Costa Tsaousis (ktsaou)
39b69557bd
added jigsaw lists firehol/blocklist-ipsets#7
2015-12-07 22:48:49 +01:00
Andreas Unterkircher
3ea4a15d18
fireqos.in, fix incorrectly added TCP protocol match introduced by my previous patch
2015-12-05 21:30:41 +01:00
Philip Whineray
1502decc1a
Clean up packaging
...
Use configure.ac to maintain version number
Remove redundant NEWS (ChangeLog) and AUTHORS (THANKS) files
Move hooks to their own directory
Rename README to README.md to format nicely on github
Generate README for tar by removing git specifics from README.md
Automate tagging when -rc or final version set in configure.ac
Improve pre-commit checking
2015-12-05 21:19:54 +01:00
Andreas Unterkircher
a434fe1f6f
enable FireQOS to match on IP, protocol and ports within GRE packets
2015-12-05 11:18:09 +01:00
Andreas Unterkircher
0a44572a08
fireqos.in, locate fireqos.conf in FIREHOL_CONFIG_DIR
2015-12-05 11:18:07 +01:00
Andreas Unterkircher
3b8f05cba7
firehol.in, on setting an DSCP value via a DSCP-class, use the right parameter which contains the class
2015-11-27 09:37:44 +01:00
Philip Whineray
3c53903c99
Move bash version checking to configure time
...
Clean up version checking, to a single common macro
2015-11-26 20:39:46 +00:00
Philip Whineray
2c9a2d4000
Extract common functions to functions.common.sh
...
Version number detection, command detection, terminal setup and a few
other bits have moved.
The processed (not .in) scripts will look for it in e.g. /usr/local/lib/firehol
or wherever the system will install it. The .in scripts will look for it in
their own directory.
Updated the configure system so that it correctly replaces paths rather
via the Makefile rather than trying to subsitute NONE in configire.ac.
Extracted all of the configure-time command substitutions to a single
sed file which is used to process the script.in files. Extended the
package checks to cover this file.
2015-11-25 23:36:29 +00:00
Andreas Unterkircher
893619e1c2
fireqos.ini, fail if DSCP and TOS match have been specified at the same time
2015-11-25 06:12:43 +01:00
Andreas Unterkircher
7d1d20db99
fireqos.in, add missing for-close
2015-11-23 09:57:22 +01:00
Andreas Unterkircher
7bc0993e55
fireqos.in, accept DSCP as match parameter
2015-11-23 09:32:55 +01:00
Andreas Unterkircher
b927f1a103
fireqos.in, remove trailing whitespaces
2015-11-23 09:32:45 +01:00
Philip Whineray
c36fdde175
Allow finding iprange in /usr/local/sbin
2015-11-22 11:52:57 +00:00
Philip Whineray
68e4496bce
Eliminate dependency on brctl
2015-11-15 17:43:20 +00:00
Philip Whineray
c13b074048
Rely on external iprange, checking version
2015-11-15 17:11:59 +00:00
Philip Whineray
6765eb41dc
Do a better job of honouring PAGER environment
2015-11-15 16:45:09 +00:00
Costa Tsaousis (ktsaou)
6a75a12265
fixed a typo
2015-11-14 21:12:25 +02:00
Costa Tsaousis (ktsaou)
e3282fcd45
added persistent nat even for multiple alternatives - implemented with firehol logic using the recent module
2015-11-14 20:50:09 +02:00
Costa Tsaousis (ktsaou)
bf335e2a14
added protection *connlimit* and *connrate*; removed default mask from parameter connlimit
2015-11-14 17:08:47 +02:00
Costa Tsaousis (ktsaou)
b029c56bec
added rule option *connlog* to only log the first packet of connections; refactored *connlimit* to support all possible options; added *hashlimit* with all its options; most actions now accept the keywork *with* which also supports *with connlimit* and *with hashlimit*
2015-11-14 04:23:56 +02:00
Costa Tsaousis (ktsaou)
2c62697073
moved a log line that should respect the silent flag
2015-11-14 04:21:16 +02:00
Costa Tsaousis (ktsaou)
6c303b37de
Merge branch 'master' of github.com:firehol/firehol
2015-11-13 00:29:05 +02:00
Costa Tsaousis (ktsaou)
a03049e7d4
added support for DNS temporary failures - in such cases, DNS resolution is retried up to 20 times (only when the DNS server responds with temporary DNS failure)
2015-11-13 00:28:48 +02:00
Costa Tsaousis (ktsaou)
747f718119
use iprange --diff mode for comparing ipset versions
2015-11-13 00:27:36 +02:00
Philip Whineray
b73d00f7d9
configure script now only detected needed commands
...
When programs are disabled, their dependencies are omitted. Same
if ipv6 or ipv6 is disabled.
2015-11-12 21:36:06 +00:00
Costa Tsaousis (ktsaou)
fb7eb84609
added option --quiet to silently check if ipsets differ with --diff
2015-11-12 03:30:27 +02:00
Costa Tsaousis (ktsaou)
3952fd0744
Merge branch 'master' of github.com:firehol/firehol
2015-11-12 03:19:15 +02:00
Costa Tsaousis (ktsaou)
e1f0e0d392
added option --diff to show the differences between ipsets
2015-11-12 03:19:00 +02:00
Philip Whineray
111aa66962
Add flags to disable ipv4/ipv6 in firehol
2015-11-11 22:37:53 +00:00
Philip Whineray
b670b4cd21
Allow configuring to not install specific scripts
...
When not installing a script, also stop its documentation, example
files etc.
2015-11-11 18:28:01 +00:00
Philip Whineray
fdef2baa35
Add comment regarding namespace problem
2015-11-11 07:54:28 +00:00
Philip Whineray
fde365ab94
Make sure use same defaults file for all
...
Make it read-all so non-root use in update-ipsets is OK
Make the source test for readability so we do not get an error if not
2015-11-11 07:44:28 +00:00
Costa Tsaousis (ktsaou)
d1473e1f59
fixed typos
2015-11-10 23:03:08 +02:00
Costa Tsaousis (ktsaou)
112a21c445
added prototype for custom/admin/user supplied downloaders; fixed an issue with git commits
2015-11-10 22:15:58 +02:00
Philip Whineray
370a6616f4
Honour the config directory set by configure
...
Ensure that ipset_remove_all_tmp_sets() is defined before it can
be called in firehol_exit().
2015-11-10 18:35:12 +00:00
Philip Whineray
d2ec651cdc
Detect and use TAR_CMD
...
A couple of other programs replaced
Allow unconfigured programs to detect iprange in-situ
2015-11-10 07:26:59 +00:00
Costa Tsaousis (ktsaou)
f7c3f430fd
Merge branch 'master' of github.com:firehol/firehol
2015-11-10 01:50:38 +02:00
Costa Tsaousis (ktsaou)
41db726dfb
added ability to ask update for specific ipsets; added distribution, admin and user supplied ipsets; moved the current directory to a temporary place to prevent accidental damage or random files appearing in system locations
2015-11-10 01:50:33 +02:00
Philip Whineray
c031254067
Remove unused commands
...
Detect unused commands in script during pre-commit checks
Always use /sbin and /usr/sbin as part of autoconf detection
2015-11-09 20:52:11 +00:00
Philip Whineray
ee401fc813
Switch vnetbuild to common command detection
2015-11-09 07:39:05 +00:00
Costa Tsaousis (ktsaou)
740c738f29
made range printing, always print ranges
2015-11-09 09:33:05 +02:00
Philip Whineray
ea252883d8
Add perl script to detect plain command usage
...
Update scripts with the problems found
In firehol, moved the iptables() and ipset() helpers to before they are
used, since this is how the detection script learns they are not a problem.
2015-11-08 17:28:16 +00:00
Costa Tsaousis (ktsaou)
6a1dbc4db7
fixed a division by zero
2015-11-08 12:35:02 +02:00
Costa Tsaousis (ktsaou)
741d0d09a3
--enable-all does not enable certain ip lists; these can only be enabled manually
2015-11-08 09:26:26 +02:00
Costa Tsaousis (ktsaou)
c5e6026c61
modified to automatically support sane default for running as root or as user
2015-11-08 06:27:36 +02:00
Costa Tsaousis (ktsaou)
9d2b75bc9f
allow configuration variables to be set via environment
2015-11-08 05:11:51 +02:00
Costa Tsaousis (ktsaou)
f28122934e
isolated warning about WEB_DIR and LIB_DIR
2015-11-08 03:25:30 +02:00
Costa Tsaousis (ktsaou)
4b463218a7
allowed badips.com lists to be empty
2015-11-07 23:54:50 +02:00
Costa Tsaousis (ktsaou)
04e93f0b0d
prevent ipsets from being updated with zero IP count (it is allowed for all malware ipsets); added function for temporary settings per ipset; added history_statistics() to calculate min/max/avg update time, min/max entries and min/max IPs for the last 500 updates of ipsets
2015-11-07 23:46:31 +02:00
Costa Tsaousis (ktsaou)
05f91ad033
added min/max update duration calculation for all lists
2015-11-07 19:23:51 +02:00