Commit Graph

3114 Commits

Author SHA1 Message Date
Tom Eastep
79128605b1 Validate all IPSET Names 2010-07-18 17:18:10 -07:00
Tom Eastep
cbb524b067 Implement ADD/DEL commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-18 08:46:38 -07:00
Tom Eastep
47961f3fd5 Update release notes to mention link local network error
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-16 10:19:29 -07:00
Tom Eastep
d99aff5e09 Use Perl Constants rather literals for IPv6 Networks
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-16 10:06:29 -07:00
Tom Eastep
27937f32e3 Document IPv6 multicast network fix 2010-07-16 09:37:38 -07:00
Tom Eastep
17bdcc1360 Eradicate incorrect multicast network address 2010-07-16 09:33:17 -07:00
Tom Eastep
e0ae48f4c4 Document fix for IPv6 shorecap program
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-15 13:32:10 -07:00
Tom Eastep
f92f75196c Correct accidental modification of action.Drop 2010-07-14 06:27:27 -07:00
Tom Eastep
a29921c9d2 Reverse order of ICMPv6 and Multicast/anycast filtering 2010-07-13 13:03:55 -07:00
Tom Eastep
b52b7c422f Drop multicast and anycast in Drop and Reject actions 2010-07-12 16:44:34 -07:00
Tom Eastep
c1b212225e Use uniform coding style in latest changes 2010-07-12 13:07:11 -07:00
Tom Eastep
328e1b7f6a Don't generate rules to link local net from vserver zones 2010-07-12 12:39:51 -07:00
Tom Eastep
59189d6324 Don't generate rules from link local net to vserver zones 2010-07-12 11:52:56 -07:00
Tom Eastep
4792d1e5f1 Fix nets= in Shorewall6 2010-07-11 19:52:18 -07:00
Tom Eastep
5a5546ef1b Set version to 4.4.11 2010-07-09 09:01:08 -07:00
Tom Eastep
d0c1c3d69c Change comment to clarify assumption about function arguments 2010-07-08 17:45:18 -07:00
Tom Eastep
9eca7fb37b Simplify logic in loopback helper functions 2010-07-08 17:11:27 -07:00
Tom Eastep
591a4bc7f6 Revert version of modules with only whitespace changes; rename a couple of functions for clarity 2010-07-07 06:43:07 -07:00
Tom Eastep
02fab09a14 Add PERL= option to shorewall.conf and shorewall6.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-05 13:11:52 -07:00
Tom Eastep
4547067da9 Document fix for missing closing quote 2010-07-05 11:43:37 -07:00
Tom Eastep
31a9d24164 Fix missing quote when REQUIRE_INTERFACE=Yes 2010-07-05 09:47:03 -07:00
Tom Eastep
f977631af9 Just reset provider bits in FORWARD chain 2010-07-05 09:46:24 -07:00
Tom Eastep
b445b4fdd9 Fix compiler detection of FWMARK_RT_MASK -- take 2 2010-07-05 08:51:13 -07:00
Tom Eastep
0e87ccbcfd Fix compiler detection of FWMARK_RT_MASK 2010-07-05 08:39:32 -07:00
Tom Eastep
542557069e Back out a couple of harmless but unintended changes 2010-07-05 08:02:51 -07:00
Tom Eastep
aa6bb6e911 Improve wording of FORWARD_CLEAR_MARK description 2010-07-05 07:53:31 -07:00
Tom Eastep
898c3a045f Bump version to RC1 2010-07-05 07:08:06 -07:00
Tom Eastep
6a644716c9 Unconditionally use /usr/bin/perl 2010-07-04 17:13:33 -07:00
Tom Eastep
312624cef5 Fix NET3 bug (netmap) 2010-07-04 15:58:37 -07:00
Tom Eastep
7689831cd7 Minor cleanup of 4.4.11 Beta 3.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-04 09:29:16 -07:00
Tom Eastep
2ee4fd8f5a Add FWMARK_RT_MASK capability.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-04 09:08:04 -07:00
Tom Eastep
d3e30b5fe4 Add FORWARD_CLEAR_MARK option 2010-07-03 17:03:42 -07:00
Tom Eastep
5d1e19364a Bump version to Beta 3 2010-07-03 10:54:39 -07:00
Tom Eastep
148b251766 Only send loopback traffic to the 'loopback' chain 2010-07-03 10:53:25 -07:00
Tom Eastep
21ce6f9b84 Add new zone-list function to return all but firewall zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-03 08:33:10 -07:00
Tom Eastep
c8274f0538 Minor vserver doc update 2010-07-02 13:34:21 -07:00
Tom Eastep
63154367ad Forbid 'ipsec' in a vserver host entry
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 13:12:23 -07:00
Tom Eastep
e5d3ce582a Correct Old Defect in ipsec match generation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 13:11:57 -07:00
Tom Eastep
9e81a5101f Cleaner fix for ipsec/vserver issue
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 12:24:58 -07:00
Tom Eastep
261af19b4e Fix invalid policy match with vserver zone.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 12:18:18 -07:00
Tom Eastep
364cddf99b Update release documents for find_hosts_by_option() fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-02 07:40:30 -07:00
Tom Eastep
f2ca9e25c9 Make find_hosts_by_option() work with options specified on the interface 2010-07-02 07:19:52 -07:00
Tom Eastep
db8dba66db Correct defect in the handling of 'trace' and 'debug'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-07-01 15:56:57 -07:00
Tom Eastep
338c021272 Fix refression in handling of mss= 2010-07-01 09:05:25 -07:00
Tom Eastep
64decb25fe Bump version to 4.4.11-Beta2 2010-07-01 07:08:11 -07:00
Tom Eastep
9f15ccb24f Update Raw.pm version.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-30 20:40:26 -07:00
Tom Eastep
e4afc15370 Finish Vserver Implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-30 20:35:46 -07:00
Tom Eastep
9e37fe1ffa Deimplement flawed rate limiting with simple TC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-26 07:42:08 -07:00
Tom Eastep
fc95cb8dc6 Run insserv when installed on Debian
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-26 07:34:34 -07:00
Tom Eastep
914d752f1d Fix latency parsing 2010-06-25 16:10:26 -07:00
Tom Eastep
fe27554fd0 Document undefined value issue
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-24 14:18:48 -07:00
Tom Eastep
2909b6fd92 Quiet down the Perl interpreter on some boxen 2010-06-24 13:58:46 -07:00
Tom Eastep
cc376ab72e Update release documents for REQUIRE_INTERFACE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-23 13:00:00 -07:00
Tom Eastep
3cda3d0315 Add REQUIRE_INTERFACE to shorewall*.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-23 12:58:35 -07:00
Tom Eastep
1cb22d0bcf First feeble steps toward vserver zones 2010-06-22 16:42:20 -07:00
Tom Eastep
d5aaa97d4e Update release documents for changes ported from the 4.4.10 branch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-22 08:40:07 -07:00
Tom Eastep
efa4cfa921 Update release documents for 4.4.11 Beta 1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-18 12:09:43 -07:00
Tom Eastep
dbbe6b264d Fix the IPSET fix 2010-06-18 12:06:12 -07:00
Tom Eastep
e7340dabc0 Fix IPSET issue 2010-06-18 12:05:44 -07:00
Tom Eastep
503b1cf795 Update release note version banner 2010-06-16 16:46:56 -07:00
Tom Eastep
32d8a9d996 Allow patch from Gabriel 2010-06-12 14:10:40 -07:00
Tom Eastep
d58127e51c Allow networks to be specified in a NETMAP rule 2010-06-12 13:50:58 -07:00
Tom Eastep
9acec39898 Fix a couple of issues with Simple TC 2010-06-12 13:50:11 -07:00
Tom Eastep
625f254d02 Add tcfilters to manpage index 2010-06-10 06:15:15 -07:00
Tom Eastep
6040f02bb0 Don't set variables needlessly 2010-06-08 16:33:54 -07:00
Tom Eastep
32d575a8c8 Remove extra logic 2010-06-08 16:18:23 -07:00
Tom Eastep
dcd64cd096 Move ipset-load code to Chains.pm. Better there than in Compiler.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-08 16:18:14 -07:00
Tom Eastep
a5816c23d4 Move save_dynamic_chains to Chains.pm where it belongs.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-08 16:17:57 -07:00
Tom Eastep
6537c1e55a Improve readability 2010-06-08 16:16:23 -07:00
Tom Eastep
52a80e69a9 More tweaks to saving/restoring dynamic chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-08 11:27:09 -07:00
Tom Eastep
ec3fdbde98 More changes having to do with with dynamic chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-08 11:26:53 -07:00
Tom Eastep
aa4b0f71af Much cleaner implementation of save_dynamic_chains()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-07 10:11:33 -07:00
Tom Eastep
0978f3d41a More periodic removal of trailing white space 2010-06-07 09:16:56 -07:00
Tom Eastep
3467969c26 Periodic removal of trailing white space 2010-06-07 07:30:56 -07:00
Tom Eastep
04de6fac6d Make dynamic chain saving work with IPv6
Also, use hidden files to save the chain contents.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-07 07:18:21 -07:00
Tom Eastep
b741ff2a81 Document first 4.4.11 features 2010-06-06 20:40:39 -07:00
Tom Eastep
db138edbd1 Update versions of modified modules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-06 13:49:26 -07:00
Tom Eastep
b3370dfd78 Initiate 4.4.11
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-06 13:36:45 -07:00
Tom Eastep
17b6e370af Purge saved dynamic blacklist if the chain doesn't exist 2010-06-06 13:24:09 -07:00
Tom Eastep
25c0e3c7b3 Retain UPnP and dynamic blacklist over 'restart' 2010-06-06 13:23:49 -07:00
Tom Eastep
ca7d145746 Don't enter command mode for upnpclient rule for non-optional interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-06 08:05:19 -07:00
Tom Eastep
99a0226a43 Slight improvement of regular expression used to insert chain name into rules after '-A'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-06 08:04:28 -07:00
Tom Eastep
fdc3b698a9 Version to 4.4.10 (again) 2010-06-05 15:58:23 -07:00
Tom Eastep
d388b29d70 Let Zones.pm export chain_base rather than Chains.pm 2010-06-05 08:40:00 -07:00
Tom Eastep
0e995d65ac Version to 4.4.10-RC2 2010-06-04 16:19:15 -07:00
Tom Eastep
742a3b2eef Make wait and required work on wildcard interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-04 10:35:45 -07:00
Tom Eastep
82a74d7534 Resolve Optional/Required interfaces with wildcard names
Optional is allowed
Required is not

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-04 08:46:29 -07:00
Tom Eastep
165535cd8b Disallow wildcard optional/required interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-04 07:18:55 -07:00
Tom Eastep
7625b4069b Delete references to prenet subsystem locks.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-03 12:31:39 -07:00
Tom Eastep
43afd03b9b Bump version to 4.4.10 2010-06-03 11:18:02 -07:00
Tom Eastep
f29b06ec07 Update .spec files to use DESTDIR
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-01 07:18:37 -07:00
Tom Eastep
91840acb18 Remove unused RUNLEVELS variable from the install scripts.
Add some documentation

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-01 07:12:19 -07:00
Tom Eastep
fe55fa0f31 Rename PREFIX->DESTDIR
If DESTDIR is not supplied, look for PREFIX

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-06-01 06:42:11 -07:00
Tom Eastep
c52d0c4d9f Update release notes for 'version -a'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-31 08:05:33 -07:00
Tom Eastep
858a422da3 Extend 'version -a' behavior to all CLIs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-31 07:32:17 -07:00
Tom Eastep
47c4cbd85a Remove extra step in DSL modem access 2010-05-30 11:31:41 -07:00
Tom Eastep
347757a190 Yet more updates for build on the Mac 2010-05-29 10:57:27 -07:00
Tom Eastep
58ad0bc9e0 More updates for build on the Mac 2010-05-29 10:50:39 -07:00
Tom Eastep
226eb6ca3e Cleanup of optimization fix
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 09:56:14 -07:00
Tom Eastep
5bd1bac70d Document fix for optimization bug
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-05-29 09:13:52 -07:00