Commit Graph

3322 Commits

Author SHA1 Message Date
Tom Eastep
79bb47582a Zero out {frozen} in a deleted chain entry 2010-09-17 16:00:36 -07:00
Tom Eastep
596d207dfc Simplify a test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 15:43:56 -07:00
Tom Eastep
8cdbe5f88d Fix an optimization bug with the new blacklisting code 2010-09-17 15:43:47 -07:00
Tom Eastep
402b3b929e Restore trace output in move_rules()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 15:43:03 -07:00
Tom Eastep
c5bb3ecfac Simplify a test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 15:42:05 -07:00
Tom Eastep
c9e876fcf5 Fix an optimization bug with the new blacklisting code 2010-09-17 15:10:02 -07:00
Tom Eastep
85430e459c Restore trace output in move_rules()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 14:35:25 -07:00
Tom Eastep
ad660d7fe5 Simplify move_rules() 2010-09-17 13:53:10 -07:00
Tom Eastep
3d0f8e962e Simplify move_rules() 2010-09-17 13:49:32 -07:00
Tom Eastep
7a6943fa54 Disallow mss and blacklist on firewall and vserver zones 2010-09-17 12:54:58 -07:00
Tom Eastep
b76ee408a5 Emit clearer error messages 2010-09-17 12:54:54 -07:00
Tom Eastep
2e3635ff50 Be sure that {frozen} is defined 2010-09-17 12:54:44 -07:00
Tom Eastep
28aa7b8267 Re-add OPTIONS column to blacklist templates 2010-09-17 12:54:38 -07:00
Tom Eastep
ab78aac3a4 Disallow mss and blacklist on firewall and vserver zones 2010-09-17 12:46:38 -07:00
Tom Eastep
330afe1701 Emit clearer error messages 2010-09-17 12:35:34 -07:00
Tom Eastep
239b4a2356 Be sure that {frozen} is defined 2010-09-17 12:08:48 -07:00
Tom Eastep
65de1e4e6e Re-add OPTIONS column to blacklist templates 2010-09-17 11:56:47 -07:00
Tom Eastep
7175f8a63e Revert versions on Rules and Zones modules 2010-09-17 11:08:45 -07:00
Tom Eastep
d898c87617 Eliminate a parameter to add_jump() 2010-09-17 11:08:12 -07:00
Tom Eastep
07930fc535 Revert versions on Rules and Zones modules 2010-09-17 11:06:32 -07:00
Tom Eastep
5357f4c347 Eliminate a parameter to add_jump() 2010-09-17 11:05:35 -07:00
Tom Eastep
af24baaecd Update version to RC1 (one more time) 2010-09-17 09:14:56 -07:00
Tom Eastep
e61230a3db Update version to Beta 6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 08:23:24 -07:00
Tom Eastep
8e2c8e5a8f Document use of state match for NOTRACK
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-17 08:21:16 -07:00
Tom Eastep
882970a598 Use state match for UNTRACKED 2010-09-17 07:58:21 -07:00
Tom Eastep
2ce3c8aa88 Ensure that blacklist rules are before the other interface-oriented rules 2010-09-16 18:19:16 -07:00
Tom Eastep
27c445381e Treat 'blacklist' uniformly in hosts and zones 2010-09-16 15:48:12 -07:00
Tom Eastep
67b9ae0d2c Update release documents 2010-09-16 15:47:05 -07:00
Tom Eastep
1c870b532a Preserve dynamic blacklist during stop/clear/restore 2010-09-16 12:17:04 -07:00
Tom Eastep
a8c9fc1859 Implement new Blacklisting Scheme 2010-09-16 09:40:28 -07:00
Tom Eastep
3c1cff0794 First steps toward zone-based blacklisting 2010-09-16 06:55:48 -07:00
Tom Eastep
1d650b41cd Remove blacklisting by destination IP address support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 15:24:58 -07:00
Tom Eastep
3ad3f0d9e0 Allow floating point numbers in tcinterfaces fields other than <rate>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 14:07:21 -07:00
Tom Eastep
ba89ec39b5 Add :<burst> to /etc/shorewall/tcdevices 2010-09-15 11:56:14 -07:00
Tom Eastep
69a2fa1907 Replace to/from with dst/src 2010-09-15 11:25:46 -07:00
Tom Eastep
f925b335ef Ignore the 'blacklist' host option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 08:10:57 -07:00
Tom Eastep
373fc87165 More blacklisting wrapup
- Deprecate 'blacklist' in the hosts file
- Base blacklisting on interfaces alone

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-15 07:38:20 -07:00
Tom Eastep
4d0e8d129b Add dup blacklist message 2010-09-14 18:04:27 -07:00
Tom Eastep
10a9ae496a More manpage updates for 4.4.13 2010-09-14 16:47:45 -07:00
Tom Eastep
94cdc73ec2 Restore setpolicy() to prog.header*
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-14 13:50:22 -07:00
Tom Eastep
c4a40d8c7b Set version to RC1 (again) 2010-09-14 13:09:50 -07:00
Tom Eastep
c6960f1ac2 Edit release notes 2010-09-14 07:36:29 -07:00
Tom Eastep
1f2691b052 Another fix for blacklisting; correct composition of $hosts1 2010-09-14 06:47:29 -07:00
Tom Eastep
0f913fca2f Don't create blackout unnecessarily 2010-09-13 18:15:50 -07:00
Tom Eastep
82bccf16b5 Avoid internal error when there are no 'to' entries 2010-09-13 17:55:20 -07:00
Tom Eastep
bb38ed16b0 Document ipset creation fix 2010-09-13 15:54:44 -07:00
Tom Eastep
b1e9bff382 Create new ipsets on 'start' 2010-09-13 15:46:04 -07:00
Tom Eastep
a6194fabd2 Delete blank line 2010-09-13 14:15:47 -07:00
Tom Eastep
33adbe7a27 Update documentation for net TC features 2010-09-13 13:51:25 -07:00
Tom Eastep
1729da87f1 Allow both 'to' and 'from' in blacklist 2010-09-13 12:51:10 -07:00
Tom Eastep
9b4c3e22dd Allow floating point numbers in TC rates 2010-09-13 12:50:50 -07:00
Tom Eastep
cb1f7adea3 Add :<burst> to IN-BANDWIDTH 2010-09-13 11:23:37 -07:00
Tom Eastep
283eda2fa5 Cosmetic change to OUT-BANDWIDTH code 2010-09-12 16:33:19 -07:00
Tom Eastep
bd9041306c Add undocumented OUT-BANDWIDTH column to tcinterfaces 2010-09-12 16:25:45 -07:00
Tom Eastep
a3b7b9c11b Delete unused functions from prog.header*
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-12 10:07:26 -07:00
Tom Eastep
931c5a8d0a Add an assertion 2010-09-11 16:24:27 -07:00
Tom Eastep
50fc972d2a Fix another SAME defect :-( 2010-09-11 16:15:09 -07:00
Tom Eastep
512cd7b08e Bump version to 4.4.13 RC 1 2010-09-11 15:46:14 -07:00
Tom Eastep
aad7b70e18 Rename constant 2010-09-11 15:31:43 -07:00
Tom Eastep
c6c6503d83 Clean up a remaining issue with SAME 2010-09-11 15:24:01 -07:00
Tom Eastep
f004916055 Disallow a DEST interface in mangle OUTPUT rules 2010-09-11 14:10:05 -07:00
Tom Eastep
3ea7808b38 Disallow a DEST interface in mangle PREROUTING rules 2010-09-11 14:02:09 -07:00
Tom Eastep
37a5a01185 Correct INPUT marking documentation 2010-09-11 12:47:32 -07:00
Tom Eastep
e93a7fe9df Avoid recent problems by not padding $target in process_tc_rule() 2010-09-11 11:03:28 -07:00
Tom Eastep
d9ced1051a One more fix for SAME 2010-09-11 10:35:45 -07:00
Tom Eastep
367fc041b8 Correct handling of SAME -- Take 2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-11 09:36:19 -07:00
Tom Eastep
83ae6d6eba Document fix for 'SAME'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-11 09:04:42 -07:00
Tom Eastep
dbc9f6ac8f Correct handling of SAME
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-11 08:56:22 -07:00
Tom Eastep
05b6947aac Document fix for ipset invocation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-11 08:55:35 -07:00
Tom Eastep
8dd42c9e19 Correct handling of dst/src list in ipset invocation 2010-09-11 07:41:01 -07:00
Tom Eastep
99f8f84024 Fix name of F chain in secmarks 2010-09-10 16:45:22 -07:00
Tom Eastep
69817007bf Some more fixes for blacklisting 2010-09-09 14:53:12 -07:00
Tom Eastep
50300a60b7 A number of corrections to split blacklisting.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-09 11:20:49 -07:00
Tom Eastep
64544f4ab5 Correct comparison in 'blacklist' handling 2010-09-09 10:22:48 -07:00
Tom Eastep
cd4b5d80ed Reduce patch footprint by two lines 2010-09-09 09:00:28 -07:00
Tom Eastep
df1e17eaa8 Re-enable 'blacklist' on bridge ports 2010-09-09 07:09:08 -07:00
Tom Eastep
828d190436 Change example 2010-09-07 19:14:43 -07:00
Tom Eastep
7dbd994f51 Update installers for secmarks 2010-09-07 07:56:11 -07:00
Tom Eastep
50b4bd8dfe More Blacklist and Secmark documentation updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-06 17:26:49 -07:00
Tom Eastep
f3255cd83a Rework blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-06 15:29:20 -07:00
Tom Eastep
c6f58ba924 Enhance SELinux support:
- Add state match
- Add user/group match
- Add examples to the man pages
2010-09-06 09:06:40 -07:00
Tom Eastep
33dc8de8fb Allow dash's in ipset names 2010-09-05 11:41:35 -07:00
Tom Eastep
23e94e136c Allow COMMENT, SAVE and RESTORE to work correctly in secmarks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-05 08:17:58 -07:00
Tom Eastep
629290259d Allow secmarks without TC_ENABLED
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-05 07:49:03 -07:00
Tom Eastep
b139ff7e90 Update docs and implementation of SECMARK 2010-09-04 16:08:29 -07:00
Tom Eastep
28ff3548ff Bump version to 4.4.13-Beta4 2010-09-04 15:30:02 -07:00
Tom Eastep
15d8d6d8b7 Add SECMARK and CONNSECMARK support 2010-09-04 15:12:08 -07:00
Tom Eastep
6caff51c98 Modify a comment are delete a silly identity assignment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-09-01 11:24:19 -07:00
Tom Eastep
62fcf1ae8b Adjust version of Raw.pm 2010-08-31 16:52:48 -07:00
Tom Eastep
dfebe5a35e Correct error message 2010-08-31 16:33:15 -07:00
Tom Eastep
8f94137007 Fix last change 2010-08-30 16:47:45 -07:00
Tom Eastep
1da6d51d1a Reduce the Beta3 patch footprint by making the second arg to known_interface() optional 2010-08-30 16:43:30 -07:00
Tom Eastep
add76ed14e Bump version to 4.4.13 Beta 3
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-30 12:33:10 -07:00
Tom Eastep
7f0f4516d7 Rework handle_optional_interfaces() somewhat
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-30 12:29:39 -07:00
Tom Eastep
c18d206726 Use a function to generate the list of interfaces with an L3 address 2010-08-29 20:13:56 -07:00
Tom Eastep
57c54af6ed Re-implement optional interface handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-29 12:32:44 -07:00
Tom Eastep
d94f2cc86d Insure that the mapping to base names is deterministic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-08-29 07:28:06 -07:00
Tom Eastep
be0231578f Insure uniqueness of chain_base mapping 2010-08-28 20:47:39 -07:00
Tom Eastep
95a09b996f Fix test for KLUDGEFREE 2010-08-28 20:47:15 -07:00
Tom Eastep
1531ad3bcd Re-implement interface->shell-variable mapping 2010-08-28 15:15:41 -07:00