Commit Graph

1299 Commits

Author SHA1 Message Date
Tom Eastep
2ca1ae734a
Implement USE_DEFAULT_RT=Exact
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-14 08:14:08 -08:00
Tom Eastep
b8c322a05f
Ignore SUBSYSLOCK when $SERVICEDIR is non-empty
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-06 15:50:26 -08:00
Tom Eastep
f68d3fd9fa
Revert "Remove SUBSYSLOCK"
This reverts commit 386b137e9b.
2017-01-06 09:49:40 -08:00
Tom Eastep
386b137e9b
Remove SUBSYSLOCK
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-05 10:03:03 -08:00
Tom Eastep
ce68f84d9d
Remove Makefile from Shorewall[6][-lite]
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2017-01-05 08:22:02 -08:00
Tom Eastep
2f9ef4dda7
Update kernel module files
- Include additional nat modules

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-30 10:56:16 -08:00
Tom Eastep
5174fe0161
Avoid echo options
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-28 11:09:08 -08:00
Tom Eastep
c4bbb46e3f
Eliminate rawpost table support
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-26 14:20:08 -08:00
Tom Eastep
c9f45277b8
Move the action files to their own directory
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-23 09:05:37 -08:00
Matt Darfeuille
20c764ca5c
shorewall6: Don't set the 'file' var needlessly
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-19 08:14:48 -08:00
Tom Eastep
e3951cb5a3
Re-add volume 8 manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-18 16:16:50 -08:00
Matt Darfeuille
1cb32e3127
shorewall6: Correct the filepath of .shorewallrc
Signed-off-by: Matt Darfeuille <matdarf@gmail.com>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-18 12:14:25 -08:00
Tom Eastep
08c6b80e1e
Correct typo in the snat manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-11 14:32:27 -08:00
Tom Eastep
cb7ab3908a
SOURCE/DEST changes in the mangle manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-11 14:06:59 -08:00
Tom Eastep
b4d42507b2
Another SOURCE/DEST manpage change.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-10 16:22:47 -08:00
Tom Eastep
094ccbf978
Merge branch '5.0.15' 2016-12-10 15:07:31 -08:00
Michele Baldessari
036a6e5a83
Add an IPv6 bidirectional mDNS macro
Add the missing corresponding IPv6 bidirectional mDNSbi macro.

Closes-Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1295844

Signed-off-by: Michele Baldessari <michele@acksyn.org>
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-10 14:44:10 -08:00
Tom Eastep
b756c63b1e
More SOURCE/DEST manpage updates
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-10 14:41:08 -08:00
Tom Eastep
eea9882953
Implement CPU Fanout for NFQUEUE.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-09 10:46:39 -08:00
Tom Eastep
192486eb0a
Bring shorewall6-actions(5) up to date
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-09 09:47:14 -08:00
Tom Eastep
6a43dd1564
Bring shorewall6-actions(5) up to date
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-09 09:46:29 -08:00
Tom Eastep
5ea3334a66
Support a richer SOURCE and DEST syntax
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-12-09 09:43:10 -08:00
Tom Eastep
77e83f0afd
Eliminate the CHAIN_SCRIPTS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-29 16:33:23 -08:00
Tom Eastep
a45fe692cc
Add a SWITCH column to the mangle files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-29 16:13:44 -08:00
Tom Eastep
799b17210c
Enhanced syntax for SOURCE and DEST columns in the rules file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-25 15:10:14 -08:00
Tom Eastep
01306e1230
Try another approach to the RCP_/RSH_COMMAND formatting issue
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-23 14:48:28 -08:00
Tom Eastep
fbbcc812a1
Remove archaic LAST LINE comments from sample .conf files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-23 14:17:28 -08:00
Tom Eastep
87870ac46e
Clean up formatting of the RCP_/RSH_COMMAND manpage descriptions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-23 14:08:13 -08:00
Tom Eastep
414c5c7b0c
Change default shorewall6.conf settings.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-22 09:05:04 -08:00
Tom Eastep
875c352473
Unify the CLI
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-21 10:00:55 -08:00
Tom Eastep
8b99fe20b5
Pave the way for unifying the CLI
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-19 21:17:35 -08:00
Tom Eastep
137b051e52
Centralize setting of product-dependent g_* variables
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-19 17:17:03 -08:00
Tom Eastep
6095d05af9
Update manpages for 'update' improvements
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-07 13:50:11 -08:00
Tom Eastep
6e08717089
Formatting changes to snat files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-11-01 17:11:43 -07:00
Tom Eastep
3f68814a38
Disallow more than one address[-range] in SNAT rules
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-31 15:15:35 -07:00
Tom Eastep
46c8147521
Deprecate INLINE_MATCHES=Yes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-27 13:55:11 -07:00
Tom Eastep
0e7d5f3972
Support '+' in SNAT action invocation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 16:00:36 -07:00
Tom Eastep
5b5f91f75f
SNAT option documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-18 15:32:22 -07:00
Tom Eastep
f3dd77a3f1
Merge branch '5.0.13' 2016-10-16 16:36:08 -07:00
Tom Eastep
2c191bf595
Correct .conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-16 15:07:34 -07:00
Tom Eastep
43fdddb438
Add 'snat' config file
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-15 11:38:52 -07:00
Tom Eastep
28849e60cf
Correct example in the shorewall6-masq manpage
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-14 15:55:36 -07:00
Tom Eastep
49fae96b09
Update the manpages for 'blacklist' verbosity
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-10 19:45:42 -07:00
Tom Eastep
3058f2fb84
Delete code supporting old kernel/iproute2 IPv6 restrictions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-07 11:02:36 -07:00
Tom Eastep
b5e7e41708
Correct NFQUEUE! manpage description
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-07 05:50:24 -07:00
Tom Eastep
14e8568d9e
Add the FIREWALL .conf option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 15:03:54 -07:00
Tom Eastep
ca7ca4bdfe
Add a 'timeout' option to DYNAMIC_BLACKLIST
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-05 12:56:47 -07:00
Tom Eastep
8d731c81e4
Add 'disconnect' option to ipset-based dynamic blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-04 09:09:45 -07:00
Tom Eastep
6ad7d47eb6
Correct DYNAMIC_BLACKLISTING documentation
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-03 08:19:19 -07:00
Tom Eastep
ed48eed0c6
Change order of options in .conf files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-10-02 15:14:31 -07:00
Tom Eastep
97186e5402
Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2016-10-02 14:04:02 -07:00
Roberto C. Sánchez
64ab43f14f
Fix typos 2016-10-02 17:01:46 -04:00
Tom Eastep
f989c2f5f6
Document 'persistent'
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-30 11:34:57 -07:00
Tom Eastep
792b3b696c
Add ZERO_MARKS option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-26 16:04:26 -07:00
Tom Eastep
ef4b1c2030
Add a TIME Columns section to the config file basics doc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-22 15:45:18 -07:00
Tom Eastep
8065e62f12
Support for the 'contiguous' option in TIME columns
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-22 14:22:11 -07:00
Tom Eastep
e81a4788c6
Implement DEFAULT_PAGER in shorewallrc
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-21 10:20:48 -07:00
Tom Eastep
8bb7c2363b
Support '+' after a zone list in the policy files.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-10 10:06:38 -07:00
Tom Eastep
2c90a8bfb5
Allow zone lists in the SOURCE and DEST columns of the policy files
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-09-10 08:47:48 -07:00
Tom Eastep
a05b957498
Corrections in the shorewall[6].conf manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-08-15 10:24:23 -07:00
Tom Eastep
0b9cd93769
Default DSCP rules to the POSTROUTING chain
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-27 13:59:15 -07:00
Tom Eastep
4a6338d857
Correct/complete Scott Sumate's LOGFILE enhancement
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-07-15 14:25:02 -07:00
Roberto C. Sánchez
7c9876241c
Debian init scripts: add run-level 1 to Default-Stop specification 2016-07-04 17:37:00 -04:00
Roberto C. Sánchez
8b36c2c1cf
Debian init scripts: more accurately describe what action is being taken 2016-07-04 13:34:33 -04:00
Tom Eastep
e71fb3249a
Add 'dbl' interface option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-15 16:35:41 -07:00
Tom Eastep
4869f61a25
'allow' now works with ipset-based dynamic blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-06-09 08:44:25 -07:00
Tom Eastep
9b7088158b
Correct ipv6-route header number
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-10 07:12:01 -07:00
Tom Eastep
d4df67966d Turn on AUTOMAKE in the sample configurations
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-06 08:46:11 -07:00
Tom Eastep
590243a787 Add NFLOG as a supported mangle action
- Also document nflog-parameters
- Correct range of nflog groups

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-05-03 11:27:34 -07:00
Tom Eastep
b7de785396 Correct typo in manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-30 08:34:43 -07:00
Tom Eastep
24d40f4cc2 Add VERBOSE_MESSAGES option
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-30 08:00:56 -07:00
Tom Eastep
71bd7a4647 Update the STARTUP_LOG description in shorewall[6].conf
- Update list of commands

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-19 07:49:37 -07:00
Tom Eastep
2b7ef0fe32 Update the tcclasses manpage to discuss fw mark filter priority
- Also correct default priorities for tos= and tcp-ack

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-18 09:18:48 -07:00
Tom Eastep
32f888a7d4 Add an ENVIRONMENT section to the CLI manpages
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-15 15:41:55 -07:00
Tom Eastep
dbd42e1d5d More ipset fixes
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-12 16:29:13 -07:00
Tom Eastep
deaaecdf1c Add 'nodbl' interface option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 16:09:39 -07:00
Tom Eastep
05e4049174 Ipset-based blacklisting
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 16:07:56 -07:00
Tom Eastep
ef10515a42 Correct FASTACCEPT description
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-10 07:20:45 -07:00
Tom Eastep
95e4071f34 Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2016-04-06 07:42:46 -07:00
Tuomo Soini
20179a5c9d remove completely false README.txt
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-06 10:23:58 +03:00
Tom Eastep
54843c617d Merge branch 'master' of ssh://git.code.sf.net/p/shorewall/code 2016-04-05 11:46:42 -07:00
Tom Eastep
e9467326f3 Allow allow REJECT to take a parameter
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-05 11:20:44 -07:00
Tuomo Soini
35bc0bd8ef lib.base: format to new headers
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-05 20:27:47 +03:00
Tuomo Soini
4034ebc270 modules.xtables: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-05 20:25:36 +03:00
Tuomo Soini
bd33bb7105 modules.tc: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-05 20:25:36 +03:00
Tuomo Soini
dbb23d8807 modules.ipset: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-05 20:25:36 +03:00
Tuomo Soini
5c4ee58f44 modules.extensions: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-05 20:25:36 +03:00
Tuomo Soini
bf8b519da6 modules.essential: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-05 20:25:36 +03:00
Tuomo Soini
724d430ba4 action.template: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-05 20:20:55 +03:00
Tuomo Soini
11479b14f9 action.mangletemplate: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-05 20:20:55 +03:00
Tuomo Soini
54eea167e5 action.Broadcast: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-05 20:20:55 +03:00
Tuomo Soini
8d92d07352 action.AllowICMPs: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-05 20:20:55 +03:00
Tuomo Soini
6122a1db19 action.A_AllowICMPs: reformat to new header style
Signed-off-by: Tuomo Soini <tis@foobar.fi>
2016-04-05 20:20:55 +03:00
Tom Eastep
9a7f6512a1 Delete IPv6 actions that duplicate IPv4 actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-04 15:58:39 -07:00
Tom Eastep
a96ee0ab9a Make IPv6 Auth default consistent with IPv4
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-04 12:59:09 -07:00
Tom Eastep
81d76e3817 Document + in the MODULESDIR setting.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-04-01 09:43:06 -07:00
Roberto C. Sánchez
899a317c95 Fix typos 2016-03-26 22:25:30 -04:00
Tom Eastep
273c89a753 Implement MARK and CONNMARK in the rules file.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-18 11:42:58 -07:00
Tom Eastep
0b5d59870b Remove embedded Perl from Shorewall6 Drop and Reject actions
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-16 15:07:59 -07:00
Tom Eastep
eed7692952 Document the state action option.
Signed-off-by: Tom Eastep <teastep@shorewall.net>
2016-03-14 15:15:32 -07:00