sad/firehol
1
0
Fork 0
mirror of https://github.com/firehol/firehol.git synced 2024-06-30 19:02:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,319 Commits 5 Branches 37 Tags 5.2 MiB
39b69557bd
Commit Graph

420 Commits

Author SHA1 Message Date
Costa Tsaousis (ktsaou)
39b69557bd added jigsaw lists firehol/blocklist-ipsets#7 2015-12-07 22:48:49 +01:00
Andreas Unterkircher
3ea4a15d18 fireqos.in, fix incorrectly added TCP protocol match introduced by my previous patch 2015-12-05 21:30:41 +01:00
Philip Whineray
1502decc1a Clean up packaging 
Use configure.ac to maintain version number
Remove redundant NEWS (ChangeLog) and AUTHORS (THANKS) files
Move hooks to their own directory
Rename README to README.md to format nicely on github
Generate README for tar by removing git specifics from README.md
Automate tagging when -rc or final version set in configure.ac
Improve pre-commit checking
 2015-12-05 21:19:54 +01:00
Andreas Unterkircher
a434fe1f6f enable FireQOS to match on IP, protocol and ports within GRE packets 2015-12-05 11:18:09 +01:00
Andreas Unterkircher
0a44572a08 fireqos.in, locate fireqos.conf in FIREHOL_CONFIG_DIR 2015-12-05 11:18:07 +01:00
Andreas Unterkircher
3b8f05cba7 firehol.in, on setting an DSCP value via a DSCP-class, use the right parameter which contains the class 2015-11-27 09:37:44 +01:00
Philip Whineray
3c53903c99 Move bash version checking to configure time 
Clean up version checking, to a single common macro
 2015-11-26 20:39:46 +00:00
Philip Whineray
2c9a2d4000 Extract common functions to functions.common.sh 
Version number detection, command detection, terminal setup and a few
other bits have moved.

The processed (not .in) scripts will look for it in e.g. /usr/local/lib/firehol
or wherever the system will install it. The .in scripts will look for it in
their own directory.

Updated the configure system so that it correctly replaces paths rather
via the Makefile rather than trying to subsitute NONE in configire.ac.

Extracted all of the configure-time command substitutions to a single
sed file which is used to process the script.in files. Extended the
package checks to cover this file.
 2015-11-25 23:36:29 +00:00
Andreas Unterkircher
893619e1c2 fireqos.ini, fail if DSCP and TOS match have been specified at the same time 2015-11-25 06:12:43 +01:00
Andreas Unterkircher
7d1d20db99 fireqos.in, add missing for-close 2015-11-23 09:57:22 +01:00
Andreas Unterkircher
7bc0993e55 fireqos.in, accept DSCP as match parameter 2015-11-23 09:32:55 +01:00
Andreas Unterkircher
b927f1a103 fireqos.in, remove trailing whitespaces 2015-11-23 09:32:45 +01:00
Philip Whineray
c36fdde175 Allow finding iprange in /usr/local/sbin 2015-11-22 11:52:57 +00:00
Philip Whineray
68e4496bce Eliminate dependency on brctl 2015-11-15 17:43:20 +00:00
Philip Whineray
c13b074048 Rely on external iprange, checking version 2015-11-15 17:11:59 +00:00
Philip Whineray
6765eb41dc Do a better job of honouring PAGER environment 2015-11-15 16:45:09 +00:00
Costa Tsaousis (ktsaou)
6a75a12265 fixed a typo 2015-11-14 21:12:25 +02:00
Costa Tsaousis (ktsaou)
e3282fcd45 added persistent nat even for multiple alternatives - implemented with firehol logic using the recent module 2015-11-14 20:50:09 +02:00
Costa Tsaousis (ktsaou)
bf335e2a14 added protection *connlimit* and *connrate*; removed default mask from parameter connlimit 2015-11-14 17:08:47 +02:00
Costa Tsaousis (ktsaou)
b029c56bec added rule option *connlog* to only log the first packet of connections; refactored *connlimit* to support all possible options; added *hashlimit* with all its options; most actions now accept the keywork *with* which also supports *with connlimit* and *with hashlimit* 2015-11-14 04:23:56 +02:00
Costa Tsaousis (ktsaou)
2c62697073 moved a log line that should respect the silent flag 2015-11-14 04:21:16 +02:00
Costa Tsaousis (ktsaou)
6c303b37de Merge branch 'master' of github.com:firehol/firehol 2015-11-13 00:29:05 +02:00
Costa Tsaousis (ktsaou)
a03049e7d4 added support for DNS temporary failures - in such cases, DNS resolution is retried up to 20 times (only when the DNS server responds with temporary DNS failure) 2015-11-13 00:28:48 +02:00
Costa Tsaousis (ktsaou)
747f718119 use iprange --diff mode for comparing ipset versions 2015-11-13 00:27:36 +02:00
Philip Whineray
b73d00f7d9 configure script now only detected needed commands 
When programs are disabled, their dependencies are omitted. Same
if ipv6 or ipv6 is disabled.
 2015-11-12 21:36:06 +00:00
Costa Tsaousis (ktsaou)
fb7eb84609 added option --quiet to silently check if ipsets differ with --diff 2015-11-12 03:30:27 +02:00
Costa Tsaousis (ktsaou)
3952fd0744 Merge branch 'master' of github.com:firehol/firehol 2015-11-12 03:19:15 +02:00
Costa Tsaousis (ktsaou)
e1f0e0d392 added option --diff to show the differences between ipsets 2015-11-12 03:19:00 +02:00
Philip Whineray
111aa66962 Add flags to disable ipv4/ipv6 in firehol 2015-11-11 22:37:53 +00:00
Philip Whineray
b670b4cd21 Allow configuring to not install specific scripts 
When not installing a script, also stop its documentation, example
files etc.
 2015-11-11 18:28:01 +00:00
Philip Whineray
fdef2baa35 Add comment regarding namespace problem 2015-11-11 07:54:28 +00:00
Philip Whineray
fde365ab94 Make sure use same defaults file for all 
Make it read-all so non-root use in update-ipsets is OK
Make the source test for readability so we do not get an error if not
 2015-11-11 07:44:28 +00:00
Costa Tsaousis (ktsaou)
d1473e1f59 fixed typos 2015-11-10 23:03:08 +02:00
Costa Tsaousis (ktsaou)
112a21c445 added prototype for custom/admin/user supplied downloaders; fixed an issue with git commits 2015-11-10 22:15:58 +02:00
Philip Whineray
370a6616f4 Honour the config directory set by configure 
Ensure that ipset_remove_all_tmp_sets() is defined before it can
be called in firehol_exit().
 2015-11-10 18:35:12 +00:00
Philip Whineray
d2ec651cdc Detect and use TAR_CMD 
A couple of other programs replaced
Allow unconfigured programs to detect iprange in-situ
 2015-11-10 07:26:59 +00:00
Costa Tsaousis (ktsaou)
f7c3f430fd Merge branch 'master' of github.com:firehol/firehol 2015-11-10 01:50:38 +02:00
Costa Tsaousis (ktsaou)
41db726dfb added ability to ask update for specific ipsets; added distribution, admin and user supplied ipsets; moved the current directory to a temporary place to prevent accidental damage or random files appearing in system locations 2015-11-10 01:50:33 +02:00
Philip Whineray
c031254067 Remove unused commands 
Detect unused commands in script during pre-commit checks
Always use /sbin and /usr/sbin as part of autoconf detection
 2015-11-09 20:52:11 +00:00
Philip Whineray
ee401fc813 Switch vnetbuild to common command detection 2015-11-09 07:39:05 +00:00
Costa Tsaousis (ktsaou)
740c738f29 made range printing, always print ranges 2015-11-09 09:33:05 +02:00
Philip Whineray
ea252883d8 Add perl script to detect plain command usage 
Update scripts with the problems found
In firehol, moved the iptables() and ipset() helpers to before they are

used, since this is how the detection script learns they are not a problem.
 2015-11-08 17:28:16 +00:00
Costa Tsaousis (ktsaou)
6a1dbc4db7 fixed a division by zero 2015-11-08 12:35:02 +02:00
Costa Tsaousis (ktsaou)
741d0d09a3 --enable-all does not enable certain ip lists; these can only be enabled manually 2015-11-08 09:26:26 +02:00
Costa Tsaousis (ktsaou)
c5e6026c61 modified to automatically support sane default for running as root or as user 2015-11-08 06:27:36 +02:00
Costa Tsaousis (ktsaou)
9d2b75bc9f allow configuration variables to be set via environment 2015-11-08 05:11:51 +02:00
Costa Tsaousis (ktsaou)
f28122934e isolated warning about WEB_DIR and LIB_DIR 2015-11-08 03:25:30 +02:00
Costa Tsaousis (ktsaou)
4b463218a7 allowed badips.com lists to be empty 2015-11-07 23:54:50 +02:00
Costa Tsaousis (ktsaou)
04e93f0b0d prevent ipsets from being updated with zero IP count (it is allowed for all malware ipsets); added function for temporary settings per ipset; added history_statistics() to calculate min/max/avg update time, min/max entries and min/max IPs for the last 500 updates of ipsets 2015-11-07 23:46:31 +02:00
Costa Tsaousis (ktsaou)
05f91ad033 added min/max update duration calculation for all lists 2015-11-07 19:23:51 +02:00