Commit Graph

15650 Commits

Author SHA1 Message Date
Tuomo Soini
de23e641f7 AllowICMPs: certificate path solicitation source must be :: or fe80::/10
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2024-03-19 11:21:03 +02:00
Tuomo Soini
a8294ed495 AllowICMPs: listener report v2 source must be :: or fe80::/10
rfc3810 section-5

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2024-03-19 11:21:03 +02:00
Tuomo Soini
393cd5043d AllowICMPs: router-advertisment source must be fe80::/10
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2024-03-19 11:21:03 +02:00
Tuomo Soini
0de5e88018 AllowICMPs: allowing redirects is a security issue and not required
Also redirect source must be fe80::/10

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2024-03-19 11:21:03 +02:00
Paul Gear
aae5baedfd Merge branch 'idl0r_iptablesw' into 'master'
Improve iptables --wait check

See merge request shorewall/code!6
2023-02-01 02:47:31 +00:00
Paul Gear
95831e372f Merge branch 'tor_metrics' into 'master'
Add TorMetrics macro

See merge request shorewall/code!7
2023-02-01 02:41:22 +00:00
Paul Gear
77317c1766 Merge branch 'systemd-service-documentation' into 'master'
Document related man-pages in Debian systemd service files

See merge request shorewall/code!8
2023-02-01 02:39:27 +00:00
Paul Gear
236b06d480 Merge branch 'gfdl-text-corrections' into 'master'
Correct GFDL text embedded in document sources

See merge request shorewall/code!9
2023-02-01 02:38:53 +00:00
Paul Gear
86244d8faf Merge branch 'shorewall-man-page-stop-command-fix/v1' into 'master'
Restore omitted words from `stop` command description

See merge request shorewall/code!10
2023-02-01 02:35:57 +00:00
Paul Gear
b8ef488f64 Merge branch 'init-script-SRWL-definition-fix/v1' into 'master'
Move '-6' and '-l' options from SRWL to SRWL_OPTS in Debian init-scripts.

See merge request shorewall/code!12
2023-02-01 01:53:53 +00:00
Jeremy Sowden
b7f2d1b22e Move '-6' and '-l' options from SRWL to SRWL_OPTS in Debian init-scripts.
Changing the definitions of SRWL from /sbin/shorewall6 to
'/sbin/shorewall -6' and so on broke the init-scripts since the scripts
test whether `$SRWL` is executable:

    test -x $SRWL || exit 0

which now fails:

    sh: test: /sbin/shorewall: binary operator expected

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
2023-01-31 22:52:21 +00:00
Jeremy Sowden
c93817f30b Correct GFDL text embedded in document sources
The invariant sections clause doesn't quite match the official text.  It should
read:

  with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts

not:

  with no Invariant Sections, with no Front-Cover, and with no Back-Cover Texts

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
2023-01-31 22:50:37 +00:00
Jeremy Sowden
5637385507 Document related man-pages in Debian systemd service files
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
2023-01-31 22:50:18 +00:00
Jeremy Sowden
23f66180e9 Restore omitted words from stop command description
In commit c061d87919 ("Fix links in shorewall(8)") the end of one of
the sentences in the description of the `stop` command was erroneously
truncated.

Fixes: c061d87919 ("Fix links in shorewall(8)")
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
2023-01-31 20:50:00 +00:00
Vincas Dargis
c1e58f6faf Add TorMetrics macro
Add macro for Tor metrics port.

See
https://support.torproject.org/relay-operators/relay-bridge-overloaded/
2022-09-18 15:08:54 +03:00
Christian Ruppert
8b0d829531
Check for wait option if we don't have capabilities
Only check for iptables --wait option if we don't already have existing
capabilities. If we have some and they're not up2date / don't match,
it will issue a warning anyway.
If a valid capabilities file exists, it will already cover whether we
can use --wait or not, that's what WAIT_OPTION is for.

Signed-off-by: Christian Ruppert <idl0r@qasl.de>
2022-04-02 11:52:10 +02:00
Christian Ruppert
c941cf4bb5
Run iptables -w check against a usually small chain
The iptablesw check, that's just looking for whether -w is supported or
not, previousely caused iptables to list all rules, each time you do
a shorewall check or shorewall start/reload. That might be quite
a lot, depending on the amount of rules you have. It is also no
necessary to parse each rule just to check for -w. Let's switch to the
usually much smaller INPUT chain, to reduce the overhead
2022-04-01 16:45:42 +02:00
Tuomo Soini
672c3420a0 support: update chat server address 2021-05-27 01:44:15 +03:00
Tom Eastep
ba87937f49
Replace StandardOutput=syslog by StandardOutput=journal in unit files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-10-30 09:24:47 -07:00
Tom Eastep
69f0d4d881
Simon Mater's patch to support gbits and gbps in rate/burst specifications
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-10-09 09:39:01 -07:00
Tom Eastep
6681191c88
Correct 'show bl|blacklists' syntax
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-10-09 09:26:41 -07:00
Tom Eastep
2ceeb2c934
Merge branch '5.2.8' 2020-09-25 10:05:35 -07:00
Tom Eastep
97165ed41e
Add target file(s) 5.2.8-base
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-24 15:16:51 -07:00
Tom Eastep
5b0cacd9c4
Add NFS V1.4 macro
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-24 14:46:24 -07:00
Tom Eastep
eeec6f2396
Update shorewall-snat(5)
- Delete incorrect statement about a list of addresses in SNAT()
- Replace IPv4 Example 6 with one that uses the PROBABILITY column

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-24 11:19:46 -07:00
Tom Eastep
2e7d1ac4a3
Update shorewall-snat(5)
- Delete incorrect statement about a list of addresses in SNAT()
- Replace IPv4 Example 6 with one that uses the PROBABILITY column

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-24 11:19:12 -07:00
Tom Eastep
34c59dca32
Don't export interface_is_plain()
- It was used in a superseded change

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-19 11:38:41 -07:00
Tom Eastep
9aa2a4b704
Use less obscure code to set $call_generate_all_acasts;
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-19 11:20:10 -07:00
Tom Eastep
d363809859
Complete the table documentation at the top of the file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-18 13:44:41 -07:00
Tom Eastep
6c4383b5ce
Add target file(s) 5.2.8-RC1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-17 14:47:53 -07:00
Tom Eastep
877807943d
Add target file(s) 5.2.8-RC1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-17 14:47:29 -07:00
Tom Eastep
378df2861a
Add target file(s) 5.2.8-RC1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-17 14:47:20 -07:00
Tom Eastep
f84be9faa4
Display consistent banner
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-17 10:46:53 -07:00
Tom Eastep
c6dea1525f
Describe using a shell alias to invoke shorewall6-lite from 'shorewall6'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 18:04:33 -07:00
Tom Eastep
a7505f3ecb
Remove ${SBINDIR}/shorewall when removing Shorewall-core
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 16:57:44 -07:00
Tom Eastep
8c10c96844
Revert "Move ${SBINDIR}/shorewall6 to the Shorewall-core product"
This reverts commit 1ca886abd7.
2020-09-15 16:49:19 -07:00
Tom Eastep
126c5ccd53
Include administrative host name in status output
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 15:16:23 -07:00
Tom Eastep
1ca886abd7
Move ${SBINDIR}/shorewall6 to the Shorewall-core product
- Default 'shorewall6' to 'shorewall6-lite' if that product is installed
  and 'shorewall6' is not.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 13:55:57 -07:00
Tom Eastep
ca78c0221c
Don't remote ${SBINDIR}/shorewall when uninstalling Shorewall
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 11:58:05 -07:00
Tom Eastep
e4c2122532
Eliminate duplicate function names between lib.cli and lib.cli-std
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-15 11:45:45 -07:00
Tom Eastep
f16e666858
Redirect STDERR to STDOUT when using $PAGER
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-13 15:46:04 -07:00
Tom Eastep
b5f3294adb
Set SHOREWALL_SHELL=/sbin/sh if it isn't set and export or test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-13 15:33:01 -07:00
Tom Eastep
8d4e79650e
Refactor ALL_ACASTS code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-11 15:58:59 -07:00
Tom Eastep
b253be8a69
Localize to IPv6 the effect of generating ALL_ACASTS during 'restore'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-11 14:35:17 -07:00
Tom Eastep
4385264dc3
Revert "Delete superfuous 'use' statements"
This reverts commit fe7bb4abca.
2020-09-11 13:43:14 -07:00
Tom Eastep
6cab1c3c8c
Generate ALL_ACASTS during 'restore' processing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-11 13:11:44 -07:00
Tom Eastep
fe7bb4abca
Delete superfuous 'use' statements
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-11 12:56:37 -07:00
Tom Eastep
63b477a4de
Clean up ALL_ACASTS generation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-10 15:59:33 -07:00
Tom Eastep
2166251b97
Correct physwild/wildcard usage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-10 15:59:16 -07:00
Tom Eastep
9e6aec7687
Correct usage of $physwild, replacing with $wildcard
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2020-09-10 13:20:20 -07:00