Tom Eastep
18c8f1f835
Remove blank line
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-17 20:10:25 -08:00
Tom Eastep
aff8623a44
Allow TTL to be specified in the SAME action.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-17 19:11:28 -08:00
Tom Eastep
b14e7c54f9
Merge branch '4.6.6'
2015-02-07 08:29:44 -08:00
Tom Eastep
30a5f508be
Change samples to specify MODULE_SUFFIX="ko ko.xz"
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-06 12:56:35 -08:00
Orion Poplawski
9ad0b297e2
Supporting xz compressed kernel modules
...
- I've attached a patch that adds xz support to the default MODULE_SUFFIX.
- I'm wondering it wouldn't be better to not have MODULE_SUFFX=ko in various
sample configs so that the default value is used instead:
./Shorewall/configfiles/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/Universal/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/three-interfaces/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/two-interfaces/shorewall.conf:MODULE_SUFFIX=ko
./Shorewall/Samples/one-interface/shorewall.conf:MODULE_SUFFIX=ko
./docs/MultiISP.xml:MODULE_SUFFIX=ko
./docs/MyNetwork.xml:MODULE_SUFFIX=ko
./Shorewall6/configfiles/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/Universal/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/three-interfaces/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/two-interfaces/shorewall6.conf:MODULE_SUFFIX=ko
./Shorewall6/Samples6/one-interface/shorewall6.conf:MODULE_SUFFIX=ko
- Is:
MODULE_SUFFIX=
sufficient to use the default value or does it need to be commented out?
Thanks,
Orion
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion@nwra.com
Boulder, CO 80301 http://www.nwra.com
>From f13edf8fc07c7b62825408b8665b10d6014d368d Mon Sep 17 00:00:00 2001
From: Orion Poplawski <orion@cora.nwra.com>
Date: Mon, 26 Jan 2015 09:48:48 -0700
Subject: [PATCH] Support xz compressed modules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-02-06 12:51:00 -08:00
Tom Eastep
40104d0c86
Correct handling of +set[n]
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-26 07:53:41 -08:00
Tom Eastep
5d110616a5
Merge branch '4.6.6'
2015-01-24 18:16:47 -08:00
Tom Eastep
a2b8069ee3
Clarify Zone exclusion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-24 18:15:10 -08:00
Tom Eastep
c7cd0060f0
Merge branch '4.6.6'
2015-01-23 09:07:28 -08:00
Tom Eastep
e3b96862ef
Propagate the LOCKFILE setting to the generated script.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-23 08:18:30 -08:00
Tom Eastep
a060f683cc
Correct file name in mangle 'split_line' error messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:34:47 -08:00
Tom Eastep
01220d58ea
Change the installation default value of INLINE_MATCHES to 'No'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:34:39 -08:00
Tom Eastep
c2b6d974e7
Protect 'enable' and 'disable' with mutex
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:34:28 -08:00
Tom Eastep
7ab055e61e
Correct file name in mangle 'split_line' error messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:31:51 -08:00
Tom Eastep
758f3cf955
Change the installation default value of INLINE_MATCHES to 'No'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:30:50 -08:00
Tom Eastep
08a184d95b
Protect 'enable' and 'disable' with mutex
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-22 08:30:05 -08:00
Tom Eastep
50a0103e89
Merge branch '4.6.6'
2015-01-20 08:11:07 -08:00
Tom Eastep
6f2308e0fa
Correct syntax of the SAVE and RESTORE actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-20 08:09:55 -08:00
Tom Eastep
a7cacdfee3
Allow SAVE and RESTORE in the INPUT chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-20 08:09:09 -08:00
Tom Eastep
28ac76bde4
Add tinc tunnel support
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-13 13:28:37 -08:00
Tom Eastep
83431514fb
Add Tinc macro
...
- From Răzvan Sandu
2015-01-13 07:05:15 -08:00
Tom Eastep
111c454193
Make leading SHELL case-sensitive
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-13 07:04:20 -08:00
Tuomo Soini
b06ba536e9
macro.Zabbix: This macro handles Zabbix monitoring software server traffic to agent
...
and trap traffic from agent to zabbix server.
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-01-13 13:51:00 +02:00
Tom Eastep
97846e14de
Correct handling of ipsets in one of the PORTS columns
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-09 09:28:08 -08:00
Tom Eastep
07c21b8968
Add 'primary' provider option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-06 09:06:27 -08:00
Tom Eastep
668759edad
Catch parameter problems with TARPIT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 11:09:39 -08:00
Tom Eastep
0f1f54b57b
Tweak loopback change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 11:00:02 -08:00
Tom Eastep
60d5a177a3
Use the 'Iface Match' capability for loopback traffic.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 09:46:39 -08:00
Tom Eastep
3ed5ced581
Correct syntax error introduced in Beta 2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-04 08:35:33 -08:00
Tom Eastep
086f8b6073
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-01-03 13:23:00 -08:00
Tom Eastep
fa377df9dc
Fix installer's use of the DIGEST environmental variable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-03 13:22:06 -08:00
Tom Eastep
7dd9ccd06b
Add the 'loopback' interface option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-03 09:22:40 -08:00
Tom Eastep
33e2e19193
Always set IP
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 09:28:50 -08:00
Tom Eastep
4a4bfe77ce
Implement IFACE_MATCH capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 09:05:06 -08:00
Tom Eastep
3890b8a884
Infrastructure for detecting loopback interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-02 08:49:38 -08:00
Tom Eastep
551a16d18f
Document TARPIT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-01-01 09:14:00 -08:00
Tom Eastep
d1b597394f
Correct typo (TARPIT_MATCH -> TARPIT_TARGET)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-30 10:22:33 -08:00
Tom Eastep
15a2fd14f9
Implement TARPIT target
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-28 15:23:30 -08:00
Tom Eastep
f96baca780
Use the readable representation of the SHA1 digest in the chain table
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-27 11:13:10 -08:00
Tom Eastep
1b5f439609
Rewrite 'process_actions'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-27 09:28:02 -08:00
Tom Eastep
1655054de2
Rename 'externalize' to 'external_name'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-27 09:19:00 -08:00
Tom Eastep
89877ed3f7
Rename 'policy_rules' to 'add_policy_rules'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 15:58:13 -08:00
Tom Eastep
9649107a8e
Rename 'apply_policy_rules' to 'complete_policy_chains'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 15:53:50 -08:00
Tom Eastep
33eb47a48a
Reorder parameters and change identifiers in set_policy_chain()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 15:47:50 -08:00
Tom Eastep
93285e2798
Cleanup of preceding fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 14:05:43 -08:00
Tom Eastep
2430796495
Document the -c option of 'show routing'
...
Correct choice in show commands to 'req'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 12:15:28 -08:00
Tom Eastep
06ef7596cd
Document the -c 'dump' option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-26 11:57:24 -08:00
Tom Eastep
227db0cfa7
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2014-12-23 15:37:38 -08:00
Tom Eastep
c0f7d0e65d
Start firewall after the network-online target has been reached
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-23 15:37:22 -08:00
Tom Eastep
ba806379f4
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2014-12-23 15:36:56 -08:00
Tom Eastep
6a15cead52
Cosmetic/commentary changes to the Config Module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-23 15:25:20 -08:00
Tom Eastep
f925358872
Minor Compiler Reorganization
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-23 12:27:37 -08:00
Tom Eastep
52d2e62274
Convert two macros to Format 2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-22 08:36:34 -08:00
Tom Eastep
56e8068f3d
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2014-12-20 15:12:44 -08:00
Tom Eastep
35fc7b34b8
Minor code tweak
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-20 15:09:21 -08:00
Tom Eastep
fdf513fba6
Correct font in mangle manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-19 14:26:20 -08:00
Tom Eastep
79430673b8
Correct handling of duplicate states in the mangle file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-16 19:08:25 -08:00
Tom Eastep
695db284c0
Improve Mark Range Implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-15 11:19:23 -08:00
Tom Eastep
807b9ca627
Revert "Improve handling of mark ranges"
...
This reverts commit 62f480897e
.
2014-12-15 09:39:24 -08:00
Tom Eastep
62f480897e
Improve handling of mark ranges
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-14 09:13:41 -08:00
Tom Eastep
2d7025dcc3
Correct mark range handling
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-12-13 08:31:31 -08:00
Tom Eastep
a833815b31
Correct IPv6 handling of LOG_BACKEND=LOG
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 08:56:42 -08:00
Thomas D
664e3bb0a8
Installer: $INITDIR already starts with a "/", so no need for, "$DESTDIR/$INITDIR"
...
Hi,
before the patch (DESTDIR = "/tmp/shorewall-4.6.5"; INITDIR =
"/etc/init.d"),
> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5//etc/init.d/shorewall-lite
after the patch
> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5/etc/init.d/shorewall-lite
-Thomas
From e7a192397323bb6cb66d08a6f24e7edfee044f31 Mon Sep 17 00:00:00 2001
From: Thomas D <whissi@whissi.de>
Date: Sat, 15 Nov 2014 16:38:05 +0100
Subject: [PATCH] $INITDIR already starts with a "/", so no need for
"$DESTDIR/$INITDIR"
Before the patch (DESTDIR = "/tmp/shorewall-4.6.5"; INITDIR = "/etc/init.d"),
> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5//etc/init.d/shorewall-lite
after the patch
> [...]
> SysV init script init.gentoo.sh installed in /tmp/shorewall-4.6.5/etc/init.d/shorewall-lite
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-15 07:55:14 -08:00
Tom Eastep
9241552c52
Make emacs sh-mode work better with lib.core
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-14 16:28:44 -08:00
Tom Eastep
16c1809ef2
Apply Alan Barrett's dhclient patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-14 13:39:23 -08:00
Tom Eastep
7100af5380
Correct .service files
...
- Make them match earlier versions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-11 18:05:04 -08:00
Tom Eastep
c4171a92f6
Change spacing in shorewall[6] usage output
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-10 07:38:58 -08:00
Thomas D
a5b2886ae9
Patches for shorewall manpage
...
Hi,
I corrected some errors in the manpages. I started with "shorewall".
Tom, please tell me if you like this format and the patches at all.
If you like them, I can send you a similar patch set for shorewall6, too.
-Thomas
From 2aaeaa4f2da7aae92177ced0530f1deff86f44a9 Mon Sep 17 00:00:00 2001
From: Thomas D <whissi@whissi.de>
Date: Sun, 9 Nov 2014 15:45:29 +0100
Subject: [PATCH 11/14] The "-i" option from the "reload" command wasn't marked
as an option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-09 07:40:59 -08:00
Tom Eastep
9a6047b3c4
Correct reversed naming of SHA chains
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-06 08:18:52 -08:00
Tom Eastep
6f5de7ef3f
Add now logging modules to the modules files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-05 16:19:30 -08:00
Tom Eastep
5b4e3bc07c
Accomodate new module names for LOG_BACKEND
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-05 12:51:24 -08:00
Tom Eastep
dc3f163e71
Change the names of the sha1 chains for uniqueness
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-04 17:54:38 -08:00
Tom Eastep
2f545012a6
More documentation updates for -C
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 09:25:58 -08:00
Tom Eastep
c97226c46c
Correct behavior of 'start -fC'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 09:25:23 -08:00
Tom Eastep
8c0c1bd1e0
Omit the 'shorewall' chain from .ip[6]tables-restore-input
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 08:16:47 -08:00
Tom Eastep
8b825c4c4c
Avoid failure of ip[6]tables-restore.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 07:56:05 -08:00
Tom Eastep
4493b2ab6b
Correct typo in 'rules' manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-02 06:50:40 -08:00
Tom Eastep
9598ac6fad
Correct a couple of problems with -C
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-01 10:09:04 -07:00
Tom Eastep
8fb73026c8
Replace SAVE_COUNTERS with the -C command option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-11-01 09:37:57 -07:00
Tom Eastep
4546cbaff7
Use chains with names derived from a digest to identify ruleset
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-31 11:36:53 -07:00
Tom Eastep
a83c146636
Cleanup
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 20:27:06 -07:00
Tom Eastep
2ffc97867c
Correct syntax error in the generated script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 19:59:20 -07:00
Tom Eastep
f08803e293
Preserve counts on 'restart' without compilation.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 18:38:45 -07:00
Tom Eastep
b7ab82dba4
Implement -f option in the -lite products' start command
...
- Remove 'recover' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 10:42:39 -07:00
Tom Eastep
113f95c11e
Provide STARTOPTIONS and RESTARTOPTIONS in all cases
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 10:22:39 -07:00
Tom Eastep
3454e10525
Add SAVE_COUNTERS option.
...
- Also implement recover command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-30 08:57:56 -07:00
Tom Eastep
edc30fcc8d
Process the params file with SHOREWALL_SHELL
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-29 12:22:00 -07:00
Tom Eastep
85e5669fc7
Rename function interface_up() to interface_enabled()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-27 18:38:22 -07:00
Tom Eastep
055fceb82f
Update policy manpages for duel limits
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-22 12:27:27 -07:00
Tom Eastep
f5bdc9e7f4
Allow two limits in the RATE LIMIT columns
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-22 11:21:43 -07:00
Tom Eastep
b60d6dd6e5
Avoid duplicate module loads
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-20 10:42:53 -07:00
Tom Eastep
2784e93307
Load xt_LOG in both helpers files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-19 08:28:36 -07:00
Tom Eastep
90d1e41dcb
Correct IPv4 Helpers file
...
- Change xt_ULOG to ipt_ULOG
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-19 08:28:29 -07:00
Tom Eastep
49218a4d28
ipt_LOG in helpers file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-15 18:07:09 -07:00
Tom Eastep
e3b10343a5
Change SYSTEMDDIR to SERVICEDIR
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-13 11:56:26 -07:00
Tom Eastep
286bc50bb3
Remove 'optional' from the Universal interfaces file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-13 08:07:14 -07:00
Tom Eastep
42363da458
Add new .service files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-09 10:00:53 -07:00
Tom Eastep
c5074bddb2
Rename the .service files to .service.214
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-09 09:45:52 -07:00
Tom Eastep
12458d111a
Adjust the .service files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-08 17:28:22 -07:00
Tom Eastep
815e93e80c
Rename SYSTEMD to SYSTEMDDIR
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-07 16:46:16 -07:00
Tom Eastep
3bae6e61cf
Eliminate syntax errors in the generated script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-07 07:53:26 -07:00
Tom Eastep
5204cbc95f
Suppress 'No ipsets were saved' warning when SAVE_IPSETS=No
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-07 07:50:12 -07:00
Tom Eastep
ea1b8ac63a
Correct handling of empty LOG_BACKEND
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-07 07:34:55 -07:00
Tom Eastep
3206021278
Another round of uninstall fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 13:50:39 -07:00
Tom Eastep
8571e0dca0
Another round of uninstall fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 13:29:51 -07:00
Tom Eastep
9dc2bba025
More uninstall corrections.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 09:39:03 -07:00
Tom Eastep
2fce05b3ab
Correct a couple of errors
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 09:11:29 -07:00
Tom Eastep
00b0489047
Implement SANDBOX variable in the installers/uninstallers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-04 07:50:30 -07:00
Tom Eastep
f9a21bd90e
Add -n option to the uninstallers.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-03 17:10:36 -07:00
Tom Eastep
8a5e71a56f
Implement the -n option in the installers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-03 07:59:41 -07:00
Tom Eastep
483ea3e437
Create INITDIR in -lite installs.
...
- Also don't link the init script if it isn't installed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-02 17:42:08 -07:00
Tom Eastep
2ec3adcc44
Don't link the init script if SYSTEMD is set.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-10-02 16:23:26 -07:00
Tom Eastep
820c769499
Correct silly bug in last change
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-29 07:08:39 -07:00
Tom Eastep
e6b0666ac9
Save ipsets during normal stop (duh)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 18:43:11 -07:00
Tom Eastep
2a463e06aa
More documentation changes regarding SAVE_IPSETS.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 17:10:45 -07:00
Tom Eastep
3174454300
Correct SAVE_IPSETS logic in Config.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 14:38:01 -07:00
Tom Eastep
ce1c367d1d
Re-commit the fix that saves only the appropriate family
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 14:09:20 -07:00
Tom Eastep
3e2c903a41
Revert "Only save ipsets of the proper family"
...
This reverts commit b053cab630
.
2014-09-28 13:32:32 -07:00
Tom Eastep
b053cab630
Only save ipsets of the proper family
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 12:58:52 -07:00
Tom Eastep
6f7d063921
Remove the target file before saving ipsets in the savesets command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 11:53:52 -07:00
Tom Eastep
3858683e94
Allow saving a specified list of ipsets
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-28 11:19:41 -07:00
Tom Eastep
38a18ac9ac
Allow indefinite alternative to 'yes' and 'no'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-27 15:06:18 -07:00
Tom Eastep
a09484356c
Support 'yes', 'no, <other> values for simple config options
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-27 07:57:46 -07:00
Tom Eastep
bc8588a68e
Fix rule numbers in trace output
...
- Don't increment $number needlessly when not tracing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-27 07:57:09 -07:00
Tom Eastep
10df9d31c4
Correct typo in the actions manpages (4.6.5 s/b 4.6.4).
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-25 14:47:27 -07:00
Tom Eastep
4989f694cd
Correct trace output
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-25 14:47:00 -07:00
Tom Eastep
053df2a5fb
Go back to original insert_irule() fix.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-25 09:21:20 -07:00
Tom Eastep
976a1f3deb
Merge branch '4.6.3'
...
Conflicts:
Shorewall/Perl/Shorewall/Misc.pm
2014-09-25 08:06:16 -07:00
Tom Eastep
ea40068c10
Fix ADMINISABSENTMINDED=No used with stoppedrules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-25 08:03:35 -07:00
Tom Eastep
56649e2183
Don't compile routestopped during check if there is stoppedrules.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 19:24:13 -07:00
Tom Eastep
520d21c056
Another tweak to LOG_BACKEND
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 17:12:05 -07:00
Tom Eastep
540eff24aa
Correctons to LOG_BACKEND implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 16:35:41 -07:00
Tom Eastep
580e00dabd
Implement LOG_BACKEND option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 15:26:13 -07:00
Tom Eastep
4815f7eba3
Correct warning message in stoppedrules processing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 11:05:15 -07:00
Tom Eastep
a7b57ad32c
Clarify iptrace logging.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-24 09:14:38 -07:00
Tom Eastep
ba7f88c912
Re-apply 'terminating' changes to the actions manpages.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-23 09:33:57 -07:00
Tom Eastep
7481514a97
Implement the 'terminating' action option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-23 09:29:13 -07:00
Tom Eastep
20c68dddf2
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2014-09-23 09:24:44 -07:00
Tom Eastep
35e60aa10c
Fix actions manpage
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-23 09:24:32 -07:00
Tom Eastep
1f5439257a
Revert "Implement the 'terminating' action option"
...
This reverts commit 6851744cb7
.
2014-09-23 07:39:25 -07:00
Tom Eastep
4495ed687b
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2014-09-23 07:10:46 -07:00
Tom Eastep
d97d45f4ad
Merge branch '4.6.3'
2014-09-23 07:10:17 -07:00
Tuomo Soini
a03f00bf0f
systemd services: multi-user is not same as old runlevel 3 so use basic
...
add conflicts to obviously conflicting services
remove old version number from init files
remove legacy syslog.target which is not needed on modern systems
fix formatting of email address onold Copyright text
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2014-09-23 16:44:03 +03:00
Tuomo Soini
8f05d0f16d
install.sh: support install on centos7 and foobar7
...
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2014-09-23 13:19:09 +03:00
Tom Eastep
f9d98b74a2
Merge branch '4.6.2' into 4.6.3
...
Conflicts:
Shorewall/Perl/Shorewall/Providers.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-16 08:09:20 -07:00
Tom Eastep
0d23b9c542
Don't verify required interfaces during 'stop' or 'clear'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-14 09:29:04 -07:00
Tom Eastep
a7bdfcc47b
Refine the rule reduction fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-11 20:58:01 -07:00
Tom Eastep
988ee64621
Eliminate Redundant Rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-11 10:17:01 -07:00
Tom Eastep
9947f4d968
Re-enable SECTION PREROUTING in the accounting file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-10 12:53:08 -07:00
Tom Eastep
9e039e30e5
Issue warning message when /etc/iproute2/rt_tables is not writeable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-02 08:11:33 -07:00
Tom Eastep
771e487b02
Merge branch '4.6.3'
2014-09-01 09:10:55 -07:00
Tom Eastep
0b66c475a7
Make <command> replacable in the run synopsis
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 09:10:03 -07:00
Tom Eastep
8727a6f1d8
Correct 'run' command synopsis in the shorewall[6] manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:52:09 -07:00
Tom Eastep
f9a62e1650
Correct builtin example in the actions manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:29:29 -07:00
Tom Eastep
6851744cb7
Implement the 'terminating' action option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-09-01 08:16:42 -07:00
Tom Eastep
f963adccf5
Correct silly typo in Chains.pm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-31 16:57:24 -07:00
Tom Eastep
48549b35ac
Correct inaccuracy in default.debian
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-30 08:25:58 -07:00
Tom Eastep
9001643996
Merge branch 'master' into 4.6.3
2014-08-30 07:18:55 -07:00
Tom Eastep
4bacfced82
Another attempt to fix formatting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 11:59:51 -07:00
Tom Eastep
7c1bbd4dc7
Fix formatting in shorewall[6]-rules(5)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 11:29:44 -07:00
Tom Eastep
4347190f82
Clarify REJECT handling in IP[6]TABLE rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 09:10:10 -07:00
Tom Eastep
fa8c3b3b6c
Correct typo in error messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 08:34:33 -07:00
Tom Eastep
045d5ac048
Correct typo in error messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 08:34:04 -07:00
Tom Eastep
e4a8cb31ba
Clean up the Goto Meeting macro a bit
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-24 08:16:11 -07:00
Tom Eastep
9e6fffc231
Goto-Meeting Macro from Eric Teeter
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-23 16:05:38 -07:00
Tom Eastep
3030219740
Tighten the check for DNSAmp
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-21 10:36:44 -07:00
Tom Eastep
602ecad712
Cleaner code in expand_variables()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-20 11:25:49 -07:00
Tom Eastep
6f777098d7
Add 'wildcard' member to the interface table
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-12 06:51:17 -07:00
Tom Eastep
e545329eb9
Modify the preceding fix to work with wildcard interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-12 06:50:59 -07:00
Tom Eastep
aedd9b5a76
Add 'wildcard' member to the interface table
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-11 08:30:44 -07:00
Tom Eastep
427f38109e
Some cosmetic cleanup
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-10 07:20:23 -07:00
Tom Eastep
0e1a1a3f44
Modify the preceding fix to work with wildcard interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-08 10:34:29 -07:00
Tom Eastep
b6161b8be7
Merge branch '4.6.2'
2014-08-08 08:30:04 -07:00
Tom Eastep
d3209ca624
Correct handling of a physical name in the provider INTERFACE column
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-08 08:15:26 -07:00
Tom Eastep
34ecbb9074
Correct Cygwin64 detection in the Shorewall installer
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-07 07:17:34 -07:00
Tom Eastep
beb70854ef
Correct Cygwin64 detection in the Shorewall installer
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-07 06:40:34 -07:00
Tom Eastep
7030fad572
Revert "Install the core components along with Shorewall"
...
This reverts commit c653a04a43
.
2014-08-07 06:36:23 -07:00
Tom Eastep
c653a04a43
Install the core components along with Shorewall
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-06 12:59:12 -07:00
Tom Eastep
5ef5aa8cdb
Allow inline matches in an action file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-05 07:34:24 -07:00
Tom Eastep
0ca12bd86f
Correct syntax error caused by replacing '%%' with '??'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-03 15:29:58 -07:00
Tom Eastep
a2f1c57246
Add DNSAmp action
...
- Allow escaping '@' allowing u32 in action body
- Allow inline matches in actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-03 15:11:25 -07:00
Tom Eastep
fd42fa9f74
Make 'detect_configuration' work in the 'run' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-08-01 07:34:40 -07:00
Tom Eastep
e49832f4b5
Run the 'init' script in the 'run' command.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-30 10:25:00 -07:00
Tom Eastep
0bf80c15d8
Detect missing <commmand> in the generated scrip
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-29 11:35:32 -07:00
Tom Eastep
4e9a0b989d
Update 'run' help text
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-29 10:46:28 -07:00
Tom Eastep
31e5aeeaea
Refine the 'run' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-29 10:30:07 -07:00
Tom Eastep
eb5026d3b7
Merge branch '4.6.2'
2014-07-28 14:47:23 -07:00
Tom Eastep
a799d74901
Correct typo and link in the shorewall-mangle manpage
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-28 08:39:07 -07:00
Tom Eastep
a7b18ca875
Implement 'run' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-28 07:04:56 -07:00
Tom Eastep
ad6c91bcbd
Allow optimize level 8 to work with Perl 5.20.0.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-25 21:03:48 -07:00
Tom Eastep
848078873d
Update tcfilters manpages to mention BASIC_FILTERS=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-22 07:19:10 -07:00
Tom Eastep
461f7b10ba
Detect Arptables JF capability when LOAD_HELPERS_ONLY = No.
...
- Move detection of Header Match to its proper ordinal.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-20 07:19:02 -07:00
Tom Eastep
2c9eda9cee
Add some white space for readability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 18:33:02 -07:00
Tom Eastep
64fc3d2e43
Correct a typo that caused iset couter match to be mis-detected
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 10:27:29 -07:00
Tom Eastep
d0aed87546
Correct IPV6 ipset capabilities checking on 3.14 kernels
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 10:25:46 -07:00
Tom Eastep
56fa6bd78a
Revert "Correct ipset detection on later kernels."
...
This reverts commit b207f64a85
.
2014-07-19 10:22:12 -07:00
Tom Eastep
b207f64a85
Correct ipset detection on later kernels.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 08:55:02 -07:00
Tom Eastep
9f381209d5
Detect HEADER_MATCH when LOAD_MODULES_ONLY=No
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 07:20:28 -07:00
Tom Eastep
29e6bc9379
Merge branch '4.6.2' of ssh://server.shorewall.net/home/teastep/shorewall/code into 4.6.2
2014-07-18 15:15:33 -07:00
Tom Eastep
4b3196b959
Add refmiscinfo to the shorewall-tcrules manpage
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-18 13:49:30 -07:00