Phil Whineray
41e3065cdc
Always return TTY to sane defaults
2015-10-25 07:33:42 +00:00
Phil Whineray
e6c887acf5
Use efficient alternative to extract command path
2015-10-25 07:31:31 +00:00
Phil Whineray
d63e61c3c3
Validate that all commands exist and can execute
...
We will output a message indicating what can be done if this occurs
2015-10-23 13:56:05 +01:00
Costa Tsaousis (ktsaou)
f0c2da8736
fix to remove a space that was appended on all commands detected; added a check to make sure the autoconf configured commands still exist; #82
2015-10-22 22:19:17 +03:00
Phil Whineray
1de06a4dbf
Allow configure script to set default AUTOSAVE
2015-10-21 20:44:17 +01:00
Phil Whineray
08425eaac0
Rework command detection routines
...
Process is now table-driven and has the following features:
- Honours the value set in /etc/firehol/firehol-defaults.conf, if any
- Uses the value set by autoconf, if any
- Autodetects in preferred order, allowing optional parameters as needed
This takes out all the special cases. Commands that are only sometimes
required are detected up front but still only checked when needed.
Also:
- allow detection/preinstall of iprange
- only emit iprange command warnings when it would be used
- restore tty settings when Ctrl-C hit (echo is disabled otherwise)
2015-10-21 20:44:17 +01:00
Sander Ruitenbeek
1f2c8fadee
Fixed interface oneliner to snip out NONE after interface name (ex. sit0NONE).
2015-10-20 22:32:52 +02:00
Phil Whineray
a28a459c8f
Install update-ipsets script as with others
2015-10-18 12:05:23 +01:00
Phil Whineray
5b40aec1ad
Compile and install iprange to /sbin
...
Added option --disable-iprange to avoid it
2015-10-18 11:17:39 +01:00
Costa Tsaousis (ktsaou)
297811db63
max/ceil % is now relative to parent's ceiling rate (it was by mistake to parent's base rate); added warning if a class takes priority outside the valid ranges of HTB (0-7); switched default colors from blue to green
2015-10-03 01:40:16 +03:00
Costa Tsaousis (ktsaou)
49b5ff3664
when a table was already up to date but other depend on it, it was failing. fix for issue #78
2015-08-02 17:38:55 +03:00
Costa Tsaousis (ktsaou)
d95a06a922
fix for issue #77
2015-08-02 17:03:53 +03:00
Phil Whineray
0cb697d218
Add IPv6 support to vnetbuild and update example
2015-07-29 20:13:44 +01:00
Costa Tsaousis (ktsaou)
0b751c5db6
fixed bug in action sockets_suspects_trap and ipset_apply
2015-07-05 02:48:13 +03:00
Costa Tsaousis (ktsaou)
c7468eeeb9
rewrote the ipsets functionality so that: a) it optimizes netsets with iprange if present, b) it adapts the maxelem parameter for the updated ipset so that updating ipsets with big incremental updates does not fail, c) maintains compatibility with older ipset versions; side-effect: calling an ipset update without restarting the firewall now only support ipsets that are used in firehol.conf; if iprange is present, processing of ipsets is a lot faster
2015-06-15 02:33:08 +03:00
Costa Tsaousis
64bc7e62be
added support for adapting ipsets maxelem when updating an ipset
2015-06-13 06:52:14 +03:00
Costa Tsaousis (ktsaou)
27b1751eb8
save in ipsets.conf the types and options of ipsets
2015-06-07 16:22:03 +03:00
Costa Tsaousis (ktsaou)
c9340661ff
prevented a backup of all the ipsets in memory - because it takes too long when the system has many ipsets installed
2015-05-23 19:04:19 +03:00
Costa Tsaousis (ktsaou)
cc705b5818
added log() and loglimit() helpers to allow logging from ipsets globally
2015-05-20 02:03:58 +03:00
Phil Whineray
2d1351b279
Remove all reference to awk
2015-05-02 14:28:56 +01:00
Phil Whineray
4557d36cac
Remove final use of awk
2015-05-02 14:28:56 +01:00
philwhineray
d0307dacb4
Merge pull request #70 from ktsaou/vnetbuild
...
Add vnetbuild
2015-04-26 19:24:23 +01:00
Costa Tsaousis (ktsaou)
cbe68661a8
added wrappers for rawmark() and custommark()
2015-04-25 13:27:32 +03:00
Costa Tsaousis (ktsaou)
a4f6a1a6c4
tproxy uses markdef() to allocate a mark; marks.conf is now saved only after successful firewall activation
2015-04-25 13:27:10 +03:00
Costa Tsaousis (ktsaou)
bad5465f6a
ipset add support for comma as an IP separator
2015-04-25 13:03:07 +03:00
Phil Whineray
54db4b39c4
Add vnetbuild
2015-04-25 09:22:58 +01:00
Costa Tsaousis (ktsaou)
ee9bdb4535
disabled spinner in explain mode
2015-04-25 01:20:41 +03:00
Costa Tsaousis (ktsaou)
665538ca24
allowed to define multiple "except" rules in statements that accept this keyword
2015-04-25 01:16:35 +03:00
Costa Tsaousis (ktsaou)
53cdfc6b1d
fix for older versions of ipset
2015-04-24 21:31:32 +03:00
Costa Tsaousis (ktsaou)
2a8547d47d
fix for older versions of ipset
2015-04-24 21:01:40 +03:00
Costa Tsaousis (ktsaou)
2647833260
fix for older versions of ipset
2015-04-24 20:57:20 +03:00
Costa Tsaousis (ktsaou)
323c25d320
fix for older versions of ipset
2015-04-24 20:56:24 +03:00
Costa Tsaousis (ktsaou)
d806def4ee
fix for older versions of ipset
2015-04-24 20:55:04 +03:00
Costa Tsaousis (ktsaou)
503c76f0be
ipset support for older machines: just set IPSET_RESTORE_SUPPORTS_FLUSH_SWAP_DESTROY=0; rule() now generates NAT rules with a protocol if a port has been specified
2015-04-24 20:39:09 +03:00
Costa Tsaousis (ktsaou)
16e9b715a4
fix for ERROR columns on some tc versions
2015-04-21 21:42:05 +03:00
Costa Tsaousis (ktsaou)
8e7b3a14eb
added the ability to stop QoS on a specific device - just append the device name to the stop command #32
2015-04-16 22:32:58 +03:00
Costa Tsaousis (ktsaou)
f06c272d74
fix for emerging_block ipset
2015-04-02 06:35:42 +03:00
Costa Tsaousis (ktsaou)
d614fd7558
made STOP mode exit successfully; added support for restore option when specifying a filename on the command line
2015-03-23 17:19:49 +02:00
Costa Tsaousis (ktsaou)
18de85ffc8
services all and any are now simple services. service all now has multiple helpers, thus eliminating the need for ALL_SHOULD_ALSO_RUN
2015-03-13 11:59:51 +02:00
Costa Tsaousis (ktsaou)
d505ab0850
accept RELATED TCP ACK,RST packets on interface,router,master close() so that REJECT action works
2015-03-11 22:52:16 +02:00
Costa Tsaousis (ktsaou)
f1cde4907b
pptp and sip added to ALL_SHOULD_ALSO_RUN to make "client all accept" work as expected
2015-03-08 19:11:43 +02:00
Costa Tsaousis (ktsaou)
e71c129c9d
optimized simple_service()
2015-03-08 19:09:14 +02:00
Phil Whineray
c7824f2659
Ensure empty firewall works
...
Initialise a namespace even before we do anything so we still get
policy and dropped packet logging applied.
2015-03-05 07:29:55 +00:00
Costa Tsaousis (ktsaou)
a674e0967d
cleanup and added back interface_default_class since it is needed for inheritance
2015-03-03 02:25:50 +02:00
Costa Tsaousis (ktsaou)
4b20d2d6d0
FIREQOS_INTERFACE_DEFAULT_CLASSID=8000 it seems the maximum is 9999
2015-03-02 23:29:20 +02:00
Costa Tsaousis (ktsaou)
fd8ac38739
added FIREQOS_INTERFACE_DEFAULT_CLASSID FIREQOS_MATCHES_STEP; some cleanup
2015-03-02 23:15:46 +02:00
Costa Tsaousis (ktsaou)
5670ea91d0
added state NEW to masquerade
2015-03-02 00:38:31 +02:00
Costa Tsaousis (ktsaou)
02c334649e
reversed last commit - iptables does not allow inface in nat.POSTROUTING
2015-03-01 23:59:35 +02:00
Costa Tsaousis (ktsaou)
9d844c7785
allowed inface in SNAT and MASQUERADE
2015-03-01 23:53:46 +02:00
Phil Whineray
6f500b7269
Ensure ipv4 and ipv6 are used at the right time
2015-03-01 09:05:15 +00:00