808b38
|
Disallow a DEST interface in mangle PREROUTING rules
|
2010-09-11 14:02:09 -07:00 |
|
Tom Eastep
|
37a5a01185
|
Correct INPUT marking documentation
|
2010-09-11 12:47:32 -07:00 |
|
Tom Eastep
|
e93a7fe9df
|
Avoid recent problems by not padding $target in process_tc_rule()
|
2010-09-11 11:03:28 -07:00 |
|
Tom Eastep
|
d9ced1051a
|
One more fix for SAME
|
2010-09-11 10:35:45 -07:00 |
|
Tom Eastep
|
367fc041b8
|
Correct handling of SAME -- Take 2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-11 09:36:19 -07:00 |
|
Tom Eastep
|
83ae6d6eba
|
Document fix for 'SAME'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-11 09:04:42 -07:00 |
|
Tom Eastep
|
dbc9f6ac8f
|
Correct handling of SAME
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-11 08:56:22 -07:00 |
|
Tom Eastep
|
05b6947aac
|
Document fix for ipset invocation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-11 08:55:35 -07:00 |
|
Tom Eastep
|
8dd42c9e19
|
Correct handling of dst/src list in ipset invocation
|
2010-09-11 07:41:01 -07:00 |
|
Tom Eastep
|
99f8f84024
|
Fix name of F chain in secmarks
|
2010-09-10 16:45:22 -07:00 |
|
Tom Eastep
|
69817007bf
|
Some more fixes for blacklisting
|
2010-09-09 14:53:12 -07:00 |
|
Tom Eastep
|
50300a60b7
|
A number of corrections to split blacklisting.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-09 11:20:49 -07:00 |
|
Tom Eastep
|
64544f4ab5
|
Correct comparison in 'blacklist' handling
|
2010-09-09 10:22:48 -07:00 |
|
Tom Eastep
|
cd4b5d80ed
|
Reduce patch footprint by two lines
|
2010-09-09 09:00:28 -07:00 |
|
Tom Eastep
|
df1e17eaa8
|
Re-enable 'blacklist' on bridge ports
|
2010-09-09 07:09:08 -07:00 |
|
Tom Eastep
|
828d190436
|
Change example
|
2010-09-07 19:14:43 -07:00 |
|
Tom Eastep
|
7dbd994f51
|
Update installers for secmarks
|
2010-09-07 07:56:11 -07:00 |
|
Tom Eastep
|
50b4bd8dfe
|
More Blacklist and Secmark documentation updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-06 17:26:49 -07:00 |
|
Tom Eastep
|
f3255cd83a
|
Rework blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-06 15:29:20 -07:00 |
|
Tom Eastep
|
c6f58ba924
|
Enhance SELinux support:
- Add state match
- Add user/group match
- Add examples to the man pages
|
2010-09-06 09:06:40 -07:00 |
|
Tom Eastep
|
33dc8de8fb
|
Allow dash's in ipset names
|
2010-09-05 11:41:35 -07:00 |
|
Tom Eastep
|
23e94e136c
|
Allow COMMENT, SAVE and RESTORE to work correctly in secmarks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-05 08:17:58 -07:00 |
|
Tom Eastep
|
629290259d
|
Allow secmarks without TC_ENABLED
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-05 07:49:03 -07:00 |
|
Tom Eastep
|
b139ff7e90
|
Update docs and implementation of SECMARK
|
2010-09-04 16:08:29 -07:00 |
|
Tom Eastep
|
28ff3548ff
|
Bump version to 4.4.13-Beta4
|
2010-09-04 15:30:02 -07:00 |
|
Tom Eastep
|
15d8d6d8b7
|
Add SECMARK and CONNSECMARK support
|
2010-09-04 15:12:08 -07:00 |
|
Tom Eastep
|
6caff51c98
|
Modify a comment are delete a silly identity assignment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-09-01 11:24:19 -07:00 |
|
Tom Eastep
|
62fcf1ae8b
|
Adjust version of Raw.pm
|
2010-08-31 16:52:48 -07:00 |
|
Tom Eastep
|
dfebe5a35e
|
Correct error message
|
2010-08-31 16:33:15 -07:00 |
|
Tom Eastep
|
8f94137007
|
Fix last change
|
2010-08-30 16:47:45 -07:00 |
|
Tom Eastep
|
1da6d51d1a
|
Reduce the Beta3 patch footprint by making the second arg to known_interface() optional
|
2010-08-30 16:43:30 -07:00 |
|
Tom Eastep
|
add76ed14e
|
Bump version to 4.4.13 Beta 3
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-08-30 12:33:10 -07:00 |
|
Tom Eastep
|
7f0f4516d7
|
Rework handle_optional_interfaces() somewhat
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-08-30 12:29:39 -07:00 |
|
Tom Eastep
|
c18d206726
|
Use a function to generate the list of interfaces with an L3 address
|
2010-08-29 20:13:56 -07:00 |
|
Tom Eastep
|
57c54af6ed
|
Re-implement optional interface handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-08-29 12:32:44 -07:00 |
|
Tom Eastep
|
d94f2cc86d
|
Insure that the mapping to base names is deterministic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2010-08-29 07:28:06 -07:00 |
|
Tom Eastep
|
be0231578f
|
Insure uniqueness of chain_base mapping
|
2010-08-28 20:47:39 -07:00 |
|
Tom Eastep
|
95a09b996f
|
Fix test for KLUDGEFREE
|
2010-08-28 20:47:15 -07:00 |
|
Tom Eastep
|
1531ad3bcd
|
Re-implement interface->shell-variable mapping
|
2010-08-28 15:15:41 -07:00 |
|