Commit Graph

4726 Commits

Author SHA1 Message Date
Tom Eastep
e3f2c49c7e Remove level of indirection for the 'super' property
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-13 12:23:33 -07:00
Tom Eastep
fecd091078 Remove %zones{option}{nested}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-13 11:31:13 -07:00
Tom Eastep
e0b360513c Remove a level of indirection for 'complex' zone flag.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-13 09:47:31 -07:00
Tom Eastep
01d99d4873 Move zone mss handling to the Rules File
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-12 15:59:35 -07:00
Tom Eastep
acb2e2a8ab Implement mss= in hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-12 15:14:35 -07:00
Tom Eastep
0223439e2b Don't compile if ${DESTDIR}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-12 14:02:44 -07:00
Tom Eastep
fa9f8329b5 Apply two patches from Tuomo Soini
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-12 13:57:37 -07:00
Tom Eastep
4ffcd80b02 Don't test compilation if $DESTDIR
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-11 09:49:26 -07:00
Tom Eastep
48570227ba Big cleanup of TOS handling
- Validate settings/matches
- Allow setting in the tcrules file.
- Deprecate /etc/shorewall[6]/tos
2012-03-09 16:16:25 -08:00
Tom Eastep
c112f20e17 Tighten editing of LENGTH column(s)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-07 14:07:04 -08:00
Tom Eastep
05f025e422 Don't install isusable script by default
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-07 07:46:53 -08:00
Tom Eastep
3ee9150deb Fix syntax error in the generated script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-06 09:15:34 -08:00
Tom Eastep
b2842ae8d4 Don't allow reserved variables to be set in params
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-05 15:42:53 -08:00
Tom Eastep
dff5136134 Correct issues with debugging the generated script
a) Rename DEBUG to g_debug_iptablesb
b) Clear all of the tables prior to handling iptables-restore input.
2012-03-05 15:21:10 -08:00
Tom Eastep
a84e131115 Fix bug in DSCP implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-05 09:50:15 -08:00
Tom Eastep
aab6e67e70 Omit non-default geometry settings from updated shorewall.conf.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-29 12:34:06 -08:00
Tom Eastep
61bf2d5bfd Fix installer
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-25 16:02:20 -08:00
Tom Eastep
016fe4bcf1 Merge branch 'master' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall
Conflicts:
	Shorewall-core/install.sh
	Shorewall/install.sh

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-25 07:30:07 -08:00
Roberto C. Sanchez
87381a0f65 FIx typos 2012-02-24 23:02:30 -05:00
Tom Eastep
47453a20f7 Tweak to Run-time gateway variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-24 09:02:04 -08:00
Tom Eastep
b78d4ca41f Correct typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-23 13:54:50 -08:00
Tom Eastep
7273f4d8d4 Implement run-time gateway variables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-23 13:36:00 -08:00
Tom Eastep
37a3dbb6f6 Don't install SysV init script if systemd is specified.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-23 10:59:10 -08:00
Tom Eastep
c252005e25 Add support for packager's config file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-23 10:07:02 -08:00
Tom Eastep
c975cddfda Correct init script installation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-22 14:51:41 -08:00
Tom Eastep
a6afac0f3c Use standard rpm macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-22 13:32:10 -08:00
Tom Eastep
ef850e4537 Use standard rpm macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-22 12:40:16 -08:00
Tom Eastep
2624005fa8 Fix FORMAT-2 interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-21 16:41:56 -08:00
Tom Eastep
20f990f2eb Fix install on SuSE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-21 14:24:50 -08:00
Tom Eastep
7de961ebfe Fix broken init scripts.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-21 13:16:12 -08:00
Tom Eastep
f6cc44eb6b Rename HOST -> TARGET and BUILD -> HOST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-21 13:00:09 -08:00
Tom Eastep
3acd01a44d Rename some variables:
HOST -> TARGET
%initdir -> %shorewall_initdir

Also add %shorewall_target

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-21 12:34:41 -08:00
Tom Eastep
d5af9c360d Implement FORMAT-2 interfaces file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-21 11:23:58 -08:00
Tom Eastep
2137840fec Fix bug in DSCP support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-20 16:40:11 -08:00
Tom Eastep
ed9e03b095 Correct FEDORA/REDHAT fiasco
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-20 16:11:28 -08:00
Tom Eastep
3180e13719 Require LIBEXEC and LIBPERL to be absolute path names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-20 12:04:00 -08:00
Tom Eastep
9869b4c068 Rename environmental variables:
INSTALLSYS => BUILD
TARGET     => HOST

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-20 10:12:52 -08:00
Tom Eastep
8c981e0464 Cleanup of install scripts based on feedback from Mr. Dash4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-20 10:08:42 -08:00
Tom Eastep
a1ec1dc178 Add DSCP match support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-20 08:47:48 -08:00
Tom Eastep
e2f4af6e48 Create a Perl-style switch statement to handle irregular entries in
the tcrules file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-19 17:28:49 -08:00
Tom Eastep
b1272e8835 Add DSCP target support.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-19 17:04:16 -08:00
Tom Eastep
75d5957020 Unify 'dont_' chain flags
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-19 14:20:09 -08:00
Tom Eastep
1896e56894 Rework some newbie code in add_group_to_zone()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-19 08:39:17 -08:00
Tom Eastep
7cd7f1ebbe Make zone-option hashes and constants global
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-19 08:30:39 -08:00
Tom Eastep
7fef97d92d Fix compiler crash from unknown interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-18 10:02:39 -08:00
Tom Eastep
cd3a9854f8 Change ipset flags error to a warning
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-18 08:22:16 -08:00
Tom Eastep
f8057fed88 Correct typo in the modified install scripts.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-18 08:21:50 -08:00
Tom Eastep
6d13069ffb Correct usage text for 'update'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-18 08:17:52 -08:00
Tom Eastep
59fea1a05d Add a SWITCH column to /etc/shorewall/masq
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-18 08:17:14 -08:00
Tom Eastep
1c7476fe61 Validate SOURCE/DEST fit for ipset flags
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-17 15:46:28 -08:00
Tom Eastep
58f0425d4a Correct a typo in the blrules manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-17 15:33:45 -08:00
Tom Eastep
ee7ea4adb9 Unify the supported install script os/distro set.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-17 15:26:02 -08:00
Tom Eastep
8a3f1f7111 Merge branch '4.5.0' 2012-02-17 13:39:22 -08:00
Tom Eastep
33b0821f8d Separate install system from target system in the install.sh scripts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-17 13:22:06 -08:00
Tom Eastep
29fcb9b08f Apply Simon Mater's patch for LIBEXEC/PERLLIB
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-13 12:57:07 -08:00
Tom Eastep
460efbac77 Merge branch '4.5.0' 2012-02-11 11:36:38 -08:00
Tom Eastep
09078cf6ad Add comments to add_interface_options()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-07 14:20:11 -08:00
Tom Eastep
f5c09a9e2e Restore 'update -b' functionality
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-07 07:40:35 -08:00
Tom Eastep
f4be778b86 Restore 'update -b' functionality
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-07 07:38:07 -08:00
Tom Eastep
bd959884cc Don't require a MARK value on the default class.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-06 14:40:22 -08:00
Tom Eastep
a87a981a2e Merge branch '4.5.0' 2012-02-05 13:19:54 -08:00
Tom Eastep
e8875ae50b Sort emitted param settings in export_params()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-05 10:03:47 -08:00
Tom Eastep
8561bb77ee Delete the BLACKLIST entry in %sections 2012-02-05 09:40:02 -08:00
Tom Eastep
b462503527 Merge branch '4.5.0' 2012-02-05 07:26:39 -08:00
Tom Eastep
7887def6ad Move manpages directories to their respective product directories
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-05 07:09:27 -08:00
Tom Eastep
6cf7a98eeb Move Samples into the corresponding product directory
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-04 17:18:55 -08:00
Tom Eastep
6fb45b159d Merge branch '4.5.0' 2012-02-04 10:52:52 -08:00
Tom Eastep
0b0ab57b66 Correct mask generation in get_routed_networks()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-04 10:30:34 -08:00
Tom Eastep
a25075d3c5 Minor cleanup of Rules file
- Correct comments
- Delete stale comments
- Simplify a statement in process_rules1()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-03 10:34:53 -08:00
Tom Eastep
63aaeb37c4 Remove redundant prototype.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-03 10:34:37 -08:00
Tom Eastep
99e0a340b1 Cosmetic changes to Zones.pm source
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-03 10:34:30 -08:00
Tom Eastep
b5e3a41e13 Remove redundant logic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-03 10:34:20 -08:00
Tom Eastep
5c30c236a3 Minor cleanup of Rules file
- Correct comments
- Delete stale comments
- Simplify a statement in process_rules1()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-03 09:53:43 -08:00
Tom Eastep
cdf284a4ee Remove redundant prototype.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-03 09:06:20 -08:00
Tom Eastep
57d1b29d1e Cosmetic changes to Zones.pm source
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-03 07:29:13 -08:00
Tom Eastep
25031c3a42 Remove redundant logic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-03 07:21:28 -08:00
Tom Eastep
0c1beb50ae Add 'IMQ Target' capability to tcrules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-02 12:54:00 -08:00
Tom Eastep
ab04a7fb46 Fix comments -- reflect changes done during the irule implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-01 13:53:12 -08:00
Tom Eastep
45a1f9df4f Streamline exclusion of the %vserver% pseudo-interface.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-01 10:25:26 -08:00
Tom Eastep
3f42b6d76f Merge branch 'master' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall 2012-01-25 20:41:50 -08:00
Tom Eastep
df3bded324 Simply getparams as a result of the new lib.cli variable-setting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-25 20:41:08 -08:00
Tom Eastep
7cd05fd874 Correct routing commands in proxy NDP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-21 19:58:47 -08:00
Tom Eastep
aeac7cacb0 Make shorewall-init work again.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-20 09:10:13 -08:00
Tom Eastep
7d1bb30175 Merge branch 'master' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall 2012-01-17 13:12:01 -08:00
Tom Eastep
d1c162e2e8 Merge branch 'master' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall 2012-01-17 13:02:49 -08:00
Tom Eastep
fc5f439b4b Generate prio 999 rule when USE_DEFAULT_RT=Yes, even when there are no balance providers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-17 13:00:34 -08:00
Tom Eastep
ed3a623184 Cosmetic and maintainability improvements:
1. Export optimization masks from Shorewall::Chains for use in
   Shorewall::Compiler.
2. Move capability reporting and checkint from Shorewall::Compiler to
   Shorewall::Config.
3. Eliminate some gratuitous black lines.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-17 07:24:12 -08:00
Tom Eastep
3120bb37d1 Reload load distribution chains during 'refresh'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-16 10:07:18 -08:00
Tom Eastep
25d45dedfc Add STARTOPTIONS and RESTARTOPTIONS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-16 10:03:13 -08:00
Tom Eastep
41e68b59dc Add STARTOPTIONS and RESTARTOPTIONS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-15 20:35:55 -08:00
Tom Eastep
58bf562747 Generate load rules at runtime rather than at compile time.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-15 19:23:44 -08:00
Tom Eastep
364420c4eb Don't derive base in load_chain()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-15 07:54:30 -08:00
Tom Eastep
b0f7c08844 Save load and status of each interface.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-14 17:43:25 -08:00
Tom Eastep
93bd0b59a8 Load lib.base from lib.cli
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-14 14:17:06 -08:00
Tom Eastep
7316a2c51a Implement 'load=<load-factor>' in providers file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-13 16:37:05 -08:00
Tom Eastep
531474592c Correct handling of '-p'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-13 15:42:20 -08:00
Tom Eastep
3920cef17e Update copyright on Shorewall::Providers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-12 07:14:04 -08:00
Tom Eastep
ec8491caf8 Issue a warning message when both 'route_rules' and 'rtrules' exist.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-12 07:10:16 -08:00
Tom Eastep
057ea718cd Remove 'stat' provider option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-12 07:09:53 -08:00
Tom Eastep
58a0b9b5c1 Rename route_rules to rtrules -- phase 2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-09 07:19:10 -08:00
Tom Eastep
4c2df6fea7 Rename route_rules to rtrules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-09 06:38:55 -08:00
Tom Eastep
048d380c28 Issue warning if there is a deprecated option setting in the .conf file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-07 19:58:45 -08:00
Tom Eastep
ce73bb3d22 Unify prog.footer and prog.footer6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-07 13:53:41 -08:00
Tom Eastep
6f5ab698b4 Add a PROBABILITY column to the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-06 12:54:37 -08:00
Tom Eastep
c4768d4a4a Allow run-time address variable in the SOURCE column of route_rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-06 11:59:22 -08:00
Tom Eastep
afbc561b91 Shorewall install shouldn't remove /usr/share/shorewall/wait4ifup
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-06 11:40:04 -08:00
Tom Eastep
f003c0644b Fix MARK_IN_FORWARD_CHAIN=Yes with fw source
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-06 09:26:43 -08:00
Tom Eastep
5ddb197680 Make '0' equivalent to '-' in the IN_BANDWIDTH column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-06 09:14:07 -08:00
Tom Eastep
cda4c6ed11 Implement 'stat' provider option -- phase 1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-05 16:49:26 -08:00
Tom Eastep
252bba215e Move lib.core from Shorewall-core to Shorewall
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-05 11:30:36 -08:00
Tom Eastep
46d8adcfe9 Add STATISTIC_MATCH capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-04 15:46:01 -08:00
Tom Eastep
9251eca31a Don't delete lib.common and lib.cli when installing Shorewall
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-04 10:32:17 -08:00
Tom Eastep
9353788285 Correct uninstall scripts for Shorewall and Shorewall6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-04 08:07:27 -08:00
Tom Eastep
e545bf4f04 Unify install files between Shorewall and Shorewall6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-03 16:35:41 -08:00
Tom Eastep
84dc26b82c Create lib.core
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-03 13:06:00 -08:00
Tom Eastep
7d756f51ac More unification of prog.header and prog.header6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-03 08:39:18 -08:00
Tom Eastep
4216d80c12 Allow Provider name in 'disable'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-02 15:25:43 -08:00
Tom Eastep
018ba394e3 Move common code from prog.header[6] to lib.common 2012-01-02 14:13:19 -08:00
Tom Eastep
a39f4699dc Update versions and copyrights
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-02 07:43:13 -08:00
Tom Eastep
48a59e032e Add Shorewall-common
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-01 20:30:09 -08:00
Tom Eastep
72699a6af6 4.4.28->4.5.0
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-01 07:36:46 -08:00
Tom Eastep
288c7b06dc Place sfilter jumps in the option chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-31 14:47:36 -08:00
Tom Eastep
4b8fb130ba Update copyright dates.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-31 14:15:25 -08:00
Tom Eastep
c2293f3d64 Eliminate the $blrules global in Shorewall::Rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-31 13:16:04 -08:00
Tom Eastep
d6bac484dc Allow the timeout to be specified in that 'safe' commands.
Also, allow a suffix (s, m or h) in the <timeout> paramater to the 'try' command.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-31 09:40:36 -08:00
Tom Eastep
64d3ac036b Disable BLACKLIST section 2011-12-30 20:25:54 -08:00
Tom Eastep
28f27c65aa Use SHA1 to shorten digests.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 14:58:49 -08:00
Tom Eastep
4d9a43a4dd Delete some 'dont_move' flags
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 11:31:08 -08:00
Tom Eastep
1d9a4c58e9 Cosmetic change with comments.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 10:59:23 -08:00
Tom Eastep
6f61293b08 Reduce the size of many configs by not copying long chains multiple times.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 10:27:58 -08:00
Tom Eastep
b63c7e0016 A bit of optimization in add_interface_options()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 08:08:28 -08:00
Tom Eastep
6bed5e5e55 Merge branch '4.4.27'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 07:28:14 -08:00
Tom Eastep
5b2f960db3 Disallow :P in CLASSIFY rules and complain if :F is used when the SOURCE or DEST is $FW.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 07:22:14 -08:00
Tom Eastep
1da7f52ed5 Copy output interface options rather than jump
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 18:49:47 -08:00
Tom Eastep
39f214208a Fix silly bug in the new option chain implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 17:57:39 -08:00
Tom Eastep
6926bcdbb9 More refinements of the option chain stuff.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 14:52:07 -08:00
Tom Eastep
f9960a0c94 Restore blacklst and blackout chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 13:45:35 -08:00
Tom Eastep
2c441b5393 Copy option rules into interface chains if no blacklist
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 09:32:16 -08:00
Tom Eastep
bddfb4f41c Add output option chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 08:22:00 -08:00
Tom Eastep
03610181fd Disallow :P in CLASSIFY rules and complain if :F is used when the SOURCE or DEST is $FW.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 07:49:53 -08:00
Tom Eastep
3ca9577f04 Cruft removal
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-28 16:22:11 -08:00
Tom Eastep
8cdc83638e Don't allow PREROUTING CLASSIFY rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-28 14:07:12 -08:00
Tom Eastep
a98c85cbc4 Make 'audit' work on a converted blacklist file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-28 10:30:24 -08:00
Tom Eastep
eda918215d Option chain phase II implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-28 10:29:15 -08:00
Tom Eastep
0518def9cf Merge branch '4.4.27' 2011-12-28 09:58:19 -08:00
Tom Eastep
09f58512be Make 'audit' work on a converted blacklist file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-28 09:34:34 -08:00
Tom Eastep
eff447ac11 Phase one option chain implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 18:12:58 -08:00
Tom Eastep
53451bdaa6 Remove BLACKLIST section from rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 15:32:49 -08:00
Tom Eastep
ea9c59a297 Add an interface filter chain for each interface.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 13:52:44 -08:00
Tom Eastep
49eb84b9e2 Remove more helper/proto silliness
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 13:06:37 -08:00