shorewall_code

Author	SHA1	Message	Date
Tuomo Soini	5a66c1d9d6	AllowICMPs: certificate path advertisment source must be fe80::/10 Signed-off-by: Tuomo Soini <tis@foobar.fi>	2024-03-19 11:21:03 +02:00
Tuomo Soini	de23e641f7	AllowICMPs: certificate path solicitation source must be :: or fe80::/10 Signed-off-by: Tuomo Soini <tis@foobar.fi>	2024-03-19 11:21:03 +02:00
Tuomo Soini	a8294ed495	AllowICMPs: listener report v2 source must be :: or fe80::/10 rfc3810 section-5 Signed-off-by: Tuomo Soini <tis@foobar.fi>	2024-03-19 11:21:03 +02:00
Tuomo Soini	393cd5043d	AllowICMPs: router-advertisment source must be fe80::/10 Signed-off-by: Tuomo Soini <tis@foobar.fi>	2024-03-19 11:21:03 +02:00
Tuomo Soini	0de5e88018	AllowICMPs: allowing redirects is a security issue and not required Also redirect source must be fe80::/10 Signed-off-by: Tuomo Soini <tis@foobar.fi>	2024-03-19 11:21:03 +02:00
Paul Gear	aae5baedfd	Merge branch 'idl0r_iptablesw' into 'master' Improve iptables --wait check See merge request shorewall/code!6	2023-02-01 02:47:31 +00:00
Paul Gear	95831e372f	Merge branch 'tor_metrics' into 'master' Add TorMetrics macro See merge request shorewall/code!7	2023-02-01 02:41:22 +00:00
Jeremy Sowden	5637385507	Document related man-pages in Debian systemd service files Signed-off-by: Jeremy Sowden <jeremy@azazel.net>	2023-01-31 22:50:18 +00:00
Vincas Dargis	c1e58f6faf	Add TorMetrics macro Add macro for Tor metrics port. See https://support.torproject.org/relay-operators/relay-bridge-overloaded/	2022-09-18 15:08:54 +03:00
Christian Ruppert	8b0d829531	Check for wait option if we don't have capabilities Only check for iptables --wait option if we don't already have existing capabilities. If we have some and they're not up2date / don't match, it will issue a warning anyway. If a valid capabilities file exists, it will already cover whether we can use --wait or not, that's what WAIT_OPTION is for. Signed-off-by: Christian Ruppert <idl0r@qasl.de>	2022-04-02 11:52:10 +02:00
Christian Ruppert	c941cf4bb5	Run iptables -w check against a usually small chain The iptablesw check, that's just looking for whether -w is supported or not, previousely caused iptables to list all rules, each time you do a shorewall check or shorewall start/reload. That might be quite a lot, depending on the amount of rules you have. It is also no necessary to parse each rule just to check for -w. Let's switch to the usually much smaller INPUT chain, to reduce the overhead	2022-04-01 16:45:42 +02:00
Tom Eastep	ba87937f49	Replace StandardOutput=syslog by StandardOutput=journal in unit files Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-10-30 09:24:47 -07:00
Tom Eastep	69f0d4d881	Simon Mater's patch to support gbits and gbps in rate/burst specifications Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-10-09 09:39:01 -07:00
Tom Eastep	97165ed41e	Add target file(s) 5.2.8-base Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-24 15:16:51 -07:00
Tom Eastep	5b0cacd9c4	Add NFS V1.4 macro Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-24 14:46:24 -07:00
Tom Eastep	eeec6f2396	Update shorewall-snat(5) - Delete incorrect statement about a list of addresses in SNAT() - Replace IPv4 Example 6 with one that uses the PROBABILITY column Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-24 11:19:46 -07:00
Tom Eastep	34c59dca32	Don't export interface_is_plain() - It was used in a superseded change Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-19 11:38:41 -07:00
Tom Eastep	9aa2a4b704	Use less obscure code to set $call_generate_all_acasts; Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-19 11:20:10 -07:00
Tom Eastep	d363809859	Complete the table documentation at the top of the file Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-18 13:44:41 -07:00
Tom Eastep	6c4383b5ce	Add target file(s) 5.2.8-RC1 Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-17 14:47:53 -07:00
Tom Eastep	8c10c96844	Revert "Move ${SBINDIR}/shorewall6 to the Shorewall-core product" This reverts commit `1ca886abd7`.	2020-09-15 16:49:19 -07:00
Tom Eastep	126c5ccd53	Include administrative host name in status output Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-15 15:16:23 -07:00
Tom Eastep	1ca886abd7	Move ${SBINDIR}/shorewall6 to the Shorewall-core product - Default 'shorewall6' to 'shorewall6-lite' if that product is installed and 'shorewall6' is not. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-15 13:55:57 -07:00
Tom Eastep	ca78c0221c	Don't remote ${SBINDIR}/shorewall when uninstalling Shorewall Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-15 11:58:05 -07:00
Tom Eastep	e4c2122532	Eliminate duplicate function names between lib.cli and lib.cli-std Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-15 11:45:45 -07:00
Tom Eastep	f16e666858	Redirect STDERR to STDOUT when using $PAGER Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-13 15:46:04 -07:00
Tom Eastep	b5f3294adb	Set SHOREWALL_SHELL=/sbin/sh if it isn't set and export or test Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-13 15:33:01 -07:00
Tom Eastep	8d4e79650e	Refactor ALL_ACASTS code Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-11 15:58:59 -07:00
Tom Eastep	b253be8a69	Localize to IPv6 the effect of generating ALL_ACASTS during 'restore' Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-11 14:35:17 -07:00
Tom Eastep	4385264dc3	Revert "Delete superfuous 'use' statements" This reverts commit `fe7bb4abca`.	2020-09-11 13:43:14 -07:00
Tom Eastep	6cab1c3c8c	Generate ALL_ACASTS during 'restore' processing Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-11 13:11:44 -07:00
Tom Eastep	fe7bb4abca	Delete superfuous 'use' statements Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-11 12:56:37 -07:00
Tom Eastep	63b477a4de	Clean up ALL_ACASTS generation Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-10 15:59:33 -07:00
Tom Eastep	2166251b97	Correct physwild/wildcard usage Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-10 15:59:16 -07:00
Tom Eastep	9e6aec7687	Correct usage of $physwild, replacing with $wildcard Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-10 13:20:20 -07:00
Tom Eastep	b154803f22	Rename 'noanycast' to 'omitanycast' Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-10 09:59:45 -07:00
Tom Eastep	09449d4c67	Add target file(s) 5.2.8-Beta2 Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-09 12:44:17 -07:00
Tom Eastep	774be17a32	Expand the description of 'noanycast' in shorewall-interfaces(5) Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-09 12:33:01 -07:00
Tom Eastep	6120eba8f9	Correct generation of code for 'noanycast' Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-09 11:51:38 -07:00
Tom Eastep	6e8b25f126	Add target file(s) 5.2.8-Beta1 Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-07 15:07:57 -07:00
Tom Eastep	4253f23d6b	Add 'noanycast' interface option Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-09-07 13:47:56 -07:00
Tom Eastep	0b80856eb6	Correct IPv6 ACK handling in Simple TC Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-08-01 17:10:00 -07:00
Tom Eastep	b3ebcc8025	Add target file(s) 5.2.7-Beta1 Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-13 09:57:30 -07:00
Tom Eastep	ac221348c0	Add an SPORT column to the tcpri file Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-09 14:15:03 -07:00
Tom Eastep	4b3f9ae1e7	Clean up the connmark implementation Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-07 18:23:39 -07:00
Tom Eastep	89201bd294	Add TC connmark support Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-07 16:44:20 -07:00
Tom Eastep	b617c8d224	Rodrigo Araujo's tc connmark patch Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-07 14:28:21 -07:00
Tom Eastep	4469ddb861	Don't apply the deprecated directory more than once Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-06 15:38:28 -07:00
Tom Eastep	cd5409d633	Take care of '$LOG_LEVEL' during update Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-06 15:38:01 -07:00
Tom Eastep	2f58d4e368	Don't create a zone forwarding chain for local zones Signed-off-by: Tom Eastep <teastep@shorewall.net>	2020-07-06 09:06:03 -07:00

1 2 3 4 5 ...

7986 Commits