Tom Eastep
55ab498291
Don't enforce FASTACCEPT/BLACKLISTNEWONLY on convert
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-29 12:51:52 -07:00
Tom Eastep
de74273dbb
Assume EXPORTMODULES=No if it doesn't exist in old file during update
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-27 15:15:03 -07:00
Tom Eastep
af1e2f6c8b
Read capabilities file before the .conf file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-27 11:26:26 -07:00
Tom Eastep
dc2406d25b
update -t also converts the 'tos' file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 13:51:02 -07:00
Tom Eastep
e0734a45ee
Allow 'seconds' and 'minutes' in LOGLIMIT specifications
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 12:53:36 -07:00
Tom Eastep
28df894add
Improve 'update'
...
- convert BLACKLISTNEWONLY
- convert LOGRATE and LOGBURST
- default USE_DEFAULT_RT to No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 12:50:56 -07:00
Tom Eastep
b0bf726c7e
Let 'update' default USE_DEFAULT_RT to 'No'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 12:40:16 -07:00
Tom Eastep
ad06ec3eef
Correct IPV6 range parsing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 11:52:51 -07:00
Tom Eastep
71611233fb
Correct IPV6 range parsing
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-26 11:51:29 -07:00
Tom Eastep
7a98c7b9e5
More 'update' fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-25 15:55:49 -07:00
Tom Eastep
dc73832570
Delete unneeded 'my'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-25 14:36:53 -07:00
Tom Eastep
f5d1ec0243
Delete EXPORTPARAMS from %config
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-25 14:36:14 -07:00
Tom Eastep
f9ae28aeea
The -t option also converts the 'tos' file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-24 14:56:24 -07:00
Tom Eastep
f4776bf388
Eliminate WIDE_TC_MARKS, HIGH_ROUTE_MARKS and BLACKLISTNEWONLY
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-21 12:42:19 -07:00
Tom Eastep
80acdd2836
Disallow bare COMMENT, SECTION and FORMAT lines
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-21 11:18:40 -07:00
Tom Eastep
40d1d86d2c
Drop support for the 'tos' file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 15:35:03 -07:00
Tom Eastep
5af5c67c75
Update a message to refer to the 'mangle' file rather than 'tcrules'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 14:54:54 -07:00
Tom Eastep
7956c5f6e0
Update a message to refer to the 'mangle' file rather than 'tcrules'
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 14:48:29 -07:00
Tom Eastep
82330395e9
Correct grammer in an error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 09:25:32 -07:00
Tom Eastep
9f2958fd27
Correct wording of an error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-20 09:21:20 -07:00
Tom Eastep
39982c20c4
Restore the text of tcrules warning message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 12:34:35 -07:00
Tom Eastep
2b1f33c391
Don't unlink the tcrules file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 11:48:23 -07:00
Tom Eastep
1c33717cf5
Reverse the change to delete host routes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 11:06:28 -07:00
Tom Eastep
cd8fe38c85
Delete host routes added to the main routing table for providers
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 10:44:37 -07:00
Tom Eastep
d525419c65
Correct wording of an error message
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-19 10:44:00 -07:00
Tom Eastep
9d3f35a22d
Enable new update options in compiler.pl
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-16 11:57:36 -07:00
Tom Eastep
6bdf90631c
Fix a couple of bugs in 5.0.0
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-16 10:05:21 -07:00
Tom Eastep
c604823053
Default to FORMAT-2 macros and actions.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 16:11:41 -07:00
Tom Eastep
12f8cbae29
Correct the test for the existence of the routestopped file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 15:29:52 -07:00
Tom Eastep
4de6638385
Correct handling of termination after .conf file not updated
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 09:32:27 -07:00
Tom Eastep
0cef7fad35
Add conversion version and date to the converted files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 09:32:17 -07:00
Tom Eastep
ea2a35415e
Correct convert_blacklist()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 09:32:01 -07:00
Tom Eastep
4cc7a1b87d
Correct tcrules update
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
Conflicts:
Shorewall/Perl/Shorewall/Tc.pm
2015-08-14 09:31:36 -07:00
Tom Eastep
7c2a969de0
Correct handling of notrack file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-14 09:26:45 -07:00
Tom Eastep
fd46c0ffed
Correct handling of termination after .conf file not updated
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-13 15:42:38 -07:00
Tom Eastep
60acddbb37
Add conversion version and date to the converted files.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-13 14:37:13 -07:00
Tom Eastep
306dc34b31
Correct convert_blacklist()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-13 13:22:14 -07:00
Tom Eastep
f5c6a6fe82
Correct tcrules update
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-13 13:21:51 -07:00
Tom Eastep
af2b7910bd
Port update changes from 5.0.0
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-12 12:33:09 -07:00
Tom Eastep
2ab8bd3040
More update fixes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-09 14:31:47 -07:00
Tom Eastep
0d635632e3
Add conversion of notrack to conntrack
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-08 16:46:58 -07:00
Tom Eastep
fb2d261cdb
More Fixes for update
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-08 12:42:32 -07:00
Tom Eastep
88f9a3e255
Allow zero-valued options on multi-zoned interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-07 14:30:21 -07:00
Tom Eastep
4c4c5a436a
Allow zero-valued options on multi-zoned interfaces
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-07 14:09:08 -07:00
Tom Eastep
73c8b563a1
Add -s option to update to convert the routestopped file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-07 13:46:16 -07:00
Tom Eastep
0f61bd34e6
Drop support for the 'blacklist' zone option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 14:45:52 -07:00
Tom Eastep
f4620606b3
Drop support for the 'blacklist' file.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 14:35:51 -07:00
Tom Eastep
65baa7e3b8
Drop support for the tcrules file
...
- The upgrade -t option is still available
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 12:34:22 -07:00
Tom Eastep
e5c7ded951
Drop support for the 'notrack' file
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 11:36:54 -07:00
Tom Eastep
8bed5c9d65
Drop support for the IPSECFILE option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-08-03 10:11:52 -07:00
Tom Eastep
85648bded1
Deimplement several .conf options
...
- LOGRATE/LOGBURST
- EXPORTPARAMS
- LEGACY_FASTSTART
2015-08-01 11:11:35 -07:00
Tom Eastep
67589cab69
More version changes
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-28 10:59:11 -07:00
Tom Eastep
fa7248c58c
Add the LEGACY_RESTART option.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-27 09:19:52 -07:00
Tom Eastep
0a7c65ae0d
Allow connlimit by destination
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 14:26:58 -07:00
Tom Eastep
6e0fb1ab88
Correct syntax error
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 14:16:12 -07:00
Tom Eastep
a00bf196a3
Remove all workarounds
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 10:27:30 -07:00
Tom Eastep
f9ec0c6930
New 'reload' and 'restart' semantics
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-26 09:59:49 -07:00
Tom Eastep
d0fc7f6547
Add some comments to the Zones module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-13 12:57:00 -07:00
Tom Eastep
5704438a44
Second Wave of changes to make script output reproducable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-12 15:00:41 -07:00
Tom Eastep
014ec1af1d
First phase of producing consistent scripts with Perl >= 5.18.0
...
Beginning with Perl 5.18.0, the order of elements returned by the 'keys'
and 'each' iterators is no longer deterministic. This is the first wave
of Shorewall changes to compensate for this irrational behavior.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-12 10:54:48 -07:00
Tom Eastep
4995456563
Clean up compiler PATH fix
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 14:33:20 -07:00
Tom Eastep
c6f48a77e0
Only add dhcp rule if one rpfilter interface has the 'dhcp' option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 12:21:04 -07:00
Tom Eastep
e7792fc868
Exempt IPv4 DHCP broadcasts from rpfilter
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 10:03:03 -07:00
Tom Eastep
c47abe416a
Add default PATH to current PATH in the compiler
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-07-03 09:38:06 -07:00
Tom Eastep
9f08726794
Eliminate running the script twice is some cases
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-26 14:32:43 -07:00
Tom Eastep
116e85e040
Cosmetic cleanup of the Compiler module
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-08 11:27:37 -07:00
Tom Eastep
2956698298
Corrections to WORKAROUNDS implementation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-06 12:15:03 -07:00
Tom Eastep
eb6be0e84d
Remove old comment that now makes no sense
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-01 15:55:06 -07:00
Tom Eastep
019e49b481
Implement WORKAROUNDS option
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-06-01 12:59:25 -07:00
Tom Eastep
9a3c43b6d3
Make NFQUEUE parsing more robust
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-30 07:01:30 -07:00
Tom Eastep
0a45c7a646
Another Tweak to the NFQUEUE parser
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-30 06:38:21 -07:00
Tom Eastep
f227250959
Fix NFQUEUE parsing and documentation
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-29 18:19:35 -07:00
Tom Eastep
29a0c92918
Fix ancient bug in old parameter syntax
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-29 14:39:48 -07:00
Tuomo Soini
4edd6026f0
prog.footer: disabling already disabled inteface is not an error.
...
Neither is enabling already enabled interface
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2015-05-29 22:15:55 +03:00
Tom Eastep
18348ef6f1
Clean up distribute_load()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-27 06:58:10 -07:00
Tom Eastep
93c7e2c2f7
Change the way in which a warning message is suppressed
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-26 15:54:41 -07:00
Tom Eastep
602315938c
Correct the load distribution algorithm
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-26 14:59:20 -07:00
Tom Eastep
ca35f565e0
Return success exit status when no ipsets are saved by the script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-25 07:36:00 -07:00
Tom Eastep
631ebdecb8
load= enhancements
...
- Normalize loads to 0.nnnnnnnn
- Issue warning if the loads don't sum to 1.000000
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-23 08:05:58 -07:00
Tom Eastep
c851e03313
Don't try to use a probibility >= 1.00000000
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-23 07:06:31 -07:00
Tom Eastep
c7ca3119ef
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-05-22 07:20:51 -07:00
Tom Eastep
ba7afcaeae
Make 'call' a supported command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-21 10:38:35 -07:00
Tom Eastep
809e56cef6
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-05-21 09:04:35 -07:00
Tom Eastep
e3805b0ada
Implement 'call' in the compiled script
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-21 09:00:11 -07:00
Tom Eastep
f1b6e71e56
Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code
2015-05-20 10:59:06 -07:00
Tom Eastep
f77d649ac7
Make policy descriptions match what the user entered rather than what was generated by the compiler
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-20 10:58:57 -07:00
Tom Eastep
267637f139
NFQUEUE enhancements
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-20 10:55:21 -07:00
Tom Eastep
acd921cd08
Don't require a helper for ctevents and expevents
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-16 13:40:40 -07:00
Tom Eastep
9329e7c36c
Don't require a helper in the CT action.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-16 09:08:32 -07:00
Tom Eastep
50d1a719f9
Delete superfluous test
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-08 09:48:58 -07:00
Tom Eastep
3bb1f74283
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code into 4.6.9
2015-05-05 11:28:13 -07:00
Tuomo Soini
87eca92b10
lib.core: use consisten indenting
2015-05-05 20:40:17 +03:00
Tom Eastep
b58aadad01
Correct Syntax error in the generated code.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-04 08:23:42 -07:00
Tom Eastep
6dcd8174ee
Don't require interfaces on stop, clear, etc.
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-05-04 08:23:10 -07:00
Tom Eastep
3f17a8cf24
Update the program header information in lib.core
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 13:13:06 -07:00
Tom Eastep
2cea78e6df
Add the 'reenable' command
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 13:02:12 -07:00
Tom Eastep
0abd51c796
Fix module versioning
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 11:59:01 -07:00
Tom Eastep
86e053be7a
More optimization of detect_configuration()
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-28 11:32:45 -07:00
Tom Eastep
75d18139f7
Optimize detect_configuration() for enable/disable
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-25 15:46:19 -07:00
Tom Eastep
42f75f7ba2
Correct SetEvent and ResetEvent
...
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2015-04-25 12:56:36 -07:00