Tom Eastep
24e21e730e
Correct typo in add_common_rules()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-02-12 19:10:35 -08:00
Tom Eastep
421edccd3f
Delete INLINE_MATCHES from .conf files
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-02-12 19:09:42 -08:00
Tom Eastep
cf8a48f110
Delete deprecated actions and macros
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-02-12 19:08:18 -08:00
Tom Eastep
12bbbbfa2a
Merge branch '5.1.12'
...
# Conflicts:
# Shorewall/Perl/Shorewall/Config.pm
2018-02-09 17:16:12 -08:00
Tom Eastep
2a12e0950a
Allow pairs in braces to appear with ';;'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-02-09 12:58:18 -08:00
Tom Eastep
e47b57fd4a
Replace macro.SSDPServer with corrected macro.SSDPserver
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-02-09 08:45:03 -08:00
Tom Eastep
221753c3c0
INLINE_MATCHES=No in sample configs
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-02-08 12:53:20 -08:00
Tom Eastep
b14924bd64
New macros - Tuomo Soini
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-02-08 12:29:56 -08:00
Tom Eastep
c0a608ef84
Updated IPMI Macro (Tuomo Soini)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-02-08 11:59:55 -08:00
Tom Eastep
c518e85215
Clarify warning message regarding INLINE_MATCHES
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-02-08 11:21:38 -08:00
Tom Eastep
91c76f7559
Add INLINE_MATCHES=Yes to deprecated option list
...
- Issue a warning for each line requiring change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-02-07 19:08:28 -08:00
Tom Eastep
73b39abd62
Remove INLINE_MATCHES
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-02-07 14:41:49 -08:00
Tom Eastep
3903fe5fd9
Remove the 'refresh' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-02-07 12:38:24 -08:00
Tom Eastep
a3e10157de
Merge branch '5.1.12'
2018-02-06 17:35:31 -08:00
Tom Eastep
ebe09a95b8
Lightweight format_rule() for use in digest creation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-02-02 09:27:19 -08:00
Tom Eastep
7bdd69d151
Optimization category 8 tweaks
...
- Document cost of the category in shorewall.conf(5)
- Omit DONT_DELETE chains from consideration right off the bat
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-31 14:58:01 -08:00
Tom Eastep
a08f0cfe10
Avoid awkward blank lines
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-30 19:15:10 -08:00
Tom Eastep
09a81ae574
Omit trailing black space from the generated script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-30 14:31:54 -08:00
Tom Eastep
7042d586b2
Clarify BLACKLIST_DISPOSITION in shorewall.conf(5)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-30 13:54:03 -08:00
Tom Eastep
e17c4ac8af
Reorganize code around wait/Interface-variable fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-30 11:25:37 -08:00
Tom Eastep
a6000ee963
Reorganize code around wait/Interface-variable fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-30 11:25:04 -08:00
Tom Eastep
0ab1464f51
Merge branch '5.1.12'
2018-01-28 14:54:23 -08:00
Tom Eastep
789854adce
Revert "Correct order of optional interface and address variable handling"
...
This reverts commit fbee4a91fd
.
2018-01-28 14:54:06 -08:00
Tom Eastep
37101a2031
Merge branch '5.1.11' into 5.1.12
2018-01-28 13:15:42 -08:00
Tom Eastep
40bcfd15e5
Revert "Correct order of optional interface and address variable handling"
...
This reverts commit f4cae55c1e
.
2018-01-28 13:15:13 -08:00
Tom Eastep
230ab06e5d
Reverse order of required-interface and address variable processing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-28 13:10:44 -08:00
Tom Eastep
09cda21dd4
Revert "Correct order of optional interface and address variable handling"
...
This reverts commit 9253f90ac5
.
2018-01-28 12:29:38 -08:00
Tom Eastep
9253f90ac5
Correct order of optional interface and address variable handling
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-28 11:39:06 -08:00
Tom Eastep
f4cae55c1e
Correct order of optional interface and address variable handling
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-28 10:54:03 -08:00
Tom Eastep
fbee4a91fd
Correct order of optional interface and address variable handling
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-28 10:53:20 -08:00
Tom Eastep
cb7071a213
Clarify BLACKLIST_DISPOSITION in shorewall.conf(5)
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-28 10:52:35 -08:00
Tom Eastep
cdf5ad45d5
Eliminate the MAPOLDACTIONS option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-24 12:59:26 -08:00
Tom Eastep
070a67d665
Deimplement OPTIMIZE_USE_FIRST
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-24 11:56:20 -08:00
Tom Eastep
9796c58eb2
Add OPTIMIZE_MASK constant
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-23 13:15:44 -08:00
Tom Eastep
cabc20957f
Delete an unnecessary variable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-23 09:45:50 -08:00
Tom Eastep
a9a379c5a5
Implement INPUT SNAT
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-22 16:37:38 -08:00
Tom Eastep
3bf5066f82
Document multiple DEST interfaces in the snat file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-22 11:12:28 -08:00
Tom Eastep
64f704a964
Improve quoting in the route-balancing logic
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-21 14:46:51 -08:00
Tom Eastep
416224ee05
Correct typos and anachronisms in Chains.pm comments
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-21 11:53:58 -08:00
Tom Eastep
92ce1beddc
Move read_yesno_with_timeout() to lib.cli-std
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-20 14:26:13 -08:00
Tom Eastep
fb4b362724
Eliminate unnecessary local array
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-20 13:26:10 -08:00
Tom Eastep
97de2be778
Change a fatal_error() call with an assertion in add_policy_rules()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-19 13:39:51 -08:00
Tom Eastep
85cae3c7f8
Add parens to improve readability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-19 12:47:17 -08:00
Tom Eastep
acd425a3c2
Remove superfluous logic from validate_portpari1()
...
- Add comments
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-19 12:46:52 -08:00
Tom Eastep
4e6949f996
Document port masquerading
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-19 08:55:56 -08:00
Tom Eastep
5d7dcc3122
Unify variable style
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-18 13:42:13 -08:00
Tom Eastep
422d0b216a
Don't use the -quit option to Busybox find
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-18 13:39:44 -08:00
Tom Eastep
27a0f0f7a0
Make TRACK_PROVIDERS=Yes the default
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-10 08:46:01 -08:00
Tom Eastep
9ac075fd56
Clear the connection mark in tunneled packets from tracked providers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-09 17:12:14 -08:00
Tom Eastep
b2604583af
Revert "Clear the connection mark in tunneled packets from tracked providers"
...
This reverts commit 62c6411cb0
.
2018-01-09 17:01:51 -08:00
Tom Eastep
62c6411cb0
Clear the connection mark in tunneled packets from tracked providers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-09 14:51:57 -08:00
Tom Eastep
1bc90beb01
Update copyrights
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-07 15:01:46 -08:00
Tom Eastep
eaccf033c6
Update copyrights for 2018
...
- Update some header versions to 5.1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-07 14:24:01 -08:00
Tom Eastep
056711d304
Remove anachronistic comment
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-06 13:58:20 -08:00
Tom Eastep
0aa0bebe07
Reword error message
...
- "Invalid action name ..." to "Reserved action name ..."
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-06 13:56:36 -08:00
Tom Eastep
1a68d87c94
Don't enable forwarding in 'clear'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-04 15:39:07 -08:00
Tom Eastep
c518cfaa4a
Allow address variables to work correctly with the 'clear' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-03 08:58:28 -08:00
Tom Eastep
2c3f121835
Don't call setup_dbl() unconditionally
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-02 13:11:31 -08:00
Tom Eastep
18ba5c7311
Don't verify 'conntrack' utility for 'remote-' commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2018-01-02 11:52:35 -08:00
Tom Eastep
09980cc75e
Use split() in uptodate()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-31 15:59:28 -08:00
Tom Eastep
e0a757ea03
Quit find after finding the first newer file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-31 14:15:45 -08:00
Tom Eastep
550003f0f4
Only look at regular files when running 'find'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-31 14:09:51 -08:00
Tom Eastep
4f50303318
Merge branch '5.1.10'
...
# Conflicts:
# Shorewall/lib.cli-std
2017-12-31 14:06:52 -08:00
Tom Eastep
5053999442
Don't run 'find' in the PWD
...
- Also remove -mindepth so as to catch deletions in the directories
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-31 13:33:16 -08:00
Tom Eastep
6b5889177b
Correct startup_error() inadvertent change
...
- Switch ensure_root() back to calling startup_error()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-30 09:24:21 -08:00
Tom Eastep
377c9f5708
Only search files in each CONFIG_PATH directory - no recursion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-30 08:44:05 -08:00
Tom Eastep
45a164733b
Fix breakage of ipp2p
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-30 08:38:14 -08:00
Tom Eastep
6f82bfe7d1
Handle PROTO '-' in conntrack file processing.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-29 15:54:15 -08:00
Tom Eastep
4e5b98d3d9
Only search files in each CONFIG_PATH directory - no recursion
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-29 15:42:09 -08:00
Tom Eastep
078c781dfa
Allow override of :syn assumption in CT rules
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-29 15:15:33 -08:00
Tom Eastep
46f68c6dcb
Move adjustment of the protocol in process_conntrack_rule()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-29 13:51:33 -08:00
Tom Eastep
b42678269c
Revert "Add :syn to each TCP entry in the conntrack file"
...
This reverts commit f861f8da35
.
2017-12-29 13:08:27 -08:00
Tom Eastep
9bd10c0c00
Call fatal_error (not startup_error) when non-root does default compile
...
- Also reword the message
2017-12-29 12:49:43 -08:00
Tom Eastep
f861f8da35
Add :syn to each TCP entry in the conntrack file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-29 12:38:58 -08:00
Tom Eastep
9e3cb27d0a
Use the synchain name in log messages rather than the base chain name
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-28 14:13:50 -08:00
Tom Eastep
d8a22d13dd
Allow non-root to run many 'show' commands
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-28 10:49:09 -08:00
Tom Eastep
9afe8daae0
Merge branch '5.1.10'
...
# Conflicts:
# Shorewall-core/install.sh
# Shorewall/install.sh
2017-12-26 15:45:20 -08:00
Tom Eastep
43adcd26a1
Make the /etc and the configfiles .conf files the same
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
# Conflicts:
# Shorewall/install.sh
2017-12-26 15:39:26 -08:00
Tom Eastep
f2a565729f
Replace $PRODUCT with ${PRODUCT}
...
- Also correct one incidence of PRODUCT that should have been $PRODUCT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-26 14:00:00 -08:00
Tom Eastep
ea8b2a803a
Make the /etc and the configfiles .conf files the same
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-26 11:48:33 -08:00
Tom Eastep
16832149ca
Remove unneeded modification of $CONFDIR/$PRODUCT/$PRODUCT.conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-26 11:35:56 -08:00
Tom Eastep
7edf4918d7
Remove leading ":" from CONFIG_PATH in active shorewall[6].conf
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-26 10:27:19 -08:00
Tom Eastep
b1d1fa862a
Add comment noting that the 'physwild' interface member is currently unused
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-23 10:58:16 -08:00
Tom Eastep
24acf25451
Delete unused find_interfaces_by_option1()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-23 10:53:16 -08:00
Tom Eastep
229c47ac6c
Don't delete options that are to be ignored from %options
...
- specifying some options can have side-effects that cause
$interfaceref->{options}{$option} to be accessed
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-23 10:47:22 -08:00
Tom Eastep
38de9c1732
Make wildcard/option checks order-independent WRT the options
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-23 10:24:08 -08:00
Tom Eastep
17f4fd7cd2
Initialize $physwild to $wildcard
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-22 15:42:16 -08:00
Tom Eastep
cfd02c1bb6
More $minroot changes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-22 13:58:38 -08:00
Tom Eastep
19b7601c72
Improve handling of wildcard interfaces and options
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-22 13:43:45 -08:00
Tom Eastep
5a8e9cd0a3
Correct $minroot logic
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-22 09:08:27 -08:00
Tom Eastep
b5a6067588
Describe default interval and decay for rate estimator policing filters
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-20 09:04:52 -08:00
Tom Eastep
45468af2d2
Correct ingress policing for later releases of iproute2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-18 11:52:19 -08:00
Tom Eastep
4ab8e1f0a2
Remove PSH from the FIN action
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-05 15:25:54 -08:00
Tom Eastep
821d72093a
Rename DEFAULTACTION_SECTION to POLICYACTION_SECTION.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-02 16:25:15 -08:00
Tom Eastep
42d5d13780
Retain proto setting when switching inline <-> noinline
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-02 13:40:41 -08:00
Tom Eastep
7121a0f1b1
Disallow a protocol on the Reject Action
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-02 12:58:05 -08:00
Tom Eastep
ab12d63a4f
Change 'default action' to 'policy action' in comments and messages
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-02 12:55:17 -08:00
Tom Eastep
6ba1d5413b
Allow a protocol to be associated with an action
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-02 11:24:08 -08:00
Tom Eastep
4fc572f664
Exit the IPv6 AllowICMPs chain if packet isn't ipv6-icmp
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-01 14:50:17 -08:00
Tom Eastep
138e64c54a
Improve the documentation surrounding DNS names.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-12-01 09:25:20 -08:00