Commit Graph

4822 Commits

Author SHA1 Message Date
Tom Eastep
acb2e2a8ab Implement mss= in hosts file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-12 15:14:35 -07:00
Tom Eastep
0223439e2b Don't compile if ${DESTDIR}
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-12 14:02:44 -07:00
Tom Eastep
fa9f8329b5 Apply two patches from Tuomo Soini
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-12 13:57:37 -07:00
Tom Eastep
4ffcd80b02 Don't test compilation if $DESTDIR
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-11 09:49:26 -07:00
Tom Eastep
48570227ba Big cleanup of TOS handling
- Validate settings/matches
- Allow setting in the tcrules file.
- Deprecate /etc/shorewall[6]/tos
2012-03-09 16:16:25 -08:00
Tom Eastep
c112f20e17 Tighten editing of LENGTH column(s)
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-07 14:07:04 -08:00
Tom Eastep
05f025e422 Don't install isusable script by default
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-07 07:46:53 -08:00
Tom Eastep
3ee9150deb Fix syntax error in the generated script
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-06 09:15:34 -08:00
Tom Eastep
b2842ae8d4 Don't allow reserved variables to be set in params
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-05 15:42:53 -08:00
Tom Eastep
dff5136134 Correct issues with debugging the generated script
a) Rename DEBUG to g_debug_iptablesb
b) Clear all of the tables prior to handling iptables-restore input.
2012-03-05 15:21:10 -08:00
Tom Eastep
a84e131115 Fix bug in DSCP implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-03-05 09:50:15 -08:00
Tom Eastep
aab6e67e70 Omit non-default geometry settings from updated shorewall.conf.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-29 12:34:06 -08:00
Tom Eastep
61bf2d5bfd Fix installer
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-25 16:02:20 -08:00
Tom Eastep
016fe4bcf1 Merge branch 'master' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall
Conflicts:
	Shorewall-core/install.sh
	Shorewall/install.sh

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-25 07:30:07 -08:00
Roberto C. Sanchez
87381a0f65 FIx typos 2012-02-24 23:02:30 -05:00
Tom Eastep
47453a20f7 Tweak to Run-time gateway variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-24 09:02:04 -08:00
Tom Eastep
b78d4ca41f Correct typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-23 13:54:50 -08:00
Tom Eastep
7273f4d8d4 Implement run-time gateway variables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-23 13:36:00 -08:00
Tom Eastep
37a3dbb6f6 Don't install SysV init script if systemd is specified.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-23 10:59:10 -08:00
Tom Eastep
c252005e25 Add support for packager's config file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-23 10:07:02 -08:00
Tom Eastep
c975cddfda Correct init script installation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-22 14:51:41 -08:00
Tom Eastep
a6afac0f3c Use standard rpm macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-22 13:32:10 -08:00
Tom Eastep
ef850e4537 Use standard rpm macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-22 12:40:16 -08:00
Tom Eastep
2624005fa8 Fix FORMAT-2 interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-21 16:41:56 -08:00
Tom Eastep
20f990f2eb Fix install on SuSE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-21 14:24:50 -08:00
Tom Eastep
7de961ebfe Fix broken init scripts.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-21 13:16:12 -08:00
Tom Eastep
f6cc44eb6b Rename HOST -> TARGET and BUILD -> HOST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-21 13:00:09 -08:00
Tom Eastep
3acd01a44d Rename some variables:
HOST -> TARGET
%initdir -> %shorewall_initdir

Also add %shorewall_target

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-21 12:34:41 -08:00
Tom Eastep
d5af9c360d Implement FORMAT-2 interfaces file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-21 11:23:58 -08:00
Tom Eastep
2137840fec Fix bug in DSCP support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-20 16:40:11 -08:00
Tom Eastep
ed9e03b095 Correct FEDORA/REDHAT fiasco
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-20 16:11:28 -08:00
Tom Eastep
3180e13719 Require LIBEXEC and LIBPERL to be absolute path names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-20 12:04:00 -08:00
Tom Eastep
9869b4c068 Rename environmental variables:
INSTALLSYS => BUILD
TARGET     => HOST

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-20 10:12:52 -08:00
Tom Eastep
8c981e0464 Cleanup of install scripts based on feedback from Mr. Dash4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-20 10:08:42 -08:00
Tom Eastep
a1ec1dc178 Add DSCP match support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-20 08:47:48 -08:00
Tom Eastep
e2f4af6e48 Create a Perl-style switch statement to handle irregular entries in
the tcrules file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-19 17:28:49 -08:00
Tom Eastep
b1272e8835 Add DSCP target support.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-19 17:04:16 -08:00
Tom Eastep
75d5957020 Unify 'dont_' chain flags
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-19 14:20:09 -08:00
Tom Eastep
1896e56894 Rework some newbie code in add_group_to_zone()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-19 08:39:17 -08:00
Tom Eastep
7cd7f1ebbe Make zone-option hashes and constants global
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-19 08:30:39 -08:00
Tom Eastep
7fef97d92d Fix compiler crash from unknown interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-18 10:02:39 -08:00
Tom Eastep
cd3a9854f8 Change ipset flags error to a warning
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-18 08:22:16 -08:00
Tom Eastep
f8057fed88 Correct typo in the modified install scripts.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-18 08:21:50 -08:00
Tom Eastep
6d13069ffb Correct usage text for 'update'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-18 08:17:52 -08:00
Tom Eastep
59fea1a05d Add a SWITCH column to /etc/shorewall/masq
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-18 08:17:14 -08:00
Tom Eastep
1c7476fe61 Validate SOURCE/DEST fit for ipset flags
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-17 15:46:28 -08:00
Tom Eastep
58f0425d4a Correct a typo in the blrules manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-17 15:33:45 -08:00
Tom Eastep
ee7ea4adb9 Unify the supported install script os/distro set.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-17 15:26:02 -08:00
Tom Eastep
8a3f1f7111 Merge branch '4.5.0' 2012-02-17 13:39:22 -08:00
Tom Eastep
33b0821f8d Separate install system from target system in the install.sh scripts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-17 13:22:06 -08:00
Tom Eastep
29fcb9b08f Apply Simon Mater's patch for LIBEXEC/PERLLIB
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-13 12:57:07 -08:00
Tom Eastep
460efbac77 Merge branch '4.5.0' 2012-02-11 11:36:38 -08:00
Tom Eastep
09078cf6ad Add comments to add_interface_options()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-07 14:20:11 -08:00
Tom Eastep
f5c09a9e2e Restore 'update -b' functionality
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-07 07:40:35 -08:00
Tom Eastep
f4be778b86 Restore 'update -b' functionality
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-07 07:38:07 -08:00
Tom Eastep
bd959884cc Don't require a MARK value on the default class.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-06 14:40:22 -08:00
Tom Eastep
a87a981a2e Merge branch '4.5.0' 2012-02-05 13:19:54 -08:00
Tom Eastep
e8875ae50b Sort emitted param settings in export_params()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-05 10:03:47 -08:00
Tom Eastep
8561bb77ee Delete the BLACKLIST entry in %sections 2012-02-05 09:40:02 -08:00
Tom Eastep
b462503527 Merge branch '4.5.0' 2012-02-05 07:26:39 -08:00
Tom Eastep
7887def6ad Move manpages directories to their respective product directories
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-05 07:09:27 -08:00
Tom Eastep
6cf7a98eeb Move Samples into the corresponding product directory
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-04 17:18:55 -08:00
Tom Eastep
6fb45b159d Merge branch '4.5.0' 2012-02-04 10:52:52 -08:00
Tom Eastep
0b0ab57b66 Correct mask generation in get_routed_networks()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-04 10:30:34 -08:00
Tom Eastep
a25075d3c5 Minor cleanup of Rules file
- Correct comments
- Delete stale comments
- Simplify a statement in process_rules1()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-03 10:34:53 -08:00
Tom Eastep
63aaeb37c4 Remove redundant prototype.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-03 10:34:37 -08:00
Tom Eastep
99e0a340b1 Cosmetic changes to Zones.pm source
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-03 10:34:30 -08:00
Tom Eastep
b5e3a41e13 Remove redundant logic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-03 10:34:20 -08:00
Tom Eastep
5c30c236a3 Minor cleanup of Rules file
- Correct comments
- Delete stale comments
- Simplify a statement in process_rules1()

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-03 09:53:43 -08:00
Tom Eastep
cdf284a4ee Remove redundant prototype.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-03 09:06:20 -08:00
Tom Eastep
57d1b29d1e Cosmetic changes to Zones.pm source
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-03 07:29:13 -08:00
Tom Eastep
25031c3a42 Remove redundant logic
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-03 07:21:28 -08:00
Tom Eastep
0c1beb50ae Add 'IMQ Target' capability to tcrules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-02 12:54:00 -08:00
Tom Eastep
ab04a7fb46 Fix comments -- reflect changes done during the irule implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-01 13:53:12 -08:00
Tom Eastep
45a1f9df4f Streamline exclusion of the %vserver% pseudo-interface.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-02-01 10:25:26 -08:00
Tom Eastep
3f42b6d76f Merge branch 'master' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall 2012-01-25 20:41:50 -08:00
Tom Eastep
df3bded324 Simply getparams as a result of the new lib.cli variable-setting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-25 20:41:08 -08:00
Tom Eastep
7cd05fd874 Correct routing commands in proxy NDP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-21 19:58:47 -08:00
Tom Eastep
aeac7cacb0 Make shorewall-init work again.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-20 09:10:13 -08:00
Tom Eastep
7d1bb30175 Merge branch 'master' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall 2012-01-17 13:12:01 -08:00
Tom Eastep
d1c162e2e8 Merge branch 'master' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall 2012-01-17 13:02:49 -08:00
Tom Eastep
fc5f439b4b Generate prio 999 rule when USE_DEFAULT_RT=Yes, even when there are no balance providers.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-17 13:00:34 -08:00
Tom Eastep
ed3a623184 Cosmetic and maintainability improvements:
1. Export optimization masks from Shorewall::Chains for use in
   Shorewall::Compiler.
2. Move capability reporting and checkint from Shorewall::Compiler to
   Shorewall::Config.
3. Eliminate some gratuitous black lines.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-17 07:24:12 -08:00
Tom Eastep
3120bb37d1 Reload load distribution chains during 'refresh'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-16 10:07:18 -08:00
Tom Eastep
25d45dedfc Add STARTOPTIONS and RESTARTOPTIONS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-16 10:03:13 -08:00
Tom Eastep
41e68b59dc Add STARTOPTIONS and RESTARTOPTIONS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-15 20:35:55 -08:00
Tom Eastep
58bf562747 Generate load rules at runtime rather than at compile time.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-15 19:23:44 -08:00
Tom Eastep
364420c4eb Don't derive base in load_chain()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-15 07:54:30 -08:00
Tom Eastep
b0f7c08844 Save load and status of each interface.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-14 17:43:25 -08:00
Tom Eastep
93bd0b59a8 Load lib.base from lib.cli
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-14 14:17:06 -08:00
Tom Eastep
7316a2c51a Implement 'load=<load-factor>' in providers file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-13 16:37:05 -08:00
Tom Eastep
531474592c Correct handling of '-p'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-13 15:42:20 -08:00
Tom Eastep
3920cef17e Update copyright on Shorewall::Providers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-12 07:14:04 -08:00
Tom Eastep
ec8491caf8 Issue a warning message when both 'route_rules' and 'rtrules' exist.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-12 07:10:16 -08:00
Tom Eastep
057ea718cd Remove 'stat' provider option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-12 07:09:53 -08:00
Tom Eastep
58a0b9b5c1 Rename route_rules to rtrules -- phase 2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-09 07:19:10 -08:00
Tom Eastep
4c2df6fea7 Rename route_rules to rtrules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-09 06:38:55 -08:00
Tom Eastep
048d380c28 Issue warning if there is a deprecated option setting in the .conf file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-07 19:58:45 -08:00
Tom Eastep
ce73bb3d22 Unify prog.footer and prog.footer6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-07 13:53:41 -08:00
Tom Eastep
6f5ab698b4 Add a PROBABILITY column to the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-06 12:54:37 -08:00
Tom Eastep
c4768d4a4a Allow run-time address variable in the SOURCE column of route_rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-06 11:59:22 -08:00
Tom Eastep
afbc561b91 Shorewall install shouldn't remove /usr/share/shorewall/wait4ifup
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-06 11:40:04 -08:00
Tom Eastep
f003c0644b Fix MARK_IN_FORWARD_CHAIN=Yes with fw source
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-06 09:26:43 -08:00
Tom Eastep
5ddb197680 Make '0' equivalent to '-' in the IN_BANDWIDTH column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-06 09:14:07 -08:00
Tom Eastep
cda4c6ed11 Implement 'stat' provider option -- phase 1
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-05 16:49:26 -08:00
Tom Eastep
252bba215e Move lib.core from Shorewall-core to Shorewall
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-05 11:30:36 -08:00
Tom Eastep
46d8adcfe9 Add STATISTIC_MATCH capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-04 15:46:01 -08:00
Tom Eastep
9251eca31a Don't delete lib.common and lib.cli when installing Shorewall
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-04 10:32:17 -08:00
Tom Eastep
9353788285 Correct uninstall scripts for Shorewall and Shorewall6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-04 08:07:27 -08:00
Tom Eastep
e545bf4f04 Unify install files between Shorewall and Shorewall6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-03 16:35:41 -08:00
Tom Eastep
84dc26b82c Create lib.core
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-03 13:06:00 -08:00
Tom Eastep
7d756f51ac More unification of prog.header and prog.header6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-03 08:39:18 -08:00
Tom Eastep
4216d80c12 Allow Provider name in 'disable'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-02 15:25:43 -08:00
Tom Eastep
018ba394e3 Move common code from prog.header[6] to lib.common 2012-01-02 14:13:19 -08:00
Tom Eastep
a39f4699dc Update versions and copyrights
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-02 07:43:13 -08:00
Tom Eastep
48a59e032e Add Shorewall-common
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-01 20:30:09 -08:00
Tom Eastep
72699a6af6 4.4.28->4.5.0
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2012-01-01 07:36:46 -08:00
Tom Eastep
288c7b06dc Place sfilter jumps in the option chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-31 14:47:36 -08:00
Tom Eastep
4b8fb130ba Update copyright dates.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-31 14:15:25 -08:00
Tom Eastep
c2293f3d64 Eliminate the $blrules global in Shorewall::Rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-31 13:16:04 -08:00
Tom Eastep
d6bac484dc Allow the timeout to be specified in that 'safe' commands.
Also, allow a suffix (s, m or h) in the <timeout> paramater to the 'try' command.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-31 09:40:36 -08:00
Tom Eastep
64d3ac036b Disable BLACKLIST section 2011-12-30 20:25:54 -08:00
Tom Eastep
28f27c65aa Use SHA1 to shorten digests.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 14:58:49 -08:00
Tom Eastep
4d9a43a4dd Delete some 'dont_move' flags
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 11:31:08 -08:00
Tom Eastep
1d9a4c58e9 Cosmetic change with comments.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 10:59:23 -08:00
Tom Eastep
6f61293b08 Reduce the size of many configs by not copying long chains multiple times.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 10:27:58 -08:00
Tom Eastep
b63c7e0016 A bit of optimization in add_interface_options()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 08:08:28 -08:00
Tom Eastep
6bed5e5e55 Merge branch '4.4.27'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 07:28:14 -08:00
Tom Eastep
5b2f960db3 Disallow :P in CLASSIFY rules and complain if :F is used when the SOURCE or DEST is $FW.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-30 07:22:14 -08:00
Tom Eastep
1da7f52ed5 Copy output interface options rather than jump
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 18:49:47 -08:00
Tom Eastep
39f214208a Fix silly bug in the new option chain implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 17:57:39 -08:00
Tom Eastep
6926bcdbb9 More refinements of the option chain stuff.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 14:52:07 -08:00
Tom Eastep
f9960a0c94 Restore blacklst and blackout chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 13:45:35 -08:00
Tom Eastep
2c441b5393 Copy option rules into interface chains if no blacklist
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 09:32:16 -08:00
Tom Eastep
bddfb4f41c Add output option chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 08:22:00 -08:00
Tom Eastep
03610181fd Disallow :P in CLASSIFY rules and complain if :F is used when the SOURCE or DEST is $FW.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-29 07:49:53 -08:00
Tom Eastep
3ca9577f04 Cruft removal
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-28 16:22:11 -08:00
Tom Eastep
8cdc83638e Don't allow PREROUTING CLASSIFY rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-28 14:07:12 -08:00
Tom Eastep
a98c85cbc4 Make 'audit' work on a converted blacklist file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-28 10:30:24 -08:00
Tom Eastep
eda918215d Option chain phase II implementation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-28 10:29:15 -08:00
Tom Eastep
0518def9cf Merge branch '4.4.27' 2011-12-28 09:58:19 -08:00
Tom Eastep
09f58512be Make 'audit' work on a converted blacklist file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-28 09:34:34 -08:00
Tom Eastep
eff447ac11 Phase one option chain implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 18:12:58 -08:00
Tom Eastep
53451bdaa6 Remove BLACKLIST section from rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 15:32:49 -08:00
Tom Eastep
ea9c59a297 Add an interface filter chain for each interface.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 13:52:44 -08:00
Tom Eastep
49eb84b9e2 Remove more helper/proto silliness
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 13:06:37 -08:00
Tom Eastep
8a8214704e Centralize checking for required proto with helper
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-27 13:04:19 -08:00
Tom Eastep
aa743f2886 Merge branch '4.4.27' 2011-12-27 13:02:08 -08:00
Tom Eastep
c5868ef6e4 Revert "Remove redundant check."
This reverts commit 53dd13cf15.
2011-12-27 13:01:27 -08:00
Tom Eastep
7721644209 Merge branch '4.4.27' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall into 4.4.27
Conflicts:
	Shorewall/Perl/Shorewall/Chains.pm
	Shorewall/Perl/Shorewall/Raw.pm
2011-12-27 12:32:13 -08:00
Tom Eastep
1c2ab238a5 Merge branch '4.4.27' of ssh://shorewall.git.sourceforge.net/gitroot/shorewall/shorewall into 4.4.27
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-26 13:22:30 -08:00
Tom Eastep
3541767881 Don't croak when adding gateway route fails for IPv6.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-26 11:58:06 -08:00
Tom Eastep
53dd13cf15 Remove redundant check.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-26 11:57:34 -08:00
Tom Eastep
6db8748ee8 Don't show IPv6 cached routes unless asked.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-26 11:57:18 -08:00
Tom Eastep
5520a6d31d Validate helper<->protocol
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-24 09:24:01 -08:00
Tom Eastep
be4cb9d26a Validate helper<->protocol
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 17:55:13 -08:00
Tom Eastep
97354c8ce8 Detect CT_TARGET when LOAD_HELPERS_ONLY=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 11:59:51 -08:00
Tom Eastep
e8c7ec38dc Allow netstat output to appear in dumps on Fedora
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 11:59:19 -08:00
Tom Eastep
b58ad8e758 Be sure to delete fooX chain on errors in determine_capabilities()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 10:55:08 -08:00
Tom Eastep
0e3ad6ff91 Omit the chain designator from an error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 07:51:12 -08:00
Tom Eastep
1c535ee0f9 Correct handling of a chain designator in CLASSIFY rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-23 07:44:16 -08:00
Tom Eastep
3081ab1da1 Correct RELATED_DISPOSITION error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-22 15:51:50 -08:00
Tom Eastep
ce735e9415 Allow a chain designator in CLASSIFY rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-22 15:41:16 -08:00
Tom Eastep
e93dbdcb99 Stop generation of superfluous routing rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-21 08:01:25 -08:00
Tom Eastep
ea8efd1c44 Correct 'show ipa'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-21 07:25:20 -08:00
Tom Eastep
c03fe0a076 Implement USE_LOGICAL_NAMES.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-20 16:03:56 -08:00
Tom Eastep
3e72442954 Convert sample notrack files to FORMAT 2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-20 14:38:44 -08:00
Tom Eastep
0d4a6c1c28 Replace SHOREWALL_DIR with g_shorewalldir
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-20 08:19:57 -08:00
Tom Eastep
74cee48bc0 Change /sbin/shorewall6 back into a file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-19 15:52:42 -08:00
Tom Eastep
075d7ca68b Rename $nolock to $g_nolock
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-19 06:29:05 -08:00
Tom Eastep
6b90c09c04 Correct 'show raw'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-18 15:11:56 -08:00
Tom Eastep
1c8f6d3856 Eliminate a variable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-18 15:05:03 -08:00
Tom Eastep
c00068e08d Another correction to the 'CT' target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-18 07:21:32 -08:00
Tom Eastep
a80b46be81 Allow a port number to be appended to a helper name
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-17 17:08:24 -08:00
Tom Eastep
ec848ebc01 Parenthesize qa/.../ in embedded Perl
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-17 10:09:23 -08:00
Tom Eastep
ba5db8753e Fix CT helpers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-17 08:59:27 -08:00
Tom Eastep
9d66f34932 Allow config options to be used as shell variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-15 12:52:22 -08:00
Tom Eastep
10d10b1c16 Remove a redundant capability test
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-15 12:52:06 -08:00
Tom Eastep
6194eceaa4 Restore text of 'Provider "..." compiled' message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-15 12:51:39 -08:00
Tom Eastep
8ac5f6c086 use specified tool for capabilities detection 2011-12-11 16:28:40 -08:00
Tom Eastep
cc78073ce7 Merge lib.cli-lite into lib.cli
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-11 13:15:30 -08:00
Tom Eastep
4cf564e7c9 Move startup_error() to lib.cli, plus cosmetic changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-08 22:00:48 -08:00
Tom Eastep
eec8a4edaf Cosmetic cleanup
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-07 13:04:20 -08:00
Tom Eastep
eaad3d836c Correct library name in header comments
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 19:05:55 -08:00
Tom Eastep
2142baca4f Avoid inappropriate RELATED,ESTABLISHED rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 19:04:43 -08:00
Tom Eastep
645e8dfea0 Straighten out LITEDIR
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 15:39:18 -08:00
Tom Eastep
004d0bcc38 Allow rules in the RELATED section when there are non-default settions of
the new RELATED_* options.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 13:38:11 -08:00
Tom Eastep
43913915f9 Combine the CLIs into a single 'shorewall' file.
Add lib.cli-lite and lib.cli-std to contain the functions that are different
between the full products and the lite ones.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 12:54:51 -08:00
Tom Eastep
c724e238e6 Move the bulk of command processing to lib.cli
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 07:47:34 -08:00
Tom Eastep
e762998f1e Allow spaces in the argument to the iprange command.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-06 06:44:15 -08:00
Tom Eastep
d4957696d1 Update man pages and sample files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-05 17:45:09 -08:00
Tom Eastep
439af55312 Implement RELATED_DISPOSITION and RELATED_LOG_LEVEL
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-05 16:08:17 -08:00
Tom Eastep
febe9e5222 Apply Chris Boot's fix for TC_ENABLED=Shared
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-05 12:22:48 -08:00
Tom Eastep
b27e2517b4 Unify capabilities detection
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-05 12:00:36 -08:00
Tom Eastep
94b8d07645 Correct fix for dynamic blacklisting (chain_exists())
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-05 07:01:16 -08:00
Tom Eastep
7fcdfd6655 Fix chain_exists() from IPv4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-05 06:54:03 -08:00
Tom Eastep
2cffae738f Initial implementation of CT target support in the 'notrack' file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-04 17:15:58 -08:00
Tom Eastep
a794027f63 Implement CT capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-04 14:35:53 -08:00
Tom Eastep
e7d2b1d4ed Consolidate the lib.common files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-04 09:19:48 -08:00
Tom Eastep
0d80b54ad9 Correct some issue with file consolidation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-03 13:13:25 -08:00
Tom Eastep
f89c78788f Correct a couple of syntax errors in lib.cli
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-03 12:41:05 -08:00
Tom Eastep
252b6580c0 Load the common libs from /sbin/shorewall6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-03 12:04:28 -08:00
Tom Eastep
4161c35108 Implement common lib.base, lib.cli and CLI for Shorewall[6][-lite]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-03 10:59:01 -08:00
Tom Eastep
bc3782c3de Pass $CONFIG_PATH to compiler.pl
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-02 09:31:26 -08:00
Tom Eastep
8c6914d1a2 Don't deprecate 'optional' for shared providers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-01 11:23:22 -08:00
Tom Eastep
a27f5655a7 Merge branch '4.4.26' 2011-12-01 10:41:22 -08:00
Tom Eastep
99bf7fb994 Don't do TC stuff during enable/disable of a shared provider
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-01 10:41:03 -08:00
Tom Eastep
568e3b2e5b Allow a provider name in addition to an interface name in enable/disable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-01 10:32:54 -08:00
Tom Eastep
8f14485d67 Allow a provider name in addition to an interface name in enable/disable
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-01 10:30:42 -08:00
Tom Eastep
3110f7c74a Add enable/disable commands to the CLIs
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-12-01 10:25:51 -08:00
Tom Eastep
d8caa6498a Add tracing to Optimize 16.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-30 07:57:19 -08:00
Tom Eastep
3581b2667e Don't install the blacklist file in /etc/shorewall[6]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-27 14:39:59 -08:00
Tom Eastep
9e149ca038 Correct default values during update
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-27 14:12:51 -08:00
Tom Eastep
61d5c6d6da Implement Shorewall::Chains::clone_rule()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-26 09:36:02 -08:00
Tom Eastep
3498076a96 Accurately compare rule key values that are array references.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-26 08:03:02 -08:00
Tom Eastep
15d95b6977 Fix SAME target.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-26 07:48:03 -08:00
Tom Eastep
5cdb74168f Correct port list capture with --multiport.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-25 16:22:23 -08:00
Tom Eastep
613e41c25a Enable OPT 16 in check -r; Suppress duplicate rules 2011-11-25 16:05:07 -08:00
Tom Eastep
90e03e1833 Even more tweaks to optimize 16
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-25 14:46:37 -08:00
Tom Eastep
71bbd7963c Some tweaks to optimize 16 2011-11-25 10:42:10 -08:00
Tom Eastep
f305da9d0d Require extended multi-port match for OPTIMIZE 16.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-24 10:57:09 -08:00
Tom Eastep
8d8a681f40 Implement optimization level 16
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-24 10:22:04 -08:00
Tom Eastep
4559c8b5d0 Tweaks to convert_blacklist()
- Reword an error message to handle both missing file and zero-sized file.
- Don't rename file that doesn't exist.
2011-11-21 12:13:39 -08:00
Tom Eastep
dffb79e7bd Handle empty blacklist file in 'update -b'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-20 17:02:01 -08:00
Tom Eastep
bd8ba435cd Avoid uninitialized value in hash element.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-20 16:24:42 -08:00
Tom Eastep
4d30811794 Implement 'show marks'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-20 12:29:17 -08:00
Tom Eastep
e5a6387695 Eliminate use of WIDE_TC_MARKS in the Tc module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-20 08:45:16 -08:00
Tom Eastep
382309bc53 Derive default values for the mark-layout options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-20 07:03:33 -08:00
Tom Eastep
86c51f24d9 Deprecate the old mark layout options.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 17:14:05 -08:00
Tom Eastep
0adc82f469 Add the mark layout options to shorewall.conf
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 15:29:07 -08:00
Tom Eastep
83d7cfa76a Update documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 15:18:43 -08:00
Tom Eastep
ae8aa3a45a More fixes for ZONE_BITS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 08:19:38 -08:00
Tom Eastep
ab1b65d6a8 Fixes for blacklist conversion
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-19 08:18:58 -08:00
Tom Eastep
4f9afc32ec Allow zone names in the MARK column when ZONE_BITS != 0
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-18 07:23:24 -08:00
Tom Eastep
7c0cb69c29 Don't copy limited broadcast routes to provider tables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-18 07:07:51 -08:00
Tom Eastep
364b30fd9b Fix 'update -b' handling of missing files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-18 06:26:37 -08:00
Tom Eastep
72f75c201c Implement zone automark
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-17 16:07:45 -08:00
Tom Eastep
96f5aec71f Add ZONE_BITS configuration option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-17 10:40:47 -08:00
Tom Eastep
fe09646bed Make zone types a power of 2.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-17 09:23:39 -08:00
Tom Eastep
348c6c8cf7 Correct handling of LOGMARK
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-17 07:22:07 -08:00
Tom Eastep
d096b9399a Fix '\!' handling in validate_level()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-15 16:41:32 -08:00
Tom Eastep
afaf0d9de8 Trivial optimiation in validate_level()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-13 06:19:40 -08:00
Tom Eastep
28a1087cd4 Cleanup of rewritten validate_level()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-13 05:58:59 -08:00
Tom Eastep
73ed66b9b9 Add ULOG and NFLOG capabilities plus LOGMARK for IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-12 14:10:48 -08:00
Tom Eastep
bf010dc03e Macro changes from Tuomo Soini 2011-11-11 15:08:57 -08:00
Tom Eastep
ffec7a4d95 More corrections to wildcard interfaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-11 07:29:44 -08:00
Tom Eastep
04dfe26549 Remove two unused variables.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-11 05:23:37 -08:00
Tom Eastep
972721facb Remove some white space
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-10 17:52:25 -08:00
Tom Eastep
6813409c31 Make the previous patch a bit cleaner
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-10 07:19:21 -08:00
Tom Eastep
d85f6970e3 Fix wildcard interfaces
- Suppress extra jumps to interface chains.
- Insure that the 'lo' ACCEPT rule doesn't get masked by a wildcard interface

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2011-11-10 06:53:48 -08:00