holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity
11,999 Commits 104 Branches 736 Tags 54 MiB
b9adc2ebec
Commit Graph

5330 Commits

Author SHA1 Message Date
Tom Eastep
2050d566b8 Handle PRODUCT correctly at run-time. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-04 07:36:47 -07:00
Tom Eastep
188f05e130 Make ./firewall the default file when compile -e 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-04 07:35:03 -07:00
Tom Eastep
4260e5f6ba Correctly handle the product name in export shorewallrc. 
- Also re-arranged the processing of the shorewallrc file to eliminate
  the kludgy shuffling of hashes.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-04 06:59:16 -07:00
Tom Eastep
bdd66e68c9 Have separate hashes for the two shorewallrc files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-03 20:09:20 -07:00
Tom Eastep
55e3b11a28 Pass both shorewallrc files to the compiler from lib.cli-std 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-03 15:07:50 -07:00
Tom Eastep
b8e6a812bd Specify the cwd when compiling or checking for export 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-03 11:33:58 -07:00
Tom Eastep
09ce6239a7 Install stoppedrules rather than routestopped 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-03 11:00:22 -07:00
Tom Eastep
afd9875d3a Update Manpages 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-03 10:52:22 -07:00
Tom Eastep
5b953cc1dd Handle different layouts on the admin system and remote firewall(s) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-03 09:50:07 -07:00
Tom Eastep
8e5bd3637d Implement stoppedrules file (less manpages) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-03 08:44:03 -07:00
Tom Eastep
01696e7298 Remove empty paragraph in shorewall-rules(5) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-03 05:52:40 -07:00
Tom Eastep
b922177769 Handle missing VARDIR 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-02 15:51:35 -07:00
Tom Eastep
88ab423b2a Correct 'postcompile' patch 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-02 14:55:56 -07:00
Tom Eastep
e66d9e3418 Rename VARDIR to VARLIB in shorewallrc 
- Done so that existing shorewallrc files are still valid.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-02 14:36:11 -07:00
Tom Eastep
7279553be4 Revert "Add GROUP zones" 
This reverts commit 4f2a4c0c6c.
 2012-09-02 11:08:38 -07:00
Tom Eastep
a6740c6c53 Revert "Assign marks to according to GROUP zones" 
This reverts commit 3fbfafb6e3.
 2012-09-02 11:06:28 -07:00
Tom Eastep
4f54cb34df Add a postcompile script 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-02 08:28:02 -07:00
Tom Eastep
3fbfafb6e3 Assign marks to according to GROUP zones 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-01 18:13:49 -07:00
Tom Eastep
34ee00a986 Document the <directory> argument to the 'try' command. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-01 10:53:35 -07:00
Tom Eastep
353915fc8b Allow ipsets in the routestopped file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-01 10:52:37 -07:00
Tom Eastep
02e7d13710 Load iptables_raw in modules.essential 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-01 08:27:03 -07:00
Tom Eastep
e2c7284529 Correct handling of 'source' with ADMINISABSENTMINDED=No 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-01 08:26:31 -07:00
Tom Eastep
092c2ef8f7 No longer process the local shorewall.conf when compiling from a directory 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-09-01 08:21:45 -07:00
Tom Eastep
4f2a4c0c6c Add GROUP zones 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-31 17:37:01 -07:00
Tom Eastep
deea614677 Placate the latest Emacs WRT qw/.../ 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-31 17:36:38 -07:00
Tom Eastep
1119d64b29 Break SNMP Macro into two macros 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-31 06:53:05 -07:00
Tom Eastep
053797a85e Merge branch '4.5.7' 2012-08-30 14:27:01 -07:00
Tom Eastep
48706695b6 Make the SNMP bi-directional with traps allowed in the reverse direction 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-30 14:25:51 -07:00
Tom Eastep
9b05146a85 New documents (WIP) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-30 10:06:58 -07:00
Tom Eastep
09a6f8bc16 Revert non-fatal error implementation 
- In the end, I didn't like the way this worked.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-29 11:35:11 -07:00
Tom Eastep
303dc65d13 Merge branch '4.5.7' 2012-08-28 11:46:04 -07:00
Tom Eastep
d838cf41bf Allow TTL and HL in the PREROUTING chain. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-28 11:45:32 -07:00
Tom Eastep
84e24325de Merge branch '4.5.7' 2012-08-27 07:30:21 -07:00
Tom Eastep
3aca90811c Clear the current comment at the end of the blrules file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-27 07:29:47 -07:00
Tom Eastep
7b12558249 Merge branch '4.5.7' 2012-08-26 09:18:16 -07:00
Tom Eastep
341dec0711 Another fix for the NOTRACK patch 
- 3 defects in a two-line patch :-(
 2012-08-26 09:17:57 -07:00
Tom Eastep
01b58bf66f Merge branch '4.5.7' 2012-08-26 08:27:39 -07:00
Tom Eastep
dc21d015da Clean up white-space in Togan's patch 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-26 08:27:24 -07:00
Tom Eastep
9e5d1cc1ce Merge branch '4.5.7' 2012-08-26 08:11:40 -07:00
Tom Eastep
779243094e Map NOTRACK to 'CT --notrack' if CT_TARGET is available. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-26 08:08:57 -07:00
Togan Muftuoglu
1a324fa37f Suse specific patches 
Hi Tom,

I have been patching shorewall packages for the opensuse releases, but I
guess it is better to send them to you . the upstream so it gets
incorporated into shorewall itself and I do not have to patch it ;)

I believe I have incorparted most of my patches in to this one. If you
can review them and if appropriate apply them that would be great

Thanks

Togan

>From 6072c08de753e7d1cc31bb758295dee198197e41 Mon Sep 17 00:00:00 2001
From: Togan Muftuoglu <toganm@opensuse.org>
Date: Fri, 24 Aug 2012 13:17:12 +0200
Subject: [PATCH] suse-specific

Signed-off-by: Togan Muftuoglu <toganm@opensuse.org>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-25 08:45:57 -07:00
Tom Eastep
b45d15eec6 Revert "Apply Togan Muftuoglu's SuSE-specific init patches" 
This reverts commit 2412998b57.
 2012-08-25 08:45:18 -07:00
Togan Muftuoglu
906795a4d7 Suse specific patches 
Hi Tom,

I have been patching shorewall packages for the opensuse releases, but I
guess it is better to send them to you . the upstream so it gets
incorporated into shorewall itself and I do not have to patch it ;)

I believe I have incorparted most of my patches in to this one. If you
can review them and if appropriate apply them that would be great

Thanks

Togan

>From 6072c08de753e7d1cc31bb758295dee198197e41 Mon Sep 17 00:00:00 2001
From: Togan Muftuoglu <toganm@opensuse.org>
Date: Fri, 24 Aug 2012 13:17:12 +0200
Subject: [PATCH] suse-specific

Signed-off-by: Togan Muftuoglu <toganm@opensuse.org>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-25 08:41:28 -07:00
Tom Eastep
7208464c68 Change "Compilation aborted..." to "Check aborted ..." 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-25 08:10:12 -07:00
Tom Eastep
519e799ef1 Unify the mode of init files 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-24 06:59:11 -07:00
Tom Eastep
e5d63f4212 Merge branch '4.5.7' 2012-08-24 06:56:01 -07:00
Tom Eastep
2412998b57 Apply Togan Muftuoglu's SuSE-specific init patches 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-24 06:32:30 -07:00
Tom Eastep
1067f8a9bb Use the non-fatal error reporting feature for missing capabilities 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-24 06:25:29 -07:00
Tom Eastep
3006452cea Unconditionally restore route mark in PREROUTING and OUTPUT. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-23 12:23:29 -07:00
Tom Eastep
e17010018c Unconditionally restore route mark in PREROUTING and OUTPUT. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-23 12:15:14 -07:00
Tom Eastep
112312f2ee Add non-fatal error capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-23 05:50:36 -07:00
Tom Eastep
dffd98dff7 Revert change that added CONTINUE as a valid content of the ADDRESSES column 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-21 10:51:01 -07:00
Tom Eastep
64edd30a76 Correct link in shorewall[6].conf manpages 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-21 07:54:51 -07:00
Tom Eastep
c20611b6c0 Add CONTINUE keyword to the masq file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-20 18:09:59 -07:00
Tom Eastep
1fd9e5e95c Compensate for silly RHEL bug 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-20 07:20:21 -07:00
Tom Eastep
99efb518bd Add the HELPER column to the rules files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-18 12:05:42 -07:00
Tom Eastep
1b7a7d0fdf Remove some more hard-coded directory names from the installers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-17 14:24:52 -07:00
Tom Eastep
7ac9e46e1f Add a comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-16 15:49:33 -07:00
Tom Eastep
0a4f26a318 Correct handling of existing notrack file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-16 14:46:48 -07:00
Tom Eastep
8d3cf6428f Install the conntrack file unconditionally. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-16 10:50:23 -07:00
Tom Eastep
f6c4650624 Allow a notrack with nothing but FORMAT and COMMENT lines to be removed. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-16 10:49:59 -07:00
Tom Eastep
3c35af9d8c Merge branch 'master' into 4.5.7 2012-08-16 08:34:54 -07:00
Tom Eastep
1e11109bb2 Don't combine rules with '-m policy' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-16 08:34:30 -07:00
Tom Eastep
f59612671b Don't optimize chains with '-m ipsec' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-16 07:33:01 -07:00
Tom Eastep
da4f7ee524 Handle ppp devices correctly in the 'enable' command. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-16 06:59:35 -07:00
Tom Eastep
b132176dae Correct reference adjustment in new opt4 code 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-14 13:36:39 -07:00
Tom Eastep
1f59e4f449 Update case in conditionals. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-14 11:42:46 -07:00
Tom Eastep
8487c78a0a Adjust reference counts when splicing in short chain 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-14 08:34:51 -07:00
Tom Eastep
fdc45a990d Arrange for HELPER to match in the RELATED section. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-13 15:44:19 -07:00
Tom Eastep
44a550870c Add HELPER action. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-13 13:23:38 -07:00
Tom Eastep
bd3295b0e3 Remove temporary hack 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-13 08:55:43 -07:00
Tom Eastep
f1fbb95d48 Update documentation for content merged from the 4.5.8 (master) path 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-13 08:16:36 -07:00
Tom Eastep
45288f5927 Revise notrack/conntrack handling: 
- Purge empty notrack files.
- Process both files.
 2012-08-13 07:28:07 -07:00
Tom Eastep
75b830b10e Merge branch 'master' into 4.5.7 2012-08-13 06:57:54 -07:00
Tom Eastep
4b2d48d621 Hardwire AUTOHELPERS until 4.5.8. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-13 06:48:19 -07:00
Tom Eastep
50362040d7 Enable automatic helper association during 'stop'. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-12 08:46:06 -07:00
Tom Eastep
2f1d59366c Unconditionally disable kernel automatic helper association during start. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-12 08:43:28 -07:00
Tom Eastep
b372163122 Enable automatic helper association during 'stop'. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-12 08:42:53 -07:00
Tom Eastep
50bd1d6398 Add AUTOHELPER option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-12 07:25:11 -07:00
Tom Eastep
e6ef32ebc2 Make conditional directives case insensitive 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-11 08:48:35 -07:00
Tom Eastep
a5824dc2d4 Optimize extension 
- Eliminate short chains with a single reference.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-11 08:47:10 -07:00
Tom Eastep
b5af6f03fb Create better rules when a HELPER appears in an action 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-11 07:48:03 -07:00
Tom Eastep
50dfffec94 Eliminate duplicate rules in raw-table chains when optimize level 16. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-10 07:09:01 -07:00
Tom Eastep
ad818c071a Generate omnibus tracking rules when NAT/ACCEPT with helper appears in an action. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-10 06:55:18 -07:00
Tom Eastep
e84ee76c7d Add helpers to macros 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-09 10:32:34 -07:00
Tom Eastep
2ab50e65d7 Make conditional directives case insensitive 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-09 10:30:02 -07:00
Tom Eastep
2690243e3c Add helpers in the macros 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-09 07:36:04 -07:00
Tom Eastep
4d3fbd1dfa Allow '?IF 0' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-08 07:24:17 -07:00
Tom Eastep
e8a4728981 Allow '?IF 0' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-08 07:23:43 -07:00
Tom Eastep
ee28638604 Add HELPERS to rules file 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-08 07:23:20 -07:00
Tom Eastep
a8495626b0 Merge branch '4.5.6' into 4.5.7 2012-08-07 15:10:15 -07:00
Tom Eastep
c6186571e5 Handle raw table zones from VSERVERS 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-07 15:09:40 -07:00
Tom Eastep
ccf517307e Handle raw table zones from VSERVERS 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-07 14:51:58 -07:00
Tom Eastep
e00616a1fe Don't release blacklist files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-07 07:56:16 -07:00
Tom Eastep
c007f847a0 Handle disabled helpers in pre-3.5 kernels. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-06 15:54:45 -07:00
Tom Eastep
56caf3687f Factor out the ?IF __CT_TARGET tests in the conntrack files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-06 09:26:14 -07:00
Tom Eastep
b4c812b676 Correct helper parsing in the Raw module. 
- Require (...) around multiple ctevents
- Detect invalid options

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-05 08:09:17 -07:00
Tom Eastep
9a0d53194a Correct Helper detection in the compiler. 
Use CT_MATCH when available.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-05 08:08:20 -07:00
Tom Eastep
cfe2f36320 Delete duplicate entry in the Shorewall[6] install.sh 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-04 08:23:08 -07:00
Tom Eastep
093985dd93 Use HELPERS to enable/disable helper association. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-03 19:26:02 -07:00
Tom Eastep
72307df6d2 Replace the AUTOHELPERS option with the HELPERS option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-03 10:53:20 -07:00
Tom Eastep
7689b1e84b Remove the 'zone' helper option for now. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-03 06:39:58 -07:00
Tom Eastep
82c057d1ed Fix *VERSION handling. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 16:44:02 -07:00
Tom Eastep
21770a89d6 Detect which matches are available. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 15:38:23 -07:00
Tom Eastep
223ed5b3a3 More additions to the helper table and to the conntrack files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 13:25:44 -07:00
Tom Eastep
2ae59bb3cd Add COMMENT directives to conntrack file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 11:58:00 -07:00
Tom Eastep
9ba0c07956 Redesign the CT:helper feature. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 11:10:08 -07:00
Tom Eastep
7d32258e6e Correct Helpers Module 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 11:09:34 -07:00
Tom Eastep
07e56d129a Add AUTOHELPERS option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 11:09:18 -07:00
Tom Eastep
62d6d2558e Rename AUTO_COMMENT to AUTOCOMMENT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 11:06:41 -07:00
Tom Eastep
833e54c9c3 Rename the notrack file to conntrack 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-02 11:02:17 -07:00
Tom Eastep
f2dd43855e Correct typo in warning message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-01 13:13:18 -07:00
Tom Eastep
eaf238fa66 Merge branch '4.5.6' 2012-08-01 10:37:45 -07:00
Tom Eastep
542f279544 Don't allow a source interface in a DNAT/REDIRECT rule with source == firewall 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-08-01 10:01:08 -07:00
Tom Eastep
c8ea03bf8c Update help text 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-30 07:23:53 -07:00
Tom Eastep
ac6e67e371 Correct typo in rules manpages 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-30 07:23:40 -07:00
Tom Eastep
735b7c2cf5 Add support for nfacct 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-28 11:21:16 -07:00
Tom Eastep
87c0f934aa Add NFacct Match capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-28 08:19:05 -07:00
Tom Eastep
c0e4d4093c Clarify TOS value 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-16 15:53:22 -07:00
Tom Eastep
55b527d065 Eliminate a local variable. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-15 20:22:19 -07:00
Tom Eastep
e1e7ab42c1 Make 'routefilter' and 'sfilter' mutually exclusive 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-15 10:37:56 -07:00
Tom Eastep
65b16a1acf Compensate for bugs in the latest CPerl emacs extension 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-15 10:07:06 -07:00
Tom Eastep
1db79a91eb 'rpfilter' option 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-15 10:05:32 -07:00
Tom Eastep
e7cd84a72c Implement rpfilter match capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-15 07:54:46 -07:00
Tom Eastep
691a9bf793 Correct installation on systems with systemd 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-14 14:38:30 -07:00
Tom Eastep
2cce81cfc1 Revert 83a8c7eda3 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-09 10:58:15 -07:00
Tom Eastep
9f4ca3ebc5 Additional simplification of evaluate_expression() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-08 07:48:27 -07:00
Tom Eastep
3c2385de06 Merge branch '4.5.6' 2012-07-08 07:36:15 -07:00
Tom Eastep
6ce3d0180e Ensure a defined value for __IPV[46] 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-07 09:47:10 -07:00
Tom Eastep
83a8c7eda3 When TC_ENABLED=No, require providers to process tcrules 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-07 08:02:57 -07:00
Tom Eastep
18f947eb2f Apply patch from Daniel Meißner 
- Corrects STARTUP_ENABLED=No error message

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-06 07:28:29 -07:00
Tom Eastep
83df8a4e39 Avoid a call to eval() for simple expressions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-06 07:26:54 -07:00
Tom Eastep
e9d8228b6f Simplify handling of __IPVn in conditional directives. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-06 06:43:15 -07:00
Tom Eastep
65d8341c6c Correct a comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-05 15:43:20 -07:00
Tom Eastep
61a9584433 Only require MANGLE_ENABLED to process the tcrules file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-04 14:45:24 -07:00
Tom Eastep
000cc6978a Add missing 'sleep' when waiting for wildcard interface to come up 
- Also reverse the order of test and sleep when waiting for a regular
  interface to come up.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-03 08:06:30 -07:00
Tom Eastep
e4d66fb5fc Back out redundant part of recent patch 
- setup_traffic_shaping is only called when there are tc devices so the
  test of @tcdevices in that function is redundant.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-03 06:33:46 -07:00
Tom Eastep
537f6c157c Allow the compiler version to be tested in ?IF/?ELSIF 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-02 11:53:32 -07:00
Tom Eastep
a5b637b2a7 Use the correct filename in ?IF/?ELSIF exec call. 
- Also extend a comment in the TC module

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-02 11:53:01 -07:00
Tom Eastep
09c00cf425 Don't print phoney progress message 
- The 'Setting up Traffic Shaping' progress message was being issued when
  traffic shaping was not enabled.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-07-01 08:27:07 -07:00
Tom Eastep
6ddaa0190e Improve USER/GROUP validation. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-30 14:46:50 -07:00
Tom Eastep
5c176c64b7 Add an ORIGINAL DEST column to /etc/shorewall/masq 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-29 15:32:01 -07:00
Tom Eastep
b195884b1f Insure that the correct filename/linenumber are printed in error messages out of process_conditional() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-29 09:01:26 -07:00
Tom Eastep
56d5ae2d41 Ensure that exclusion chains have DONT_MOVE 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-27 18:06:38 -07:00
Tom Eastep
41c7c8f923 Make the Invalid Drop rules uniform across sample files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-27 15:16:16 -07:00
Tom Eastep
0bf2753472 Re-implement conditional inclusion 
- Correct defects
- Add ?ELSIF support
- Allow Perl-compatible expressions in ?IF
 2012-06-27 15:15:44 -07:00
Tom Eastep
c90006ecf8 Correct another logical name bug -- this time in TC 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-27 11:34:19 -07:00
Tom Eastep
17d22fb5b8 Prevent multiple 'tproxy' providers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-23 17:26:18 -07:00
Tom Eastep
af302900c6 Prevent multiple 'tproxy' providers 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-23 17:09:46 -07:00
Tom Eastep
9aa78656ec Add TPROXY_MARK to the output of 'shorewall show marks' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-23 07:57:39 -07:00
Tom Eastep
b9d59bc60c Document that 'classify' with marks is now allowed. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-22 10:17:26 -07:00
Tom Eastep
1b7601cb19 Update all samples to specify OPTIMIZE=31 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-21 11:48:48 -07:00
Tom Eastep
9d3766b77f Allow fwmarks with 'classify' interfaces 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-20 14:04:48 -07:00
Tom Eastep
24ddae6ede Don't use '--ctmark' when saving marks 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-20 13:30:27 -07:00
Tom Eastep
7b6f329830 Document UID/GID ranges 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-19 14:05:38 -07:00
Tom Eastep
4d336ed8d6 Rewrite handling of the USER/GROUP column 
- Remove code that handled '+program' as that support was removed from
  the kernel in 2.6.14.
 2012-06-19 08:14:31 -07:00
Tom Eastep
da3e1b720c Apply user/group Id range patch from Gergely Risko 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-19 06:17:13 -07:00
Tom Eastep
a38f773ab1 Clarify comment in macro.mDNS 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-18 14:20:10 -07:00
Tom Eastep
7b4e5828e0 Clean up handling of RED options. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-18 12:17:22 -07:00
Tom Eastep
a2f6236e82 Add bi-directional mDNS macro 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-18 09:16:30 -07:00
Tom Eastep
50bd126b11 Reverse change to macro.mDNS and add a comment about $FW being the SOURCE 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-18 09:16:11 -07:00
Tom Eastep
4a55705b9a Update tcclasses manpages titles to include HFSC 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-18 07:54:25 -07:00
Tom Eastep
0a928cb034 Add tc-red(8) as reference to the tcclasses manpages. 2012-06-17 10:03:19 -07:00
Tom Eastep
4c10fcd503 Complain if a RED_NONE option has a value specified. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-16 15:51:20 -07:00
Tom Eastep
2807502836 More tcclasses manpage cleanup. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-16 06:50:23 -07:00
Tom Eastep
5f81ab7b31 make mDNS macro bi-directional 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-15 10:39:11 -07:00
Tom Eastep
780e7014d4 Cleanup of tcclasses manpages 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-15 10:34:09 -07:00
Tom Eastep
5fc295e8cc Fix handling of stab 'tsize' option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-14 15:44:15 -07:00
Tom Eastep
c5ba167a3e Make CEIL optional 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-14 13:10:09 -07:00
Tom Eastep
9159372897 Fix a typo in the tcfilters manpages. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-14 13:08:37 -07:00
Tom Eastep
6c47349689 Support 'red' queuing discipline 
- Also added 'ls' support for HFSC

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-13 14:29:13 -07:00
Tom Eastep
d2c415c580 Make IFB work with logical interface names. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-13 13:48:12 -07:00
Tom Eastep
28ab3749ca Allow fractional delays in TC 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-13 13:47:31 -07:00
Tom Eastep
a29dbf4ff8 Fix for linklayer 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-12 11:48:12 -07:00
Tom Eastep
cbba5741ce Correct typos in tcdevices manpages 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-12 09:40:15 -07:00
Tom Eastep
19cace7e8d Merge branch '4.5.5' 
Conflicts:
	Shorewall/Perl/Shorewall/Providers.pm
 2012-06-11 17:02:59 -07:00
Tom Eastep
4791a8ca66 Don't delete default routes when 'fallback' is specified. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-11 16:57:49 -07:00
Tom Eastep
844f6c63e4 Add support for TC size tables. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-11 15:45:47 -07:00
Tom Eastep
08db919479 Merge branch '4.5.5' 2012-06-11 13:55:47 -07:00
Tom Eastep
2dd9e6c91f Don't delete default routes when 'fallback' is specified. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-11 13:53:53 -07:00
Tom Eastep
c57f627a21 Add some comments. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-11 11:25:19 -07:00
Tom Eastep
1d0ab43fbb Change indentation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-10 15:38:09 -07:00
Tom Eastep
b5bba40344 Merge branch '4.5.5' 2012-06-10 07:35:51 -07:00
Tom Eastep
1f54d19981 Split add_input_jumps() into two functions 
- Added add_forward_jump()
- Added lots of comments

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-09 17:21:59 -07:00
Tom Eastep
00f7b9d0dd More useful trace of enable/disable optimization 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-09 15:36:29 -07:00
Tom Eastep
6d3ebd5b56 Improve DIGEST handling. 
- Compile compiler.pl when DIGEST specified.
- Report the digest being used.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-09 09:34:28 -07:00
Tom Eastep
2bf16016c1 Add --digest to configure scripts. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-09 07:24:23 -07:00
Tom Eastep
a2f32f25c5 Add some comments. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-09 06:20:40 -07:00
Tom Eastep
ae66d7d7a5 Eliminate the hideously complex forwarding code in generate_matrix() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-08 08:29:36 -07:00
Tom Eastep
63eb0bee5b Break up and eliminate handle_pio_jumps() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-08 07:40:26 -07:00
Tom Eastep
8a9427ebff Merge branch '4.5.4' 2012-06-07 14:12:48 -07:00
Tom Eastep
4a383540be Merge branch '4.5.4' into 4.5.5 2012-06-07 14:12:10 -07:00
Tom Eastep
db6a7276ec Don't optimize chains with commands 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-07 14:11:44 -07:00
Tom Eastep
d771c6b2c2 Delete the 'dnat' nat-table chain 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-07 13:44:03 -07:00
Tom Eastep
fe7d0730d5 Break up generate_matrix() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-07 07:47:33 -07:00
Tom Eastep
38adf3d186 Set 'sourceroute=0' on all sample net interfaces 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-06 14:30:00 -07:00
Tom Eastep
a2a9ef0958 Rename OPTIMIZE_MASK1 to OPTIMIZE_MASK2n4 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-06 13:08:45 -07:00
Tom Eastep
21eda5daec Fix multiple iprange matches without kludgefree. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-06 11:26:52 -07:00
Tom Eastep
6bd81145e9 Fix single-line embedded Perl 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-06 11:23:33 -07:00
Tom Eastep
49050e61de Fix multiple iprange matches without kludgefree. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-06 10:50:16 -07:00
Tom Eastep
225101b802 Rename OPTIMIZE_MASK1 to OPTIMIZE_MASK2n4 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-05 12:51:52 -07:00
Tom Eastep
fa3164fb1b Re-enable single-line embedded SHELL and PERL 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-05 12:51:16 -07:00
Tom Eastep
3294f7c4c3 Add a comment 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-05 09:02:29 -07:00
Tom Eastep
654f7dd805 Fix single-line embedded Perl 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-05 09:02:12 -07:00
Tom Eastep
ee467a4877 Allow embedded shell/Perl directives to have leading '?' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-05 07:32:43 -07:00
Tom Eastep
170875c7dd Convert the 'ignore' interface to be multi-valued 
-Allows 'ignore=1' to only exempt interface from updown processing

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-05 07:23:23 -07:00
Tom Eastep
c8156cfdb1 Correct typo 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-04 08:18:57 -07:00
Tom Eastep
57a9feaf2f Correct typo 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-04 08:00:07 -07:00
Tom Eastep
92a13ec87c Merge branch '4.5.4' 
Conflicts:
	Shorewall/Perl/Shorewall/Config.pm
 2012-06-03 18:51:03 -07:00
Tom Eastep
040f693583 Cosmetic changes in code from when I was still learning Perl 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-03 17:50:34 -07:00
Tom Eastep
69387b9099 Make 'check -r' work like 'compile' WRT optimization 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-03 15:43:43 -07:00
Tom Eastep
28f0a066da Make 'check -r' work like 'compile' WRT optimization 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-03 15:15:11 -07:00
Tom Eastep
621aa3fc6a Another approach to reporting errors from process_conditional() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-03 13:47:38 -07:00
Tom Eastep
9869420106 Check for conditional directives prior to continuation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-03 09:05:09 -07:00
Tom Eastep
39b3a0da65 Check for conditional directives prior to continuation 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-03 08:43:48 -07:00
Tom Eastep
121d34aed0 Add constant LOG_OPTIONS capability 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-02 14:06:31 -07:00
Tom Eastep
4b69216c83 Relocate lib.core in the Source Tree 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-02 12:46:35 -07:00
Tom Eastep
7ff15b0625 Merge branch '4.5.4' 
Conflicts:
	Shorewall/Perl/Shorewall/Zones.pm
 2012-06-02 11:41:45 -07:00
Tom Eastep
41dcd5826f Minimize the list of plain interfaces 
Omit bridge ports and interfaces that match a wildcard.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-02 11:39:16 -07:00
Tom Eastep
26502034ec Minimize the list of plain interfaces 
Omit bridge ports and interfaces that match a wildcard.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-02 11:17:10 -07:00
Tom Eastep
baa2c4f5eb Merge branch '4.5.4' 2012-06-02 09:30:47 -07:00
Tom Eastep
9e9c44d4ac Handle Debian pre-down/post-down correctly 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-02 09:26:00 -07:00
Tom Eastep
01eb1a580b Merge branch '4.5.4' 2012-06-02 08:20:40 -07:00
Tom Eastep
b3316d755a Correct silly typo in Providers.pm 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-01 17:14:08 -07:00
Tom Eastep
73274b9b0b Correct progress message 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-01 15:55:22 -07:00
Tom Eastep
c823b0e41e More Shorewall-init fixes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-01 14:04:08 -07:00
Tom Eastep
78f9b76dae Move mutex handling to the main program. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-01 14:03:47 -07:00
Tom Eastep
402e155148 More Shorewall-init fixes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-01 14:01:58 -07:00
Tom Eastep
9c4a01bcdd Move mutex handling to the main program. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-01 11:47:58 -07:00
Tom Eastep
21b9a194ca Merge branch '4.5.4' 2012-06-01 11:30:35 -07:00
Tom Eastep
312efe5c7b Use enable/disable for up and down of provider interfaces 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-01 11:27:57 -07:00
Tom Eastep
f25187adb1 Move compile_updown() from the Zones module to the Providers module 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-06-01 08:12:07 -07:00
Tom Eastep
eb03168685 Cleanup of process_rules1() breakup 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-31 15:32:16 -07:00
Tom Eastep
69badac72f Merge branch '4.5.4' 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-30 14:43:05 -07:00
Tom Eastep
de184b32bc Fix sectioned IPSEC accounting. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-30 14:37:29 -07:00
Tom Eastep
ea173ab628 Correct IPSEC accounting manpages. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-30 14:09:41 -07:00
Tom Eastep
303c661409 Eliminate bogus term in an expression. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-30 12:49:18 -07:00
Tom Eastep
e88c2c8cd3 Move rules file nat handling to the Nat module 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-30 09:01:24 -07:00
Tom Eastep
67932f2d42 Break up expand_rule() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-30 06:49:00 -07:00
Tom Eastep
eb63745352 Merge branch '4.5.4' 2012-05-29 06:48:04 -07:00
Tom Eastep
32e0f154b5 Correct pptpserver tunnel configuration. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-29 06:46:40 -07:00
Tom Eastep
db50454afc Complete removal of optimize level 4 when level 4 is set. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-25 15:42:34 -07:00
Tom Eastep
ed352f60b6 Complete removal of optimize level 4 when level 4 is set. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-25 15:41:55 -07:00
Tom Eastep
3a5875dc73 Add MSSQL Macro 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-25 07:09:23 -07:00
Tom Eastep
5211b32aa6 Remove quotes from GEOIPDIR setting 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-25 07:09:07 -07:00
Tom Eastep
c37beacd95 Add MSSQL Macro 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-25 07:07:14 -07:00
Tom Eastep
5b891f1072 Remove quotes from GEOIPDIR setting 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-25 07:05:38 -07:00
Tom Eastep
fc97f6d00e Implement LOG target option control. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-24 13:54:59 -07:00
Tom Eastep
6142d4d535 Fix typo 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-23 07:55:07 -07:00
Tom Eastep
1f2ca30ebd Infrastructure for iRule-based logging. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2012-05-22 16:46:11 -07:00