Tom Eastep
|
ba6dc9c5c0
|
First cut at mangle actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-06 12:42:22 -08:00 |
|
Tom Eastep
|
89b2c2fb55
|
Move mangle processing into the Rules module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-06 08:59:37 -08:00 |
|
Tom Eastep
|
2bb143b28c
|
Save/restore nat OUTPUT jump to DOCKER
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-04 12:21:45 -08:00 |
|
Tom Eastep
|
99f83da3ab
|
Avoid duplicate rules after reload
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-04 11:09:53 -08:00 |
|
Tom Eastep
|
89e3e959dc
|
Revert bad change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-04 10:20:55 -08:00 |
|
Tom Eastep
|
9e41264671
|
Go back to generating docker0 rules when it is defined to Shorewall
- Avoids issues after 'stop'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-04 09:27:47 -08:00 |
|
Tom Eastep
|
3fb715740d
|
Avoid duplicated code blocks in save_dynamic_chains()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-04 09:27:04 -08:00 |
|
Tom Eastep
|
ed6ff96aa0
|
Replace another $VARDIR instance
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-03 14:11:57 -08:00 |
|
Tom Eastep
|
18dac19d86
|
Remove dead code from save_dynamic_chains()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-03 14:09:55 -08:00 |
|
Tom Eastep
|
d5ea876e93
|
Replace $VARDIR with ${VARDIR} for consistency
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-03 11:54:14 -08:00 |
|
Tom Eastep
|
f7a6ad1412
|
Clean up formatting in define_firewall() and stop_firewall()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-03 09:24:43 -08:00 |
|
Tom Eastep
|
b279869629
|
Fix DOCKER issue
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-02 20:59:44 -08:00 |
|
Tom Eastep
|
c56ba534d6
|
Yet more PAGER fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-02 12:34:39 -08:00 |
|
Tom Eastep
|
90d254f0c3
|
Add PAGER option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-02 08:32:49 -08:00 |
|
Tom Eastep
|
a95de8d092
|
Page the output of verbose commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-03-01 15:12:54 -08:00 |
|
Tom Eastep
|
68cce5ff73
|
Eliminate some sillyness in normalize_action()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-29 11:17:15 -08:00 |
|
Tom Eastep
|
1c1881859f
|
Delete untrue comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-29 08:45:47 -08:00 |
|
Tom Eastep
|
5b163e9bc2
|
Save/restore docker0 rules when it isn't defined to Shorewall
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-27 14:09:29 -08:00 |
|
Tom Eastep
|
71d64ab380
|
Add DOCKER network support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-27 13:36:47 -08:00 |
|
Tom Eastep
|
36d8518562
|
Code compaction
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-26 13:13:56 -08:00 |
|
Tom Eastep
|
6c88eb6916
|
Add an ECN action to shorewall-mangle(8)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-26 09:33:16 -08:00 |
|
Tom Eastep
|
6e1cc0f1d0
|
Correct stop/start Docker handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-25 13:37:44 -08:00 |
|
Tom Eastep
|
ee5ef07035
|
Correct another silly typo -- this time in allowBcast()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-24 14:58:10 -08:00 |
|
Tom Eastep
|
3c8696b91d
|
Correct silly typo in setup_ecn()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-24 09:35:13 -08:00 |
|
Tom Eastep
|
fd4de0c66a
|
Create more compact DOCKER conditional rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-22 14:46:35 -08:00 |
|
Tom Eastep
|
49536562e2
|
Emit more compact code when conditionally adding DOCKER chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-22 13:49:22 -08:00 |
|
Tom Eastep
|
36b6863b02
|
Update copyright date on lib.core
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-22 13:48:48 -08:00 |
|
Tom Eastep
|
63b501996e
|
Require ADDRTYPE for DOCKER=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-21 12:26:39 -08:00 |
|
Tom Eastep
|
7a9e9ad945
|
Decommit DOCKER=Yes in IPv6.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-21 12:03:41 -08:00 |
|
Tom Eastep
|
f4312a38b9
|
Add all Docker rules in the stopped state
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-21 10:33:45 -08:00 |
|
Tom Eastep
|
fc6a1f6d0d
|
Don't create Docker chains/rules if Docker isn't running
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-21 09:54:37 -08:00 |
|
Tom Eastep
|
83b899b030
|
Save/Restore Docker-generated rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-20 14:02:54 -08:00 |
|
Tom Eastep
|
61f6cacc30
|
Infrastructure required by Docker
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-20 14:01:48 -08:00 |
|
Tom Eastep
|
caba1cd770
|
DOCKER=Yes requires IPTABLES_S
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-20 10:03:06 -08:00 |
|
Tom Eastep
|
4306ff1029
|
Correct 'save_dynamic_chains'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-20 09:57:11 -08:00 |
|
Tom Eastep
|
663f82c158
|
Move nat POSTROUTING rules to SHOREWALL if DOCKER=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-20 09:24:06 -08:00 |
|
Tom Eastep
|
e66d9f6547
|
Add DOCKER option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-19 17:42:54 -08:00 |
|
Tom Eastep
|
f33f333937
|
Make 'default' and 'none' case insensitive in the GATEWAY column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-17 15:25:46 -08:00 |
|
Tom Eastep
|
94cfe54f92
|
Allow routing tables with no default route
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-17 11:49:09 -08:00 |
|
Tom Eastep
|
8ac0f96029
|
Delete blank line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-09 18:20:00 -08:00 |
|
Tom Eastep
|
894a98f24e
|
Improve optimizer handling of origin during rule merge
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-04 12:00:05 -08:00 |
|
Tom Eastep
|
bd9e8142b9
|
Ensure that the chain origin is used when there is no rule origin
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-03 10:43:10 -08:00 |
|
Tom Eastep
|
916a392fb0
|
Improve chain-completion rule tracking
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-02-02 14:57:47 -08:00 |
|
Tom Eastep
|
28983a0194
|
Add comment describing the origin member of a rule
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-01-31 09:29:24 -08:00 |
|
Tom Eastep
|
2cd098ba31
|
Update heading versions and copyrights
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-01-28 13:46:34 -08:00 |
|
Tom Eastep
|
9188f7efa3
|
Don't export shortlineinfo2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-01-28 13:38:26 -08:00 |
|
Tom Eastep
|
95a029316a
|
Improve get_keys*()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-01-28 12:51:23 -08:00 |
|
Tom Eastep
|
d4bea3d3ec
|
Optimize TRACK_RULES handling in the Chains module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-01-28 11:38:48 -08:00 |
|
Tom Eastep
|
6085c6092f
|
Add origin comments to command-mode rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-01-28 10:58:09 -08:00 |
|
Tom Eastep
|
48df3d9627
|
Add origin member to the providers table
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2016-01-28 10:34:36 -08:00 |
|