Commit Graph

6349 Commits

Author SHA1 Message Date
Tom Eastep
eb5026d3b7 Merge branch '4.6.2' 2014-07-28 14:47:23 -07:00
Tom Eastep
a799d74901 Correct typo and link in the shorewall-mangle manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-28 08:39:07 -07:00
Tom Eastep
a7b18ca875 Implement 'run' command
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-28 07:04:56 -07:00
Tom Eastep
ad6c91bcbd Allow optimize level 8 to work with Perl 5.20.0.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-25 21:03:48 -07:00
Tom Eastep
848078873d Update tcfilters manpages to mention BASIC_FILTERS=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-22 07:19:10 -07:00
Tom Eastep
461f7b10ba Detect Arptables JF capability when LOAD_HELPERS_ONLY = No.
- Move detection of Header Match to its proper ordinal.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-20 07:19:02 -07:00
Tom Eastep
2c9eda9cee Add some white space for readability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 18:33:02 -07:00
Tom Eastep
64fc3d2e43 Correct a typo that caused iset couter match to be mis-detected
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 10:27:29 -07:00
Tom Eastep
d0aed87546 Correct IPV6 ipset capabilities checking on 3.14 kernels
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 10:25:46 -07:00
Tom Eastep
56fa6bd78a Revert "Correct ipset detection on later kernels."
This reverts commit b207f64a85.
2014-07-19 10:22:12 -07:00
Tom Eastep
b207f64a85 Correct ipset detection on later kernels.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 08:55:02 -07:00
Tom Eastep
9f381209d5 Detect HEADER_MATCH when LOAD_MODULES_ONLY=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-19 07:20:28 -07:00
Tom Eastep
29e6bc9379 Merge branch '4.6.2' of ssh://server.shorewall.net/home/teastep/shorewall/code into 4.6.2 2014-07-18 15:15:33 -07:00
Tom Eastep
4b3196b959 Add refmiscinfo to the shorewall-tcrules manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-18 13:49:30 -07:00
Tom Eastep
6771dc54ad Streamline some code from the last commit
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-18 12:58:49 -07:00
Tom Eastep
ba69708092 Merge branch '4.6.2' of ssh://server.shorewall.net/home/teastep/shorewall/code into 4.6.2 2014-07-18 08:45:06 -07:00
Tom Eastep
417bd0138e Correct two problems with tcrules processing:
- SAVE and RESTORE didn't work
- '|' and '&' were ignored


Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-18 08:32:22 -07:00
Tom Eastep
a97e2fd3d9 Update manpages regarding 'status -i'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-12 19:37:05 -07:00
Tom Eastep
53dda803e2 More Cygwin64 changes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-09 11:28:45 -07:00
Tom Eastep
cc935009ce Correct install problems under Cygwin
- configure.pl doesn't understand CYGWIN return from uname
- shorewall-core install.sh doesn't understand CYGWIN return from uname
- shorewall install.sh generates 'mkdir -p //etc/shorewall' which is
  broken under Cygwin

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-09 10:48:03 -07:00
Tom Eastep
a7856e4dd6 Update another copyright
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-06 15:11:16 -07:00
Tom Eastep
4a4cea46c0 Update copyrights in the Sample files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-06 13:44:34 -07:00
Tom Eastep
2ed523101c Allow specification of the MAC address of a gateway
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-06 09:54:53 -07:00
Tom Eastep
c663a14c4d Correct TIME column handling in IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-04 08:17:19 -07:00
Tom Eastep
8bfff55ed2 Add a TIME column to the mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-04 08:01:14 -07:00
Tom Eastep
b1a6ec7f03 Merge branch '4.6.1' 2014-07-02 21:41:27 -07:00
Tom Eastep
cad8443e01 Allow SAVE/RESTORE rules in the OUTPUT chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-02 12:38:02 -07:00
Tom Eastep
2ad81f1a81 Apply Thibaut Chèze's patch for DSCP names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-02 12:37:50 -07:00
Tom Eastep
166e1a3df9 Allow SAVE/RESTORE rules in the OUTPUT chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-01 06:54:54 -07:00
Tom Eastep
84437ea689 Apply Thibaut Chèze's patch for DSCP names
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-07-01 06:52:58 -07:00
Tuomo Soini
87b5751a49 macro.IPMI: add missing ports from Asus, Supermicro, and Dell documentation
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2014-07-01 13:14:01 +03:00
Tuomo Soini
49aada0f9c macro.ILO: add support for HP Integrated Lights-Out
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2014-07-01 12:25:26 +03:00
Tom Eastep
7fdc398a5e Revert "Revert "Revert "Add a TIME column to the mangle file"""
This reverts commit 1165b2689c.
2014-06-27 08:23:04 -07:00
Tom Eastep
1165b2689c Revert "Revert "Add a TIME column to the mangle file""
This reverts commit 9c7fcd09fd.
2014-06-27 08:14:28 -07:00
Tom Eastep
2701b0a756 Correct number of columns in split_line2() calls.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-25 08:22:09 -07:00
Tom Eastep
9c7fcd09fd Revert "Add a TIME column to the mangle file"
This reverts commit 824b14b714.
2014-06-25 07:33:42 -07:00
Tom Eastep
80c09c4747 Merge branch '4.6.1' 2014-06-25 07:31:36 -07:00
Tom Eastep
824b14b714 Add a TIME column to the mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-25 07:05:12 -07:00
Tom Eastep
122d58b122 Clear inline matches in perl_action_tcp_helper
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-21 07:58:27 -07:00
Tom Eastep
61bb73fd8c Correct handling of matches in action_tcp_helper()
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-20 14:28:17 -07:00
Tom Eastep
ff8d354c1c Allow INLINE_MATCHES=Yes and AUTOHELPERS=No to work correctly.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-20 07:01:31 -07:00
Tom Eastep
7b0cf2b665 Add 'show bl' to the usage output
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 15:16:07 -07:00
Tom Eastep
6ad9b95351 Implement 'show bl'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 13:27:25 -07:00
Tom Eastep
ac4bf15606 Implement 'status -i'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-18 11:07:37 -07:00
Tom Eastep
4e5d24fd9b Currect masq manpages
Describe the SOURCE column as optional

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-16 07:27:05 -07:00
Tom Eastep
2610dd4744 Merge branch 'master' into 4.6.1 2014-06-12 16:39:01 -07:00
Roberto C. Sanchez
b3acb4d30d Fix typo 2014-06-12 18:58:59 -04:00
Tom Eastep
36e31ed839 Correct typo in error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-08 09:40:50 -07:00
Tom Eastep
b55b6a913c Insert the server address list into the error message in DNAT/REDIRECT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-08 09:36:18 -07:00
Tom Eastep
9c9ae04c86 Raise an error when a server list is specified in a DNAT or REDIRECT rule
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-08 08:52:41 -07:00
Tom Eastep
c898129ad6 Correct pi-rho's patch to not deal with the loopback interface
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-06 13:12:02 -07:00
Tom Eastep
7adc16ace9 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2014-06-06 12:45:36 -07:00
Tuomo Soini
7b38bc9558 remove optional SSH and WS-MAN from IPMI macro and only document
vendors which are tested to work

Signed-off-by: Tuomo Soini <tis@foobar.fi>
2014-06-06 22:15:37 +03:00
Tom Eastep
2cd5c41ec0 Clean up white space in pi-rho's patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-06 10:44:33 -07:00
Tom Eastep
bea5434de6 Merge branch '4.5.21' 2014-06-06 10:05:02 -07:00
Tom Eastep
8657dd97f7 Apply pi-rho's patch for rpfilter.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-06-06 10:04:42 -07:00
Tom Eastep
ef038d5eab Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2014-06-04 15:21:05 -07:00
Tuomo Soini
b6ea20e7df Added macro IPMI for Remote Console Protocl (RMCP)
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2014-06-02 23:48:30 +03:00
Tom Eastep
6632afaf6a Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2014-06-02 12:21:18 -07:00
Tuomo Soini
0f55863076 Add new macros for AMQP, MongoDB, Redis, and Sieve
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2014-06-02 21:24:09 +03:00
Tom Eastep
954cddc37a Enable 1:1 NAT in IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-25 12:50:00 -07:00
Tom Eastep
24721e01b6 Document nat vs. subzone restriction.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-25 10:07:07 -07:00
Tom Eastep
5a22b14947 Enable 1:1 NAT in IPv6
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-25 08:57:01 -07:00
Tom Eastep
89c5d5080b A couple more tweaks to the masq manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-22 11:14:46 -07:00
Tom Eastep
66b3d9aeb5 Correct the heading of the SOURCE masq column
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-22 09:07:00 -07:00
Tom Eastep
966926fac5 RHE7 support -- first cut
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-19 15:15:52 -07:00
Tom Eastep
dcc2fb27c5 Apply Tuomo Soini's whitespace patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-19 14:18:48 -07:00
Tom Eastep
6d3b1d80d4 Make 'update -A' convert the tcrules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-16 14:46:15 -07:00
Tom Eastep
d5e83a5295 Delete extra blank line from the IPv4 mangle file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-16 12:11:11 -07:00
Tom Eastep
7835feb45e Apply Simon Mater's cosmetic fix to the 'mangle' files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-16 07:31:44 -07:00
Tom Eastep
c6565f051e Clean up checking for chain designators with SOURCE $FW.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-16 07:18:35 -07:00
Tom Eastep
c9b6d4a670 Correct CHECKSUM handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-16 07:18:06 -07:00
Tom Eastep
00d3a94bfd Make all actions FORMAT-2
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-09 09:01:29 -07:00
Tom Eastep
d15956feea Deprecate FORMAT-1 actions and macros
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-08 14:30:33 -07:00
Tom Eastep
f717d097d7 Apply Tuomo Soini's Macro format patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-07 12:19:24 -07:00
Tom Eastep
670c33d20b Update install files to secure the .service files as 644 rather than 600.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-01 11:43:59 -07:00
Tom Eastep
bcbb48d16e Update install files to secure the .service files as 644 rather than 600.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-05-01 11:43:00 -07:00
Tom Eastep
2b43c28e98 Add tabs to mangle files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-20 07:56:43 -07:00
Tom Eastep
ba3a7d0621 Do not deprecate USE_DEFAULT_RT
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-19 07:53:18 -07:00
Tom Eastep
15507aa265 Update sample rules files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-19 07:48:42 -07:00
Tom Eastep
4d4e8b3df4 Do nothing when a rules file section is empty.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-18 14:13:34 -07:00
Tom Eastep
240d3d8cab Improve interface option inheritence
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-18 13:36:06 -07:00
Tom Eastep
acda5482c4 If USE_DEFAULT_RT isn't specified, make it 'No'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-18 13:22:58 -07:00
Tom Eastep
e731ea1ca8 Revert "Always inherit interface options"
This reverts commit 65cde3475f.
2014-04-15 11:54:58 -07:00
Tom Eastep
65cde3475f Always inherit interface options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-15 11:37:51 -07:00
Tom Eastep
b3cd9ab15a Default to LOAD_HELPERS_ONLY=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-12 11:05:28 -07:00
Tom Eastep
fdc391cf49 Change all *.conf files to reflect ZONE2ZONE=-
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-04-11 20:44:15 -07:00
Tom Eastep
58700b2301 Correct the behavior of rpfilter when FASTACCEPT=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-31 07:29:29 -07:00
Tom Eastep
a9ac9c274e Correct the behavior of rpfilter when FASTACCEPT=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-31 07:28:30 -07:00
Tom Eastep
72869adcd6 Correct missing comment in trace entry.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-28 08:55:55 -07:00
Tom Eastep
0c8365001d Avoid spurious comments on jumps to section chains.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-28 08:55:48 -07:00
Tom Eastep
6274f8444f Correct missing comment in trace entry.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-28 08:55:23 -07:00
Tom Eastep
05816e94ee Avoid spurious comments on jumps to section chains.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-28 08:55:00 -07:00
Tom Eastep
0561b10adb Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2014-03-22 08:58:20 -07:00
Tom Eastep
db1b25b4d7 Restore small mark verification.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-22 08:38:57 -07:00
Tom Eastep
4de651ff55 Add a comment line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-19 10:38:41 -07:00
Tom Eastep
5981ce59e3 Include -t <table> in debug_restore_input() error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-19 10:25:37 -07:00
Tom Eastep
54a5e4af52 A couple of minor tweaks to the Chains module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-19 10:24:30 -07:00
Tom Eastep
4bd8d9791c Include -t <table> in debug_restore_input() error message
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-18 07:28:14 -07:00
Tom Eastep
eb70234c52 Correct some typos in the .conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-12 14:50:15 -07:00
Tom Eastep
39b7527cb6 Include rule priority in delete of generated address route rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-10 08:25:59 -07:00
Tom Eastep
08d29edf1a Include rule priority in delete of generated address route rules.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-10 08:24:38 -07:00
Tom Eastep
20b10582b4 Moew deprecation of USE_DEFAULT_RT=No
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-10 08:24:12 -07:00
Tom Eastep
093ff580b5 Deprecate USE_DEFAULT_RT=No.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-09 07:48:05 -07:00
Tom Eastep
cea237620a Change USE_DEFAULT_RT default to 'Yes'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-09 07:42:22 -07:00
Tom Eastep
c9d7370fb4 Merge branch '4.5.21'
Conflicts:
	Shorewall/manpages/shorewall.conf.xml
	Shorewall6/manpages/shorewall6.conf.xml

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-05 09:00:34 -08:00
Tom Eastep
8b4d8bfa16 Finish ADMINISABSENDMINDED change
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-05 08:57:03 -08:00
Tom Eastep
caa72fb7d2 Correct routestopped files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-03-02 10:39:12 -08:00
Tom Eastep
4eadec234a Revert "Correct the behavior of ADMINISABSENTMINDED"
This reverts commit ded747a51a.
2014-03-02 08:25:05 -08:00
Tom Eastep
2b489993ca Revert "Correct the behavior of ADMINISABSENTMINDED"
This reverts commit df09e0ccc5.
2014-03-02 08:23:23 -08:00
Tom Eastep
ded747a51a Correct the behavior of ADMINISABSENTMINDED
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-28 10:14:33 -08:00
Tom Eastep
df09e0ccc5 Correct the behavior of ADMINISABSENTMINDED
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-28 10:14:08 -08:00
Tom Eastep
454e53bcfa Reformat preceding patch and correct syntax errors.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-25 13:21:23 -08:00
Tom Eastep
66fdc9f6a7 Call directive_callback for directives without '?'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-25 12:48:25 -08:00
Tom Eastep
c74235a200 Correct typos
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-17 14:17:49 -08:00
Tom Eastep
1759fc75b0 Correctly handle alternate specification with ';' in 'update -t'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-17 14:10:17 -08:00
Tom Eastep
3e87efc82b Document -t option
- Also copy compiler directives to the mangle file.
2014-02-17 12:50:59 -08:00
Tom Eastep
a011ad8efe Add raw matches to the converted mangle file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-16 09:59:13 -08:00
Tom Eastep
0e40a42729 Allow SAVE and RESTORE in the postrouting chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-16 09:50:43 -08:00
Tom Eastep
69fe94ef08 Document the -t option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-16 09:25:58 -08:00
Tom Eastep
669d15e2cf Implement the -t update option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-15 09:36:13 -08:00
Tom Eastep
708d58da21 Revert "Replace SECTION with ?SECTION in the rules file."
This reverts commit 34207fef1a.
2014-02-13 08:23:34 -08:00
Tom Eastep
34207fef1a Replace SECTION with ?SECTION in the rules file. 2014-02-12 13:25:36 -08:00
Tom Eastep
2dbcd36a9c Implement BASIC_FILTERS
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 16:34:03 -08:00
Tom Eastep
0383ca7de6 Correct semantics of ipset lists in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 12:27:46 -08:00
Tom Eastep
7ddc65133e Support ipset lists in the tcfilters file.
- Also document the fact that ipset match options are not available in
  the tcfilters file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 12:16:35 -08:00
Tom Eastep
1d4a87a0d0 Excape an opening parehthesis.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 12:15:35 -08:00
Tom Eastep
3b3608ad65 Correct ICMP handling in basic filters.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-04 07:16:41 -08:00
Tom Eastep
081a387f1d Fix some bugs in basic filter generation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-03 14:59:27 -08:00
Tom Eastep
fbb03248c4 Correct 'dump' help text
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-02 13:01:42 -08:00
Tom Eastep
033a1a0367 Correct 'dump' help text
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-02 13:00:41 -08:00
Tom Eastep
c08655e0bc Document ipset use in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-02-01 09:40:39 -08:00
Tom Eastep
50fb8e3f2f Use HEX representation for matching IPv6 addresses in basic filters.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-31 12:49:47 -08:00
Tom Eastep
f029f5b483 Correct handling of logging of a non-terminating target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-29 08:22:31 -08:00
Tom Eastep
86f667afd4 Correct handling of logging of a non-terminating target
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-29 08:19:53 -08:00
Tom Eastep
8a63053c13 Correct defects found in unit testing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-21 20:19:56 -08:00
Tom Eastep
62557cb98e Correct defects found during testing of ematch.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-21 12:53:33 -08:00
Tom Eastep
9c4089fc99 Initial basic filter implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-20 18:40:40 -08:00
Tom Eastep
44e0d48fc5 Add <refmiscinfo>...</refmiscinfo> to remaining manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-16 08:32:57 -08:00
Tom Eastep
5a649dc205 Add <refmiscinfo>...</refmiscinfo>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-16 07:44:23 -08:00
Tom Eastep
89fd5ced15 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2014-01-12 14:05:48 -08:00
Roberto C. Sanchez
b1a490b50a Cleanup links in manpages so that hrefs in generated HTML don't take the user to a different server 2014-01-12 16:40:03 -05:00
Tom Eastep
a35b7821bf Correct stoppedrules manpages re DROP
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:30:09 -08:00
Tom Eastep
fd28a12653 Allow DROP in the stoppedrules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:19:49 -08:00
Tom Eastep
7e6fc3229d Correct handling of default chain when a mark range is specified.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-07 13:15:51 -08:00
Tom Eastep
42dd8dfee9 Change license to GPLv2+ and update copyrights
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-04 09:48:27 -08:00
Tom Eastep
5a7e458104 Backout ematch stuff for now
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-03 12:01:56 -08:00
Tom Eastep
7e1a310929 Implement ipset matches in tcfilters
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-03 09:35:34 -08:00
Tom Eastep
78ecf9bdc8 Finish up ipset extensions.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-03 09:23:14 -08:00
Tom Eastep
1771bb75cf Finish ipset match option implementation.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-02 14:43:55 -08:00
Tom Eastep
b4847d6a01 New IPSET MATCH extensions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-02 09:36:35 -08:00
Tom Eastep
48ceed9ecb Make tcpflags the default.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 15:10:38 -08:00
Tom Eastep
1083dd8c26 Allow ?COMMENT in the mangle file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 08:02:17 -08:00
Tom Eastep
5e7cd855c2 Correct typo in Tc.pm
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:53:38 -08:00
Tom Eastep
623bdd2ff1 Manpage corrections.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:41:28 -08:00
Tom Eastep
b61ee2d75e Manpage updates for IP[6]TABLES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:18:54 -08:00
Tom Eastep
2c2aaf262c Add IP[6]TABLES support for the conntrack file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:18:36 -08:00
Tom Eastep
6c990a7253 Logically OR builtin definitions from the actions file if the builtin exists
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:18:00 -08:00
Tom Eastep
f7bbac6ea8 Make tcrules/mangle similar to notrack/conntrack.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2014-01-01 07:15:56 -08:00
Tom Eastep
4c1b83beef Tweaks to the Tc.pm module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-31 11:42:38 -08:00
Tom Eastep
ac6a506e35 Allow logging from the RAW table
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-31 11:04:43 -08:00
Tom Eastep
11e61ec6e5 Add chain information to the builtin_target table.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-31 08:22:58 -08:00
Tom Eastep
5985a6e9b3 Implement IP[6]TABLES in the rules files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 13:46:58 -08:00
Tom Eastep
4cc5ee6b73 Document IP[6]TABLES in the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 10:13:38 -08:00
Tom Eastep
66a04e4819 Allow inline matches with IP[6]TABLES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 10:13:00 -08:00
Tom Eastep
1634267faa Rename JUMP to IP[6]TABLES.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 10:12:33 -08:00
Tom Eastep
c8866ef8bf Correct handling of columns with embedded spaces
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-29 08:56:14 -08:00
Tom Eastep
8f6f0c94a4 Replace tcrules with mangle in the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 15:35:08 -08:00
Tom Eastep
6fe06c82c8 More switch from tcrules to mangle
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 15:24:05 -08:00
Tom Eastep
543446f8d7 Integrate tcrules and mangle processing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 14:24:36 -08:00
Tom Eastep
a1222d10cb change 'marks' file to 'mangle'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-28 10:03:23 -08:00
Tom Eastep
3dba1f5bee Tested version of the marks file handler
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-27 12:38:22 -08:00
Tom Eastep
3960aaee4c Consolidate declarations in process_mark_rule().
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-24 09:49:10 -08:00
Tom Eastep
5419109880 Correct syntax errors in new mars handling
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-24 09:04:54 -08:00
Tom Eastep
584b0ac50e Some small tweaks to the marks file processing
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-24 07:25:40 -08:00
Tom Eastep
1d84f27efe Add shorewall-marks manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-20 14:12:35 -08:00
Tom Eastep
4c840a05a0 Fix issue in the shorewall-tcrules and shorewall6-tcrules manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-19 16:24:50 -08:00
Tom Eastep
6323372ebd Fix issue in the shorewall-tcrules and shorewall6-tcrules manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-19 16:23:32 -08:00
Tom Eastep
4c2cedb670 Add get_target_param1() that doesn't accept the <action>/<param> syntax
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-19 09:17:11 -08:00
Tom Eastep
f32a777099 Fix INLINE in tcrles
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-18 09:19:35 -08:00
Tom Eastep
cd5be38cfb Eliminate silly extra loop in accounting processing.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-18 09:19:16 -08:00
Tom Eastep
2894bb9656 Move INLINE processing into the Chains module.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-16 12:31:35 -08:00
Tom Eastep
fad3b42bd3 Correct line split in the Accounting module
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-16 07:40:41 -08:00
Tom Eastep
4e4e7cac1d Redefine the -i option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-15 11:23:20 -08:00
Tom Eastep
6d72cb3138 Correct update inline
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-15 09:32:09 -08:00
Tom Eastep
cb74b2d706 Document the -i update option in the manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 20:54:56 -08:00
Tom Eastep
9abe60bc27 Implement the -i option of upgrade
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 17:54:10 -08:00
Tom Eastep
33c5893bdb Implement INLINE_MATCHES
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-14 13:35:01 -08:00
Tom Eastep
2bc329aa1d Add INLINE support to the masq file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-13 15:44:16 -08:00
Tom Eastep
f22dfcaa75 Merge branch '4.5.21' 2013-12-08 09:02:44 -08:00
Tom Eastep
d71c2688dc Clarify the need to quote/escaape settings with parentheses.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-08 09:02:25 -08:00
Tom Eastep
95abeaea24 Finish INLINE in the tcrules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-01 09:25:32 -08:00
Tom Eastep
75258083e3 Cleanup of column splitting change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-12-01 09:24:49 -08:00
Tom Eastep
bf44e514e3 Keep parentheses balanced when splitting a line.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-30 14:13:42 -08:00
Tom Eastep
e5d250750b Correct handling of ?SECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-27 07:53:33 -08:00
Tom Eastep
d63262a0cb change ZONE2ZONE default to '-'.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-24 08:16:28 -08:00
Tom Eastep
3870157898 Issue warning on bare SECTION headings.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-24 07:58:02 -08:00
Tom Eastep
80d54ec40b Implement ?SECTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-18 06:57:54 -08:00
Tom Eastep
855cb6e7f4 Correct handling of HFSC classes with DMAX but no UMAX
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-16 08:07:23 -08:00
Tom Eastep
ea21d61f39 Correct Broadcast Actions
- Delete --dst-type BROADCAST from IPv6
- Suppress superfluous multicast rule

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-12 08:41:58 -08:00
Tom Eastep
3b5c1ad601 Remove anachronistic text from the tcinterfaces manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-10 08:19:16 -08:00
Tom Eastep
e14d92c5ac Add DROP support in tcrules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-11-04 10:50:11 -08:00
Tom Eastep
5f37b5bde6 Correct install scripts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-25 06:53:51 -07:00
Tom Eastep
b00e20d4d0 Merge branch '4.5.21' of ssh://server.shorewall.net/home/teastep/shorewall/code into 4.5.21 2013-10-24 08:04:07 -07:00
Tom Eastep
6eb2c0cb5f Add link to the logging page from the policy manpages.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-24 08:01:18 -07:00
Tom Eastep
ca3385d1be Remove superfluous '[' from character set.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-21 09:28:21 -07:00
Tom Eastep
5823411091 Correct typo in a regular expression.
- Re-enable |<mark> in the tctrules file.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-21 07:04:23 -07:00
Tom Eastep
66c2fca2b0 Eradicate the use of 'fgrep'
- Busybox on Leaf Bering does not have fgrep

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-14 07:15:08 -07:00
Tom Eastep
b27e3d2fff Merge branch '4.5.21' 2013-10-08 13:17:41 -07:00
Tom Eastep
5e67808abd Don't add host route in default table.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 11:27:41 -07:00
Tom Eastep
1659d8ce9f Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2013-10-08 09:52:51 -07:00
Tom Eastep
fa500b9ea2 Correct H323 and netbios-ns handling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 09:24:52 -07:00
Tom Eastep
b6d7e9ea96 Work around emacs bug
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 09:24:40 -07:00
Tom Eastep
0e61c2f210 Correct H323 and netbios-ns handling.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 09:20:46 -07:00
Tom Eastep
3c9d984835 Correct typo
- list_split s/b split_list

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 09:19:07 -07:00
Tom Eastep
4917500f12 Work around emacs bug
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 07:13:01 -07:00
Tom Eastep
50b7a81b13 Correct typo
- list_split s/b split_list

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-08 06:56:16 -07:00
Tom Eastep
8c4bbf0c85 Implement REAP_OPTION capability
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-10-07 07:54:52 -07:00
Roberto C. Sanchez
12563c55a8 Add '. /lib/lsb/init-functions' to the Debian-specific init scripts, as recommended by lintian 2013-10-05 16:31:45 -04:00
Tom Eastep
5b515f007b Fix 'monthdays' in the TIME column.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-30 15:43:17 -07:00
Tom Eastep
24218934f8 Clean up uninstall scripts
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-30 15:42:58 -07:00
Tom Eastep
308aaad8d4 Use insserv on Debian
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-29 09:28:22 -07:00
Tom Eastep
d9c3345a2d Correct temporal port range in mDNS macros.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-29 08:05:52 -07:00
Tom Eastep
d7cbd1da21 Allow actions to manipulate the current comment from Perl.
- Added set_comment()
- moved push/pop_comment() to the :DEFAULT export
2013-09-23 12:21:44 -07:00
Tom Eastep
a389aa01a8 Fix for litedir
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-18 21:05:35 -07:00
Tom Eastep
a5c608e996 Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code 2013-09-18 17:59:49 -07:00
Tom Eastep
e570d91ab1 Document 'hostroute' and 'nohostroute'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-18 17:58:28 -07:00
Tom Eastep
eb75d0eef4 Add 'nohostroute' option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-18 16:49:54 -07:00
Tom Eastep
4524281163 Apply Thomas D's Gentoo support patch
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-17 08:22:52 -07:00
Tom Eastep
14bd1a9061 Don't require SYSCONFFILE for all products
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-10 08:24:27 -07:00
Tom Eastep
159d677acb Update manpages to indicate that 'inline' is assumed for REJECT_ACTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-10 08:08:06 -07:00
Tom Eastep
5dbcdd65e2 Force 'inline' for REJECT_ACTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-10 07:37:53 -07:00
Tom Eastep
50411e638c Report the name of the SysV init file installed.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-09 08:11:45 -07:00
Tom Eastep
dc5c0dc069 Validate default log levels
- Name the .conf option involved in error messages

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-06 16:00:15 -07:00
Tom Eastep
87ae801c15 Use the -w ip[6]tables option when available.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-04 10:16:36 -07:00
Tom Eastep
ae63a0ab77 Correct description of how REJECT is handled:
- Add UDP

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-02 17:07:58 -07:00
Tom Eastep
dcff4fad37 Add sample action to shorewall.conf manpage.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-01 12:20:44 -07:00
Tom Eastep
67603c5eb3 Implement REJECT_ACTION
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-09-01 09:14:10 -07:00
Tom Eastep
1540e50cce Remove blank line
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-31 10:07:41 -07:00
Tom Eastep
39e348997f Add SERVICEFILE variable to shoreallrc.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-18 14:27:26 -07:00
Tom Eastep
156ed38b23 Correct installation of $SYSCONFFILE
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-18 08:30:11 -07:00
Tom Eastep
a298817201 Improve INITSOURCE handling in the installers
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-15 06:51:27 -07:00
Tom Eastep
0a2f6c18cc Correct typo in prog.footer
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-13 07:03:20 -07:00
Tom Eastep
32763e998b Make -v work with the status command
- Also document exit status

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-13 06:52:46 -07:00
Tom Eastep
fc5c92cabc Use /etc/os-release to determine build host
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-08 17:44:40 -07:00
Tom Eastep
a10aea280b Add some abbreviations for common commands
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-06 07:05:47 -07:00
Tom Eastep
ceffc000eb Correct Typo
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-05 08:32:17 -07:00
Tom Eastep
6615c1f736 Clarify usage of Interface Option Chains
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-08-04 09:01:09 -07:00
Tom Eastep
83d1aa6682 Allow OPTIMIZE=All
- Remove use of literal 4096 from OPTIMIZATION checks.
- Moved constant declarations to the Config module.
- Documented that level 1 is ignored when level 4 is specified.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2013-07-29 10:08:35 -07:00
Tom Eastep
e0a222938a Merge branch '4.5.19' 2013-07-27 08:14:35 -07:00