Tom Eastep
0b9cd93769
Default DSCP rules to the POSTROUTING chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-27 13:59:15 -07:00
Tom Eastep
372359839b
Add 'comment' to alternative input
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-24 15:08:55 -07:00
Tom Eastep
a02c745a83
Avoid silly duplicate rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-30 17:49:43 -07:00
Tom Eastep
47557aa4f7
Correct additional issues with 'update'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-18 10:24:52 -07:00
Tom Eastep
93ee4432de
Allow <user>: in USER columns
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-18 09:44:35 -07:00
Tom Eastep
8c543ca6f8
Transfer permissions during file updates
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-16 16:04:32 -07:00
Tom Eastep
e71fb3249a
Add 'dbl' interface option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-15 16:35:41 -07:00
Tom Eastep
ea56d4ed19
Make ipset-based dynamic blacklisting work in the FORWARD chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-13 15:02:12 -07:00
Tom Eastep
c65721a139
Correct a warning message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-13 12:21:16 -07:00
Tom Eastep
cd0837beb5
Avoid run-time Perl diagnostic when validating a null log level
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-09 09:00:12 -07:00
Tom Eastep
cd01df4200
Allow more than 9 interfaces with Simple TC
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-07 14:43:37 -07:00
Tom Eastep
7798c52a19
Fix DOCKER=Yes when docker0 is defined and Docker isn't started.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-22 17:50:51 -07:00
Tom Eastep
82169a0bfd
Use 'date' format for compiletime rather than localtime format
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-07 13:48:16 -07:00
Tom Eastep
64fb662bb1
Verify Shorewall6 version when compiling for IPv6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-05 15:22:47 -07:00
Tom Eastep
ce20e5592b
Cross-check core and standard versions during compilation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-05 13:53:26 -07:00
Tom Eastep
590243a787
Add NFLOG as a supported mangle action
...
- Also document nflog-parameters
- Correct range of nflog groups
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-03 11:27:34 -07:00
Tom Eastep
9dd0346987
Apply Paul Gear's patch for Ubuntu 16.04
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-02 07:25:37 -07:00
Tom Eastep
ccfa181a6d
Tweak compile_info_command()
...
- Fix comment
- use $globals{VERSION} for the version number
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-30 14:12:34 -07:00
Tom Eastep
24d40f4cc2
Add VERBOSE_MESSAGES option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-30 08:00:56 -07:00
Tom Eastep
244f2cefe5
Update comment describing info_command()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-29 15:42:48 -07:00
Tom Eastep
41923cb80e
Improve compile time/date implementation
...
- Rename the command from 'date' to 'info'
- Return the complete date/time/version string in the command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-29 12:31:17 -07:00
Tom Eastep
2a40012fc4
Include compile time and date in the output of 'shorewall status'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-27 16:25:21 -07:00
Tom Eastep
a92d10f19c
Merge branch '5.0.8'
2016-04-27 10:23:51 -07:00
Tom Eastep
f6b7eb4ea0
Correct handling of persistent provider with no IP address
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-25 12:27:00 -07:00
Tom Eastep
800c06e8c9
Rename lib.core to lib.runtime
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-21 08:12:41 -07:00
Tom Eastep
f16e3f1fbe
Issue warning when enable/disable won't work correctly
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-19 10:42:50 -07:00
Tom Eastep
0faf3b6db1
Send INFO messages to STDERR rather than STDOUT
2016-04-18 13:59:29 -07:00
Tom Eastep
3253c882e9
Merge branch '5.0.8'
2016-04-18 12:36:28 -07:00
Tom Eastep
5212dba7cb
Add an ESTABLISHED,RELATED rule for docker0
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-18 10:13:05 -07:00
Tom Eastep
35a22eedac
Reword error message when tcclass MARK is too large
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-18 10:06:04 -07:00
Tom Eastep
b53de922d1
Catch 0 in the MARK column of the tcclasses file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-18 08:50:10 -07:00
Tom Eastep
ae852b513d
Correct indentation issue
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-17 10:23:18 -07:00
Tom Eastep
9611b588e3
Use a uniform format for log timestamps
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-16 09:52:35 -07:00
Tom Eastep
fb8dbcf44b
Use a uniform format for log timestamps
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-16 09:49:38 -07:00
Tom Eastep
335f2968f8
Implement ?INFO and ?WARNING
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-16 09:20:09 -07:00
Tom Eastep
c725372639
Correct logging of 'reloaded' message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-15 14:46:21 -07:00
Tom Eastep
524838ae47
Implement $SW_LOGGERTAG
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-15 14:29:51 -07:00
Tom Eastep
6aa0ecae4f
Re-factor the code for saving/loading ipsets
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 15:15:47 -07:00
Tom Eastep
434e042494
Add the deprecated/ directories to the CONFIG_PATH
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 14:17:06 -07:00
Tom Eastep
9fa0df2fd1
Move the code that generates zap_ipsets() to after save_ipsets() generation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 09:56:48 -07:00
Tom Eastep
216bc715e8
Clean up V4/V5 ipset enforcement
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-14 09:00:38 -07:00
Tom Eastep
dbd42e1d5d
More ipset fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-12 16:29:13 -07:00
Tom Eastep
2cf3706864
Correct handling of a zone with two interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-11 10:32:26 -07:00
Tom Eastep
3028dafbac
Correct DBL 'src-dst' handling
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-11 09:13:17 -07:00
Tom Eastep
16a31c3d29
Make MINIUPNPD work with DOCKER
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-11 09:02:44 -07:00
Tom Eastep
d3f377e915
Don't double-save the dynamic blacklisting ipset
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-11 08:37:39 -07:00
Tom Eastep
6c00f72f44
Create ipsets with the 'counters' option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 18:09:41 -07:00
Tom Eastep
deaaecdf1c
Add 'nodbl' interface option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 16:09:39 -07:00
Tom Eastep
05e4049174
Ipset-based blacklisting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 16:07:56 -07:00
Tom Eastep
5db6cb1b7d
Correct load_ipsets()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-09 16:07:10 -07:00
Tom Eastep
321476fd51
Tweak terminating() implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-08 08:24:57 -07:00
Tom Eastep
bd6b32eb25
Add a progress message for REJECT_ACTION processing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 10:30:54 -07:00
Tom Eastep
4fdf54eca1
Tweak process_reject_action()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 10:02:48 -07:00
Tom Eastep
70bbd21b35
Ensure that the REJECT_ACTION is terminating
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 09:34:38 -07:00
Tom Eastep
87a9b95f73
Catch case where a transformed rule jumps to its own chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 08:58:50 -07:00
Tom Eastep
ecd7261365
Use -g when target is a terminating chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-07 08:48:36 -07:00
Tom Eastep
293cd1d66a
Always go to the reject chain rather than jump to it
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-06 09:14:06 -07:00
Tom Eastep
436b5d89ce
Correct comment
...
- The chain will only exist if logging wasn't specified for the same
disposition.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-06 08:50:29 -07:00
Tom Eastep
26795cf082
Correct setup of $usedactions{A_REJECT}
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-06 08:18:36 -07:00
Tom Eastep
3ac3ae279f
Add A_REJECT action
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-05 16:38:39 -07:00
Tom Eastep
e9467326f3
Allow allow REJECT to take a parameter
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-05 11:20:44 -07:00
Tom Eastep
75df718865
Reword comment in push_action_params()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-04 09:41:28 -07:00
Tom Eastep
ae8e2f70ea
Efficiency change to known_interface()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-03 17:34:02 -07:00
Tom Eastep
39f5b77e5f
Fix known_interface()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-03 16:31:45 -07:00
Tom Eastep
cb5a2519f3
Keep hyphens in @chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-03 16:30:31 -07:00
Tom Eastep
4151f7c504
Revert change to log_[i]rule_limit
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-03 16:29:52 -07:00
Tom Eastep
054837aeea
Use the real chain name in log messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-03 13:04:25 -07:00
Tom Eastep
b637d303b9
Correct use of a physical interface name in the hosts file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-02 17:27:20 -07:00
Tom Eastep
0dbf42424d
Make physical name a synonym for the correcponding logical name.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-02 10:04:05 -07:00
Tom Eastep
f22e8d6d55
Allow physical interface to work in the ecn file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-01 15:10:49 -07:00
Tom Eastep
d98305c6f4
Correct default for MINIUPNOD
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-01 12:20:42 -07:00
Tom Eastep
3cbfdadb32
Merge branch '5.0.7'
2016-04-01 09:46:53 -07:00
Tom Eastep
df1b1f6768
Add MINIUPNPD option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-01 08:57:08 -07:00
Tom Eastep
3881b38e02
Fix similar INTERFACE column issue in the nat and netmap files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-31 14:16:43 -07:00
Tom Eastep
8a8f3b6f59
Merge branch '5.0.7'
2016-03-31 12:55:16 -07:00
Tom Eastep
b9bed00123
Correct handling of a physical name in a masq rule
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-31 12:52:30 -07:00
Tom Eastep
38aa7797c4
Allow protocol and user lists in actions and macros
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-30 08:34:42 -07:00
Tom Eastep
404540ffe1
Merge branch '5.0.7'
2016-03-30 08:17:19 -07:00
Tom Eastep
dd3c0daa08
Handle inline matches correctly in the mangle file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-29 13:33:47 -07:00
Tom Eastep
4fddfcfba0
More complete fix for inline matches
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-29 13:15:01 -07:00
Tom Eastep
421d5f6043
Move Raw matches to last.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-29 09:31:27 -07:00
Tom Eastep
382ab380a2
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2016-03-29 07:36:49 -07:00
Tuomo Soini
2342c7cd9c
Perl/Shorewall/Chains.pm: Fix warning with older perl
2016-03-29 09:58:33 +03:00
Tom Eastep
66ae4975b2
Allow :R with DIVERT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-28 15:52:49 -07:00
Tom Eastep
5b7a9db170
Correct clearing of inline matches
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-28 15:48:59 -07:00
Tom Eastep
ad87d94e33
Small efficiency change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-26 13:12:33 -07:00
Tom Eastep
f86abf9552
Eliminate @columnstack -- simple save the columns array on the call stack.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-22 10:49:40 -07:00
Tom Eastep
9fe1a34412
Tighten up editing of configuration options
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-21 12:03:45 -07:00
Tom Eastep
abe533b6e3
Correct the action on ingress filters
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-19 13:45:33 -07:00
Tom Eastep
1c3140789c
Add stab to ingress qdiscs
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-19 13:25:39 -07:00
Tom Eastep
0399a346d0
Replace a silly line of code.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-19 12:05:45 -07:00
Tom Eastep
6ed3861d76
Correct Mangle Action Handling for second visit to the same action
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 15:25:52 -07:00
Tom Eastep
7a18847c14
Correct handling of log level in a _DEFAULT setting.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 15:25:14 -07:00
Tom Eastep
273c89a753
Implement MARK and CONNMARK in the rules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 11:42:58 -07:00
Tom Eastep
2bebf1c95a
Make '&' and '|' work with CONNMARK
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 11:30:52 -07:00
Tom Eastep
18573037f9
More 'check -r' fixes around Docker
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 11:09:39 -07:00
Tom Eastep
818628138b
Add MARK and CONNMARK to the %targets table
...
- Also, sort the table entries
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 10:21:35 -07:00
Tom Eastep
2adec0eb65
Implement a filename cache for find_file()
...
- Don't need to search the CONFIG_PATH for re-open of same file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 09:45:41 -07:00
Tom Eastep
6ae94767b7
Correct a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 08:31:52 -07:00
Tom Eastep
9ab2310dc8
Correct an incorrect comment in process_rules()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-17 08:47:33 -07:00