Correct typo that cases restart failure.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
Avoid duplicate route rules from 'disable'
2016-03-09 11:18:05 -08:00 · 2016-03-06 15:48:33 -08:00 · 2016-03-05 14:41:30 -08:00 · 2016-03-04 14:26:42 -08:00 · 2016-03-04 12:21:45 -08:00 · 2016-03-04 11:09:53 -08:00
31 changed files with 516 additions and 214 deletions
--- a/Shorewall-core/install.sh
+++ b/Shorewall-core/install.sh
@@ -2,7 +2,7 @@
 #
 # Script to install Shoreline Firewall Core Modules
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -266,7 +266,7 @@ search_log() # $1 = IP address to search for
 #
 # Show traffic control information
 #
-show_tc() {
+show_tc1() {
    show_one_tc() {
 	local device
@@ -292,6 +292,19 @@ show_tc() {
 }
 show_tc() {
    echo "$g_product $SHOREWALL_VERSION Traffic Control at $g_hostname - $(date)"
    echo
    shift
    if [ -z "$1" ]; then
 	$g_tool -t mangle -L -n -v | $output_filter
 	echo
    fi
    show_tc1 $1
 }
 #
 # Show classifier information
 #
@@ -928,6 +941,202 @@ show_actions() {
 	grep -Ev '^\#|^$' ${g_sharedir}/actions.std
    fi
 }
 show_chain() {
    echo "$g_product $SHOREWALL_VERSION $([ $# -gt 1 ] && echo "Chains " || [ $# -gt 0 ] && echo "Chain " || echo $table Table)$* at $g_hostname - $(date)"
    echo
    show_reset
    if [ $# -gt 0 ]; then
 	for chain in $*; do
 	    $g_tool -t $table -L $chain $g_ipt_options | $output_filter
 	    echo
 	done
    else
 	$g_tool -t $table -L $g_ipt_options | $output_filter
    fi
 }
 show_chains() {
    echo "$g_product $SHOREWALL_VERSION $([ $# -gt 1 ] && echo "Chains " || echo "Chain ")$* at $g_hostname - $(date)"
    echo
    show_reset
    for chain in $*; do
 	$g_tool -t $table -L $chain $g_ipt_options | $output_filter
 	echo
    done
 }
 show_table() {
    echo "$g_product $SHOREWALL_VERSION $table Table at $g_hostname - $(date)"
    echo
    show_reset
    $g_tool -t $table -L $g_ipt_options | $output_filter
 }
 show_nat() {
    echo "$g_product $SHOREWALL_VERSION NAT Table at $g_hostname - $(date)"
    echo
    show_reset
    $g_tool -t nat -L $g_ipt_options | $output_filter
 }
 show_raw() {
    echo "$g_product $SHOREWALL_VERSION RAW Table at $g_hostname - $(date)"
    echo
    show_reset
    $g_tool -t raw -L $g_ipt_options | $output_filter
 }
 show_rawpost() {
    echo "$g_product $SHOREWALL_VERSION RAWPOST Table at $g_hostname - $(date)"
    echo
    show_reset
    $g_tool -t rawpost -L $g_ipt_options | $output_filter
 }
 show_mangle() {
    echo "$g_product $SHOREWALL_VERSION Mangle Table at $g_hostname - $(date)"
    echo
    show_reset
    $g_tool -t mangle -L $g_ipt_options | $output_filter
 }
 show_classifiers_command() {
    echo "$g_product $SHOREWALL_VERSION Classifiers at $g_hostname - $(date)"
    echo
    show_classifiers
 }
 show_ip_addresses() {
    echo "$g_product $SHOREWALL_VERSION IP at $g_hostname - $(date)"
    echo
    ip -$g_family addr list
 }
 show_routing_command() {
    echo "$g_product $SHOREWALL_VERSION Routing at $g_hostname - $(date)"
    echo
    show_routing
 }
 show_policies() {
    echo "$g_product $SHOREWALL_VERSION Policies at $g_hostname - $(date)"
    echo
    [ -f ${VARDIR}/policies ] && cat ${VARDIR}/policies
 }
 show_ipa() {
    echo "$g_product $SHOREWALL_VERSION per-IP Accounting at $g_hostname - $(date)"
    echo
    perip_accounting
 }
 show_arptables() {
    echo "$g_product $SHOREWALL_VERSION arptables at $g_hostname - $(date)"
    echo
    $arptables -L -n -v
 }
 show_log() {
    echo "$g_product $SHOREWALL_VERSION Log ($LOGFILE) at $g_hostname - $(date)"
    echo
    show_reset
    host=$(echo $g_hostname | sed 's/\..*$//')
    if [ $# -eq 2 ]; then
 	eval search_log $2
    elif [ -n "$g_pager" ]; then
 	packet_log 100
    else
 	packet_log 20
    fi
 }
 show_connections() {
    if [ $g_family -eq 4 ]; then
 	if [ -d /proc/sys/net/netfilter/ ]; then
 	    local count
 	    local max
 	    count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
 	    max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
 	    echo "$g_product $SHOREWALL_VERSION Connections ($count out of $max) at $g_hostname - $(date)"
 	else
 	    echo "$g_product $SHOREWALL_VERSION Connections at $g_hostname - $(date)"
 	fi
 	echo
 	if qt mywhich conntrack ; then
 	    shift
 	    conntrack -f ipv4 -L $@ | show_connections_filter
 	else
 	    [ $# -gt 1 ] && usage 1
 	    if [ -f /proc/net/ip_conntrack ]; then
 		cat /proc/net/ip_conntrack | show_connections_filter
 	    else
 		grep -v '^ipv6' /proc/net/nf_conntrack | show_connections_filter
 	    fi
 	fi
    elif qt mywhich conntrack ; then
 	shift
 	echo "$g_product $SHOREWALL_VERSION Connections at $g_hostname - $(date)"
 	echo
 	conntrack -f ipv6 -L $@ | show_connections_filter
    else
 	[ $# -gt 1 ] && usage 1
 	if [ -f /proc/sys/net/netfilter/nf_conntrack_count -a -f /proc/sys/net/nf_conntrack ]; then
 	    local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
 	    local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
 	    echo "$g_product $SHOREWALL_VERSION Connections ($count of $max) at $g_hostname - $(date)"
 	    echo
 	    grep '^ipv6' /proc/net/nf_conntrack | sed -r 's/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | show_connections_filter
 	fi
    fi
 }
 show_nfacct_command() {
    echo "$g_product $SHOREWALL_VERSION NF Accounting at $g_hostname - $(date)"
    echo
    show_nfacct
 }
 show_events_command() {
    echo "$g_product $SHOREWALL_VERSION events at $g_hostname - $(date)"
    echo
    show_events
 }
 show_blacklists() {
    echo "$g_product $SHOREWALL_VERSION blacklist chains at $g_hostname - $(date)"
    echo
    show_bl;
 }
 show_actions_sorted() {
    show_actions | sort
 }
 show_macros() {
    for directory in $(split $CONFIG_PATH); do
 	temp=
 	for macro in ${directory}/macro.*; do
 	    case $macro in
 		*\*)
                ;;
 		*)
 		    if [ -z "$temp" ]; then
 			echo
 			echo "Macros in $directory:"
 			echo
 			temp=Yes
 		    fi
 		    show_macro
 		    ;;
 	    esac
 	done
    done
 }
 #
 # Show Command Executor
 #
@@ -1042,108 +1251,37 @@ show_command() {
    case "$1" in
 	connections)
-	    if [ $g_family -eq 4 ]; then
+	    eval show_connections $@ $g_pager
 		if [ -d /proc/sys/net/netfilter/ ]; then
 		    local count
 		    local max
 		    count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
 		    max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
 		    echo "$g_product $SHOREWALL_VERSION Connections ($count out of $max) at $g_hostname - $(date)"
 		else
 		    echo "$g_product $SHOREWALL_VERSION Connections at $g_hostname - $(date)"
 		fi
 		echo
 		if qt mywhich conntrack ; then
 		    shift
 		    conntrack -f ipv4 -L $@ | show_connections_filter
 		else
 		    [ $# -gt 1 ] && usage 1
 		    if [ -f /proc/net/ip_conntrack ]; then
 			cat /proc/net/ip_conntrack | show_connections_filter
 		    else
 			grep -v '^ipv6' /proc/net/nf_conntrack | show_connections_filter
 		    fi
 	        fi
 	    elif qt mywhich conntrack ; then
 		shift
 		echo "$g_product $SHOREWALL_VERSION Connections at $g_hostname - $(date)"
 		echo
 		conntrack -f ipv6 -L $@ | show_connections_filter
 	    else
 		[ $# -gt 1 ] && usage 1
 		if [ -f /proc/sys/net/netfilter/nf_conntrack_count -a -f /proc/sys/net/nf_conntrack ]; then
 		    local count=$(cat /proc/sys/net/netfilter/nf_conntrack_count)
 		    local max=$(cat /proc/sys/net/netfilter/nf_conntrack_max)
 		    echo "$g_product $SHOREWALL_VERSION Connections ($count of $max) at $g_hostname - $(date)"
 		    echo
 		    grep '^ipv6' /proc/net/nf_conntrack | sed -r 's/0000:/:/g; s/:::+/::/g; s/:0+/:/g' | show_connections_filter
 		fi
 	    fi
 	    ;;
 	nat)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION NAT Table at $g_hostname - $(date)"
+	    eval show_nat $g_pager
 	    echo
 	    show_reset
 	    $g_tool -t nat -L $g_ipt_options | $output_filter
 	    ;;
 	raw)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION RAW Table at $g_hostname - $(date)"
+	    eval show_raw $g_pager
 	    echo
 	    show_reset
 	    $g_tool -t raw -L $g_ipt_options | $output_filter
 	    ;;
 	rawpost)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION RAWPOST Table at $g_hostname - $(date)"
+	    eval show_rawpost $g_pager
 	    echo
 	    show_reset
 	    $g_tool -t rawpost -L $g_ipt_options | $output_filter
 	    ;;
 	tos|mangle)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION Mangle Table at $g_hostname - $(date)"
+	    eval show_mangle $g_pager
 	    echo
 	    show_reset
 	    $g_tool -t mangle -L $g_ipt_options | $output_filter
 	    ;;
 	log)
 	    [ $# -gt 2 ] && usage 1
 	    setup_logread
-
+	    eval show_log $g_pager
 	    echo "$g_product $SHOREWALL_VERSION Log ($LOGFILE) at $g_hostname - $(date)"
 	    echo
 	    show_reset
 	    host=$(echo $g_hostname | sed 's/\..*$//')
 	    if [ $# -eq 2 ]; then
 		search_log $2
 	    else
 		packet_log 20
 	    fi
 	    ;;
 	tc)
 	    [ $# -gt 2 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION Traffic Control at $g_hostname - $(date)"
+	    eval show_tc $@ $g_pager
 	    echo
 	    shift
 	    if [ -z "$1" ]; then
 		$g_tool -t mangle -L -n -v | $output_filter
 		echo
 	    fi
 	    show_tc $1
 	    ;;
 	classifiers|filters)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION Classifiers at $g_hostname - $(date)"
+	    eval show_classifiers_command $g_pager
 	    echo
 	    show_classifiers
 	    ;;
 	zones)
 	    [ $# -gt 1 ] && usage 1
@@ -1173,22 +1311,18 @@ show_command() {
 	    determine_capabilities
 	    VERBOSITY=2
 	    if [ -n "$g_filemode" ]; then
-		report_capabilities1
+		eval report_capabilities1 $g_pager
 	    else
-		report_capabilities
+		eval report_capabilities $g_pager
 	    fi
 	    ;;
 	ip)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION IP at $g_hostname - $(date)"
+	    eval show_ip_addresses $g_pager
 	    echo
 	    ip -$g_family addr list
 	    ;;
 	routing)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION Routing at $g_hostname - $(date)"
+	    eval show_routing_command $g_pager
 	    echo
 	    show_routing
 	    ;;
 	config)
 	    . ${g_sharedir}/configpath
@@ -1210,33 +1344,19 @@ show_command() {
 	    ;;
 	chain)
 	    shift
-	    echo "$g_product $SHOREWALL_VERSION $([ $# -gt 1 ] && echo "Chains " || [ $# -gt 0 ] && echo "Chain " || echo $table Table)$* at $g_hostname - $(date)"
+	    eval show_chain $@ $g_pager
 	    echo
 	    show_reset
 	    if [ $# -gt 0 ]; then
 		for chain in $*; do
 		    $g_tool -t $table -L $chain $g_ipt_options | $output_filter
 		    echo
 		done
 	    else
 		$g_tool -t $table -L $g_ipt_options | $output_filter
 	    fi
 	    ;;
 	vardir)
 	    echo $VARDIR;
 	    ;;
 	policies)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION Policies at $g_hostname - $(date)"
+	    eval show_policies $g_pager
 	    echo
 	    [ -f ${VARDIR}/policies ] && cat ${VARDIR}/policies;
 	    ;;
 	ipa)
 	    [ $g_family -eq 4 ] || usage 1
 	    echo "$g_product $SHOREWALL_VERSION per-IP Accounting at $g_hostname - $(date)"
 	    echo
 	    [ $# -gt 1 ] && usage 1
-	    perip_accounting
+	    eval show_ipa $g_pager
 	    ;;
 	marks)
 	    [ $# -gt 1 ] && usage 1
@@ -1246,17 +1366,13 @@ show_command() {
 	    ;;
 	nfacct)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION NF Accounting at $g_hostname - $(date)"
+	    eval show_nfacct_command $g_pager
 	    echo
 	    show_nfacct
 	    ;;
 	arptables)
 	    [ $# -gt 1 ] && usage 1
 	    resolve_arptables
 	    if [ -n "$arptables" -a -x $arptables ]; then
-		echo "$g_product $SHOREWALL_VERSION arptables at $g_hostname - $(date)"
+		eval show_arptables $g_pager
 		echo
 		$arptables -L -n -v
 	    else
 		error_message "Cannot locate the arptables executable"
 	    fi
@@ -1270,15 +1386,11 @@ show_command() {
 	    ;;
 	events)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION events at $g_hostname - $(date)"
+	    eval show_events_command $g_pager
 	    echo
 	    show_events
 	    ;;
 	bl|blacklists)
 	    [ $# -gt 1 ] && usage 1
-	    echo "$g_product $SHOREWALL_VERSION blacklist chains at $g_hostname - $(date)"
+	    eval show_blacklists $g_pager
 	    echo
 	    show_bl;
 	    ;;
 	opens)
 	    [ $# -gt 1 ] && usage 1
@@ -1298,7 +1410,7 @@ show_command() {
 		    case $1 in
 			actions)
 			    [ $# -gt 1 ] && usage 1
-			    show_actions | sort
+			    eval show_actions_sorted $g_pager
 			    return
 			    ;;
 			macro)
@@ -1315,25 +1427,7 @@ show_command() {
 			    ;;
 			macros)
 			    [ $# -gt 1 ] && usage 1
-
+			    eval show_macros $g_pager
 			    for directory in $(split $CONFIG_PATH); do
 				temp=
 				for macro in ${directory}/macro.*; do
 				    case $macro in
 					*\*)
                                            ;;
 					*)
 				            if [ -z "$temp" ]; then
 						echo
 						echo "Macros in $directory:"
 						echo
 						temp=Yes
 					    fi
 					    show_macro
 					    ;;
 				    esac
 				done
 			    done
 			    return
 			    ;;
 		    esac
@@ -1355,18 +1449,9 @@ show_command() {
 		    fi
 					 done
-		echo "$g_product $SHOREWALL_VERSION $([ $# -gt 1 ] && echo "Chains " || echo "Chain ")$* at $g_hostname - $(date)"
+		eval show_chains $@ $g_pager
 		echo
 		show_reset
 		for chain in $*; do
 		    $g_tool -t $table -L $chain $g_ipt_options | $output_filter
 		    echo
 		done
 	    else
-		echo "$g_product $SHOREWALL_VERSION $table Table at $g_hostname - $(date)"
+		eval show_table $g_pager
 		echo
 		show_reset
 		$g_tool -t $table -L $g_ipt_options | $output_filter
 	    fi
 	    ;;
    esac
@@ -1417,12 +1502,16 @@ dump_filter() {
 		;;
 	esac
-	$command $filter
+	eval $command $filter $g_pager
    else
 	cat -
    fi
 }
 dump_filter_wrapper() {
    eval dump_filter $g_pager
 }
 #
 # Dump Command Executor
 #
@@ -1633,14 +1722,14 @@ do_dump_command() {
    if [ -n "$TC_ENABLED" ]; then
 	heading "Traffic Control"
-	show_tc
+	show_tc1
 	heading "TC Filters"
 	show_classifiers
 	fi
 }
 dump_command() {
-    do_dump_command $@ | dump_filter
+    do_dump_command $@ | dump_filter_wrapper
 }
 #
@@ -3700,6 +3789,23 @@ get_config() {
    g_loopback=$(find_loopback_interfaces)
    if [ -n "$PAGER" -a -t 1 ]; then
 	case $PAGER in
 	    /*)
 		g_pager="$PAGER"
 		[ -f "$g_pager" ] || fatal_error "PAGER=$PAGER does not exist"
 		;;
 	    *)
 		g_pager=$(mywhich pager 2> /dev/null)
 		[ -n "$g_pager" ] || fatal_error "PAGER=$PAGER does not exist"
 		;;
 	esac
 	[ -x "$g_pager" ] || fatal_error "PAGER $g_pager is not executable"
 	g_pager="| $g_pager"
     fi
    lib=$(find_file lib.cli-user)
    [ -f $lib ] && . $lib
@@ -4040,6 +4146,7 @@ shorewall_cli() {
    g_counters=
    g_loopback=
    g_compiled=
    g_pager=
    VERBOSE=
    VERBOSITY=1
--- a/Shorewall-core/uninstall.sh
+++ b/Shorewall-core/uninstall.sh
@@ -2,7 +2,7 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://www.shorewall.net
 #
--- a/Shorewall-init/install.sh
+++ b/Shorewall-init/install.sh
@@ -2,7 +2,7 @@
 #
 # Script to install Shoreline Firewall Init
 #
-#     (c) 2000-20114 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #     (c) 2010 - Roberto C. Sanchez (roberto@connexer.com)
 #
 #       Shorewall documentation is available at http://shorewall.net
--- a/Shorewall-init/uninstall.sh
+++ b/Shorewall-init/uninstall.sh
@@ -2,7 +2,7 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #
--- a/Shorewall-lite/install.sh
+++ b/Shorewall-lite/install.sh
@@ -2,7 +2,7 @@
 #
 # Script to install Shoreline Firewall Lite
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
--- a/Shorewall-lite/uninstall.sh
+++ b/Shorewall-lite/uninstall.sh
@@ -2,7 +2,7 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -1526,8 +1526,7 @@ sub create_irule( $$$;@ ) {
 }
 #
-# Clone an existing rule. Only the rule hash itself is cloned; reference values are shared between the new rule
+# Clone an existing rule.
 # reference and the old.
 #
 sub clone_irule( $ ) {
    my $oldruleref = $_[0];
@@ -3005,6 +3004,7 @@ sub initialize_chain_table($) {
    }
    if ( my $docker = $config{DOCKER} ) {
 	add_commands( $nat_table->{OUTPUT}, '[ -f ${VARDIR}/.nat_OUTPUT ] && cat ${VARDIR}/.nat_OUTPUT >&3' );
 	add_commands( $nat_table->{POSTROUTING}, '[ -f ${VARDIR}/.nat_POSTROUTING ] && cat ${VARDIR}/.nat_POSTROUTING >&3' );
 	$chainref = new_standard_chain( 'DOCKER' );
 	set_optflags( $chainref, DONT_OPTIMIZE | DONT_DELETE | DONT_MOVE );
@@ -8068,26 +8068,28 @@ sub save_docker_rules($) {
    my $tool = $_[0];
    emit( qq(if [ -n "\$g_docker" ]; then),
-	  qq(    $tool -t nat -S DOCKER | tail -n +2 > \$VARDIR/.nat_DOCKER),
+	  qq(    $tool -t nat -S DOCKER | tail -n +2 > \${VARDIR}/.nat_DOCKER),
-	  qq(    $tool -t nat -S POSTROUTING | tail -n +2 | fgrep -v SHOREWALL > \$VARDIR/.nat_POSTROUTING),
+	  qq(    $tool -t nat -S OUTPUT | tail -n +2 | fgrep DOCKER > \${VARDIR}/.nat_OUTPUT),
-	  qq(    $tool -t filter -S DOCKER | tail -n +2 > \$VARDIR/.filter_DOCKER),
+	  qq(    $tool -t nat -S POSTROUTING | tail -n +2 | fgrep -v SHOREWALL > \${VARDIR}/.nat_POSTROUTING),
-	  qq(    [ -n "\$g_dockernetwork" ] && $tool -t filter -S DOCKER-ISOLATION | tail -n +2 > \$VARDIR/.filter_DOCKER-ISOLATION)
+	  qq(    $tool -t filter -S DOCKER | tail -n +2 > \${VARDIR}/.filter_DOCKER),
 	  qq(    [ -n "\$g_dockernetwork" ] && $tool -t filter -S DOCKER-ISOLATION | tail -n +2 > \${VARDIR}/.filter_DOCKER-ISOLATION)
 	);
    if ( known_interface( 'docker0' ) ) {
-	emit( qq(    $tool -t filter -S FORWARD | grep '^-A FORWARD.*[io] br-[a-z0-9]\\{12\\}' > \$VARDIR/.filter_FORWARD) );
+	emit( qq(    $tool -t filter -S FORWARD | grep '^-A FORWARD.*[io] br-[a-z0-9]\\{12\\}' > \${VARDIR}/.filter_FORWARD) );
    } else {
-	emit( qq(    $tool -t filter -S FORWARD | egrep '^-A FORWARD.*[io] (docker0|br-[a-z0-9]{12})' > \$VARDIR/.filter_FORWARD) );
+	emit( qq(    $tool -t filter -S FORWARD | egrep '^-A FORWARD.*[io] (docker0|br-[a-z0-9]{12})' > \${VARDIR}/.filter_FORWARD) );
    }
-    emit( qq(    [ -s \$VARDIR/.filter_FORWARD ] || rm -f \$VARDIR/.filter_FORWARD),
+    emit( q(    [ -s ${VARDIR}/.filter_FORWARD ] || rm -f ${VARDIR}/.filter_FORWARD),
-	  qq(else),
+	  q(else),
-	  qq(    rm -f \$VARDIR/.nat_DOCKER),
+	  q(    rm -f ${VARDIR}/.nat_DOCKER),
-	  qq(    rm -f \$VARDIR/.nat_POSTROUTING),
+	  q(    rm -f ${VARDIR}/.nat_OUTPUT),
-	  qq(    rm -f \$VARDIR/.filter_DOCKER),
+	  q(    rm -f ${VARDIR}/.nat_POSTROUTING),
-	  qq(    rm -f \$VARDIR/.filter_DOCKER-ISOLATION),
+	  q(    rm -f ${VARDIR}/.filter_DOCKER),
-	  qq(    rm -f \$VARDIR/.filter_FORWARD),
+	  q(    rm -f ${VARDIR}/.filter_DOCKER-ISOLATION),
-	  qq(fi)
+	  q(    rm -f ${VARDIR}/.filter_FORWARD),
 	  q(fi)
 	)
 }
@@ -8124,7 +8126,6 @@ else
    rm -f \${VARDIR}/.dynamic
 fi
 EOF
 	emit(''), save_docker_rules( $tool ) if $config{DOCKER};
    } else {
 	emit <<"EOF";
 if chain_exists 'UPnP -t nat'; then
@@ -8154,28 +8155,13 @@ EOF
 emit <<"EOF";
 rm -f \${VARDIR}/.UPnP
 rm -f \${VARDIR}/.forwardUPnP
 EOF
    if ( have_capability 'IPTABLES_S' ) {
 	emit( qq(if [ "\$COMMAND" = stop -o "\$COMMAND" = clear ]; then),
 	      qq(    if chain_exists dynamic; then),
 	      qq(        $tool -S dynamic | tail -n +2 > \${VARDIR}/.dynamic) );
 	emit( '' ), save_docker_rules( $tool ) if $config{DOCKER};
    } else {
 	emit( qq(if [ "\$COMMAND" = stop -o "\$COMMAND" = clear ]; then),
 	      qq(    if chain_exists dynamic; then),
 	      qq(        $utility -t filter | grep '^-A dynamic ' > \${VARDIR}/.dynamic) );
    }
 emit <<"EOF";
    fi
 fi
 EOF
    pop_indent;
    emit ( 'fi' ,
 	   '' );
    emit( '' ), save_docker_rules( $tool ), emit( '' ) if $config{DOCKER};
 }
 sub ensure_ipset( $ ) {
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -876,6 +876,7 @@ sub initialize( $;$$) {
 	  LEGACY_RESTART => undef ,
 	  RESTART => undef ,
 	  DOCKER => undef ,
 	  PAGER => undef ,
 	  #
 	  # Packet Disposition
 	  #
@@ -4912,6 +4913,7 @@ sub update_config_file( $ ) {
    update_default( 'USE_DEFAULT_RT', 'No' );
    update_default( 'EXPORTMODULES',  'No' );
    update_default( 'RESTART',        'reload' );
    update_default( 'PAGER',          '' );
    my $fn;
@@ -6438,7 +6440,7 @@ sub generate_aux_config() {
    if ( -f $fn ) {
 	emit( '',
-	      'dump_filter() {' );
+	      'dump_filter1() {' );
 	push_indent;
 	append_file( $fn,1 ) or emit 'cat -';
 	pop_indent;
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -629,19 +629,23 @@ sub process_stoppedrules() {
 }
 sub create_docker_rules() {
    add_commands( $nat_table->{PREROUTING} , '[ -n "$g_docker" ] && echo "-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER" >&3' );
    add_commands( $nat_table->{OUTPUT} ,     '[ -n "$g_docker" ] && echo "-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER" >&3' );
    my $chainref = $filter_table->{FORWARD};
    add_commands( $chainref, '[ -n "$g_dockernetwork" ] && echo "-A FORWARD -j DOCKER-ISOLATION" >&3', );
-    if ( known_interface('docker0') ) {
+    if ( my $dockerref = known_interface('docker0') ) {
-	add_commands( $filter_table->{FORWARD}, '[ -n "$g_docker" ] && echo "-A FORWARD -o docker0 -j DOCKER" >&3' );
+	add_commands( $chainref, 'if [ -n "$g_docker" ]; then' );
 	incr_cmd_level( $chainref );
 	add_ijump( $chainref, j => 'DOCKER', o => 'docker0' );
 	add_ijump( $chainref, j => 'ACCEPT', i => 'docker0', o => '! docker0' );
 	add_ijump( $chainref, j => 'ACCEPT', i => 'docker0', o => 'docker0' ) if $dockerref->{options}{routeback};
 	decr_cmd_level( $chainref );
 	add_commands( $chainref, 'fi' );
    }
-    add_commands( $chainref, '[ -f $VARDIR/.filter_FORWARD ] && cat $VARDIR/.filter_FORWARD >&3', );
+    add_commands( $chainref, '[ -f ${VARDIR}/.filter_FORWARD ] && cat $VARDIR/.filter_FORWARD >&3', );
 }
 sub setup_mss();
@@ -2474,7 +2478,6 @@ EOF
    if [ $COMMAND = clear -a -f /proc/sys/net/netfilter/nf_conntrack_helper ]; then
        echo 1 > /proc/sys/net/netfilter/nf_conntrack_helper
    fi
 EOF
    if ( $config{DOCKER} ) {
--- a/Shorewall/Perl/Shorewall/Providers.pm
+++ b/Shorewall/Perl/Shorewall/Providers.pm
@@ -828,12 +828,12 @@ sub add_a_provider( $$ ) {
 	if ( ! $noautosrc ) {
 	    if ( $shared ) {
-		emit  "qt \$IP -$family rule del from $address" if $config{DELETE_THEN_ADD};
+		emit  "qt \$IP -$family rule del from $address";
 		emit( "run_ip rule add from $address pref 20000 table $id" ,
 		      "echo \"\$IP -$family rule del from $address pref 20000> /dev/null 2>&1\" >> \${VARDIR}/undo_${table}_routing" );
 	    } else {
 		emit  ( "find_interface_addresses $physical | while read address; do" );
-		emit  ( "    qt \$IP -$family rule del from \$address" ) if $config{DELETE_THEN_ADD};
+		emit  ( "    qt \$IP -$family rule del from \$address" );
 		emit  ( "    run_ip rule add from \$address pref 20000 table $id",
 			"    echo \"\$IP -$family rule del from \$address pref 20000 > /dev/null 2>&1\" >> \${VARDIR}/undo_${table}_routing",
 			'    rulenum=$(($rulenum + 1))',
@@ -993,12 +993,19 @@ CEOF
 	    }
 	} elsif ( ! $noautosrc ) {
 	    if ( $shared ) {
 		if ( $persistent ) {
 		    emit( qq(if ! egrep -q "^2000:[[:space:]]+from $address lookup $id"; then),
 			  qq(    run_ip rule add from $address pref 20000 table $id),
 			  qq(    echo "\$IP -$family rule del from $address pref 20000> /dev/null 2>&1" >> \${VARDIR}/undo_${table}_routing ),
 			  qq(fi) );
 		} else {
 		    emit  "qt \$IP -$family rule del from $address" if $config{DELETE_THEN_ADD};
 		    emit( "run_ip rule add from $address pref 20000 table $id" ,
 			  "echo \"\$IP -$family rule del from $address pref 20000> /dev/null 2>&1\" >> \${VARDIR}/undo_${table}_routing" );
 		}
 	    } elsif ( ! $pseudo ) {
 		emit  ( "find_interface_addresses $physical | while read address; do" );
-		emit  ( "    qt \$IP -$family rule del from \$address" ) if $config{DELETE_THEN_ADD};
+		emit  ( "    qt \$IP -$family rule del from \$address" ) if $persistent || $config{DELETE_THEN_ADD};
 		emit  ( "    run_ip rule add from \$address pref 20000 table $id",
 			"    echo \"\$IP -$family rule del from \$address pref 20000 > /dev/null 2>&1\" >> \${VARDIR}/undo_${table}_routing",
 			'    rulenum=$(($rulenum + 1))',
@@ -1283,7 +1290,7 @@ sub add_an_rtrule1( $$$$$ ) {
    push @{$providerref->{rules}}, "run_ip rule add $source ${dest}${mark} $priority table $id";
    if ( $persistent ) {
-	push @{$providerref->{persistent_rules}}, "qt \$IP -$family rule del $source ${dest}${mark} $priority" if $config{DELETE_THEN_ADD};
+	push @{$providerref->{persistent_rules}}, "qt \$IP -$family rule del $source ${dest}${mark} $priority";
 	push @{$providerref->{persistent_rules}}, "run_ip rule add $source ${dest}${mark} $priority table $id";
    }
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -1178,12 +1178,11 @@ sub finish_section ( $ ) {
 #
 # Internally, action invocations are uniquely identified by a 5-tuple that
 # includes the action name, log level, log tag, calling chain and params.
-# The pieces of the tuple are separated by ":".
+# The pieces of the tuple are separated by ":". The calling chain is non-empty
 # only when the action refers to @CALLER.
 #
 sub normalize_action( $$$ ) {
-    my $action = shift;
+    my ( $action, $level, $param ) = @_;
    my $level  = shift;
    my $param  = shift;
    my $caller = '';     #We assume that the function doesn't use @CALLER
    ( $level, my $tag ) = split ':', $level;
--- a/Shorewall/Samples/Universal/shorewall.conf
+++ b/Shorewall/Samples/Universal/shorewall.conf
@@ -17,6 +17,12 @@ STARTUP_ENABLED=Yes
 VERBOSITY=1
 ###############################################################################
 #			        P A G E R
 ###############################################################################
 PAGER=
 ###############################################################################
 #		                L O G G I N G
 ###############################################################################
--- a/Shorewall/Samples/one-interface/shorewall.conf
+++ b/Shorewall/Samples/one-interface/shorewall.conf
@@ -28,6 +28,12 @@ STARTUP_ENABLED=No
 VERBOSITY=1
 ###############################################################################
 #			        P A G E R
 ###############################################################################
 PAGER=
 ###############################################################################
 #		                L O G G I N G
 ###############################################################################
--- a/Shorewall/Samples/three-interfaces/shorewall.conf
+++ b/Shorewall/Samples/three-interfaces/shorewall.conf
@@ -25,6 +25,12 @@ STARTUP_ENABLED=No
 VERBOSITY=1
 ###############################################################################
 #			        P A G E R
 ###############################################################################
 PAGER=
 ###############################################################################
 #		                L O G G I N G
 ###############################################################################
--- a/Shorewall/Samples/two-interfaces/shorewall.conf
+++ b/Shorewall/Samples/two-interfaces/shorewall.conf
@@ -28,6 +28,12 @@ STARTUP_ENABLED=No
 VERBOSITY=1
 ###############################################################################
 #			        P A G E R
 ###############################################################################
 PAGER=
 ###############################################################################
 #		                L O G G I N G
 ###############################################################################
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@@ -17,6 +17,12 @@ STARTUP_ENABLED=No
 VERBOSITY=1
 ###############################################################################
 #			        P A G E R
 ###############################################################################
 PAGER=
 ###############################################################################
 #			       L O G G I N G
 ###############################################################################
--- a/Shorewall/install.sh
+++ b/Shorewall/install.sh
@@ -2,7 +2,7 @@
 #
 # Script to install Shoreline Firewall
 #
-#     (c) 2000-201,2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.net
 #
--- a/Shorewall/lib.cli-std
+++ b/Shorewall/lib.cli-std
@@ -316,6 +316,23 @@ get_config() {
    g_loopback=$(find_loopback_interfaces)
    if [ -n "$PAGER" -a -t 1 ]; then
 	case $PAGER in
 	    /*)
 		g_pager="$PAGER"
 		[ -f "$g_pager" ] || fatal_error "PAGER $PAGER does not exist"
 		;;
 	    *)
 		g_pager=$(mywhich pager 2> /dev/null)
 		[ -n "$g_pager" ] || fatal_error "PAGER $PAGER not found"
 		;;
 	esac
 	[ -x "$g_pager" ] || fatal_error "PAGER $g_pager is not executable"
 	g_pager="| $g_pager"
    fi
    lib=$(find_file lib.cli-user)
    [ -f $lib ] && . $lib
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@@ -1952,6 +1952,19 @@ LOG:info:,bar                        net                    fw</programlisting>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis
        role="bold">PAGER=</emphasis><emphasis>pathname</emphasis></term>
        <listitem>
          <para>Added in Shorewall 5.0.6. Specifies a path name of a pager
          program like <command>less</command> or <command>more</command>.
          When PAGER is given, the output of verbose <command>status</command>
          commands and the <command>dump</command> command are piped through
          the named program when the output file is a terminal.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis
        role="bold">PATH=</emphasis><emphasis>pathname</emphasis>[<emphasis
@@ -2752,6 +2765,12 @@ INLINE          -       -       -       ; -j REJECT
          it was set to the empty string then USE_DEFAULT_RT=No was assumed.
          Beginning with Shorewall 4.6.0, the default is USE_DEFAULT_RT=Yes
          and use of USE_DEFAULT_RT=No is deprecated.</para>
          <warning>
            <para>The <command>enable</command>, <command>disable</command>
            and <command>reenable</command> commands do not work correctly
            when USE_DEFAULT_RT=No.</para>
          </warning>
        </listitem>
      </varlistentry>
--- a/Shorewall/uninstall.sh
+++ b/Shorewall/uninstall.sh
@@ -2,7 +2,7 @@
 #
 # Script to back uninstall Shoreline Firewall
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://www.shorewall.net
 #
--- a/Shorewall6-lite/uninstall.sh
+++ b/Shorewall6-lite/uninstall.sh
@@ -2,7 +2,7 @@
 #
 # Script to back uninstall Shoreline Firewall 6 Lite
 #
-#     (c) 2000-2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://shorewall.sourceforge.net
 #
--- a/Shorewall6/Samples6/Universal/shorewall6.conf
+++ b/Shorewall6/Samples6/Universal/shorewall6.conf
@@ -18,6 +18,12 @@ STARTUP_ENABLED=Yes
 VERBOSITY=1
 ###############################################################################
 #			        P A G E R
 ###############################################################################
 PAGER=
 ###############################################################################
 #			       L O G G I N G
 ###############################################################################
--- a/Shorewall6/Samples6/one-interface/shorewall6.conf
+++ b/Shorewall6/Samples6/one-interface/shorewall6.conf
@@ -19,6 +19,12 @@ STARTUP_ENABLED=No
 VERBOSITY=1
 ###############################################################################
 #			        P A G E R
 ###############################################################################
 PAGER=
 ###############################################################################
 #			       L O G G I N G
 ###############################################################################
--- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf
@@ -18,6 +18,12 @@ STARTUP_ENABLED=No
 VERBOSITY=1
 ###############################################################################
 #			        P A G E R
 ###############################################################################
 PAGER=
 ###############################################################################
 #			       L O G G I N G
 ###############################################################################
--- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf
@@ -18,6 +18,12 @@ STARTUP_ENABLED=No
 VERBOSITY=1
 ###############################################################################
 #			        P A G E R
 ###############################################################################
 PAGER=
 ###############################################################################
 #			       L O G G I N G
 ###############################################################################
--- a/Shorewall6/configfiles/shorewall6.conf
+++ b/Shorewall6/configfiles/shorewall6.conf
@@ -18,6 +18,12 @@ STARTUP_ENABLED=No
 VERBOSITY=1
 ###############################################################################
 #			        P A G E R
 ###############################################################################
 PAGER=
 ###############################################################################
 #			       L O G G I N G
 ###############################################################################
--- a/Shorewall6/manpages/shorewall6.conf.xml
+++ b/Shorewall6/manpages/shorewall6.conf.xml
@@ -1691,6 +1691,19 @@ LOG:info:,bar                        net                    fw</programlisting>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis
        role="bold">PAGER=</emphasis><emphasis>pathname</emphasis></term>
        <listitem>
          <para>Added in Shorewall 5.0.6. Specifies a path name of a pager
          program like <command>less</command> or <command>more</command>.
          When PAGER is given, the output of verbose <command>status</command>
          commands and the <command>dump</command> command are piped through
          the named program when the output file is a terminal.</para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term><emphasis
        role="bold">PATH=</emphasis><emphasis>pathname</emphasis>[<emphasis
@@ -2406,6 +2419,12 @@ INLINE          -       -       -       ; -j REJECT
          it was set to the empty string then USE_DEFAULT_RT=No was assumed.
          Beginning with Shorewall 4.6.0, the default is USE_DEFAULT_RT=Yes
          and use of USE_DEFAULT_RT=No is deprecated.</para>
          <warning>
            <para>The <command>enable</command>, <command>disable</command>
            and <command>reenable</command> commands do not work correctly
            when USE_DEFAULT_RT=No.</para>
          </warning>
        </listitem>
      </varlistentry>
--- a/Shorewall6/uninstall.sh
+++ b/Shorewall6/uninstall.sh
@@ -2,7 +2,7 @@
 #
 # Script to back uninstall Shoreline Firewall 6
 #
-#     (c) 2000-2011,2014 - Tom Eastep (teastep@shorewall.net)
+#     (c) 2000-2016 - Tom Eastep (teastep@shorewall.net)
 #
 #       Shorewall documentation is available at http://www.shorewall.net
 #
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@@ -2938,6 +2938,29 @@ else
    </section>
  </section>
  <section>
    <title>Wifidog</title>
    <section>
      <title id="faq105">(FAQ 105) Can Shorewall work with Wifidog?</title>
      <para><emphasis role="bold">Answer</emphasis>: Yes, with a couple of
      restrictions:</para>
      <orderedlist>
        <listitem>
          <para>Wifidog must be started after Shorewall. If Shorewall is
          restarted/reloaded, then wifidog must be restarted.</para>
        </listitem>
        <listitem>
          <para>FORWARD_CLEAR_MARK must be set to <option>No</option> in
          shorewall.conf.</para>
        </listitem>
      </orderedlist>
    </section>
  </section>
  <section id="Misc">
    <title>Miscellaneous</title>
--- a/docs/MultiISP.xml
+++ b/docs/MultiISP.xml
@@ -213,6 +213,29 @@
      example.</para>
    </section>
    <section>
      <title>USE_DEFAULT_RT</title>
      <para>The behavior and configuration of Multiple ISP support is
      dependent on the setting of USE_DEFAULT_RT in shorewall[6].conf.</para>
      <para>When USE_DEFAULT_RT=Yes, packets are first routed through the main
      routing table <emphasis>which does not contain a default
      route</emphasis>. Packets which fail to be routed by an entry in the
      main table are then passed to shorewall-defined routing tables based on
      your Multi-ISP configuration. The advantage of this approach is that
      dynamic changes to the ip configuration, such as VPNs going up and down,
      do not require notificaiton of Shorewall. USE_DEFAULT_RT is now the
      default and use of USE_DEFAULT_RT=No is deprecated.</para>
      <para>When USE_DEFAULT_RT=No, packets are routed via Shorewall-generated
      routing tables. As a consequence, the main routing table must be copied
      into each of those tables and must be recopied when there is a change to
      the main table. This can only be accomplished via a
      <command>shorewall[6] reload</command> or <command>restart</command>
      command.</para>
    </section>
    <section id="providers">
      <title>/etc/shorewall/providers File</title>
@@ -672,7 +695,7 @@ fi</programlisting>
      interfaces should be routed through the main table using entries in
      <filename>/etc/shorewall/rtrules</filename> (see Example 2 <link
      linkend="Examples">below</link>) or by using <link
-      linkend="USE_DEFAULT_RT">USE_DEFAULT_RT=Yes</link>.</para>
+      linkend="USE_DEFAULT_RT">USE_DEFAULT_RT=Yes</link> (recommended)</para>
      <para>In addition:</para>
@@ -902,6 +925,43 @@ eth0             0.0.0.0/0         206.124.146.176
 eth1             0.0.0.0/0         130.252.99.27</programlisting>
    </section>
    <section id="Example2">
      <title id="Example99"> Example using USE_DEFAULT_RT=Yes</title>
      <para>This section shows the differences in configuring the above
      example with USE_DEFAULT_RT=Yes. The changes are confined to the
      DUPLICATE and COPY columns of the providers file.</para>
      <para>The configuration in the figure at the top of this section would
      be specified in <filename>/etc/shorewall/providers</filename> as
      follows.</para>
      <programlisting>#NAME   NUMBER  MARK    DUPLICATE       INTERFACE       GATEWAY         OPTIONS          COPY
 ISP1    1       1       <emphasis role="bold">- </emphasis>              eth0            206.124.146.254 track,balance    <emphasis
          role="bold">-</emphasis>
 ISP2    2       2       <emphasis role="bold">-</emphasis>               eth1            130.252.99.254  track,balance    <emphasis
          role="bold">-</emphasis></programlisting>
      <para>Other configuration files go something like this:</para>
      <para><filename>/etc/shorewall/interfaces</filename>:</para>
      <programlisting>#ZONE    INTERFACE    BROADCAST       OPTIONS
 net      eth0         detect          …          
 net      eth1         detect          …</programlisting>
      <para><filename>/etc/shorewall/policy</filename>:</para>
      <programlisting>#SOURCE    DESTINATION    POLICY     LOGLEVEL     LIMIT
 net        net            DROP</programlisting>
      <para><filename>/etc/shorewall/masq</filename>:</para>
      <programlisting>#INTERFACE       SOURCE            ADDRESS
 eth0             0.0.0.0/0         206.124.146.176
 eth1             0.0.0.0/0         130.252.99.27</programlisting>
    </section>
    <section id="Applications">
      <title>Routing a Particular Application Through a Specific
      Interface</title>
Author	SHA1	Message	Date
Tom Eastep	09c3be0adb	Correct typo that cases restart failure. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-09 11:18:05 -08:00
Tom Eastep	c37e41ee9c	Avoid duplicate route rules from 'disable' Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-06 15:48:33 -08:00
Tom Eastep	c5bb04dcb2	Add FAQ 1105 (Wifidog) Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-05 14:41:30 -08:00
Tom Eastep	d4e2508a90	Clarify USE_DEFAULT_RT Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-04 14:26:42 -08:00
Tom Eastep	2bb143b28c	Save/restore nat OUTPUT jump to DOCKER Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-04 12:21:45 -08:00
Tom Eastep	99f83da3ab	Avoid duplicate rules after reload Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-04 11:09:53 -08:00
Tom Eastep	89e3e959dc	Revert bad change Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-04 10:20:55 -08:00
Tom Eastep	9e41264671	Go back to generating docker0 rules when it is defined to Shorewall - Avoids issues after 'stop' Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-04 09:27:47 -08:00
Tom Eastep	3fb715740d	Avoid duplicated code blocks in save_dynamic_chains() Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-04 09:27:04 -08:00
Tom Eastep	ed6ff96aa0	Replace another $VARDIR instance Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-03 14:11:57 -08:00
Tom Eastep	18dac19d86	Remove dead code from save_dynamic_chains() Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-03 14:09:55 -08:00
Tom Eastep	d5ea876e93	Replace $VARDIR with ${VARDIR} for consistency Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-03 11:54:14 -08:00
Tom Eastep	f7a6ad1412	Clean up formatting in define_firewall() and stop_firewall() Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-03 09:24:43 -08:00
Tom Eastep	b279869629	Fix DOCKER issue Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-02 20:59:44 -08:00
Tom Eastep	62880bdf1b	Don't populate PAGER in the sample config files. Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-02 13:04:47 -08:00
Tom Eastep	c56ba534d6	Yet more PAGER fixes Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-02 12:34:39 -08:00
Tom Eastep	90bc894200	More PAGER fixes Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-02 08:58:26 -08:00
Tom Eastep	90d254f0c3	Add PAGER option Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-02 08:32:49 -08:00
Tom Eastep	4e9f4742cb	Merge branch 'master' into 5.0.6	2016-03-01 15:13:20 -08:00
Tom Eastep	a95de8d092	Page the output of verbose commands Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-03-01 15:12:54 -08:00
Tom Eastep	68cce5ff73	Eliminate some sillyness in normalize_action() Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-29 11:17:15 -08:00
Tom Eastep	8a02624f05	Update copyrights in the install and uninstall scripts Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-29 11:03:09 -08:00
Tom Eastep	1c1881859f	Delete untrue comment Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-29 08:45:47 -08:00
Tom Eastep	fb03fd0a5c	Correct another silly typo -- this time in allowBcast() Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-26 08:00:27 -08:00
Tom Eastep	d50ba365fb	Correct silly typo in setup_ecn() Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-26 08:00:17 -08:00
Tom Eastep	1f79bfa8dd	Use new column names in action.template Signed-off-by: Tom Eastep <teastep@shorewall.net>	2016-02-17 15:26:25 -08:00