Correct indentation

Signed-off-by: Tom Eastep <teastep@shorewall.net>
Correct typo in lib.private
2016-10-09 11:13:01 -07:00 · 2016-10-09 10:59:00 -07:00 · 2016-10-03 11:23:51 -07:00 · 2016-10-03 09:51:50 -07:00 · 2016-10-03 09:09:57 -07:00 · 2016-10-01 13:49:35 -07:00
37 changed files with 447 additions and 87 deletions
--- a/Shorewall-core/configure
+++ b/Shorewall-core/configure
@@ -235,7 +235,8 @@ for on in \
    SPARSE \
    ANNOTATED \
    VARLIB \
-    VARDIR
+    VARDIR \
    DEFAULT_PAGER
 do
    echo "$on=${options[${on}]}"
    echo "$on=${options[${on}]}" >> shorewallrc
--- a/Shorewall-core/configure.pl
+++ b/Shorewall-core/configure.pl
@@ -209,7 +209,8 @@ for ( qw/ HOST
 	  SPARSE
 	  ANNOTATED
 	  VARLIB
-	  VARDIR / ) {
+	  VARDIR
          DEFAULT_PAGER / ) {
    my $val = $options{$_} || '';
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -466,7 +466,8 @@ do_save() {
 	if $iptables_save | grep -v -- '-A dynamic.* -j ACCEPT' > ${VARDIR}/restore-$$; then
 	    cp -f ${VARDIR}/firewall $g_restorepath
 	    mv -f ${VARDIR}/restore-$$ ${g_restorepath}-iptables
-	    chmod +x $g_restorepath
+	    chmod 700 $g_restorepath
 	    chmod 600 ${g_restorepath}-iptables
 	    echo "   Currently-running Configuration Saved to $g_restorepath"
 	    run_user_exit save
 	else
@@ -487,6 +488,7 @@ do_save() {
 		if ${arptables}-save > ${VARDIR}/restore-$$; then
 		    if grep -q '^-A' ${VARDIR}/restore-$$; then
 			mv -f ${VARDIR}/restore-$$ ${g_restorepath}-arptables
 			chmod 600 ${g_restorepath}-arptables
 		    else
 			rm -f ${VARDIR}/restore-$$
 		    fi
@@ -533,7 +535,7 @@ do_save() {
 			#
 			# Don't save an 'empty' file
 			#
-			grep -qE -- '^(-N|create )' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${g_restorepath}-ipsets
+			grep -qE -- '^(-N|create )' ${VARDIR}/ipsets.tmp && mv -f ${VARDIR}/ipsets.tmp ${g_restorepath}-ipsets && chmod 600 ${g_restorepath}-ipsets
 		    fi
 		fi
 		;;
@@ -3898,6 +3900,8 @@ get_config() {
    g_loopback=$(find_loopback_interfaces)
    [ -n "$PAGER" ] || PAGER=$DEFAULT_PAGER
    if [ -n "$PAGER" -a -t 1 ]; then
 	case $PAGER in
 	    /*)
@@ -3905,7 +3909,7 @@ get_config() {
 		[ -f "$g_pager" ] || fatal_error "PAGER=$PAGER does not exist"
 		;;
 	    *)
-		g_pager=$(mywhich pager 2> /dev/null)
+		g_pager=$(mywhich $PAGER 2> /dev/null)
 		[ -n "$g_pager" ] || fatal_error "PAGER=$PAGER does not exist"
 		;;
 	esac
--- a/Shorewall-core/shorewallrc.apple
+++ b/Shorewall-core/shorewallrc.apple
@@ -19,3 +19,4 @@ SERVICEFILE=                           #Unused on OS X
 SYSCONFDIR=                            #Unused on OS X
 SPARSE=Yes                             #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
 VARLIB=/var/lib                        #Unused on OS X
 DEFAULT_PAGER=			       #Pager to use if none specified in shorewall[6].conf
--- a/Shorewall-core/shorewallrc.archlinux
+++ b/Shorewall-core/shorewallrc.archlinux
@@ -20,3 +20,4 @@ SERVICEFILE=                           #Name of the file to install in $SYSTEMD.
 SPARSE=                                #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                        #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT              #Directory where product variable data is stored.
 DEFAULT_PAGER=			       #Pager to use if none specified in shorewall[6].conf
--- a/Shorewall-core/shorewallrc.cygwin
+++ b/Shorewall-core/shorewallrc.cygwin
@@ -19,3 +19,4 @@ SERVICEFILE=                          #Unused on Cygwin
 SYSCONFDIR=                           #Unused on Cygwin
 SPARSE=Yes                            #Only install $PRODUCT/$PRODUCT.conf in $CONFDIR.
 VARLIB=/var/lib                       #Unused on Cygwin
 DEFAULT_PAGER=			      #Pager to use if none specified in shorewall[6].conf
--- a/Shorewall-core/shorewallrc.debian.systemd
+++ b/Shorewall-core/shorewallrc.debian.systemd
@@ -21,3 +21,4 @@ SERVICEDIR=/lib/systemd/system		#Directory where .service files are installed (s
 SPARSE=Yes				#If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib				#Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT		#Directory where product variable data is stored.
 DEFAULT_PAGER=/usr/bin/less		#Pager to use if none specified in shorewall[6].conf
--- a/Shorewall-core/shorewallrc.debian.sysvinit
+++ b/Shorewall-core/shorewallrc.debian.sysvinit
@@ -21,3 +21,4 @@ SERVICEDIR=				#Directory where .service files are installed (systems running sy
 SPARSE=Yes                              #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                         #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
 DEFAULT_PAGER=/usr/bin/less		#Pager to use if none specified in shorewall[6].conf
--- a/Shorewall-core/shorewallrc.default
+++ b/Shorewall-core/shorewallrc.default
@@ -21,3 +21,4 @@ SYSCONFDIR=                             #Directory where SysV init parameter fil
 SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                         #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
 DEFAULT_PAGER=				#Pager to use if none specified in shorewall[6].conf
--- a/Shorewall-core/shorewallrc.openwrt
+++ b/Shorewall-core/shorewallrc.openwrt
@@ -21,3 +21,4 @@ SERVICEFILE=				#Name of the file to install in $SYSTEMD. Default is $PRODUCT.se
 SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/lib                             #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
 DEFAULT_PAGER=				#Pager to use if none specified in shorewall[6].conf
--- a/Shorewall-core/shorewallrc.redhat
+++ b/Shorewall-core/shorewallrc.redhat
@@ -21,3 +21,4 @@ SYSCONFDIR=/etc/sysconfig/              #Directory where SysV init parameter fil
 SPARSE=                                 #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                         #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT               #Directory where product variable data is stored.
 DEFAULT_PAGER=				#Pager to use if none specified in shorewall[6].conf
--- a/Shorewall-core/shorewallrc.slackware
+++ b/Shorewall-core/shorewallrc.slackware
@@ -22,3 +22,4 @@ SYSCONFDIR=                                #Name of the directory where SysV ini
 ANNOTATED=                                 #If non-empty, install annotated configuration files
 VARLIB=/var/lib                            #Directory where product variable data is stored.
 VARDIR=${VARLIB}/$PRODUCT                  #Directory where product variable data is stored.
 DEFAULT_PAGER=				   #Pager to use if none specified in shorewall[6].conf
--- a/Shorewall-core/shorewallrc.suse
+++ b/Shorewall-core/shorewallrc.suse
@@ -21,3 +21,4 @@ SYSCONFDIR=/etc/sysconfig/                            #Directory where SysV init
 SPARSE=                                               #If non-empty, only install $PRODUCT/$PRODUCT.conf in $CONFDIR
 VARLIB=/var/lib                                       #Directory where persistent product data is stored.
 VARDIR=${VARLIB}/$PRODUCT                             #Directory where product variable data is stored.
 DEFAULT_PAGER=				   	      #Pager to use if none specified in shorewall[6].conf
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -5190,7 +5190,7 @@ sub do_time( $ ) {
 	    $result .= "--monthday $days ";
 	} elsif ( $element =~ /^(datestart|datestop)=(\d{4}(-\d{2}(-\d{2}(T\d{1,2}(:\d{1,2}){0,2})?)?)?)$/ ) {
 	    $result .= "--$1 $2 ";
-	} elsif ( $element =~ /^(utc|localtz|kerneltz)$/ ) {
+	} elsif ( $element =~ /^(utc|localtz|kerneltz|contiguous)$/ ) {
 	    $result .= "--$1 ";
 	} else {
 	    fatal_error "Invalid time element ($element)";
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -897,6 +897,7 @@ sub initialize( $;$$) {
 	  PAGER => undef ,
 	  MINIUPNPD => undef ,
 	  VERBOSE_MESSAGES => undef ,
 	  ZERO_MARKS => undef ,
 	  #
 	  # Packet Disposition
 	  #
@@ -3855,6 +3856,8 @@ sub process_shorewallrc( $$ ) {
    } elsif ( supplied $shorewallrc{VARLIB} ) {
 	$shorewallrc{VARDIR} = "$shorewallrc{VARLIB}/$product";
    }
    $shorewallrc{DEFAULT_PAGER} = '' unless supplied $shorewallrc{DEFAULT_PAGER};
 }
 #
@@ -5228,7 +5231,7 @@ sub update_config_file( $ ) {
    update_default( 'USE_DEFAULT_RT', 'No' );
    update_default( 'EXPORTMODULES',  'No' );
    update_default( 'RESTART',        'reload' );
-    update_default( 'PAGER',          '' );
+    update_default( 'PAGER',          $shorewallrc1{DEFAULT_PAGER} );
    my $fn;
@@ -6290,6 +6293,7 @@ sub get_configuration( $$$$ ) {
    default_yes_no 'DEFER_DNS_RESOLUTION'       , 'Yes';
    default_yes_no 'MINIUPNPD'                  , '';
    default_yes_no 'VERBOSE_MESSAGES'           , 'Yes';
    default_yes_no 'ZERO_MARKS'                 , '';
    $config{IPSET} = '' if supplied $config{IPSET} && $config{IPSET} eq 'ipset';
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -125,6 +125,13 @@ sub setup_route_marking() {
    my $exmask = have_capability( 'EXMARK' ) ? "/$mask" : '';
    require_capability( $_ , q(The provider 'track' option) , 's' ) for qw/CONNMARK_MATCH CONNMARK/;
    #
    # Clear the mark -- we have seen cases where the mark is non-zero even in the raw table chains!
    #
    if ( $config{ZERO_MARKS} ) {
 	add_ijump( $mangle_table->{$_}, j => 'MARK', targetopts => '--set-mark 0' ) for qw/PREROUTING OUTPUT/;
    }
    if ( $config{RESTORE_ROUTEMARKS} ) {
 	add_ijump $mangle_table->{$_} , j => 'CONNMARK', targetopts => "--restore-mark --mask $mask" for qw/PREROUTING OUTPUT/;
@@ -802,6 +809,10 @@ sub add_a_provider( $$ ) {
 	push_indent;
 	emit( "if interface_is_up $physical; then" );
 	push_indent;
 	if ( $gatewaycase eq 'omitted' ) {
 	    if ( $tproxy ) {
 		emit 'run_ip route add local ' . ALLIP . " dev $physical table $id";
@@ -819,14 +830,19 @@ sub add_a_provider( $$ ) {
 		if ( $family == F_IPV4 ) {
 		    emit qq(run_ip route replace $gateway src $address dev $physical ${mtu});
 		    emit qq(run_ip route replace $gateway src $address dev $physical ${mtu}table $id $realm);
 		    emit qq(echo "\$IP route del $gateway src $address dev $physical ${mtu} > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing);
 		    emit qq(echo "\$IP route del $gateway src $address dev $physical ${mtu}table $id $realm > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing);
 		} else {
 		    emit qq(qt \$IP -6 route add $gateway src $address dev $physical ${mtu});
 		    emit qq(qt \$IP -6 route del $gateway src $address dev $physical ${mtu}table $id $realm);
 		    emit qq(run_ip route add $gateway src $address dev $physical ${mtu}table $id $realm);
 		    emit qq(echo "\$IP -6 route del $gateway src $address dev $physical ${mtu} > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing );
 		    emit qq(echo "\$IP -6 route del $gateway src $address dev $physical ${mtu}table $id $realm > /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing);
 		}
 	    }
-	    emit "run_ip route add default via $gateway src $address dev $physical ${mtu}table $id $realm";
+	    emit( "run_ip route add default via $gateway src $address dev $physical ${mtu}table $id $realm" );
 	    emit( qq( echo "\$IP route del default via $gateway src $address dev $physical ${mtu}table $id $realm > /dev/null 2>&1"  >> \${VARDIR}/undo_${table}_routing) );
 	}
 	if ( ! $noautosrc ) {
@@ -855,8 +871,10 @@ sub add_a_provider( $$ ) {
 	    }
 	}
-	emit( qq(\n),
+	pop_indent;
-	      qq(rm -f \${VARDIR}/${physical}_enabled) );
+
 	emit( qq(fi\n),
 	      qq(echo 1 > \${VARDIR}/${physical}_disabled) );
 	pop_indent;
@@ -1070,7 +1088,7 @@ CEOF
 	    emit( "setup_${dev}_tc" ) if $tcdevices->{$interface};
 	}
-	emit( qq(    echo 1 > \${VARDIR}/${physical}_enabled) ) if $persistent;
+	emit( qq(rm -f \${VARDIR}/${physical}_disabled) );
 	emit_started_message( '', 2, $pseudo, $table, $number );
 	pop_indent;
@@ -1078,7 +1096,7 @@ CEOF
 	unless ( $pseudo ) {
 	    emit( 'else' );
 	    emit( qq(    echo $weight > \${VARDIR}/${physical}_weight) );
-	    emit( qq(    echo 1 > \${VARDIR}/${physical}_enabled) ) if $persistent;
+	    emit( qq(    rm -f \${VARDIR}/${physical}_disabled) ) if $persistent;
 	    emit_started_message( '    ', '', $pseudo, $table, $number );
 	}
@@ -1172,7 +1190,7 @@ CEOF
 		   'if [ $COMMAND = disable ]; then',
 		   "    do_persistent_${what}_${table}",
 		   "else",
-		   "    rm -f \${VARDIR}/${physical}_enabled\n",
+		   "    echo 1 > \${VARDIR}/${physical}_disabled\n",
 		   "fi\n",
 		 );
 	}
@@ -1677,7 +1695,7 @@ EOF
 		emit ( "    if [ ! -f \${VARDIR}/undo_${provider}_routing ]; then",
 		       "        start_interface_$provider" );
 	    } elsif ( $providerref->{persistent} ) {
-		emit ( "    if [ ! -f \${VARDIR}/$providerref->{physical}_enabled ]; then",
+		emit ( "    if [ -f \${VARDIR}/$providerref->{physical}_disabled ]; then",
 		       "        start_provider_$provider" );
 	    } else {
 		emit ( "    if [ -z \"`\$IP -$family route ls table $providerref->{number}`\" ]; then",
@@ -1728,7 +1746,7 @@ EOF
 	    if ( $providerref->{pseudo} ) {
 		emit( "    if [ -f \${VARDIR}/undo_${provider}_routing ]; then" );
 	    } elsif ( $providerref->{persistent} ) {
-		emit( "    if [ -f \${VARDIR}/$providerref->{physical}_enabled ]; then" );
+		emit( "    if [ ! -f \${VARDIR}/$providerref->{physical}_disabled ]; then" );
 	    } else {
 		emit( "    if [ -n \"`\$IP -$family route ls table $providerref->{number}`\" ]; then" );
 	    }
--- a/Shorewall/Perl/lib.runtime
+++ b/Shorewall/Perl/lib.runtime
@@ -599,7 +599,15 @@ debug_restore_input() {
 }
 interface_enabled() {
-    return $(cat ${VARDIR}/$1.status)
+    status=0
    if [ -f ${VARDIR}/${1}_disabled ]; then
 	status=1
    elif [ -f ${VARDIR}/${1}.status ]; then
 	status=$(cat ${VARDIR}/${1}.status)
    fi
    return $status
 }
 distribute_load() {
@@ -678,8 +686,10 @@ interface_is_usable() # $1 = interface
    if ! loopback_interface $1; then
 	if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" != 0.0.0.0 ]; then
-	    [ "$COMMAND" = enable ] || run_isusable_exit $1
+	    if [ "$COMMAND" != enable ]; then
-	    status=$?
+		[ ! -f ${VARDIR}/${1}_disabled ] && run_isusable_exit $1
 		status=$?
 	    fi
 	else
 	    status=1
 	fi
@@ -996,9 +1006,16 @@ delete_gateway() # $! = Description of the Gateway $2 = table number $3 = device
    if [ -n "$route" ]; then
 	if echo $route | grep -qF ' nexthop '; then
-	    gateway="nexthop $gateway"
+	    if interface_is_up $3; then
-	    eval route=\`echo $route \| sed \'s/$gateway/ /\'\`
+		gateway="nexthop $gateway"
-	    run_ip route replace table $2 $route
+	    else
 		gateway="nexthop $gateway dead"
 	    fi
 	    if eval echo $route \| fgrep -q \'$gateway\'; then
 		eval route=\`echo $route \| sed \'s/$gateway/ /\'\`
 		run_ip route replace table $2 $route
 	    fi
 	else
 	    dev=$(find_device $route)
 	    [ "$dev" = "$3" ] && run_ip route delete default table $2
@@ -1095,8 +1112,10 @@ interface_is_usable() # $1 = interface
    if [ "$1" != lo ]; then
 	if interface_is_up $1 && [ "$(find_first_interface_address_if_any $1)" != :: ]; then
-	    [ "$COMMAND" = enable ] || run_isusable_exit $1
+	    if [ "$COMMAND" != enable ]; then
-	    status=$?
+		[ ! -f ${VARDIR}/${1}_disabled ] && run_isusable_exit $1
 		status=$?
 	    fi
 	else
 	    status=1
 	fi
--- a/Shorewall/Samples/Universal/shorewall.conf
+++ b/Shorewall/Samples/Universal/shorewall.conf
@@ -128,16 +128,14 @@ ADD_SNAT_ALIASES=No
 ADMINISABSENTMINDED=Yes
 BASIC_FILTERS=No
 IGNOREUNKNOWNVARIABLES=No
 AUTOCOMMENT=Yes
 AUTOHELPERS=Yes
 AUTOMAKE=Yes
 BASIC_FILTERS=No
 BLACKLIST="NEW,INVALID,UNTRACKED"
 CHAIN_SCRIPTS=No
@@ -172,6 +170,8 @@ FORWARD_CLEAR_MARK=
 HELPERS=
 IGNOREUNKNOWNVARIABLES=No
 IMPLICIT_CONTINUE=No
 INLINE_MATCHES=Yes
@@ -248,6 +248,8 @@ WARNOLDCAPVERSION=Yes
 WORKAROUNDS=No
 ZERO_MARKS=No
 ZONE2ZONE=-
 ###############################################################################
--- a/Shorewall/Samples/one-interface/shorewall.conf
+++ b/Shorewall/Samples/one-interface/shorewall.conf
@@ -139,16 +139,14 @@ ADD_SNAT_ALIASES=No
 ADMINISABSENTMINDED=Yes
 BASIC_FILTERS=No
 IGNOREUNKNOWNVARIABLES=No
 AUTOCOMMENT=Yes
 AUTOHELPERS=Yes
 AUTOMAKE=Yes
 BASIC_FILTERS=No
 BLACKLIST="NEW,INVALID,UNTRACKED"
 CHAIN_SCRIPTS=No
@@ -183,6 +181,8 @@ FORWARD_CLEAR_MARK=
 HELPERS=
 IGNOREUNKNOWNVARIABLES=No
 IMPLICIT_CONTINUE=No
 INLINE_MATCHES=Yes
@@ -259,6 +259,8 @@ WARNOLDCAPVERSION=Yes
 WORKAROUNDS=No
 ZERO_MARKS=No
 ZONE2ZONE=-
 ###############################################################################
--- a/Shorewall/Samples/three-interfaces/shorewall.conf
+++ b/Shorewall/Samples/three-interfaces/shorewall.conf
@@ -136,16 +136,14 @@ ADD_SNAT_ALIASES=No
 ADMINISABSENTMINDED=Yes
 BASIC_FILTERS=No
 IGNOREUNKNOWNVARIABLES=No
 AUTOCOMMENT=Yes
 AUTOHELPERS=Yes
 AUTOMAKE=Yes
 BASIC_FILTERS=No
 BLACKLIST="NEW,INVALID,UNTRACKED"
 CHAIN_SCRIPTS=No
@@ -180,6 +178,8 @@ FORWARD_CLEAR_MARK=
 HELPERS=
 IGNOREUNKNOWNVARIABLES=No
 IMPLICIT_CONTINUE=No
 INLINE_MATCHES=Yes
@@ -256,6 +256,8 @@ WARNOLDCAPVERSION=Yes
 WORKAROUNDS=No
 ZERO_MARKS=No
 ZONE2ZONE=-
 ###############################################################################
--- a/Shorewall/Samples/two-interfaces/shorewall.conf
+++ b/Shorewall/Samples/two-interfaces/shorewall.conf
@@ -139,16 +139,14 @@ ADD_SNAT_ALIASES=No
 ADMINISABSENTMINDED=Yes
 BASIC_FILTERS=No
 IGNOREUNKNOWNVARIABLES=No
 AUTOCOMMENT=Yes
 AUTOHELPERS=Yes
 AUTOMAKE=Yes
 BASIC_FILTERS=No
 BLACKLIST="NEW,INVALID,UNTRACKED"
 CHAIN_SCRIPTS=No
@@ -183,6 +181,8 @@ FORWARD_CLEAR_MARK=
 HELPERS=
 IGNOREUNKNOWNVARIABLES=No
 IMPLICIT_CONTINUE=No
 INLINE_MATCHES=Yes
@@ -259,6 +259,8 @@ WARNOLDCAPVERSION=Yes
 WORKAROUNDS=No
 ZERO_MARKS=No
 ZONE2ZONE=-
 ###############################################################################
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@@ -128,16 +128,14 @@ ADD_SNAT_ALIASES=No
 ADMINISABSENTMINDED=Yes
 BASIC_FILTERS=No
 IGNOREUNKNOWNVARIABLES=No
 AUTOCOMMENT=Yes
 AUTOHELPERS=Yes
 AUTOMAKE=No
 BASIC_FILTERS=No
 BLACKLIST="NEW,INVALID,UNTRACKED"
 CHAIN_SCRIPTS=Yes
@@ -172,6 +170,8 @@ FORWARD_CLEAR_MARK=
 HELPERS=
 IGNOREUNKNOWNVARIABLES=No
 IMPLICIT_CONTINUE=No
 INLINE_MATCHES=No
@@ -248,6 +248,8 @@ WARNOLDCAPVERSION=Yes
 WORKAROUNDS=No
 ZERO_MARKS=No
 ZONE2ZONE=-
 ###############################################################################
--- a/Shorewall/lib.cli-std
+++ b/Shorewall/lib.cli-std
@@ -316,6 +316,8 @@ get_config() {
    g_loopback=$(find_loopback_interfaces)
    [ -n "$PAGER" ] || PAGER=$DEFAULT_PAGER
    if [ -n "$PAGER" -a -t 1 ]; then
 	case $PAGER in
 	    /*)
@@ -323,7 +325,7 @@ get_config() {
 		[ -f "$g_pager" ] || fatal_error "PAGER $PAGER does not exist"
 		;;
 	    *)
-		g_pager=$(mywhich pager 2> /dev/null)
+		g_pager=$(mywhich $PAGER 2> /dev/null)
 		[ -n "$g_pager" ] || fatal_error "PAGER $PAGER not found"
 		;;
 	esac
--- a/Shorewall/manpages/shorewall-mangle.xml
+++ b/Shorewall/manpages/shorewall-mangle.xml
@@ -137,7 +137,7 @@
                <replaceable>action</replaceable> must be an action declared
                with the <option>mangle</option> option in <ulink
                url="manpages/shorewall-actions.html">shorewall-actions(5)</ulink>.
-                If the action accepts paramaters, they are specified as a
+                If the action accepts parameters, they are specified as a
                comma-separated list within parentheses following the
                <replaceable>action</replaceable> name.</para>
              </listitem>
@@ -1255,6 +1255,17 @@ Normal-Service       =&gt; 0x00</programlisting>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term>contiguous</term>
              <listitem>
                <para>Added in Shoreawll 5.0.12. When <emphasis
                role="bold">timestop</emphasis> is smaller than <emphasis
                role="bold">timestart</emphasis> value, match this as a single
                time period instead of distinct intervals.</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term>utc</term>
@@ -1365,7 +1376,7 @@ Normal-Service       =&gt; 0x00</programlisting>
          round-robin fashion between addresses 1.1.1.1, 1.1.1.3, and 1.1.1.9
          (Shorewall 4.5.9 and later).</para>
-          <programlisting>/etc/shorewall/tcrules:
+          <programlisting>/etc/shorewall/mangle:
       #ACTION            SOURCE         DEST         PROTO   DPORT         SPORT   USER    TEST
       CONNMARK(1-3):F    192.168.1.0/24 eth0 ; state=NEW
--- a/Shorewall/manpages/shorewall-providers.xml
+++ b/Shorewall/manpages/shorewall-providers.xml
@@ -406,6 +406,16 @@
                    are present.</para>
                  </listitem>
                </itemizedlist>
                <note>
                  <para>The generated script will attempt to reenable a
                  disabled persistent provider during execution of the
                  <command>start</command>, <command>restart</command> and
                  <command>reload</command> commands. When
                  <option>persistent</option> is not specified, only the
                  <command>enable</command> and <command>reenable</command>
                  commands can reenable the provider.</para>
                </note>
              </listitem>
            </varlistentry>
          </variablelist>
--- a/Shorewall/manpages/shorewall-rules.xml
+++ b/Shorewall/manpages/shorewall-rules.xml
@@ -595,8 +595,7 @@
                <para>Added in Shorewall 4.5.9.3. Queues matching packets to a
                back end logging daemon via a netlink socket then continues to
                the next rule. See <ulink
-                url="/shorewall.logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.
+                url="/shorewall.logging.html">http://www.shorewall.net/shorewall_logging.html</ulink>.</para>
                </para>
                <para>The <replaceable>nflog-parameters</replaceable> are a
                comma-separated list of up to 3 numbers:</para>
@@ -1683,6 +1682,17 @@
              </listitem>
            </varlistentry>
            <varlistentry>
              <term>contiguous</term>
              <listitem>
                <para>Added in Shoreawll 5.0.12. When <emphasis
                role="bold">timestop</emphasis> is smaller than <emphasis
                role="bold">timestart</emphasis> value, match this as a single
                time period instead of distinct intervals.</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term>utc</term>
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@@ -774,13 +774,14 @@
        <listitem>
          <para>Added in Shorewall 4.4.7. When set to <emphasis
          role="bold">No</emphasis> or <emphasis role="bold">no</emphasis>,
-          chain-based dynamic blacklisting using the <command>shorewall6
+          chain-based dynamic blacklisting using <command>shorewall
-          drop</command>, <command>shorewall6 reject</command>,
+          drop</command>, <command>shorewall reject</command>,
-          <command>shorewall6 logdrop</command> and <command>shorewall6
+          <command>shorewall logdrop</command> and <command>shorewall
          logreject</command> is disabled. Default is <emphasis
          role="bold">Yes</emphasis>. Beginning with Shorewall 5.0.8,
-          ipset-based dynamic blacklisting is also supported. The name of the
+          ipset-based dynamic blacklisting using the <command>shorewall
-          set (<replaceable>setname</replaceable>) and the level
+          blacklist</command> command is also supported. The name of the set
          (<replaceable>setname</replaceable>) and the level
          (<replaceable>log_level</replaceable>), if any, at which blacklisted
          traffic is to be logged may also be specified. The default set name
          is SW_DBL4 and the default log level is <option>none</option> (no
@@ -2009,6 +2010,9 @@ LOG:info:,bar                        net                    fw</programlisting>
          When PAGER is given, the output of verbose <command>status</command>
          commands and the <command>dump</command> command are piped through
          the named program when the output file is a terminal.</para>
          <para>Beginning with Shorewall 5.0.12, the default value of this
          option is the DEFAULT_PAGER setting in shorewallrc.</para>
        </listitem>
      </varlistentry>
@@ -2944,6 +2948,23 @@ INLINE          -       -       -       ;; -j REJECT
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">ZERO_MARKS=</emphasis>[<emphasis
        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
        <listitem>
          <para>Added in Shorewall 5.0.12, this is a workaround for an issue
          where packet marks are not zeroed by the kernel. It should be set to
          No (the default) unless you find that incoming packets are being
          mis-routed for no apparent reasons.</para>
          <caution>
            <para>Do not set this option to Yes if you have IPSEC software
            running on the firewall system.</para>
          </caution>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis
        role="bold">ZONE_BITS</emphasis>=[<replaceable>number</replaceable>]</term>
--- a/Shorewall6/Samples6/Universal/shorewall6.conf
+++ b/Shorewall6/Samples6/Universal/shorewall6.conf
@@ -121,16 +121,14 @@ ACCOUNTING_TABLE=filter
 ADMINISABSENTMINDED=Yes
 BASIC_FILTERS=No
 IGNOREUNKNOWNVARIABLES=No
 AUTOCOMMENT=Yes
 AUTOHELPERS=Yes
 AUTOMAKE=Yes
 BASIC_FILTERS=No
 BLACKLIST="NEW,INVALID,UNTRACKED"
 CHAIN_SCRIPTS=No
@@ -159,6 +157,8 @@ FORWARD_CLEAR_MARK=
 HELPERS=
 IGNOREUNKNOWNVARIABLES=No
 IMPLICIT_CONTINUE=No
 INLINE_MATCHES=Yes
@@ -219,6 +219,8 @@ WARNOLDCAPVERSION=Yes
 WORKAROUNDS=No
 ZERO_MARKS=No
 ZONE2ZONE=-
 ###############################################################################
--- a/Shorewall6/Samples6/one-interface/shorewall6.conf
+++ b/Shorewall6/Samples6/one-interface/shorewall6.conf
@@ -122,16 +122,14 @@ ACCOUNTING_TABLE=filter
 ADMINISABSENTMINDED=Yes
 BASIC_FILTERS=No
 IGNOREUNKNOWNVARIABLES=No
 AUTOCOMMENT=Yes
 AUTOHELPERS=Yes
 AUTOMAKE=Yes
 BASIC_FILTERS=No
 BLACKLIST="NEW,INVALID,UNTRACKED"
 CHAIN_SCRIPTS=No
@@ -160,6 +158,8 @@ FORWARD_CLEAR_MARK=
 HELPERS=
 IGNOREUNKNOWNVARIABLES=No
 IMPLICIT_CONTINUE=No
 INLINE_MATCHES=Yes
@@ -220,6 +220,8 @@ WARNOLDCAPVERSION=Yes
 WORKAROUNDS=No
 ZERO_MARKS=No
 ZONE2ZONE=-
 ###############################################################################
--- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf
@@ -121,16 +121,14 @@ ACCOUNTING_TABLE=filter
 ADMINISABSENTMINDED=Yes
 BASIC_FILTERS=No
 IGNOREUNKNOWNVARIABLES=No
 AUTOCOMMENT=Yes
 AUTOHELPERS=Yes
 AUTOMAKE=Yes
 BASIC_FILTERS=No
 BLACKLIST="NEW,INVALID,UNTRACKED"
 CHAIN_SCRIPTS=No
@@ -159,6 +157,8 @@ FORWARD_CLEAR_MARK=
 HELPERS=
 IGNOREUNKNOWNVARIABLES=No
 IMPLICIT_CONTINUE=No
 INLINE_MATCHES=Yes
@@ -219,6 +219,8 @@ WARNOLDCAPVERSION=Yes
 WORKAROUNDS=No
 ZERO_MARKS=No
 ZONE2ZONE=-
 ###############################################################################
--- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf
@@ -121,16 +121,14 @@ ACCOUNTING_TABLE=filter
 ADMINISABSENTMINDED=Yes
 BASIC_FILTERS=No
 IGNOREUNKNOWNVARIABLES=No
 AUTOCOMMENT=Yes
 AUTOHELPERS=Yes
 AUTOMAKE=Yes
 BASIC_FILTERS=No
 BLACKLIST="NEW,INVALID,UNTRACKED"
 CHAIN_SCRIPTS=No
@@ -159,6 +157,8 @@ FORWARD_CLEAR_MARK=
 HELPERS=
 IGNOREUNKNOWNVARIABLES=No
 IMPLICIT_CONTINUE=No
 INLINE_MATCHES=Yes
@@ -219,6 +219,8 @@ WARNOLDCAPVERSION=Yes
 WORKAROUNDS=No
 ZERO_MARKS=No
 ZONE2ZONE=-
 ###############################################################################
--- a/Shorewall6/configfiles/shorewall6.conf
+++ b/Shorewall6/configfiles/shorewall6.conf
@@ -121,16 +121,14 @@ ACCOUNTING_TABLE=filter
 ADMINISABSENTMINDED=Yes
 BASIC_FILTERS=No
 IGNOREUNKNOWNVARIABLES=No
 AUTOCOMMENT=Yes
 AUTOHELPERS=Yes
 AUTOMAKE=No
 BASIC_FILTERS=No
 BLACKLIST="NEW,INVALID,UNTRACKED"
 CHAIN_SCRIPTS=Yes
@@ -159,6 +157,8 @@ FORWARD_CLEAR_MARK=Yes
 HELPERS=
 IGNOREUNKNOWNVARIABLES=No
 IMPLICIT_CONTINUE=No
 INLINE_MATCHES=No
@@ -219,6 +219,8 @@ WARNOLDCAPVERSION=Yes
 WORKAROUNDS=No
 ZERO_MARKS=No
 ZONE2ZONE=-
 ###############################################################################
--- a/Shorewall6/manpages/shorewall6-mangle.xml
+++ b/Shorewall6/manpages/shorewall6-mangle.xml
@@ -138,7 +138,7 @@
                <replaceable>action</replaceable> must be an action declared
                with the <option>mangle</option> option in <ulink
                url="manpages6/shorewall6-actions.html">shorewall6-actions(5)</ulink>.
-                If the action accepts paramaters, they are specified as a
+                If the action accepts parameters, they are specified as a
                comma-separated list within parentheses following the
                <replaceable>action</replaceable> name.</para>
              </listitem>
@@ -1331,6 +1331,17 @@ Normal-Service       =&gt; 0x00</programlisting>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term>contiguous</term>
              <listitem>
                <para>Added in Shoreawll 5.0.12. When <emphasis
                role="bold">timestop</emphasis> is smaller than <emphasis
                role="bold">timestart</emphasis> value, match this as a single
                time period instead of distinct intervals.</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term>utc</term>
--- a/Shorewall6/manpages/shorewall6-providers.xml
+++ b/Shorewall6/manpages/shorewall6-providers.xml
@@ -377,6 +377,16 @@
                    are present.</para>
                  </listitem>
                </itemizedlist>
                <note>
                  <para>The generated script will attempt to reenable a
                  disabled persistent provider during execution of the
                  <command>start</command>, <command>restart</command> and
                  <command>reload</command> commands. When
                  <option>persistent</option> is not specified, only the
                  <command>enable</command> and <command>reenable</command>
                  commands can reenable the provider.</para>
                </note>
              </listitem>
            </varlistentry>
          </variablelist>
--- a/Shorewall6/manpages/shorewall6-rules.xml
+++ b/Shorewall6/manpages/shorewall6-rules.xml
@@ -1547,6 +1547,17 @@
              </listitem>
            </varlistentry>
            <varlistentry>
              <term>contiguous</term>
              <listitem>
                <para>Added in Shoreawll 5.0.12. When <emphasis
                role="bold">timestop</emphasis> is smaller than <emphasis
                role="bold">timestart</emphasis> value, match this as a single
                time period instead of distinct intervals.</para>
              </listitem>
            </varlistentry>
            <varlistentry>
              <term>utc</term>
--- a/Shorewall6/manpages/shorewall6.conf.xml
+++ b/Shorewall6/manpages/shorewall6.conf.xml
@@ -635,13 +635,14 @@
        <listitem>
          <para>Added in Shorewall 4.4.7. When set to <emphasis
          role="bold">No</emphasis> or <emphasis role="bold">no</emphasis>,
-          chain-based dynamic blacklisting using the <command>shorewall6
+          chain-based dynamic blacklisting using <command>shorewall6
          drop</command>, <command>shorewall6 reject</command>,
          <command>shorewall6 logdrop</command> and <command>shorewall6
          logreject</command> is disabled. Default is <emphasis
          role="bold">Yes</emphasis>. Beginning with Shorewall 5.0.8,
-          ipset-based dynamic blacklisting is also supported. The name of the
+          ipset-based dynamic blacklisting using <command>shorewall6
-          set (<replaceable>setname</replaceable>) and the level
+          blacklist</command> is also supported. The name of the set
          (<replaceable>setname</replaceable>) and the level
          (<replaceable>log_level</replaceable>), if any, at which blacklisted
          traffic is to be logged may also be specified. The default set name
          is SW_DBL6 and the default log level is <option>none</option> (no
@@ -1734,6 +1735,9 @@ LOG:info:,bar                        net                    fw</programlisting>
          When PAGER is given, the output of verbose <command>status</command>
          commands and the <command>dump</command> command are piped through
          the named program when the output file is a terminal.</para>
          <para>Beginning with Shorewall 5.0.12, the default value of this
          option is the DEFAULT_PAGER setting in shorewallrc.</para>
        </listitem>
      </varlistentry>
@@ -2601,6 +2605,23 @@ INLINE          -       -       -       ;; -j REJECT
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis role="bold">ZERO_MARKS=</emphasis>[<emphasis
        role="bold">Yes</emphasis>|<emphasis role="bold">No</emphasis>]</term>
        <listitem>
          <para>Added in Shorewall 5.0.12, this is a workaround for an issue
          where packet marks are not zeroed by the kernel. It should be set to
          No (the default) unless you find that incoming packets are being
          mis-routed for no apparent reasons.</para>
          <caution>
            <para>Do not set this option to Yes if you have IPSEC software
            running on the firewall system.</para>
          </caution>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis
        role="bold">ZONE_BITS</emphasis>=[<replaceable>number</replaceable>]</term>
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@@ -782,7 +782,7 @@ DNAT { source=net dest=loc:10.0.0.1 proto=tcp dport=80 mark=88 }</programlisting
    <programlisting>        ACCEPT net $FW { proto=tcp, dport=22, comment="Accept \"SSH\"" }</programlisting>
-    <para> As shown in that example, when the comment contains whitespace, it
+    <para>As shown in that example, when the comment contains whitespace, it
    must be enclosed in double quotes and any embedded double quotes must be
    escaped using a backslash ("\").</para>
  </section>
@@ -2800,6 +2800,182 @@ redirect                      =&gt; 137</programlisting>
    above.</para>
  </section>
  <section id="TIME">
    <title>TIME Columns</title>
    <para>Several of the files include a TIME colum that allows you to specify
    times when the rule is to be applied. Contents of this column is a list of
    <replaceable>timeelement</replaceable>s separated by apersands
    (&amp;).</para>
    <para>Each <replaceable>timeelement</replaceable> is one of the
    following:</para>
    <variablelist>
      <varlistentry>
        <term>timestart=<replaceable>hh</replaceable>:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]</term>
        <listitem>
          <para>Defines the starting time of day.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>timestop=<replaceable>hh</replaceable>:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]</term>
        <listitem>
          <para>Defines the ending time of day.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>contiguous</term>
        <listitem>
          <para>Added in Shoreawll 5.0.12. When <emphasis
          role="bold">timestop</emphasis> is smaller than <emphasis
          role="bold">timestart</emphasis> value, match this as a single time
          period instead of distinct intervals. See the Examples below.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>utc</term>
        <listitem>
          <para>Times are expressed in Greenwich Mean Time.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>localtz</term>
        <listitem>
          <para>Deprecated by the Netfilter team in favor of <emphasis
          role="bold">kerneltz</emphasis>. Times are expressed in Local Civil
          Time (default).</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>kerneltz</term>
        <listitem>
          <para>Added in Shorewall 4.5.2. Times are expressed in Local Kernel
          Time (requires iptables 1.4.12 or later).</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>weekdays=ddd[,ddd]...</term>
        <listitem>
          <para>where <replaceable>ddd</replaceable> is one of
          <option>Mon</option>, <option>Tue</option>, <option>Wed</option>,
          <option>Thu</option>, <option>Fri</option>, <option>Sat</option> or
          <option>Sun</option></para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>monthdays=dd[,dd],...</term>
        <listitem>
          <para>where <replaceable>dd</replaceable> is an ordinal day of the
          month</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>datestart=<replaceable>yyyy</replaceable>[-<replaceable>mm</replaceable>[-<replaceable>dd</replaceable>[<option>T</option><replaceable>hh</replaceable>[:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]]]]]</term>
        <listitem>
          <para>Defines the starting date and time.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>datestop=<replaceable>yyyy</replaceable>[-<replaceable>mm</replaceable>[-<replaceable>dd</replaceable>[<option>T</option><replaceable>hh</replaceable>[:<replaceable>mm</replaceable>[:<replaceable>ss</replaceable>]]]]]</term>
        <listitem>
          <para>Defines the ending date and time.</para>
        </listitem>
      </varlistentry>
    </variablelist>
    <para>Examples:</para>
    <variablelist>
      <varlistentry>
        <term>To match on weekends, use:</term>
        <listitem>
          <para/>
          <para>weekdays=Sat,Sun</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>Or, to match (once) on a national holiday block:</term>
        <listitem>
          <para/>
          <para>datestart=2016-12-24&amp;datestop=2016-12-27</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>Since the stop time is actually inclusive, you would need the
        following stop time to not match the first second of the new
        day:</term>
        <listitem>
          <para/>
          <para>datestart=2016-12-24T17:00&amp;datestop=2016-12-27T23:59:59</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>During Lunch Hour</term>
        <listitem>
          <para/>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>The fourth Friday in the month:</term>
        <listitem>
          <para/>
          <para>weekdays=Fri&amp;monthdays=22,23,24,25,26,27,28</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>Matching across days might not do what is expected. For
        instance,</term>
        <listitem>
          <para/>
          <para>weekdays=Mon&amp;timestart=23:00&amp;timestop=01:00</para>
          <para>Will match Monday, for one hour from midnight to 1 a.m., and
          then again for another hour from 23:00 onwards. If this is unwanted,
          e.g. if you would like 'match for two hours from Montay 23:00
          onwards' you need to also specify the <emphasis
          role="bold">contiguous</emphasis> option in the example above.
          </para>
        </listitem>
      </varlistentry>
    </variablelist>
  </section>
  <section id="Switches">
    <title>Switches</title>
@@ -2942,8 +3118,8 @@ Comcast 2        0x20000 main       <emphasis role="bold">COM_IF</emphasis>
    role="bold">optional</emphasis> option in the OPTIONS column.</para>
    <para>When an interface is marked as optional, Shorewall will determine
-    the interface state at <command>start</command> and
+    the interface state at <command>start</command>, <command>reload</command>
-    <command>restart</command> and adjust its configuration
+    and <command>restart</command> and adjust its configuration
    accordingly.</para>
    <itemizedlist>
@@ -2996,13 +3172,13 @@ Comcast 2        0x20000 main       <emphasis role="bold">COM_IF</emphasis>
    <para>Shorewall allows you to have configuration directories other than
    <filename class="directory">/etc/shorewall</filename>. The shorewall
-    <command>check</command>, <command>start</command> and
+    <command>check</command>, <command>start</command>,
-    <command>restart</command> commands allow you to specify an alternate
+    <command>reload</command> and <command>restart</command> commands allow
-    configuration directory and Shorewall will use the files in the alternate
+    you to specify an alternate configuration directory and Shorewall will use
-    directory rather than the corresponding files in /etc/shorewall. The
+    the files in the alternate directory rather than the corresponding files
-    alternate directory need not contain a complete configuration; those files
+    in /etc/shorewall. The alternate directory need not contain a complete
-    not in the alternate directory will be read from <filename
+    configuration; those files not in the alternate directory will be read
-    class="directory">/etc/shorewall</filename>.<important>
+    from <filename class="directory">/etc/shorewall</filename>.<important>
        <para>Shorewall requires that the file
        <filename>/etc/shorewall/shorewall.conf</filename> to always exist.
        Certain global settings are always obtained from that file. If you
Author	SHA1	Message	Date
Tom Eastep	dce3e740a4	Correct indentation Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-10-09 11:13:01 -07:00
Tom Eastep	09c528468b	Correct typo in lib.private Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-10-09 10:59:00 -07:00
Tom Eastep	6b20fb42d4	Change order of options in .conf files. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-10-03 11:23:51 -07:00
Roberto C. Sánchez	d2cd9b5b71	Fix typos	2016-10-03 09:51:50 -07:00
Tom Eastep	05dc3db3c1	Correct DYNAMIC_BLACKLISTING documentation Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-10-03 09:09:57 -07:00
Tom Eastep	1b032f7524	Correct permissions of files created by the 'save' command Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-10-01 13:49:35 -07:00
Tom Eastep	72dbb4c3c3	Handle persistent provider enable/disable correctly Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-09-30 16:01:04 -07:00
Tom Eastep	bc591ccee4	Don't assume that statistically balanced providers are optional Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-09-30 14:01:16 -07:00
Tom Eastep	f989c2f5f6	Document 'persistent' Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-09-30 11:34:57 -07:00
Tom Eastep	156313edd2	Correctly handle down persistent interface during 'disable' Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-09-27 11:47:37 -07:00
Tom Eastep	35bd1db7fb	Handle Down or missing interfaces in 'delete_gateway()' Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-09-27 11:43:26 -07:00
Tom Eastep	792b3b696c	Add ZERO_MARKS option Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-09-26 16:04:26 -07:00
Tom Eastep	3f8ddb11ab	Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code	2016-09-25 08:00:43 -07:00
Tom Eastep	fa9ee6d69e	Clear packet marks in PREROUTING and OUTPUT Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-09-24 15:46:04 -07:00
Tom Eastep	0f287dfe60	Add 'reload' to config basic document as appropriate Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-09-24 08:05:47 -07:00
Tom Eastep	ef4b1c2030	Add a TIME Columns section to the config file basics doc Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-09-22 15:45:18 -07:00
Tom Eastep	8065e62f12	Support for the 'contiguous' option in TIME columns Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-09-22 14:22:11 -07:00
Tom Eastep	e81a4788c6	Implement DEFAULT_PAGER in shorewallrc Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-09-21 10:20:48 -07:00
Tom Eastep	d854185c56	Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code	2016-09-20 08:47:07 -07:00
Tom Eastep	7e32a10176	Merge branch 'master' of ssh://server.shorewall.net/home/teastep/shorewall/code	2016-09-10 08:48:48 -07:00
Tom Eastep	5ea91f21f4	Correct the mangle manpage Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-09-05 19:20:25 -07:00