Commit Graph

7237 Commits

Author SHA1 Message Date
Tom Eastep
0b9387f09c
Force address Detection on optional interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-25 14:42:03 -07:00
Tom Eastep
fdfd8b919b
Merge branch '5.0.13' 2016-10-24 12:52:01 -07:00
Tom Eastep
3d3ae81bce
Restore old wording for Version 4 ipset creation message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-24 12:51:43 -07:00
Tom Eastep
3b6b89336e
Eliminate superfluous test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-24 11:57:56 -07:00
Tom Eastep
fc0ad7cd2e
Be sure that the 'restriction' member exists for the FORWARD chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-24 11:37:40 -07:00
Tom Eastep
c9b1b7684c
Correct handling of dest IPSET.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-24 09:06:05 -07:00
Tom Eastep
b8ec460a1a
Correct grammar in the ipset creation message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-24 08:49:51 -07:00
Tom Eastep
46b8e2e957
Avoid exception when validating 'occurs' in TC
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-24 08:14:12 -07:00
Tom Eastep
0ed813972b
Auto-create ipsets used in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-23 16:44:07 -07:00
Tom Eastep
f9cfde91e5
Correctly handle ipset in tcfilter DEST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-23 16:43:49 -07:00
Tom Eastep
3df488e710
Correct handling of ipsets in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-23 16:28:36 -07:00
Tom Eastep
0efc7a4899
Correct restriction and chain number handling in the mangle files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-23 15:36:04 -07:00
Tom Eastep
d241421630
Merge branch '5.0.13' 2016-10-23 08:34:47 -07:00
Tom Eastep
e0203bca87
Correct nill address check in handling of 'origdest=detect'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-23 08:34:24 -07:00
Tom Eastep
3874bb9fa6
Delete duplicate line of code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-22 15:41:26 -07:00
Tom Eastep
13a321726c
Fix typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-21 09:22:30 -07:00
Tom Eastep
b160845713
Avoid compiler crash when LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-20 15:22:43 -07:00
Tom Eastep
71566f0ab0
Avoid compiler crash when LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-20 14:54:01 -07:00
Tom Eastep
e4169ede4a
Merge branch '5.0.13' 2016-10-20 13:29:05 -07:00
Tom Eastep
b44628ddc8
Only specify 'counters' to ipset of IPSET_MATCH_COUNTERS is present
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-20 09:07:36 -07:00
Tom Eastep
0e7d5f3972
Support '+' in SNAT action invocation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 16:00:36 -07:00
Tom Eastep
5b5f91f75f
SNAT option documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 15:32:22 -07:00
Tom Eastep
ab496987e0
Prevent 'nat' and 'mangle' being specified together
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 15:32:05 -07:00
Tom Eastep
c92ebc3908
Make merge_inline_source_dest() a little safer
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 14:32:56 -07:00
Tom Eastep
bc3573fcbc
Correct handling of interface lists in masq->snat conversion
- Also restore logic for ADD_SNAT_ALIASES
- Correct some interface-list errors in snat processing
- Restore whitespace after '--to-source'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 14:19:09 -07:00
Tom Eastep
6b7beaadaf
Merge branch '5.0.13' 2016-10-18 10:16:58 -07:00
Tom Eastep
31b6e9e299
Fix another DEST bug in mangle inline action handling :-(
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 10:15:43 -07:00
Tom Eastep
d52a4b1c9d
Implement SNAT actions and inlines
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 10:09:07 -07:00
Tom Eastep
9796af5d80
Merge branch '5.0.13' 2016-10-17 10:16:30 -07:00
Tom Eastep
9fc56bb896
Correct typo in process_mangle_inline()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-17 09:29:32 -07:00
Tom Eastep
f3dd77a3f1
Merge branch '5.0.13' 2016-10-16 16:36:08 -07:00
Tom Eastep
2c191bf595
Correct .conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 15:07:34 -07:00
Tom Eastep
4bb942f1f9
Restrict hypen as range separator to use with integers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 13:29:00 -07:00
Tom Eastep
05dbfbb988
Restrict hypen as range separator to use with integers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 13:26:44 -07:00
Tom Eastep
69a7c78179
Merge branch '5.0.13' 2016-10-16 12:28:01 -07:00
Tom Eastep
04051454bf
Reverse bad ECN handling patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 12:27:45 -07:00
Tom Eastep
2ca86d9abd
Merge branch '5.0.13' 2016-10-16 10:22:12 -07:00
Tom Eastep
e6f3d429a1
Renew timeout on matched dbl entries
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 09:42:45 -07:00
Tom Eastep
1ca91d7ddc
Correct handling of ECN file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 08:41:19 -07:00
Tom Eastep
fad9dce3e6
Correct handling of ECN file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 08:33:01 -07:00
Tom Eastep
342f4ee0f2
Add the --exits option to ADD with timeout
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 16:43:44 -07:00
Tom Eastep
047b5ca6d5
Add the --exits option to ADD with timeout
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 16:43:04 -07:00
Tom Eastep
86c4333f8f
Correct the shorewall-snat(5) examples
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 14:58:49 -07:00
Tom Eastep
e1de1f0527
Convert Sample masq files to equivalent snat files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 12:43:42 -07:00
Tom Eastep
43fdddb438
Add 'snat' config file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 11:38:52 -07:00
Tom Eastep
44477d97ac
Move Masq file processing to the Rules module
- This will enable supporting actions in the new snat file

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-14 12:42:58 -07:00
Tom Eastep
b5906812a2
Accept '-' as the separator in a port range.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-14 10:10:03 -07:00
Tom Eastep
b80d4c2320
Don't allow shell meta characters in interface names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-11 17:01:45 -07:00
Tom Eastep
d5aaa66e0b
Detect bad characters in interface names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-11 10:56:41 -07:00
Tom Eastep
49fae96b09
Update the manpages for 'blacklist' verbosity
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-10 19:45:42 -07:00
Tom Eastep
8c522a5c4d
Correct typo in lib.private
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-09 10:58:29 -07:00
Tom Eastep
abf57a4d1f
Correct indentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-09 09:29:04 -07:00
Tom Eastep
3058f2fb84
Delete code supporting old kernel/iproute2 IPv6 restrictions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-07 11:02:36 -07:00
Tom Eastep
b5e7e41708
Correct NFQUEUE! manpage description
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-07 05:50:24 -07:00
Tom Eastep
eb6ae5e186
Correct handling of DYNAMIC_BLACKLIST options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 16:56:29 -07:00
Tom Eastep
941604ad01
Correct issue with updating DBL timeout
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 15:41:40 -07:00
Tom Eastep
14e8568d9e
Add the FIREWALL .conf option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 15:03:54 -07:00
Tom Eastep
ca7ca4bdfe
Add a 'timeout' option to DYNAMIC_BLACKLIST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 12:56:47 -07:00
Tom Eastep
8d731c81e4
Add 'disconnect' option to ipset-based dynamic blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-04 09:09:45 -07:00
Tom Eastep
6ad7d47eb6
Correct DYNAMIC_BLACKLISTING documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-03 08:19:19 -07:00
Tom Eastep
ed48eed0c6
Change order of options in .conf files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-02 15:14:31 -07:00
Tom Eastep
97186e5402
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2016-10-02 14:04:02 -07:00
Roberto C. Sánchez
64ab43f14f
Fix typos 2016-10-02 17:01:46 -04:00
Tom Eastep
72dbb4c3c3
Handle persistent provider enable/disable correctly
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-30 16:01:04 -07:00
Tom Eastep
bc591ccee4
Don't assume that statistically balanced providers are optional
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-30 14:01:16 -07:00
Tom Eastep
f989c2f5f6
Document 'persistent'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-30 11:34:57 -07:00
Tom Eastep
156313edd2
Correctly handle down persistent interface during 'disable'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-27 11:47:37 -07:00
Tom Eastep
35bd1db7fb
Handle Down or missing interfaces in 'delete_gateway()'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-27 11:43:26 -07:00
Tom Eastep
792b3b696c
Add ZERO_MARKS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-26 16:04:26 -07:00
Tom Eastep
3f8ddb11ab
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2016-09-25 08:00:43 -07:00
Tom Eastep
fa9ee6d69e
Clear packet marks in PREROUTING and OUTPUT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-24 15:46:04 -07:00
Tom Eastep
ef4b1c2030
Add a TIME Columns section to the config file basics doc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-22 15:45:18 -07:00
Tom Eastep
8065e62f12
Support for the 'contiguous' option in TIME columns
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-22 14:22:11 -07:00
Tom Eastep
e81a4788c6
Implement DEFAULT_PAGER in shorewallrc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-21 10:20:48 -07:00
Tom Eastep
d854185c56
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2016-09-20 08:47:07 -07:00
Tom Eastep
afc212495f
Make POSTROUTING the default chain for CHECKSUM
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-18 08:57:49 -07:00
Tom Eastep
059b1c6c8c
Remove superfluous logic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-13 11:13:19 -07:00
Tom Eastep
2f75901068
Restore 'use Shorewall::Config(shorewall)' in embedded Perl handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-13 09:29:51 -07:00
Tom Eastep
8bb7c2363b
Support '+' after a zone list in the policy files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-10 10:06:38 -07:00
Tom Eastep
7e32a10176
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2016-09-10 08:48:48 -07:00
Tom Eastep
2c90a8bfb5
Allow zone lists in the SOURCE and DEST columns of the policy files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-10 08:47:48 -07:00
Tom Eastep
5ea91f21f4
Correct the mangle manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-05 19:20:25 -07:00
Tom Eastep
bb8af36d3f
Minor cleanup in the Rules module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-31 13:01:49 -07:00
Tom Eastep
4ec2c2087d
Delete obsolete comments
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-29 12:40:28 -07:00
Tom Eastep
a05b957498
Corrections in the shorewall[6].conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-15 10:24:23 -07:00
Tom Eastep
31d35e0cbd
Minor cleanup of the Chains module
- Correct typos
- Correct 'P' trace entries
- Add parens and comments to calls

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-15 09:22:11 -07:00
Tom Eastep
bcacce7ed0
Rename a variable to avoid confusion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-14 15:45:24 -07:00
Tom Eastep
646c20491a
Fix indentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-14 15:45:00 -07:00
Tom Eastep
fa1173baaa
Correct typo in a comment
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-14 10:24:29 -07:00
Tom Eastep
72e21be89d
Add a handle back to the flow classifier
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-04 11:03:36 -07:00
Tom Eastep
1b1e2c58f9
Allow optional provider interfaces to match a wildcard
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-02 15:44:19 -07:00
Tom Eastep
decf9d3b3e
Correct comment formatting in 'trace' output
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-30 09:03:19 -07:00
Tom Eastep
a05623f49e
Don't delete duplicate COUNT rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-30 08:24:53 -07:00
Tom Eastep
0b9cd93769
Default DSCP rules to the POSTROUTING chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-27 13:59:15 -07:00
Tom Eastep
372359839b
Add 'comment' to alternative input
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-24 15:08:55 -07:00
Tom Eastep
4a6338d857
Correct/complete Scott Sumate's LOGFILE enhancement
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-15 14:25:02 -07:00
Roberto C. Sánchez
76b2b0de78
Debian init script: fix name of force-reload target (Closes: #830110) 2016-07-06 08:43:21 -04:00
Roberto C. Sánchez
7c9876241c
Debian init scripts: add run-level 1 to Default-Stop specification 2016-07-04 17:37:00 -04:00
Roberto C. Sánchez
8b36c2c1cf
Debian init scripts: more accurately describe what action is being taken 2016-07-04 13:34:33 -04:00
Tom Eastep
a02c745a83
Avoid silly duplicate rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-30 17:49:43 -07:00