Tom Eastep
f4102417ff
Shorewall::Config changes for TPROXY from 4.5
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-17 08:15:14 -08:00
Tom Eastep
07cdb8ca82
Backport TPROXY from 4.5
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-17 08:12:44 -08:00
Tom Eastep
47007c5dbd
Allow protocol to be expressed in octal or hex
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 14:20:47 -08:00
Tom Eastep
aad8ea837a
Allow port numbers to be specified in Hex
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 14:00:47 -08:00
Tom Eastep
5ec7759d81
Don't pass an undefined value to fatal_error when numeric conversion fails.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 12:35:18 -08:00
Tom Eastep
4bf0b8e1dd
Add new configuration options and optimization changes from 4.5
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 09:53:53 -08:00
Tom Eastep
d5cc302ad9
Start 4.4.7
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-16 08:11:13 -08:00
Tom Eastep
ebf1e55609
Version to 4.4.6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 15:38:19 -08:00
Tom Eastep
880cd269c7
More mark geometry misses
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 12:16:40 -08:00
Tom Eastep
72de96760f
One more 0xFF -> $globals{TC_MASK} fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 12:11:00 -08:00
Tom Eastep
10c5630786
A few more instances of TC_MASK
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 10:50:14 -08:00
Tom Eastep
555133fa3c
Bump version to 4.4.6-Beta2
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 10:14:31 -08:00
Tom Eastep
b4b6dce7c8
Add some comments
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 08:12:00 -08:00
Tom Eastep
4821d5e8b7
Change quantum to 1875 for simple TC SFQ.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-13 08:11:49 -08:00
Tom Eastep
f69a741691
Port Simplified TC to 4.4.6
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 17:01:20 -08:00
Tom Eastep
7e183e8eb4
Change version to 4.4.6-Beta1
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 15:57:55 -08:00
Tom Eastep
57672d096c
Don't invoke 4.5 optimization under 4.4.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 15:47:14 -08:00
Tom Eastep
ae31a09e8b
Move code and add comments:
...
- Declare all of the 'preview' helpers together in Chains.pm
- Add some clarifying comments in the compiler.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 15:32:59 -08:00
Tom Eastep
4420eed8d7
Allow users to preview the generated ruleset.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-12 15:32:50 -08:00
Tom Eastep
6b085b7897
Update module versions
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 18:54:23 -08:00
Tom Eastep
5b4e9eb8e6
Revert change with migration issue
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 15:30:33 -08:00
Tom Eastep
0b549c7a15
Suppress mark geometry output
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 14:55:42 -08:00
Tom Eastep
1a74dbf93e
Add mark geometry changes to Shorewall::Chains and Shorewall::Compiler
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 14:39:22 -08:00
Tom Eastep
01293427f5
Add Mark Geometry changes to Shorewall::Tc
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 14:29:34 -08:00
Tom Eastep
4f5bb5e90b
Add new mark geometry changes to Shorewall::Providers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 14:22:01 -08:00
Tom Eastep
d2d2912534
Add New mark geometry variables to Shorewall::Config
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-11 14:16:03 -08:00
Tom Eastep
4e50ea14ea
Back out EXMARK detection since it is unused in 4.4.
...
Long overdue change to LIBVERSION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-09 09:30:25 -08:00
Tom Eastep
b0feeb805d
Fix typo in clear_firewall()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-09 07:28:57 -08:00
Tom Eastep
e6c0c8f6b7
Allow both <...> and [...] for IPv6 Addresses
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-08 13:55:13 -08:00
Tom Eastep
83c2473d78
Correct typo in error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-06 08:26:13 -08:00
Tom Eastep
ca4eee3ae4
Correct handling of 'refresh' failures
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-06 08:01:46 -08:00
Tom Eastep
605da92eca
Don't try to restore ipsets when 'restore' is being used to recover
...
from a start/restart failure.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-06 07:44:34 -08:00
Tom Eastep
d362af9fb6
Set CAPSVERSION to 4.4.7 just to be safe.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-05 10:00:29 -08:00
Tom Eastep
ab1dc03986
Implement EXMARK capability
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-05 09:35:11 -08:00
Tom Eastep
d6123a8fbc
Improve IPSET_SAVE restore logic:
...
- Call startup_error() rather than fatal_error()
- Call startup_error when restore-ipsets file exists but Shorewall is running
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-04 14:23:33 -08:00
Tom Eastep
4e0f9b2ef3
Make save/restore work with SAVE_IPSETS=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-04 12:43:12 -08:00
Tom Eastep
1aa55779e2
Re-enable SAVE_IPSETS=Yes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-04 11:14:45 -08:00
Tom Eastep
a1fd3aa7e3
Add a hack to work around a 'feature' of xtables-addons on Lenny
...
Be more careful about checking for the ipset utility before saving the ipsets
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-04 10:15:27 -08:00
Tom Eastep
55e874b23f
Update copyrights
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2010-01-01 12:58:27 -08:00
Tom Eastep
65c282af8b
Delete temporary nat chain used in capabilities detection.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2009-12-31 10:42:21 -08:00
Tom Eastep
ea2ab6e4b6
A better solution to Marcus Limosani's issue
2009-12-29 08:22:15 -08:00
Tom Eastep
f568f3df9e
Final fix for Marcus Limosani's problem
2009-12-28 15:05:54 -08:00
Tom Eastep
738a6de11b
Make use of interface chains deterministic
2009-12-28 07:36:15 -08:00
Tom Eastep
f933816735
Simplify handling of packet clearing
2009-12-26 15:04:41 -08:00
Tom Eastep
d62f3a4fed
Set version to 4.4.6
2009-12-24 08:00:59 -08:00
Tom Eastep
f233b86278
Fix 'forward' interface option in IPv6
2009-12-24 07:51:44 -08:00
Tom Eastep
e38df7efcb
Fix another bug in ROUTE_FILTER Handling
2009-12-23 15:13:43 -08:00
Tom Eastep
e37cf0a370
Fix other issues with rp_filter fix
2009-12-20 15:54:41 -08:00
Tom Eastep
61b2ed7b57
Fix bug that prevented routefilter=2
2009-12-19 16:57:16 -08:00
Tom Eastep
d5914addd1
Disallow port 00
2009-12-19 14:59:03 -08:00
Tom Eastep
19af1a081c
Handle kernel 2.6.31 and rp_filter
2009-12-19 13:47:12 -08:00
Tom Eastep
4f4d77be48
Add Kernel Version to the capabilities
2009-12-19 12:42:39 -08:00
Tom Eastep
24ddacb4a7
Adjust module versions
2009-12-19 07:35:30 -08:00
Tom Eastep
10ae98571b
Revert change that allowed out of order policies
2009-12-19 07:20:00 -08:00
Tom Eastep
182ed24b02
Add a comment to process_rule1()
2009-12-14 15:52:16 -08:00
Tom Eastep
576cd76842
Remove superfluous logic from process_rule1
2009-12-14 14:49:38 -08:00
Tom Eastep
e9d12cfc11
Remove superfluous line of code
2009-12-14 07:17:55 -08:00
Tom Eastep
9988cfb619
Remove silly logic in expand_rule()
2009-12-10 08:00:18 -08:00
Tom Eastep
3214b14197
Fix macro handling of SOURCE and DEST columns
2009-12-08 13:29:06 -08:00
Tom Eastep
5e1f550b69
Fix ENHANCED_REJECT and MODULE_SUFFIX
2009-12-07 13:51:54 -08:00
Tom Eastep
7a6ad80c8a
Make kernel version detection work with non-standard version naming such as found on OpenWRT
2009-12-06 10:42:28 -08:00
Tom Eastep
4bf55883ee
Auto-load cls_flow
2009-12-03 12:15:23 -08:00
Tom Eastep
4494272dcd
Improve error message
2009-11-29 09:55:32 -08:00
Tom Eastep
8c033de049
Fix limit check on TC mark values
2009-11-28 14:05:27 -08:00
Tom Eastep
e582f222ad
Backout another Patch from the Virtual Zone Sequence and re-apply a couple of small optimizations
2009-11-28 07:25:31 -08:00
Tom Eastep
e5106f10bc
Revert 8ff4d004c0
2009-11-28 07:23:23 -08:00
Tom Eastep
4e8d753682
Revert "Finish Virtual Zones"
...
This reverts commit 222c8cf88f
.
2009-11-28 07:20:52 -08:00
Tom Eastep
d1812b4174
Revert "Fix a couple of bugs in virtual zones"
...
This reverts commit 22991ac9dd
.
2009-11-28 07:20:28 -08:00
Tom Eastep
038b84e775
Revert "Small optimization in virtual zones"
...
This reverts commit 251d7116c8
.
2009-11-28 07:20:01 -08:00
Tom Eastep
f21c71d7a6
Revert "Match section rules to the number of mark rules"
...
This reverts commit 1699d8e941
.
2009-11-28 07:19:41 -08:00
Tom Eastep
0b1621027b
Revert "Make 'virtual' a zone type rather than an option"
...
This reverts commit 18eedf7e34
.
2009-11-28 07:19:10 -08:00
Tom Eastep
ea2c55a993
Revert "Fix off-by-one problem"
...
This reverts commit 543af8bccb
.
2009-11-28 07:18:07 -08:00
Tom Eastep
f5bf3c9b43
Fix merge conflicts
2009-11-28 07:16:03 -08:00
Tom Eastep
7352771c5d
Fix .spec history to omit false steps
2009-11-27 12:29:11 -08:00
Tom Eastep
543af8bccb
Fix off-by-one problem
2009-11-27 08:56:23 -08:00
Tom Eastep
7f16e96167
Set version to 4.4.5 Beta1
2009-11-27 08:52:37 -08:00
Tom Eastep
18eedf7e34
Make 'virtual' a zone type rather than an option
2009-11-27 08:17:18 -08:00
Tom Eastep
1699d8e941
Match section rules to the number of mark rules
2009-11-26 17:12:11 -08:00
Tom Eastep
251d7116c8
Small optimization in virtual zones
2009-11-26 14:48:46 -08:00
Tom Eastep
22991ac9dd
Fix a couple of bugs in virtual zones
2009-11-26 14:19:10 -08:00
Tom Eastep
222c8cf88f
Finish Virtual Zones
2009-11-26 12:14:58 -08:00
Tom Eastep
8ff4d004c0
Better virtual zone implementation
2009-11-25 18:14:14 -08:00
Tom Eastep
8263ea1312
Limit providers to 15
2009-11-25 12:18:08 -08:00
Tom Eastep
d189c08533
Revert "Add 'virtual' zone support"
...
This reverts commit a2cd4bd1f4
.
2009-11-25 11:51:13 -08:00
Tom Eastep
a2cd4bd1f4
Add 'virtual' zone support
2009-11-25 09:42:28 -08:00
Tom Eastep
4c40b205f8
Revert "Experimental explicit CONTINUE"
...
This reverts commit 10056a03d9
.
2009-11-24 13:14:24 -08:00
Tom Eastep
10056a03d9
Experimental explicit CONTINUE
2009-11-24 12:50:53 -08:00
Tom Eastep
cd84efea94
Yet one more change to IPv6 address validation
2009-11-24 08:29:12 -08:00
Tom Eastep
deb45c5a27
Yet another IPv6 Address Normalization fix
2009-11-23 15:57:12 -08:00
Tom Eastep
bdb673a642
More IPv6 fixes
2009-11-23 15:21:25 -08:00
Tom Eastep
1710f9ce7c
Several fixes to IPv6 Address Handling
2009-11-23 14:44:53 -08:00
Tom Eastep
9d85d0ff7a
Allow IPv6 DNS names in net contexts
2009-11-23 13:51:46 -08:00
Tom Eastep
5610f78a48
Update version of Shorewall::Policy; improve 'expanded' description in Shorewall::Chains
2009-11-23 11:31:38 -08:00
Tom Eastep
99a35c1bf0
Allow <zone>::<serverport> in the rules file DEST column
2009-11-23 09:33:16 -08:00
Tom Eastep
5b02ef68a5
Simplify port == 0 test
2009-11-22 09:00:03 -08:00
Tom Eastep
d4ff629fd8
Generate error on port == 0
2009-11-22 08:44:11 -08:00
Tom Eastep
6e9d9e239d
Apply 4.4.4.1 changes to master
2009-11-22 08:20:07 -08:00
Tom Eastep
4aeee6fd8b
Make 'expanded' apply to all wildcard policies
2009-11-21 14:18:01 -08:00
Tom Eastep
c7de19cf39
Allow specific policy to supersede an expanded one
2009-11-21 13:56:40 -08:00
Tom Eastep
cbe944c354
Open the 4.5.0 Thread
2009-11-21 11:41:10 -08:00