Commit Graph

1555 Commits

Author SHA1 Message Date
Tom Eastep
ba9a0016a8 Move update_config_file() to before process_shorewall_conf()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-23 06:37:21 -07:00
Tom Eastep
de7d95e7ff Rename 'ipset v4' -> 'ipset v5'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-23 06:36:35 -07:00
Tom Eastep
04d551d8ca Detect ipset V4 and use its syntax
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-22 16:43:42 -07:00
Tom Eastep
7ef7490cd6 Change the compiler's default for LEGACY_FASTSTART
- No visible effect since the compiler doesn't use this option
2011-06-22 13:56:17 -07:00
Tom Eastep
1b3d7947b8 Update the .conf file before validating ('update' command)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-22 12:31:58 -07:00
Tom Eastep
ba7d5fd720 Avoid two-stage processing of shorewall.conf when not updating.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-22 10:56:25 -07:00
Tom Eastep
106ba52362 Change signature of get_action_params
- Accepts a number of parameters rather than a list
- Change action.Drop and action.Reject accordingly
- Define correct number of parameter variables in action.Drop and action.Reject

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-22 08:27:01 -07:00
Tom Eastep
62a75cb98d Fix parameterization of standard default actions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-22 07:51:42 -07:00
Tom Eastep
b43bee2c62 Streamline PERL in action.Drop and action.Reject
- Rename read_action_param => get_action_params
- Allow it to accept a list of indexes and to return a list

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-22 06:53:15 -07:00
Tom Eastep
bbf853bd1d Cleaner handling of DEFAULTS in a non-action context
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-22 06:11:20 -07:00
Tom Eastep
ece598288f Disallow DEFAULTS in the rules file 2011-06-21 21:00:08 -07:00
Tom Eastep
d51ca478bd Reverse one hunk from empty-parameter fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-21 11:45:32 -07:00
Tom Eastep
063e21e69f Allow an empty parameter list in an action (e.g., "Action()")
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 19:45:01 -07:00
Tom Eastep
71d88b93a0 Make IPv6 Dynamic Zone set names unique
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 17:22:34 -07:00
Tom Eastep
39e74911d8 Improve generated code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 14:34:26 -07:00
Tom Eastep
44cbfd8f27 Correct defects found while unit testing IPv6 Dynamic Zones
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 13:33:25 -07:00
Tom Eastep
119d38c92b Enable dynamic zones for IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 10:41:29 -07:00
Tom Eastep
785de281b5 More IPv6 ipset fixes
- use 'family inet6' rather than 'family ipv6'
- Correct one more case of 'iphash' vs 'hash:ip family inet6'
- Encapsulate ipset -N into an 'ensure_ipset()' function

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-20 07:43:32 -07:00
Tom Eastep
4c2f12e645 Some whitespace changes 2011-06-19 19:08:32 -07:00
Tom Eastep
e4bcc12301 Use 'here documents' rather than single quotes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 18:33:10 -07:00
Tom Eastep
2097d0f4a0 Accomodate new syntax of ipset saved commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 14:06:42 -07:00
Tom Eastep
46d64e39d1 Use correct syntax to create IPv6 ipsets.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 14:04:53 -07:00
Tom Eastep
be6b08f835 Be sure to detect IPSET_MATCH before OLD_IPSET_MATCH.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 13:29:10 -07:00
Tom Eastep
7753f798b0 Bump Version to Beta 3
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 10:09:53 -07:00
Tom Eastep
c264aaae6b Update module versions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 07:41:26 -07:00
Tom Eastep
4916610033 Rename upgrade => update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-19 07:14:27 -07:00
Tom Eastep
55242d1ed6 Add a few comments
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 16:55:00 -07:00
Tom Eastep
d66c7d478e Eliminate expansion of shell variables in the upgraded config file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 16:33:41 -07:00
Tom Eastep
380443f26d Eliminate %defaults
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 15:44:07 -07:00
Tom Eastep
faeb2da2ba Corrections to Defaults
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 15:38:08 -07:00
Tom Eastep
f93ac02bfc Provide default values for added entries
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 14:50:07 -07:00
Tom Eastep
96f6dc3558 More defined => supplied changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 13:08:26 -07:00
Tom Eastep
6f2cc31dde Implement .conf file upgrade
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 13:03:55 -07:00
Tom Eastep
d23f932ebe Don't generate INPUT hairpin rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-18 06:21:36 -07:00
Tom Eastep
f9ee8c494d Exempt wildcard interfaces from sfilter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-14 06:45:22 -07:00
Tom Eastep
9aedd407cc Quell compiler warnings from Perl 5.14.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-13 06:40:03 -07:00
Tom Eastep
9ab901927f Use supplied() where appropriate
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 16:14:31 -07:00
Tom Eastep
774aac1228 Add a supplied() function
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 15:40:55 -07:00
Tom Eastep
a60fe6e665 Allow parameters to be specified to Default Actions in the policy file
and in shorewall.conf.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 14:58:54 -07:00
Tom Eastep
3dd363677c Implement set_action_param
Export both set_action_params and read_action_param by default

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 08:33:21 -07:00
Tom Eastep
8b6a7a7053 Implement read_action_param()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 07:49:57 -07:00
Tom Eastep
f278d05637 Rename action param functions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 07:46:54 -07:00
Tom Eastep
2549982528 Fix DEFAULTS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-11 07:23:41 -07:00
Tom Eastep
6e6be468a9 Support for DEFAULT statements in actions 2011-06-10 17:05:09 -07:00
Tom Eastep
32c7d36cd0 Make zones with multiple interfaces complex
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-10 15:37:26 -07:00
Tom Eastep
dbd30f981c Set the interface routeback option if there are any IP host groups with 'routeback'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-10 15:37:09 -07:00
Tom Eastep
8a7ad569e4 Don't leave unused sfilter chains in the config
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 17:22:48 -07:00
Tom Eastep
3e9a54d404 Couple of tweaks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 17:22:34 -07:00
Tom Eastep
a0b0c5bdac Jump (don't go) to sfilter1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 14:24:44 -07:00
Tom Eastep
1399a8ffde Don't move rules from a chain with references
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-06-09 14:24:38 -07:00