Tom Eastep
0b9387f09c
Force address Detection on optional interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-25 14:42:03 -07:00
Tom Eastep
fdfd8b919b
Merge branch '5.0.13'
2016-10-24 12:52:01 -07:00
Tom Eastep
3d3ae81bce
Restore old wording for Version 4 ipset creation message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-24 12:51:43 -07:00
Tom Eastep
3b6b89336e
Eliminate superfluous test
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-24 11:57:56 -07:00
Tom Eastep
fc0ad7cd2e
Be sure that the 'restriction' member exists for the FORWARD chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-24 11:37:40 -07:00
Tom Eastep
c9b1b7684c
Correct handling of dest IPSET.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-24 09:06:05 -07:00
Tom Eastep
b8ec460a1a
Correct grammar in the ipset creation message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-24 08:49:51 -07:00
Tom Eastep
46b8e2e957
Avoid exception when validating 'occurs' in TC
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-24 08:14:12 -07:00
Tom Eastep
0ed813972b
Auto-create ipsets used in tcfilters
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-23 16:44:07 -07:00
Tom Eastep
f9cfde91e5
Correctly handle ipset in tcfilter DEST
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-23 16:43:49 -07:00
Tom Eastep
3df488e710
Correct handling of ipsets in tcfilters
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-23 16:28:36 -07:00
Tom Eastep
0efc7a4899
Correct restriction and chain number handling in the mangle files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-23 15:36:04 -07:00
Tom Eastep
d241421630
Merge branch '5.0.13'
2016-10-23 08:34:47 -07:00
Tom Eastep
e0203bca87
Correct nill address check in handling of 'origdest=detect'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-23 08:34:24 -07:00
Tom Eastep
3874bb9fa6
Delete duplicate line of code
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-22 15:41:26 -07:00
Tom Eastep
13a321726c
Fix typo
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-21 09:22:30 -07:00
Tom Eastep
b160845713
Avoid compiler crash when LOAD_HELPERS_ONLY=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-20 15:22:43 -07:00
Tom Eastep
71566f0ab0
Avoid compiler crash when LOAD_HELPERS_ONLY=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-20 14:54:01 -07:00
Tom Eastep
e4169ede4a
Merge branch '5.0.13'
2016-10-20 13:29:05 -07:00
Tom Eastep
b44628ddc8
Only specify 'counters' to ipset of IPSET_MATCH_COUNTERS is present
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-20 09:07:36 -07:00
Tom Eastep
0e7d5f3972
Support '+' in SNAT action invocation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 16:00:36 -07:00
Tom Eastep
5b5f91f75f
SNAT option documentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 15:32:22 -07:00
Tom Eastep
ab496987e0
Prevent 'nat' and 'mangle' being specified together
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 15:32:05 -07:00
Tom Eastep
c92ebc3908
Make merge_inline_source_dest() a little safer
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 14:32:56 -07:00
Tom Eastep
bc3573fcbc
Correct handling of interface lists in masq->snat conversion
...
- Also restore logic for ADD_SNAT_ALIASES
- Correct some interface-list errors in snat processing
- Restore whitespace after '--to-source'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 14:19:09 -07:00
Tom Eastep
6b7beaadaf
Merge branch '5.0.13'
2016-10-18 10:16:58 -07:00
Tom Eastep
31b6e9e299
Fix another DEST bug in mangle inline action handling :-(
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 10:15:43 -07:00
Tom Eastep
d52a4b1c9d
Implement SNAT actions and inlines
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 10:09:07 -07:00
Tom Eastep
9796af5d80
Merge branch '5.0.13'
2016-10-17 10:16:30 -07:00
Tom Eastep
9fc56bb896
Correct typo in process_mangle_inline()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-17 09:29:32 -07:00
Tom Eastep
f3dd77a3f1
Merge branch '5.0.13'
2016-10-16 16:36:08 -07:00
Tom Eastep
2c191bf595
Correct .conf manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 15:07:34 -07:00
Tom Eastep
4bb942f1f9
Restrict hypen as range separator to use with integers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 13:29:00 -07:00
Tom Eastep
05dbfbb988
Restrict hypen as range separator to use with integers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 13:26:44 -07:00
Tom Eastep
69a7c78179
Merge branch '5.0.13'
2016-10-16 12:28:01 -07:00
Tom Eastep
04051454bf
Reverse bad ECN handling patch
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 12:27:45 -07:00
Tom Eastep
2ca86d9abd
Merge branch '5.0.13'
2016-10-16 10:22:12 -07:00
Tom Eastep
e6f3d429a1
Renew timeout on matched dbl entries
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 09:42:45 -07:00
Tom Eastep
1ca91d7ddc
Correct handling of ECN file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 08:41:19 -07:00
Tom Eastep
fad9dce3e6
Correct handling of ECN file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 08:33:01 -07:00
Tom Eastep
342f4ee0f2
Add the --exits option to ADD with timeout
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 16:43:44 -07:00
Tom Eastep
047b5ca6d5
Add the --exits option to ADD with timeout
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 16:43:04 -07:00
Tom Eastep
86c4333f8f
Correct the shorewall-snat(5) examples
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 14:58:49 -07:00
Tom Eastep
e1de1f0527
Convert Sample masq files to equivalent snat files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 12:43:42 -07:00
Tom Eastep
43fdddb438
Add 'snat' config file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 11:38:52 -07:00
Tom Eastep
44477d97ac
Move Masq file processing to the Rules module
...
- This will enable supporting actions in the new snat file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-14 12:42:58 -07:00
Tom Eastep
b5906812a2
Accept '-' as the separator in a port range.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-14 10:10:03 -07:00
Tom Eastep
b80d4c2320
Don't allow shell meta characters in interface names
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-11 17:01:45 -07:00
Tom Eastep
d5aaa66e0b
Detect bad characters in interface names
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-11 10:56:41 -07:00
Tom Eastep
49fae96b09
Update the manpages for 'blacklist' verbosity
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-10 19:45:42 -07:00
Tom Eastep
8c522a5c4d
Correct typo in lib.private
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-09 10:58:29 -07:00
Tom Eastep
abf57a4d1f
Correct indentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-09 09:29:04 -07:00
Tom Eastep
3058f2fb84
Delete code supporting old kernel/iproute2 IPv6 restrictions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-07 11:02:36 -07:00
Tom Eastep
b5e7e41708
Correct NFQUEUE! manpage description
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-07 05:50:24 -07:00
Tom Eastep
eb6ae5e186
Correct handling of DYNAMIC_BLACKLIST options
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 16:56:29 -07:00
Tom Eastep
941604ad01
Correct issue with updating DBL timeout
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 15:41:40 -07:00
Tom Eastep
14e8568d9e
Add the FIREWALL .conf option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 15:03:54 -07:00
Tom Eastep
ca7ca4bdfe
Add a 'timeout' option to DYNAMIC_BLACKLIST
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 12:56:47 -07:00
Tom Eastep
8d731c81e4
Add 'disconnect' option to ipset-based dynamic blacklisting
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-04 09:09:45 -07:00
Tom Eastep
6ad7d47eb6
Correct DYNAMIC_BLACKLISTING documentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-03 08:19:19 -07:00
Tom Eastep
ed48eed0c6
Change order of options in .conf files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-02 15:14:31 -07:00
Tom Eastep
97186e5402
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code
2016-10-02 14:04:02 -07:00
Roberto C. Sánchez
64ab43f14f
Fix typos
2016-10-02 17:01:46 -04:00
Tom Eastep
72dbb4c3c3
Handle persistent provider enable/disable correctly
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-30 16:01:04 -07:00
Tom Eastep
bc591ccee4
Don't assume that statistically balanced providers are optional
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-30 14:01:16 -07:00
Tom Eastep
f989c2f5f6
Document 'persistent'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-30 11:34:57 -07:00
Tom Eastep
156313edd2
Correctly handle down persistent interface during 'disable'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-27 11:47:37 -07:00
Tom Eastep
35bd1db7fb
Handle Down or missing interfaces in 'delete_gateway()'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-27 11:43:26 -07:00
Tom Eastep
792b3b696c
Add ZERO_MARKS option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-26 16:04:26 -07:00
Tom Eastep
3f8ddb11ab
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2016-09-25 08:00:43 -07:00
Tom Eastep
fa9ee6d69e
Clear packet marks in PREROUTING and OUTPUT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-24 15:46:04 -07:00
Tom Eastep
ef4b1c2030
Add a TIME Columns section to the config file basics doc
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-22 15:45:18 -07:00
Tom Eastep
8065e62f12
Support for the 'contiguous' option in TIME columns
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-22 14:22:11 -07:00
Tom Eastep
e81a4788c6
Implement DEFAULT_PAGER in shorewallrc
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-21 10:20:48 -07:00
Tom Eastep
d854185c56
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2016-09-20 08:47:07 -07:00
Tom Eastep
afc212495f
Make POSTROUTING the default chain for CHECKSUM
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-18 08:57:49 -07:00
Tom Eastep
059b1c6c8c
Remove superfluous logic
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-13 11:13:19 -07:00
Tom Eastep
2f75901068
Restore 'use Shorewall::Config(shorewall)' in embedded Perl handling
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-13 09:29:51 -07:00
Tom Eastep
8bb7c2363b
Support '+' after a zone list in the policy files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-10 10:06:38 -07:00
Tom Eastep
7e32a10176
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2016-09-10 08:48:48 -07:00
Tom Eastep
2c90a8bfb5
Allow zone lists in the SOURCE and DEST columns of the policy files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-10 08:47:48 -07:00
Tom Eastep
5ea91f21f4
Correct the mangle manpage
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-05 19:20:25 -07:00
Tom Eastep
bb8af36d3f
Minor cleanup in the Rules module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-31 13:01:49 -07:00
Tom Eastep
4ec2c2087d
Delete obsolete comments
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-29 12:40:28 -07:00
Tom Eastep
a05b957498
Corrections in the shorewall[6].conf manpages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-15 10:24:23 -07:00
Tom Eastep
31d35e0cbd
Minor cleanup of the Chains module
...
- Correct typos
- Correct 'P' trace entries
- Add parens and comments to calls
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-15 09:22:11 -07:00
Tom Eastep
bcacce7ed0
Rename a variable to avoid confusion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-14 15:45:24 -07:00
Tom Eastep
646c20491a
Fix indentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-14 15:45:00 -07:00
Tom Eastep
fa1173baaa
Correct typo in a comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-14 10:24:29 -07:00
Tom Eastep
72e21be89d
Add a handle back to the flow classifier
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-04 11:03:36 -07:00
Tom Eastep
1b1e2c58f9
Allow optional provider interfaces to match a wildcard
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-02 15:44:19 -07:00
Tom Eastep
decf9d3b3e
Correct comment formatting in 'trace' output
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-30 09:03:19 -07:00
Tom Eastep
a05623f49e
Don't delete duplicate COUNT rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-30 08:24:53 -07:00
Tom Eastep
0b9cd93769
Default DSCP rules to the POSTROUTING chain
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-27 13:59:15 -07:00
Tom Eastep
372359839b
Add 'comment' to alternative input
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-24 15:08:55 -07:00
Tom Eastep
4a6338d857
Correct/complete Scott Sumate's LOGFILE enhancement
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-15 14:25:02 -07:00
Roberto C. Sánchez
76b2b0de78
Debian init script: fix name of force-reload target ( Closes : #830110 )
2016-07-06 08:43:21 -04:00
Roberto C. Sánchez
7c9876241c
Debian init scripts: add run-level 1 to Default-Stop specification
2016-07-04 17:37:00 -04:00
Roberto C. Sánchez
8b36c2c1cf
Debian init scripts: more accurately describe what action is being taken
2016-07-04 13:34:33 -04:00
Tom Eastep
a02c745a83
Avoid silly duplicate rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-30 17:49:43 -07:00