Tom Eastep
|
b5af6f03fb
|
Create better rules when a HELPER appears in an action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-11 07:48:03 -07:00 |
|
Tom Eastep
|
50dfffec94
|
Eliminate duplicate rules in raw-table chains when optimize level 16.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-10 07:09:01 -07:00 |
|
Tom Eastep
|
ad818c071a
|
Generate omnibus tracking rules when NAT/ACCEPT with helper appears in an action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-10 06:55:18 -07:00 |
|
Tom Eastep
|
e84ee76c7d
|
Add helpers to macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-09 10:32:34 -07:00 |
|
Tom Eastep
|
2ab50e65d7
|
Make conditional directives case insensitive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-09 10:30:02 -07:00 |
|
Tom Eastep
|
2690243e3c
|
Add helpers in the macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-09 07:36:04 -07:00 |
|
Tom Eastep
|
e8a4728981
|
Allow '?IF 0'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-08 07:23:43 -07:00 |
|
Tom Eastep
|
ee28638604
|
Add HELPERS to rules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-08 07:23:20 -07:00 |
|
Tom Eastep
|
ccf517307e
|
Handle raw table zones from VSERVERS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-07 14:51:58 -07:00 |
|
Tom Eastep
|
e00616a1fe
|
Don't release blacklist files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-07 07:56:16 -07:00 |
|
Tom Eastep
|
c007f847a0
|
Handle disabled helpers in pre-3.5 kernels.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-06 15:54:45 -07:00 |
|
Tom Eastep
|
56caf3687f
|
Factor out the ?IF __CT_TARGET tests in the conntrack files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-06 09:26:14 -07:00 |
|
Tom Eastep
|
b4c812b676
|
Correct helper parsing in the Raw module.
- Require (...) around multiple ctevents
- Detect invalid options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-05 08:09:17 -07:00 |
|
Tom Eastep
|
9a0d53194a
|
Correct Helper detection in the compiler.
Use CT_MATCH when available.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-05 08:08:20 -07:00 |
|
Tom Eastep
|
cfe2f36320
|
Delete duplicate entry in the Shorewall[6] install.sh
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-04 08:23:08 -07:00 |
|
Tom Eastep
|
093985dd93
|
Use HELPERS to enable/disable helper association.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-03 19:26:02 -07:00 |
|
Tom Eastep
|
72307df6d2
|
Replace the AUTOHELPERS option with the HELPERS option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-03 10:53:20 -07:00 |
|
Tom Eastep
|
7689b1e84b
|
Remove the 'zone' helper option for now.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-03 06:39:58 -07:00 |
|
Tom Eastep
|
82c057d1ed
|
Fix *VERSION handling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 16:44:02 -07:00 |
|
Tom Eastep
|
21770a89d6
|
Detect which matches are available.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 15:38:23 -07:00 |
|
Tom Eastep
|
223ed5b3a3
|
More additions to the helper table and to the conntrack files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 13:25:44 -07:00 |
|
Tom Eastep
|
2ae59bb3cd
|
Add COMMENT directives to conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 11:58:00 -07:00 |
|
Tom Eastep
|
9ba0c07956
|
Redesign the CT:helper feature.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 11:10:08 -07:00 |
|
Tom Eastep
|
7d32258e6e
|
Correct Helpers Module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 11:09:34 -07:00 |
|
Tom Eastep
|
07e56d129a
|
Add AUTOHELPERS option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 11:09:18 -07:00 |
|
Tom Eastep
|
62d6d2558e
|
Rename AUTO_COMMENT to AUTOCOMMENT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 11:06:41 -07:00 |
|
Tom Eastep
|
833e54c9c3
|
Rename the notrack file to conntrack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 11:02:17 -07:00 |
|
Tom Eastep
|
f2dd43855e
|
Correct typo in warning message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-01 13:13:18 -07:00 |
|
Tom Eastep
|
eaf238fa66
|
Merge branch '4.5.6'
|
2012-08-01 10:37:45 -07:00 |
|
Tom Eastep
|
542f279544
|
Don't allow a source interface in a DNAT/REDIRECT rule with source == firewall
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-01 10:01:08 -07:00 |
|
Tom Eastep
|
c8ea03bf8c
|
Update help text
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-30 07:23:53 -07:00 |
|
Tom Eastep
|
ac6e67e371
|
Correct typo in rules manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-30 07:23:40 -07:00 |
|
Tom Eastep
|
735b7c2cf5
|
Add support for nfacct
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-28 11:21:16 -07:00 |
|
Tom Eastep
|
87c0f934aa
|
Add NFacct Match capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-28 08:19:05 -07:00 |
|
Tom Eastep
|
c0e4d4093c
|
Clarify TOS value
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-16 15:53:22 -07:00 |
|
Tom Eastep
|
55b527d065
|
Eliminate a local variable.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-15 20:22:19 -07:00 |
|
Tom Eastep
|
e1e7ab42c1
|
Make 'routefilter' and 'sfilter' mutually exclusive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-15 10:37:56 -07:00 |
|
Tom Eastep
|
65b16a1acf
|
Compensate for bugs in the latest CPerl emacs extension
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-15 10:07:06 -07:00 |
|
Tom Eastep
|
1db79a91eb
|
'rpfilter' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-15 10:05:32 -07:00 |
|
Tom Eastep
|
e7cd84a72c
|
Implement rpfilter match capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-15 07:54:46 -07:00 |
|
Tom Eastep
|
691a9bf793
|
Correct installation on systems with systemd
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-14 14:38:30 -07:00 |
|
Tom Eastep
|
2cce81cfc1
|
Revert 83a8c7eda3
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-09 10:58:15 -07:00 |
|
Tom Eastep
|
9f4ca3ebc5
|
Additional simplification of evaluate_expression()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-08 07:48:27 -07:00 |
|
Tom Eastep
|
3c2385de06
|
Merge branch '4.5.6'
|
2012-07-08 07:36:15 -07:00 |
|
Tom Eastep
|
6ce3d0180e
|
Ensure a defined value for __IPV[46]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-07 09:47:10 -07:00 |
|
Tom Eastep
|
83a8c7eda3
|
When TC_ENABLED=No, require providers to process tcrules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-07 08:02:57 -07:00 |
|
Tom Eastep
|
18f947eb2f
|
Apply patch from Daniel Meißner
- Corrects STARTUP_ENABLED=No error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-06 07:28:29 -07:00 |
|
Tom Eastep
|
83df8a4e39
|
Avoid a call to eval() for simple expressions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-06 07:26:54 -07:00 |
|
Tom Eastep
|
e9d8228b6f
|
Simplify handling of __IPVn in conditional directives.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-06 06:43:15 -07:00 |
|
Tom Eastep
|
65d8341c6c
|
Correct a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-05 15:43:20 -07:00 |
|