holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity
12,493 Commits 104 Branches 736 Tags 54 MiB
ef01748dc9
Commit Graph

5756 Commits

Author SHA1 Message Date
Tom Eastep
82f9ba8bb7 Correct detection of IPv6 PERSISTENT_SNAT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-23 12:59:38 -08:00
Tom Eastep
6035d49ede Correct NAT capability required error message. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-23 11:57:32 -08:00
Tom Eastep
67ef1f8b93 Correct detection of IPv6 NAT_ENABLED. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-23 11:57:07 -08:00
Tom Eastep
8ed6642387 Modify reload_command() and export_command() to directly call compiler() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-22 16:15:41 -08:00
Tom Eastep
0afcf3c40c Merge branch '4.5.13' 2013-02-22 13:39:42 -08:00
Tom Eastep
64a52356e3 Replace g_directory with g_shorewalldir 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-22 13:37:31 -08:00
Tom Eastep
e14fe242bd Merge branch '4.5.13' 
Conflicts:
	Shorewall/lib.cli-std
 2013-02-20 14:41:30 -08:00
Tom Eastep
d2a221a9cd Correct handling of capbilities file in load/reload. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-20 14:40:23 -08:00
Tom Eastep
01fdfc4375 Merge branch '4.5.13' 2013-02-20 14:34:57 -08:00
Tom Eastep
0f0a66c2ab Correct handling of capbilities file in load/reload. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-20 14:34:32 -08:00
Tom Eastep
849813484c Merge branch '4.5.13' 2013-02-20 09:44:23 -08:00
Tom Eastep
2147a421f0 Correct Protocol in macro.DCC 
- From Orion Poplawski

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-20 09:41:24 -08:00
Tom Eastep
0349a9a88c Rename the IPv6 masq file 'snat'. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-19 13:05:24 -08:00
Tom Eastep
524d6242b0 More SNAT/DNAT manpage updates 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-19 12:42:09 -08:00
Tom Eastep
2591a17946 Cosmetic change to the output with the '-r' option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-19 11:59:57 -08:00
Tom Eastep
b562f7f311 Allow specification of destination addresses in Shorewall6 masq. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-19 08:34:03 -08:00
Tom Eastep
ce28c70c60 SNAT and DNAT support for IPv6. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-19 07:08:08 -08:00
Tom Eastep
d0b2d05d5b Add optional argument to have_capability(). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-18 15:15:26 -08:00
Tom Eastep
010c44d07a Correct description of the 'sourceroute' interface option. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-18 11:33:19 -08:00
Tom Eastep
088fc1a3a3 Report used/required capabilities 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-18 08:48:18 -08:00
Tom Eastep
6d92d293b8 Use 'here documents' in the usage() function. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-17 07:44:10 -08:00
Tom Eastep
bb5b6e42d6 Replace death sequences with calls to fatal_error() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-16 07:32:47 -08:00
Tom Eastep
ab5a11e91b Correct IPv6 address checking (again) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-15 14:26:08 -08:00
Tom Eastep
bfc958b94f Remove macros during uninstall. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-15 08:21:58 -08:00
Tom Eastep
acb72e7213 Give address-family specific help text for 'iptrace'. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-15 08:21:51 -08:00
Tom Eastep
5cc6894425 Defer reading .conf when processing the 'update' command. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-15 08:21:35 -08:00
Tom Eastep
4865e2c3af Save/use local SHAREDIR in reload_command 
- Remove SHAREDIR may differ from the local one

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-15 08:21:19 -08:00
Tom Eastep
4b01b42c34 Correct all configpath files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>

Conflicts:
	Shorewall/configpath
 2013-02-15 08:20:45 -08:00
Tom Eastep
a6d6cc9da7 Fix load, reload and export WRT shorewallrc. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-15 08:19:30 -08:00
Tom Eastep
e2ad98b364 Correct syntax error in Shorewall uninstall.sh 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-15 08:18:53 -08:00
Tom Eastep
1ede47034b Correct IPv6 List Handling 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-15 08:18:36 -08:00
Tom Eastep
536ee427da Remove macros during uninstall. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-15 07:05:29 -08:00
Tom Eastep
9eba41669e Give address-family specific help text for 'iptrace'. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-15 06:58:26 -08:00
Tom Eastep
7e2265dd23 Defer reading .conf when processing the 'update' command. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-15 06:51:37 -08:00
Tom Eastep
ab4dd54523 Save/use local SHAREDIR in reload_command 
- Remove SHAREDIR may differ from the local one

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-15 06:46:14 -08:00
Tom Eastep
7859267539 Eliminate $globals{CONFDIR} 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-14 17:24:49 -08:00
Tom Eastep
e486c16513 Correct all configpath files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-14 15:10:21 -08:00
Tom Eastep
f44e035a47 Fix load, reload and export WRT shorewallrc. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-14 10:21:26 -08:00
Tom Eastep
104c205230 Correct syntax error in Shorewall uninstall.sh 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-14 09:35:07 -08:00
Tom Eastep
c68513672d Comments and documentation. 
- Removes the Actions-4.5 article

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-14 08:48:45 -08:00
Tom Eastep
1ae6ed9c10 Use 'fatal_error' to report issues with params and .conf. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-14 06:52:43 -08:00
Tom Eastep
93b3fd9be5 Correct IPv6 address checking (again) 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-13 13:37:26 -08:00
Tom Eastep
0461e5de20 Standardize the 'Ordinary Users' error messages. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-13 12:45:28 -08:00
Tom Eastep
f8e5950fe5 Remove outdated comment from the configpath file. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-13 11:42:26 -08:00
Tom Eastep
138638cb1a Effectively use the specified directory as the CONFIG_PATH til .conf is read 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-13 07:45:24 -08:00
Tom Eastep
c5bb16ac26 Another fix for IPv6 address lists. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-13 07:44:19 -08:00
Tom Eastep
f44becdee1 Rename BLACKLIST_LOGLEVEL to BLACKLIST_LOG_LEVEL for consistent naming. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-12 07:47:02 -08:00
Tom Eastep
84c5822c20 Correct IPv6 List Handling 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-11 16:45:03 -08:00
Tom Eastep
b4977db5b2 Add %section_states that maps sections to their related state(s). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-11 14:59:48 -08:00
Tom Eastep
f23f7400d8 Merge branch '4.5.13' 2013-02-11 11:52:02 -08:00
Tom Eastep
db8f90f182 Remove allow_optimize() call from action.New. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-11 06:45:33 -08:00
Tom Eastep
8d0a80a7e2 Merge branch '4.5.13' 2013-02-11 06:40:11 -08:00
Tom Eastep
9f9220f854 Only look in the specified directory for params when compiling as non-root. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-11 06:36:32 -08:00
Tom Eastep
b9d5b92f1b Correct handling of expressions consisting of a single number. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 15:19:30 -08:00
Tom Eastep
b349cc0f22 A better fix for inline default action with parameters. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 09:29:30 -08:00
Tom Eastep
a312bfbb42 Add a section => name function map 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 09:27:43 -08:00
Tom Eastep
c35e753b1d A better fix for inline default action with parameters. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 09:16:18 -08:00
Tom Eastep
8b4349b356 Merge branch '4.5.13' 2013-02-10 09:05:41 -08:00
Tom Eastep
54c43396f0 Correct default action handling: 
- isolate basic target before testing for action/inline
- delete the action chain if appropriate.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 09:00:13 -08:00
Tom Eastep
f9dc89dc61 Allow arbitrary $n variables when IGNOREUNKNOWNVARIABLES=Yes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 07:56:04 -08:00
Tom Eastep
60e3f1015e Allow arbitrary $n variables when IGNOREUNKNOWNVARIABLES=Yes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-10 07:51:35 -08:00
Tom Eastep
8e0a90e077 Merge branch '4.5.13' 2013-02-09 17:54:06 -08:00
Tom Eastep
cadf2747fe Correct reset_optflags() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-09 17:53:40 -08:00
Tom Eastep
810ebe32ce Merge branch '4.5.13' 2013-02-09 13:15:44 -08:00
Tom Eastep
c04c61b314 Correct typos in check_rules(). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-09 11:42:54 -08:00
Tom Eastep
a8fdfa4e48 Create an ESTABLISHED chain 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-09 09:32:12 -08:00
Tom Eastep
a4297381e9 Don't ACCEPT untracked packets unless UNTRACKED_DISPOSITION=ACCEPT 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-09 09:15:05 -08:00
Tom Eastep
eaa6d72a4f Allow parameters to be omitted in action invocations. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-09 07:07:01 -08:00
Tom Eastep
e664b6bafb Correct action.TCPFlags 
- restore rule dropped when converted.
- remove cruft
- Correct parameter handling

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-08 15:39:04 -08:00
Tom Eastep
96d64d0a04 Remove extraneous default parameter from action.Untracked 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-08 13:00:54 -08:00
Tom Eastep
122a8358fc Correct the default action description in the New action. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-08 12:59:22 -08:00
Tom Eastep
acbff91d87 Remove 'default action' comments from the xxxInvalid actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-08 12:57:44 -08:00
Tom Eastep
1bd9e8b015 Correct allowInvalid and dropInvalid 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-08 10:49:12 -08:00
Tom Eastep
62a567b550 Treat each -m conntrack subtype as a separate match 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-08 10:08:23 -08:00
Tom Eastep
e4f1c62e71 Improve handling of nested state actions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-08 09:09:20 -08:00
Tom Eastep
b3caaaf707 Pass the state name to perl_action_helper() from the state actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-08 06:39:16 -08:00
Tom Eastep
b9e504683e Prevent a state action from invoking another one. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-07 16:52:06 -08:00
Tom Eastep
aae6e001fe Convert dropInvalid and allowInvalid to inline actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-07 11:21:13 -08:00
Tom Eastep
aa528dd075 Revert "Convert allowInvalid and dropInvalid into macros" 
This reverts commit 272e1d330c.
 2013-02-07 09:09:56 -08:00
Tom Eastep
e4ae242123 Another tweak to check_state() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-06 12:07:51 -08:00
Tom Eastep
272e1d330c Convert allowInvalid and dropInvalid into macros 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-06 09:54:12 -08:00
Tom Eastep
a66256b25b Additional refinements of check_state() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-06 08:16:42 -08:00
Tom Eastep
11b976fb36 Correct reference type in check_state() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-05 19:55:22 -08:00
Tom Eastep
a6ccd53fe0 Unconditionally use '-j' to branch to a state chain or DISPOSITION. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-04 15:17:49 -08:00
Tom Eastep
b22b63b1c3 Don't use '-g' when DISPOSITION is CONTINUE. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-04 15:09:17 -08:00
Tom Eastep
615df6ab8f Handle 'RETURN' in state chain with terminating disposition. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-04 15:08:20 -08:00
Tom Eastep
3757607356 Remove cruft from two actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-04 10:11:51 -08:00
Tom Eastep
f6faef7cd0 Correct syntax error in action.Untracked 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-04 09:58:38 -08:00
Tom Eastep
d8214885f2 Assume that the conntrack state value in a rule is not a reference. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-04 08:29:50 -08:00
Tom Eastep
475942deb9 Normalize rules prior to combine_state tests. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-03 18:14:14 -08:00
Tom Eastep
f1707d2ace More state rule check fixes. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-03 18:02:02 -08:00
Tom Eastep
c5dc69b750 Correct state actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-03 17:21:51 -08:00
Tom Eastep
30d96afb69 Push/pop $actionresult. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-03 12:43:28 -08:00
Tom Eastep
014b4ddc50 Combine adjacent rules differing only in conntrack state match. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-03 09:03:22 -08:00
Tom Eastep
61c219ed3a Clarify the CHAIN column in the accounting manpage. Also mention ipset support. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-03 08:00:24 -08:00
Tom Eastep
5b9d1a6159 Handle UNTRACKED_DISPOSITION=ACCEPT correctly. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-03 07:59:47 -08:00
Tom Eastep
752463bfab Fix TCPFlags 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-02 22:19:13 -08:00
Tom Eastep
ebef29e161 Handle port numbers being passed to one of the tcp-specific actions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-02 12:48:54 -08:00
Tom Eastep
9b30f48ba0 Correct handling of actions when @chain is altered. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-02 10:57:08 -08:00
Tom Eastep
e013e218a2 Don't try to import process_rule1 in three action files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-02 09:45:12 -08:00
Tom Eastep
0616dd9fcb Add 'New' action for conntrack state NEW 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-02 09:33:24 -08:00
Tom Eastep
8249831e6d Detect some state conflicts 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-02 09:32:57 -08:00
Tom Eastep
cc1054be66 Correct handling of audited dispositions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-02 09:30:25 -08:00
Tom Eastep
c68d4c6e27 Simplify Perl from actions even further. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-01 15:55:39 -08:00
Tom Eastep
752e960f2f Allow specification of the action type via perl_action_helper(). 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-01 12:59:48 -08:00
Tom Eastep
a5d3b1f470 Remove requirement that matches and proto end with a space in perl helper API. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-01 12:29:30 -08:00
Evangelos Foutras
c9247c8074 Remove Arch Linux init file 
Arch Linux only supports systemd now.

Signed-off-by: Evangelos Foutras <evangelos@foutrelis.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-02-01 10:13:54 -08:00
Tom Eastep
abca3a2024 Improve maintainability of @colums vis a vis @rulecolumns. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-30 10:47:40 -08:00
Tom Eastep
8d28c44946 Remove 'audit' parameter handling from new state actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-30 10:45:10 -08:00
Tom Eastep
f407068d20 Update shorewall[6]-actions(5) regarding inline for some standard actions 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-30 08:27:30 -08:00
Tom Eastep
755d605578 Make %statetable global 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-30 08:26:47 -08:00
Tom Eastep
78db4abef5 Remove some redundant local variables from finish_chain_section() 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-30 08:02:23 -08:00
Tom Eastep
fc73c3934b Replace BLACKLISTNEWONLY with BLACKLIST 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-30 08:00:47 -08:00
Tom Eastep
75fb164234 Don't issue fatal error if a proto other than tcp is passed to a tcp-only inline 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-29 10:31:20 -08:00
Tom Eastep
27c5e67632 Rename process_rule to process_raw_rule and process_rule1 to process_rule 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-29 10:13:48 -08:00
Tom Eastep
61d8f704f9 Correct rule-generation detection in perl_action_helper 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-29 09:43:12 -08:00
Tom Eastep
f33e36b61e Raise an error if a protocol other than TCP is passed to a TCP-only inline 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-29 07:46:50 -08:00
Tom Eastep
670931c987 Initialize the columns array to '-'s. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-29 07:46:07 -08:00
Tom Eastep
316b67473e Merge branch 'master' into 4.5.13 
Conflicts:
	Shorewall/Perl/Shorewall/Rules.pm
	Shorewall/action.Established
	Shorewall/actions.std
 2013-01-29 07:30:52 -08:00
Tom Eastep
42f46ea5e7 Accurately determine if an inline action generates a rule. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-28 20:46:20 -08:00
Tom Eastep
49166efdca Make the TCP standard actions inline 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-28 18:01:08 -08:00
Tom Eastep
5a2c1792cb Inline the conntrack state actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-28 16:55:54 -08:00
Tom Eastep
de2cf6edf3 Correct typo in the actions.std files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-28 12:08:00 -08:00
Tom Eastep
6b889e537f Correct typo in the actions.std files. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-28 12:07:04 -08:00
Tom Eastep
a70c441458 Add CONTINUE as a possible setting for RELATED_DISPOSITION. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-28 11:47:45 -08:00
Tom Eastep
519861d7b2 Add CONTINUE as a possible setting for RELATED_DISPOSITION. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-28 07:58:03 -08:00
Tom Eastep
2e8eeff416 Correct error messages that include the section name. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-28 07:41:52 -08:00
Tom Eastep
2217f89902 Correctly initialize $chainref->{sections} vis-a-vis FASTACCEPT. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-28 07:41:45 -08:00
Tom Eastep
5c63444c14 Correct error messages that include the section name. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-28 07:41:09 -08:00
Tom Eastep
cfa5d86f5c Correctly initialize $chainref->{sections} vis-a-vis FASTACCEPT. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-28 07:40:26 -08:00
Tom Eastep
f7bdb71aad Add an Established action. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-27 15:40:53 -08:00
Tom Eastep
819c8bf492 Add Established action. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-27 15:38:25 -08:00
Tom Eastep
b3b074fb61 More infrastructure 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-27 15:37:23 -08:00
Tom Eastep
cbbcfe355e Infrastructure for more powerful action handling 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-27 12:37:10 -08:00
Tom Eastep
2a2e23cb17 Merge branch '4.5.13' 2013-01-27 11:26:59 -08:00
Tom Eastep
1b94c3651d Always handle ESTABLISHED before the other connection states. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-27 10:56:41 -08:00
Tom Eastep
b1b2aa910e Correct section handling: 
- Correct typo (' INVALID' -> 'INVALID' )
- Don't jump to non-existent target in finish_chain_section()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-27 10:14:27 -08:00
Tom Eastep
aa609b87a9 Allow arbitrary actions for the various states. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-27 10:10:24 -08:00
Tom Eastep
a3a90d8d2e Correct section handling: 
- Correct typo (' INVALID' -> 'INVALID' )
- Don't jump to non-existent target in finish_chain_section()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-27 10:08:02 -08:00
Tom Eastep
6c8761c7dd Add a "matches" argument to process_rule1 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-27 08:21:30 -08:00
Tom Eastep
9194165e89 Handle explicit CONTINUE value for UNTRACKED_DISPOSITION 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-27 08:17:09 -08:00
Tom Eastep
6306103991 Clean up fix for optimize 8 performance issue 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-27 08:13:27 -08:00
Tom Eastep
749773f89a Handle explicit CONTINUE value for UNTRACKED_DISPOSITION 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-27 08:12:49 -08:00
Tom Eastep
5db317b6f7 Clean up fix for optimize 8 performance issue 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-27 07:55:55 -08:00
Tom Eastep
380d427a5d Dramatically reduce the CPU cost of optimize 8. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-26 17:46:31 -08:00
Tom Eastep
6ce392b08e Correct handling of handle_first_entry() to avoid runaway recursion. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-26 12:18:17 -08:00
Tom Eastep
69b660ba56 Add Related and Untracked actions. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-26 09:45:16 -08:00
Tom Eastep
5fa01728ad Pass UNTRACKED packets through the blacklist chain when BLACKLISTNEWONLY=Yes 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-26 09:18:20 -08:00
Tom Eastep
7bc66da663 Call handle_first_entry in the warning/error-message generators. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-26 07:30:50 -08:00
Tom Eastep
b8cc9c5a6a Drop chain-ending rules whose target is 'RETURN'. 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
 2013-01-25 14:03:04 -08:00