Tom Eastep
|
f59612671b
|
Don't optimize chains with '-m ipsec'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-16 07:33:01 -07:00 |
|
Tom Eastep
|
da4f7ee524
|
Handle ppp devices correctly in the 'enable' command.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-16 06:59:35 -07:00 |
|
Tom Eastep
|
b132176dae
|
Correct reference adjustment in new opt4 code
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-14 13:36:39 -07:00 |
|
Tom Eastep
|
8487c78a0a
|
Adjust reference counts when splicing in short chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-14 08:34:51 -07:00 |
|
Tom Eastep
|
fdc45a990d
|
Arrange for HELPER to match in the RELATED section.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-13 15:44:19 -07:00 |
|
Tom Eastep
|
44a550870c
|
Add HELPER action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-13 13:23:38 -07:00 |
|
Tom Eastep
|
bd3295b0e3
|
Remove temporary hack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-13 08:55:43 -07:00 |
|
Tom Eastep
|
45288f5927
|
Revise notrack/conntrack handling:
- Purge empty notrack files.
- Process both files.
|
2012-08-13 07:28:07 -07:00 |
|
Tom Eastep
|
75b830b10e
|
Merge branch 'master' into 4.5.7
|
2012-08-13 06:57:54 -07:00 |
|
Tom Eastep
|
4b2d48d621
|
Hardwire AUTOHELPERS until 4.5.8.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-13 06:48:19 -07:00 |
|
Tom Eastep
|
50362040d7
|
Enable automatic helper association during 'stop'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-12 08:46:06 -07:00 |
|
Tom Eastep
|
2f1d59366c
|
Unconditionally disable kernel automatic helper association during start.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-12 08:43:28 -07:00 |
|
Tom Eastep
|
b372163122
|
Enable automatic helper association during 'stop'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-12 08:42:53 -07:00 |
|
Tom Eastep
|
50bd1d6398
|
Add AUTOHELPER option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-12 07:25:11 -07:00 |
|
Tom Eastep
|
e6ef32ebc2
|
Make conditional directives case insensitive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-11 08:48:35 -07:00 |
|
Tom Eastep
|
a5824dc2d4
|
Optimize extension
- Eliminate short chains with a single reference.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-11 08:47:10 -07:00 |
|
Tom Eastep
|
b5af6f03fb
|
Create better rules when a HELPER appears in an action
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-11 07:48:03 -07:00 |
|
Tom Eastep
|
50dfffec94
|
Eliminate duplicate rules in raw-table chains when optimize level 16.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-10 07:09:01 -07:00 |
|
Tom Eastep
|
ad818c071a
|
Generate omnibus tracking rules when NAT/ACCEPT with helper appears in an action.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-10 06:55:18 -07:00 |
|
Tom Eastep
|
2ab50e65d7
|
Make conditional directives case insensitive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-09 10:30:02 -07:00 |
|
Tom Eastep
|
4d3fbd1dfa
|
Allow '?IF 0'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-08 07:24:17 -07:00 |
|
Tom Eastep
|
e8a4728981
|
Allow '?IF 0'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-08 07:23:43 -07:00 |
|
Tom Eastep
|
ee28638604
|
Add HELPERS to rules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-08 07:23:20 -07:00 |
|
Tom Eastep
|
a8495626b0
|
Merge branch '4.5.6' into 4.5.7
|
2012-08-07 15:10:15 -07:00 |
|
Tom Eastep
|
c6186571e5
|
Handle raw table zones from VSERVERS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-07 15:09:40 -07:00 |
|
Tom Eastep
|
ccf517307e
|
Handle raw table zones from VSERVERS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-07 14:51:58 -07:00 |
|
Tom Eastep
|
c007f847a0
|
Handle disabled helpers in pre-3.5 kernels.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-06 15:54:45 -07:00 |
|
Tom Eastep
|
b4c812b676
|
Correct helper parsing in the Raw module.
- Require (...) around multiple ctevents
- Detect invalid options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-05 08:09:17 -07:00 |
|
Tom Eastep
|
9a0d53194a
|
Correct Helper detection in the compiler.
Use CT_MATCH when available.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-05 08:08:20 -07:00 |
|
Tom Eastep
|
093985dd93
|
Use HELPERS to enable/disable helper association.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-03 19:26:02 -07:00 |
|
Tom Eastep
|
72307df6d2
|
Replace the AUTOHELPERS option with the HELPERS option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-03 10:53:20 -07:00 |
|
Tom Eastep
|
7689b1e84b
|
Remove the 'zone' helper option for now.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-03 06:39:58 -07:00 |
|
Tom Eastep
|
82c057d1ed
|
Fix *VERSION handling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 16:44:02 -07:00 |
|
Tom Eastep
|
21770a89d6
|
Detect which matches are available.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 15:38:23 -07:00 |
|
Tom Eastep
|
223ed5b3a3
|
More additions to the helper table and to the conntrack files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 13:25:44 -07:00 |
|
Tom Eastep
|
9ba0c07956
|
Redesign the CT:helper feature.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 11:10:08 -07:00 |
|
Tom Eastep
|
7d32258e6e
|
Correct Helpers Module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 11:09:34 -07:00 |
|
Tom Eastep
|
07e56d129a
|
Add AUTOHELPERS option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 11:09:18 -07:00 |
|
Tom Eastep
|
62d6d2558e
|
Rename AUTO_COMMENT to AUTOCOMMENT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 11:06:41 -07:00 |
|
Tom Eastep
|
833e54c9c3
|
Rename the notrack file to conntrack
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-02 11:02:17 -07:00 |
|
Tom Eastep
|
f2dd43855e
|
Correct typo in warning message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-01 13:13:18 -07:00 |
|
Tom Eastep
|
eaf238fa66
|
Merge branch '4.5.6'
|
2012-08-01 10:37:45 -07:00 |
|
Tom Eastep
|
542f279544
|
Don't allow a source interface in a DNAT/REDIRECT rule with source == firewall
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-08-01 10:01:08 -07:00 |
|
Tom Eastep
|
735b7c2cf5
|
Add support for nfacct
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-28 11:21:16 -07:00 |
|
Tom Eastep
|
87c0f934aa
|
Add NFacct Match capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-28 08:19:05 -07:00 |
|
Tom Eastep
|
55b527d065
|
Eliminate a local variable.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-15 20:22:19 -07:00 |
|
Tom Eastep
|
e1e7ab42c1
|
Make 'routefilter' and 'sfilter' mutually exclusive
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-15 10:37:56 -07:00 |
|
Tom Eastep
|
65b16a1acf
|
Compensate for bugs in the latest CPerl emacs extension
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-15 10:07:06 -07:00 |
|
Tom Eastep
|
1db79a91eb
|
'rpfilter' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-15 10:05:32 -07:00 |
|
Tom Eastep
|
e7cd84a72c
|
Implement rpfilter match capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
|
2012-07-15 07:54:46 -07:00 |
|