Save and restore ip6tables as well as iptables state
Stop, status and panic apply to IPv6 as well as IPv4
Start will create an empty IPv6 firewall with policy applied
- When the generated script fails but we don't know why
we now leave the temporary files behind
- Ensure execution happens in current shell context so we don't
lose variables defined as part of the configuration
Conflicts:
sbin/firehol.in
In non fast-activation mode and if set to 1 (the default), will emit
temporary rules to allow established traffic to continue even when
the activation policy is DENY. The temporary rules are deleted when
the firewall is complete.
Problem was introduced in commit d3c134715275d07bc76131a6187903aca4ad3535
(Add an easy way to switch on bash debugging) where the status was saved
after showing the output, not before.
- All other examples already correct (--tos, --state)
- Went from deprecated in iptables 1.4.3 (Mar 2009)
to not working in iptables 1.4.13 (Jul 2011)
- Thanks to Alexander Prokopyev
- Variables that can now be set by environment variables:
FIREHOL_ESTABLISHED_ACTIVATION_ACCEPT
FIREHOL_FORWARD_ACTIVATION_POLICY
FIREHOL_INPUT_ACTIVATION_POLICY
FIREHOL_OUTPUT_ACTIVATION_POLICY
FIREHOL_AUTOSAVE
FIREHOL_LOAD_KERNEL_MODULES
FIREHOL_NAT
FIREHOL_ROUTING
- This can still _only_ be set by an environment variable:
WAIT_FOR_IFACE
With the following additional choices, firehol can be made to run
on an openwrt system:
awk if gawk is not available
insmod if modprobe is not available
nothing if renice is not available
Via Tomas Jacik <tomas.jacik@sunfox.cz>
- added ipv6 regex while searching for RESERVED adresses
- fixed msn port
- added OpenVPN port
- added Nagios NRPE daemon port
- added default firehol setting probing for debian based systems
- added wizzard support wlan
- added wait for interface feature
Unlike the original patch, this does not source /etc/default/firehol,
instead we honour the WAIT_FOR_IFACE environment variable if it is set.
The debian init script needs to export it, as it does for the sanewall
package.
Using a combination of git attributes, ident and export-subst.
- Scripts use Format: to emit tag or commit when exported
or file Id if direct from git
- configure script uses same mechanisms but cannot do a make dist
- Brought bolierplate in line for both scripts
- Use Official GPL stanza in firehol.in
From: Jari Aalto <jari.aalto@cante.net>
- Point to the mailing list for announcements
- Single copy of the version information boilerplate
Conflicts:
sbin/firehol.in
- Can still be installed just by copying firehol/firehol.in
- CVS versions will not work any longer, so now following
http://semver.org/
- Git commit hooks included to enforce version numbering
across the various files, NEWS, ChangeLog, configure.ac and
sbin/firehol.in
- Replace HTML website copy with DocBook manual
