Tom Eastep
05dbfbb988
Restrict hypen as range separator to use with integers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 13:26:44 -07:00
Tom Eastep
69a7c78179
Merge branch '5.0.13'
2016-10-16 12:28:01 -07:00
Tom Eastep
04051454bf
Reverse bad ECN handling patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 12:27:45 -07:00
Tom Eastep
2ca86d9abd
Merge branch '5.0.13'
2016-10-16 10:22:12 -07:00
Tom Eastep
e6f3d429a1
Renew timeout on matched dbl entries
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 09:42:45 -07:00
Tom Eastep
1ca91d7ddc
Correct handling of ECN file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 08:41:19 -07:00
Tom Eastep
fad9dce3e6
Correct handling of ECN file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 08:33:01 -07:00
Tom Eastep
342f4ee0f2
Add the --exits option to ADD with timeout
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 16:43:44 -07:00
Tom Eastep
047b5ca6d5
Add the --exits option to ADD with timeout
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 16:43:04 -07:00
Tom Eastep
86c4333f8f
Correct the shorewall-snat(5) examples
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 14:58:49 -07:00
Tom Eastep
e1de1f0527
Convert Sample masq files to equivalent snat files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 12:43:42 -07:00
Tom Eastep
43fdddb438
Add 'snat' config file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 11:38:52 -07:00
Tom Eastep
44477d97ac
Move Masq file processing to the Rules module
...
- This will enable supporting actions in the new snat file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-14 12:42:58 -07:00
Tom Eastep
b5906812a2
Accept '-' as the separator in a port range.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-14 10:10:03 -07:00
Tom Eastep
b80d4c2320
Don't allow shell meta characters in interface names
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-11 17:01:45 -07:00
Tom Eastep
d5aaa66e0b
Detect bad characters in interface names
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-11 10:56:41 -07:00
Tom Eastep
49fae96b09
Update the manpages for 'blacklist' verbosity
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-10 19:45:42 -07:00
Tom Eastep
8c522a5c4d
Correct typo in lib.private
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-09 10:58:29 -07:00
Tom Eastep
abf57a4d1f
Correct indentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-09 09:29:04 -07:00
Tom Eastep
3058f2fb84
Delete code supporting old kernel/iproute2 IPv6 restrictions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-07 11:02:36 -07:00
Tom Eastep
b5e7e41708
Correct NFQUEUE! manpage description
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-07 05:50:24 -07:00
Tom Eastep
eb6ae5e186
Correct handling of DYNAMIC_BLACKLIST options
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 16:56:29 -07:00
Tom Eastep
941604ad01
Correct issue with updating DBL timeout
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 15:41:40 -07:00
Tom Eastep
14e8568d9e
Add the FIREWALL .conf option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 15:03:54 -07:00
Tom Eastep
ca7ca4bdfe
Add a 'timeout' option to DYNAMIC_BLACKLIST
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 12:56:47 -07:00
Tom Eastep
8d731c81e4
Add 'disconnect' option to ipset-based dynamic blacklisting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-04 09:09:45 -07:00
Tom Eastep
6ad7d47eb6
Correct DYNAMIC_BLACKLISTING documentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-03 08:19:19 -07:00
Tom Eastep
ed48eed0c6
Change order of options in .conf files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-02 15:14:31 -07:00
Tom Eastep
97186e5402
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2016-10-02 14:04:02 -07:00
Roberto C. Sánchez
64ab43f14f
Fix typos
2016-10-02 17:01:46 -04:00
Tom Eastep
72dbb4c3c3
Handle persistent provider enable/disable correctly
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-30 16:01:04 -07:00
Tom Eastep
bc591ccee4
Don't assume that statistically balanced providers are optional
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-30 14:01:16 -07:00
Tom Eastep
f989c2f5f6
Document 'persistent'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-30 11:34:57 -07:00
Tom Eastep
156313edd2
Correctly handle down persistent interface during 'disable'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-27 11:47:37 -07:00
Tom Eastep
35bd1db7fb
Handle Down or missing interfaces in 'delete_gateway()'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-27 11:43:26 -07:00
Tom Eastep
792b3b696c
Add ZERO_MARKS option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-26 16:04:26 -07:00
Tom Eastep
3f8ddb11ab
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2016-09-25 08:00:43 -07:00
Tom Eastep
fa9ee6d69e
Clear packet marks in PREROUTING and OUTPUT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-24 15:46:04 -07:00
Tom Eastep
ef4b1c2030
Add a TIME Columns section to the config file basics doc
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-22 15:45:18 -07:00
Tom Eastep
8065e62f12
Support for the 'contiguous' option in TIME columns
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-22 14:22:11 -07:00
Tom Eastep
e81a4788c6
Implement DEFAULT_PAGER in shorewallrc
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-21 10:20:48 -07:00
Tom Eastep
d854185c56
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2016-09-20 08:47:07 -07:00
Tom Eastep
afc212495f
Make POSTROUTING the default chain for CHECKSUM
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-18 08:57:49 -07:00
Tom Eastep
059b1c6c8c
Remove superfluous logic
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-13 11:13:19 -07:00
Tom Eastep
2f75901068
Restore 'use Shorewall::Config(shorewall)' in embedded Perl handling
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-13 09:29:51 -07:00
Tom Eastep
8bb7c2363b
Support '+' after a zone list in the policy files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-10 10:06:38 -07:00
Tom Eastep
7e32a10176
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2016-09-10 08:48:48 -07:00
Tom Eastep
2c90a8bfb5
Allow zone lists in the SOURCE and DEST columns of the policy files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-10 08:47:48 -07:00
Tom Eastep
5ea91f21f4
Correct the mangle manpage
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-05 19:20:25 -07:00
Tom Eastep
bb8af36d3f
Minor cleanup in the Rules module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-31 13:01:49 -07:00
Tom Eastep
4ec2c2087d
Delete obsolete comments
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-29 12:40:28 -07:00
Tom Eastep
a05b957498
Corrections in the shorewall[6].conf manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-15 10:24:23 -07:00
Tom Eastep
31d35e0cbd
Minor cleanup of the Chains module
...
- Correct typos
- Correct 'P' trace entries
- Add parens and comments to calls
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-15 09:22:11 -07:00
Tom Eastep
bcacce7ed0
Rename a variable to avoid confusion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-14 15:45:24 -07:00
Tom Eastep
646c20491a
Fix indentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-14 15:45:00 -07:00
Tom Eastep
fa1173baaa
Correct typo in a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-14 10:24:29 -07:00
Tom Eastep
72e21be89d
Add a handle back to the flow classifier
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-04 11:03:36 -07:00
Tom Eastep
1b1e2c58f9
Allow optional provider interfaces to match a wildcard
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-02 15:44:19 -07:00
Tom Eastep
decf9d3b3e
Correct comment formatting in 'trace' output
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-30 09:03:19 -07:00
Tom Eastep
a05623f49e
Don't delete duplicate COUNT rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-30 08:24:53 -07:00
Tom Eastep
0b9cd93769
Default DSCP rules to the POSTROUTING chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-27 13:59:15 -07:00
Tom Eastep
372359839b
Add 'comment' to alternative input
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-24 15:08:55 -07:00
Tom Eastep
4a6338d857
Correct/complete Scott Sumate's LOGFILE enhancement
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-15 14:25:02 -07:00
Roberto C. Sánchez
76b2b0de78
Debian init script: fix name of force-reload target ( Closes : #830110 )
2016-07-06 08:43:21 -04:00
Roberto C. Sánchez
7c9876241c
Debian init scripts: add run-level 1 to Default-Stop specification
2016-07-04 17:37:00 -04:00
Roberto C. Sánchez
8b36c2c1cf
Debian init scripts: more accurately describe what action is being taken
2016-07-04 13:34:33 -04:00
Tom Eastep
a02c745a83
Avoid silly duplicate rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-30 17:49:43 -07:00
Tom Eastep
47557aa4f7
Correct additional issues with 'update'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-18 10:24:52 -07:00
Tom Eastep
93ee4432de
Allow <user>: in USER columns
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-18 09:44:35 -07:00
Tom Eastep
8c543ca6f8
Transfer permissions during file updates
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-16 16:04:32 -07:00
Tom Eastep
e71fb3249a
Add 'dbl' interface option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-15 16:35:41 -07:00
Tom Eastep
ea56d4ed19
Make ipset-based dynamic blacklisting work in the FORWARD chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-13 15:02:12 -07:00
Tom Eastep
c65721a139
Correct a warning message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-13 12:21:16 -07:00
Tom Eastep
f979ccb16d
Merge branch '5.0.9'
2016-06-09 14:47:44 -07:00
Tom Eastep
24b396bc67
Avoid run-time Perl diagnostic when validating a null log level
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-09 09:12:13 -07:00
Tom Eastep
cd0837beb5
Avoid run-time Perl diagnostic when validating a null log level
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-09 09:00:12 -07:00
Tom Eastep
4869f61a25
'allow' now works with ipset-based dynamic blacklisting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-09 08:44:25 -07:00
Matt Darfeuille
cd4e9654d8
(Fwd) [Shorewall-users] Shorewall-lite on OpenWRT
...
------- Forwarded message follows -------
From: istvan@istvan.org
To: shorewall-users@lists.sourceforge.net
Date sent: Thu, 19 May 2016 09:10:21 +0200
Subject: [Shorewall-users] Shorewall-lite on OpenWRT
Send reply to: Shorewall Users <shorewall-users@lists.sourceforge.net>
<mailto:shorewall-users-request@lists.sourceforge.net?subject=unsubscribe>
<mailto:shorewall-users-request@lists.sourceforge.net?subject=subscribe>
Hi there,
I use Shorewall on an OpenWRT distribution and I experience 2
problems.
I have solved them myself and report them here to help others with
it.
Shorewall version: shorewall[6]-lite 5.0.4
OpenWRT version: Chaos Calmer 15.05, r46767
Problem 1:
Shorewall uses the lock utility from openwrt. I believe it is used in
the wrong way. File lib.common line 775
First it passes arguments which the utility doesn't use/know. The
util
accepts them dumbly and continues to create a lockfile. It has no
time-out functionality. I do not know the meaning of the r1 argument.
Second the mutex_off simply deletes the lockfile by using the utility
rm. This way a stale lock process keeps running. After a while the
router is running a high number of stale processes which has impact
on
the load of the router. The correct way is to use "lock -u
/lib/shorewall-lite/lock". This way the lockfile will be removed and
the
process will be terminated accordingly. To make it work for me, I no
more let shorewall use the lock utility by using an ugly hack.
Problem 2:
An fgrep on the output of the type utility is wrongly coded. The
output
of the type command probably has been changed. File lib.cli line 4343
It is coded: "if type $1 2> /dev/null | fgrep -q 'is a function';
then"
To make it work for me, it should be coded: "if type $1 2> /dev/null
|
fgrep -q 'is a shell function'; then"
With regards,
Stefan
------- End of forwarded message -------
Tom, attached as code.patch, are the patches that I believe will
correct those issues
In addition to those patches I've also added 3 patches:
- Patch 1 will emulate the -p flag of the ps utility which is not
available on openwrt.
- The last two patches will add "file" to the progress message of
SYSCONFFILE to make it more consistent among the installers.
In shorewall-init/install.sh the else clause between the line 586
and 597 will only work for a sysvinit script.
Should I make it also work for a systemd service script or can't we
simply remove that else clause?
In the compiled firewall script the comments before and after the
functions imported from lib.common have two slashes in the path:
$ grep -H lib.common firewall
firewall:# Functions imported from /usr/share/shorewall//lib.common
firewall:# End of imports from /usr/share/shorewall//lib.common
-Matt
-------------- Enclosure number 1 ----------------
>From 6ff651108df33ab8be4562caef03a8582e9eac5e Mon Sep 17 00:00:00 2001
From: Matt Darfeuille <matdarf@gmail.com>
Date: Tue, 24 May 2016 13:10:28 +0200
Subject: [PATCH 1/8] Emulate 'ps -p' using grep to work on openwrt
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-08 15:40:36 -07:00
Tom Eastep
cd01df4200
Allow more than 9 interfaces with Simple TC
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-07 14:43:37 -07:00
Tom Eastep
7798c52a19
Fix DOCKER=Yes when docker0 is defined and Docker isn't started.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-22 17:50:51 -07:00
Tom Eastep
82169a0bfd
Use 'date' format for compiletime rather than localtime format
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-07 13:48:16 -07:00
Tom Eastep
d4df67966d
Turn on AUTOMAKE in the sample configurations
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-06 08:46:11 -07:00
Tom Eastep
f16bb887f3
Report versions as Shorewall's rather than Shorewall6's
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-05 15:41:46 -07:00
Tom Eastep
64fb662bb1
Verify Shorewall6 version when compiling for IPv6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-05 15:22:47 -07:00
Tom Eastep
ce20e5592b
Cross-check core and standard versions during compilation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-05 13:53:26 -07:00
Tom Eastep
590243a787
Add NFLOG as a supported mangle action
...
- Also document nflog-parameters
- Correct range of nflog groups
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-03 11:27:34 -07:00
Tom Eastep
9dd0346987
Apply Paul Gear's patch for Ubuntu 16.04
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-02 07:25:37 -07:00
Tom Eastep
ccfa181a6d
Tweak compile_info_command()
...
- Fix comment
- use $globals{VERSION} for the version number
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-30 14:12:34 -07:00
Tom Eastep
b7de785396
Correct typo in manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-30 08:34:43 -07:00
Tom Eastep
24d40f4cc2
Add VERBOSE_MESSAGES option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-30 08:00:56 -07:00
Tom Eastep
244f2cefe5
Update comment describing info_command()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-29 15:42:48 -07:00
Tom Eastep
41923cb80e
Improve compile time/date implementation
...
- Rename the command from 'date' to 'info'
- Return the complete date/time/version string in the command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-29 12:31:17 -07:00
Tom Eastep
2a40012fc4
Include compile time and date in the output of 'shorewall status'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-27 16:25:21 -07:00
Matt Darfeuille
05a15c6f8b
patches and request
...
Tom,
Some patches for the trunk repo(fixes.patch):
Patch1: Fix a typo in the path being printed for the standard actions
file.
Patch2: Will only install the shorewall's manpages if the variable
MANDIR is none-empty(I did it only for the sake of completeness)!
Patch3: Will only install the shorewall-lite's manpages if the
variable MANDIR is none-empty.
Patch4: Correct multiple product name's typos in
shorewall-init/install.sh.
Patch5: Remove ~/.shorewallrc when shorewall-core is uninstalled.
And two other patches for the release repo(changelog-1.patch):
Patch1: Changed restart to reload for the line: 'Update DHCP
article(refresh -> restart).
Patch2: Rephrased the line for the newly added ?WARNING and ?INFO
directives.
Request:
Could the date of the compiled firewall script also be displayed when
'shorewall status' is executed?
-Matt
-------------- Enclosure number 2 ----------------
>From a5ae24bbe9b25aefdbcc4d7c8e5d013a36b03078 Mon Sep 17 00:00:00 2001
From: Matt Darfeuille <matdarf@gmail.com>
Date: Sat, 23 Apr 2016 14:44:19 +0200
Subject: [PATCH 1/5] Fix typo in printed path for standard actions file
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-27 15:07:44 -07:00
Tom Eastep
a92d10f19c
Merge branch '5.0.8'
2016-04-27 10:23:51 -07:00
Tom Eastep
47edfaf093
Create standard error messages in the CLI
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-27 10:13:24 -07:00
Tom Eastep
f6b7eb4ea0
Correct handling of persistent provider with no IP address
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-25 12:27:00 -07:00
Tom Eastep
800c06e8c9
Rename lib.core to lib.runtime
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-21 08:12:41 -07:00
Tom Eastep
f16e3f1fbe
Issue warning when enable/disable won't work correctly
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-19 10:42:50 -07:00
Tom Eastep
71bd7a4647
Update the STARTUP_LOG description in shorewall[6].conf
...
- Update list of commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-19 07:49:37 -07:00