Tom Eastep
a581958042
Document filter priority algorithm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 16:31:39 -07:00
Tom Eastep
e0f85edab3
Assign sequential priorities to filters
...
- Also remove a redundant 0x prefix from a table number.
Signed-off-by: Tom Eastep <teastep@shorewall.net
2012-09-13 09:30:11 -07:00
Tom Eastep
14073e8943
Change TOS priority offset from 10 to 15
...
- Make it distinct from tcp-ack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 08:25:05 -07:00
Tom Eastep
e02906e4f9
Add TOS to classification priority enumeration
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-13 07:46:52 -07:00
Tom Eastep
75953a87cb
Optional priority on hfsc classes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 13:39:54 -07:00
Tom Eastep
a223245c01
Don't create classic blacklist chains if no blacklist file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 07:30:34 -07:00
Tom Eastep
89289f95ba
Allow specification of priority for Shorewall-generated tc filters.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-12 07:22:07 -07:00
Tom Eastep
e431d5ab53
Document changes to filter priorities
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 17:12:59 -07:00
Tom Eastep
8c7b8c9390
Correct missing VARLIB handling in the installers.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 11:12:43 -07:00
Tom Eastep
f6e3107c00
Redefine tc filter priorities
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 10:03:16 -07:00
Tom Eastep
b4098ff5dd
Appease the Fedora 17 version of emacs.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-10 10:02:47 -07:00
Tom Eastep
9d6e0fd9ed
Add a PRIORITY column to the tcfilters file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 14:48:32 -07:00
Tom Eastep
0e1e38b035
Adjust VARDIR/VARLIB for old shorewallrc files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 13:12:32 -07:00
Tom Eastep
5c62bf297a
Document multiple GID/UIDs in the USER/GROUP column
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-09 08:18:25 -07:00
Tom Eastep
d7354aca14
Add a warning regarding the blacklist option being deprecated.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-05 07:19:48 -07:00
Tom Eastep
ebc4ad2f1e
Add warning message when an OUTPUT stopped rule is ignored due to ADMINISABSENTMINDED
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-05 07:16:40 -07:00
Tom Eastep
6614239b32
Allow multiple USER/GROUPs in a rule.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 17:03:26 -07:00
Tom Eastep
3993abad4e
Revert routestopped changes.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 17:03:02 -07:00
Tom Eastep
5e07ad8caa
Allow a directory to be specified with -e.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 14:05:52 -07:00
Tom Eastep
6aaf06c2e8
Add stoppedrules files to the samples
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 09:06:45 -07:00
Tom Eastep
eb854f1dbe
Only process routestopped when stoppedrules does not exist or is empty
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 08:46:04 -07:00
Tom Eastep
2050d566b8
Handle PRODUCT correctly at run-time.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 07:36:47 -07:00
Tom Eastep
188f05e130
Make ./firewall the default file when compile -e
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 07:35:03 -07:00
Tom Eastep
4260e5f6ba
Correctly handle the product name in export shorewallrc.
...
- Also re-arranged the processing of the shorewallrc file to eliminate
the kludgy shuffling of hashes.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-04 06:59:16 -07:00
Tom Eastep
bdd66e68c9
Have separate hashes for the two shorewallrc files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 20:09:20 -07:00
Tom Eastep
55e3b11a28
Pass both shorewallrc files to the compiler from lib.cli-std
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 15:07:50 -07:00
Tom Eastep
b8e6a812bd
Specify the cwd when compiling or checking for export
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 11:33:58 -07:00
Tom Eastep
09ce6239a7
Install stoppedrules rather than routestopped
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 11:00:22 -07:00
Tom Eastep
afd9875d3a
Update Manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 10:52:22 -07:00
Tom Eastep
5b953cc1dd
Handle different layouts on the admin system and remote firewall(s)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 09:50:07 -07:00
Tom Eastep
8e5bd3637d
Implement stoppedrules file (less manpages)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 08:44:03 -07:00
Tom Eastep
01696e7298
Remove empty paragraph in shorewall-rules(5)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-03 05:52:40 -07:00
Tom Eastep
b922177769
Handle missing VARDIR
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 15:51:35 -07:00
Tom Eastep
88ab423b2a
Correct 'postcompile' patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 14:55:56 -07:00
Tom Eastep
e66d9e3418
Rename VARDIR to VARLIB in shorewallrc
...
- Done so that existing shorewallrc files are still valid.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 14:36:11 -07:00
Tom Eastep
7279553be4
Revert "Add GROUP zones"
...
This reverts commit 4f2a4c0c6c
.
2012-09-02 11:08:38 -07:00
Tom Eastep
a6740c6c53
Revert "Assign marks to according to GROUP zones"
...
This reverts commit 3fbfafb6e3
.
2012-09-02 11:06:28 -07:00
Tom Eastep
4f54cb34df
Add a postcompile script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-02 08:28:02 -07:00
Tom Eastep
3fbfafb6e3
Assign marks to according to GROUP zones
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 18:13:49 -07:00
Tom Eastep
34ee00a986
Document the <directory> argument to the 'try' command.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 10:53:35 -07:00
Tom Eastep
353915fc8b
Allow ipsets in the routestopped file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 10:52:37 -07:00
Tom Eastep
02e7d13710
Load iptables_raw in modules.essential
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 08:27:03 -07:00
Tom Eastep
e2c7284529
Correct handling of 'source' with ADMINISABSENTMINDED=No
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 08:26:31 -07:00
Tom Eastep
092c2ef8f7
No longer process the local shorewall.conf when compiling from a directory
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-09-01 08:21:45 -07:00
Tom Eastep
4f2a4c0c6c
Add GROUP zones
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-31 17:37:01 -07:00
Tom Eastep
deea614677
Placate the latest Emacs WRT qw/.../
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-31 17:36:38 -07:00
Tom Eastep
1119d64b29
Break SNMP Macro into two macros
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-31 06:53:05 -07:00
Tom Eastep
053797a85e
Merge branch '4.5.7'
2012-08-30 14:27:01 -07:00
Tom Eastep
48706695b6
Make the SNMP bi-directional with traps allowed in the reverse direction
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-30 14:25:51 -07:00
Tom Eastep
9b05146a85
New documents (WIP)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-30 10:06:58 -07:00
Tom Eastep
09a6f8bc16
Revert non-fatal error implementation
...
- In the end, I didn't like the way this worked.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-29 11:35:11 -07:00
Tom Eastep
303dc65d13
Merge branch '4.5.7'
2012-08-28 11:46:04 -07:00
Tom Eastep
d838cf41bf
Allow TTL and HL in the PREROUTING chain.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-28 11:45:32 -07:00
Tom Eastep
84e24325de
Merge branch '4.5.7'
2012-08-27 07:30:21 -07:00
Tom Eastep
3aca90811c
Clear the current comment at the end of the blrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-27 07:29:47 -07:00
Tom Eastep
7b12558249
Merge branch '4.5.7'
2012-08-26 09:18:16 -07:00
Tom Eastep
341dec0711
Another fix for the NOTRACK patch
...
- 3 defects in a two-line patch :-(
2012-08-26 09:17:57 -07:00
Tom Eastep
01b58bf66f
Merge branch '4.5.7'
2012-08-26 08:27:39 -07:00
Tom Eastep
dc21d015da
Clean up white-space in Togan's patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-26 08:27:24 -07:00
Tom Eastep
9e5d1cc1ce
Merge branch '4.5.7'
2012-08-26 08:11:40 -07:00
Tom Eastep
779243094e
Map NOTRACK to 'CT --notrack' if CT_TARGET is available.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-26 08:08:57 -07:00
Togan Muftuoglu
1a324fa37f
Suse specific patches
...
Hi Tom,
I have been patching shorewall packages for the opensuse releases, but I
guess it is better to send them to you . the upstream so it gets
incorporated into shorewall itself and I do not have to patch it ;)
I believe I have incorparted most of my patches in to this one. If you
can review them and if appropriate apply them that would be great
Thanks
Togan
>From 6072c08de753e7d1cc31bb758295dee198197e41 Mon Sep 17 00:00:00 2001
From: Togan Muftuoglu <toganm@opensuse.org>
Date: Fri, 24 Aug 2012 13:17:12 +0200
Subject: [PATCH] suse-specific
Signed-off-by: Togan Muftuoglu <toganm@opensuse.org>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-25 08:45:57 -07:00
Tom Eastep
b45d15eec6
Revert "Apply Togan Muftuoglu's SuSE-specific init patches"
...
This reverts commit 2412998b57
.
2012-08-25 08:45:18 -07:00
Togan Muftuoglu
906795a4d7
Suse specific patches
...
Hi Tom,
I have been patching shorewall packages for the opensuse releases, but I
guess it is better to send them to you . the upstream so it gets
incorporated into shorewall itself and I do not have to patch it ;)
I believe I have incorparted most of my patches in to this one. If you
can review them and if appropriate apply them that would be great
Thanks
Togan
>From 6072c08de753e7d1cc31bb758295dee198197e41 Mon Sep 17 00:00:00 2001
From: Togan Muftuoglu <toganm@opensuse.org>
Date: Fri, 24 Aug 2012 13:17:12 +0200
Subject: [PATCH] suse-specific
Signed-off-by: Togan Muftuoglu <toganm@opensuse.org>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-25 08:41:28 -07:00
Tom Eastep
7208464c68
Change "Compilation aborted..." to "Check aborted ..."
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-25 08:10:12 -07:00
Tom Eastep
519e799ef1
Unify the mode of init files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-24 06:59:11 -07:00
Tom Eastep
e5d63f4212
Merge branch '4.5.7'
2012-08-24 06:56:01 -07:00
Tom Eastep
2412998b57
Apply Togan Muftuoglu's SuSE-specific init patches
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-24 06:32:30 -07:00
Tom Eastep
1067f8a9bb
Use the non-fatal error reporting feature for missing capabilities
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-24 06:25:29 -07:00
Tom Eastep
3006452cea
Unconditionally restore route mark in PREROUTING and OUTPUT.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-23 12:23:29 -07:00
Tom Eastep
e17010018c
Unconditionally restore route mark in PREROUTING and OUTPUT.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-23 12:15:14 -07:00
Tom Eastep
112312f2ee
Add non-fatal error capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-23 05:50:36 -07:00
Tom Eastep
dffd98dff7
Revert change that added CONTINUE as a valid content of the ADDRESSES column
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-21 10:51:01 -07:00
Tom Eastep
64edd30a76
Correct link in shorewall[6].conf manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-21 07:54:51 -07:00
Tom Eastep
c20611b6c0
Add CONTINUE keyword to the masq file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-20 18:09:59 -07:00
Tom Eastep
1fd9e5e95c
Compensate for silly RHEL bug
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-20 07:20:21 -07:00
Tom Eastep
99efb518bd
Add the HELPER column to the rules files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-18 12:05:42 -07:00
Tom Eastep
1b7a7d0fdf
Remove some more hard-coded directory names from the installers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-17 14:24:52 -07:00
Tom Eastep
7ac9e46e1f
Add a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-16 15:49:33 -07:00
Tom Eastep
0a4f26a318
Correct handling of existing notrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-16 14:46:48 -07:00
Tom Eastep
8d3cf6428f
Install the conntrack file unconditionally.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-16 10:50:23 -07:00
Tom Eastep
f6c4650624
Allow a notrack with nothing but FORMAT and COMMENT lines to be removed.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-16 10:49:59 -07:00
Tom Eastep
3c35af9d8c
Merge branch 'master' into 4.5.7
2012-08-16 08:34:54 -07:00
Tom Eastep
1e11109bb2
Don't combine rules with '-m policy'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-16 08:34:30 -07:00
Tom Eastep
f59612671b
Don't optimize chains with '-m ipsec'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-16 07:33:01 -07:00
Tom Eastep
da4f7ee524
Handle ppp devices correctly in the 'enable' command.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-16 06:59:35 -07:00
Tom Eastep
b132176dae
Correct reference adjustment in new opt4 code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-14 13:36:39 -07:00
Tom Eastep
1f59e4f449
Update case in conditionals.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-14 11:42:46 -07:00
Tom Eastep
8487c78a0a
Adjust reference counts when splicing in short chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-14 08:34:51 -07:00
Tom Eastep
fdc45a990d
Arrange for HELPER to match in the RELATED section.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-13 15:44:19 -07:00
Tom Eastep
44a550870c
Add HELPER action.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-13 13:23:38 -07:00
Tom Eastep
bd3295b0e3
Remove temporary hack
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-13 08:55:43 -07:00
Tom Eastep
f1fbb95d48
Update documentation for content merged from the 4.5.8 (master) path
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-13 08:16:36 -07:00
Tom Eastep
45288f5927
Revise notrack/conntrack handling:
...
- Purge empty notrack files.
- Process both files.
2012-08-13 07:28:07 -07:00
Tom Eastep
75b830b10e
Merge branch 'master' into 4.5.7
2012-08-13 06:57:54 -07:00
Tom Eastep
4b2d48d621
Hardwire AUTOHELPERS until 4.5.8.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-13 06:48:19 -07:00
Tom Eastep
50362040d7
Enable automatic helper association during 'stop'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-12 08:46:06 -07:00
Tom Eastep
2f1d59366c
Unconditionally disable kernel automatic helper association during start.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-12 08:43:28 -07:00
Tom Eastep
b372163122
Enable automatic helper association during 'stop'.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-12 08:42:53 -07:00
Tom Eastep
50bd1d6398
Add AUTOHELPER option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-08-12 07:25:11 -07:00