Philip Whineray
f1580c9c4f
Add ipv6mld to handle the MLD protocol
...
Multicast Listener Discovery should be allowed on networks with
multicast snooping enabled.
2016-01-10 09:12:49 +00:00
Philip Whineray
006cacf1f8
Helper allows multiple stateless icmpv6 types/pair
...
Prepare for MLD which has the same semantics as ND/RD as far as
some packets being stateless in one direction and other stateless in
the opposite, but has multiple types, not just one, per direction.
2016-01-10 09:09:13 +00:00
Philip Whineray
9e1cdc96fd
Fix command detection for :
...
The : is a no-op in bash sometimes used as a fallback, but we had
stopped allowing it which causes a problem on very limited systems
such as openwrt.
2016-01-10 09:07:16 +00:00
Philip Whineray
776aa593ea
Add pre_up to hosts/switches
...
Allows executing custom commands before an interface is brought up
2016-01-10 09:05:48 +00:00
Costa Tsaousis (ktsaou)
c75dd31a18
fix for multiple bidirectional interfaces added one after another
2015-12-17 00:27:54 +02:00
Costa Tsaousis (ktsaou)
815ec23192
added handling of errors in generated output interface for bidirectional interfaces
2015-12-16 23:30:39 +02:00
Costa Tsaousis (ktsaou)
eaccf1e8ed
added debug info of generated output interface when bidirectional is given
2015-12-16 23:20:58 +02:00
Costa Tsaousis (ktsaou)
6446b85308
added tracing info for the flow
2015-12-16 23:09:31 +02:00
Costa Tsaousis (ktsaou)
732ee488ba
Merge branch 'master' of github.com:firehol/firehol
2015-12-10 18:54:12 +02:00
Costa Tsaousis (ktsaou)
acfa8146f8
added error info if optional commands are missing, but the ipsets enabled require it.
2015-12-10 18:54:00 +02:00
Costa Tsaousis
b88c6bfaed
Merge pull request #111 from unki/fireqos.conf.path
...
fireqos.in, locate fireqos.conf in FIREHOL_CONFIG_DIR
2015-12-08 22:22:59 +02:00
Andreas Unterkircher
3891dcfeae
fireqos.in, accept DSCP parameters case insensitive
2015-12-07 21:28:41 +01:00
Andreas Unterkircher
5e9239c8ce
fireqos.in, if match has insidegre specified, limit filter to packets with protocol GRE (47)
2015-12-07 21:23:40 +01:00
Costa Tsaousis (ktsaou)
bd311cfb10
added jigsaw lists firehol/blocklist-ipsets#7
2015-12-07 21:05:44 +01:00
Costa Tsaousis (ktsaou)
66fa93a932
added jigsaw lists firehol/blocklist-ipsets#7
2015-12-06 15:43:52 +02:00
Andreas Unterkircher
81d89aa24a
fireqos.in, fix incorrectly added TCP protocol match introduced by my previous patch
2015-12-05 21:35:04 +01:00
Andreas Unterkircher
8b153a4a9f
enable FireQOS to match on IP, protocol and ports within GRE packets
2015-12-05 21:35:03 +01:00
Andreas Unterkircher
d7c91df62f
fireqos.in, locate fireqos.conf in FIREHOL_CONFIG_DIR
2015-12-05 21:33:34 +01:00
Philip Whineray
633f4653c7
Clean up packaging
...
Use configure.ac to maintain version number
Remove redundant NEWS (ChangeLog) and AUTHORS (THANKS) files
Move hooks to their own directory
Rename README to README.md to format nicely on github
Generate README for tar by removing git specifics from README.md
Automate tagging when -rc or final version set in configure.ac
Improve pre-commit checking
2015-11-27 23:56:11 +00:00
Andreas Unterkircher
3b8f05cba7
firehol.in, on setting an DSCP value via a DSCP-class, use the right parameter which contains the class
2015-11-27 09:37:44 +01:00
Philip Whineray
3c53903c99
Move bash version checking to configure time
...
Clean up version checking, to a single common macro
2015-11-26 20:39:46 +00:00
Philip Whineray
2c9a2d4000
Extract common functions to functions.common.sh
...
Version number detection, command detection, terminal setup and a few
other bits have moved.
The processed (not .in) scripts will look for it in e.g. /usr/local/lib/firehol
or wherever the system will install it. The .in scripts will look for it in
their own directory.
Updated the configure system so that it correctly replaces paths rather
via the Makefile rather than trying to subsitute NONE in configire.ac.
Extracted all of the configure-time command substitutions to a single
sed file which is used to process the script.in files. Extended the
package checks to cover this file.
2015-11-25 23:36:29 +00:00
Andreas Unterkircher
893619e1c2
fireqos.ini, fail if DSCP and TOS match have been specified at the same time
2015-11-25 06:12:43 +01:00
Andreas Unterkircher
7d1d20db99
fireqos.in, add missing for-close
2015-11-23 09:57:22 +01:00
Andreas Unterkircher
7bc0993e55
fireqos.in, accept DSCP as match parameter
2015-11-23 09:32:55 +01:00
Andreas Unterkircher
b927f1a103
fireqos.in, remove trailing whitespaces
2015-11-23 09:32:45 +01:00
Philip Whineray
c36fdde175
Allow finding iprange in /usr/local/sbin
2015-11-22 11:52:57 +00:00
Philip Whineray
68e4496bce
Eliminate dependency on brctl
2015-11-15 17:43:20 +00:00
Philip Whineray
c13b074048
Rely on external iprange, checking version
2015-11-15 17:11:59 +00:00
Philip Whineray
6765eb41dc
Do a better job of honouring PAGER environment
2015-11-15 16:45:09 +00:00
Costa Tsaousis (ktsaou)
6a75a12265
fixed a typo
2015-11-14 21:12:25 +02:00
Costa Tsaousis (ktsaou)
e3282fcd45
added persistent nat even for multiple alternatives - implemented with firehol logic using the recent module
2015-11-14 20:50:09 +02:00
Costa Tsaousis (ktsaou)
bf335e2a14
added protection *connlimit* and *connrate*; removed default mask from parameter connlimit
2015-11-14 17:08:47 +02:00
Costa Tsaousis (ktsaou)
b029c56bec
added rule option *connlog* to only log the first packet of connections; refactored *connlimit* to support all possible options; added *hashlimit* with all its options; most actions now accept the keywork *with* which also supports *with connlimit* and *with hashlimit*
2015-11-14 04:23:56 +02:00
Costa Tsaousis (ktsaou)
2c62697073
moved a log line that should respect the silent flag
2015-11-14 04:21:16 +02:00
Costa Tsaousis (ktsaou)
6c303b37de
Merge branch 'master' of github.com:firehol/firehol
2015-11-13 00:29:05 +02:00
Costa Tsaousis (ktsaou)
a03049e7d4
added support for DNS temporary failures - in such cases, DNS resolution is retried up to 20 times (only when the DNS server responds with temporary DNS failure)
2015-11-13 00:28:48 +02:00
Costa Tsaousis (ktsaou)
747f718119
use iprange --diff mode for comparing ipset versions
2015-11-13 00:27:36 +02:00
Philip Whineray
b73d00f7d9
configure script now only detected needed commands
...
When programs are disabled, their dependencies are omitted. Same
if ipv6 or ipv6 is disabled.
2015-11-12 21:36:06 +00:00
Costa Tsaousis (ktsaou)
fb7eb84609
added option --quiet to silently check if ipsets differ with --diff
2015-11-12 03:30:27 +02:00
Costa Tsaousis (ktsaou)
3952fd0744
Merge branch 'master' of github.com:firehol/firehol
2015-11-12 03:19:15 +02:00
Costa Tsaousis (ktsaou)
e1f0e0d392
added option --diff to show the differences between ipsets
2015-11-12 03:19:00 +02:00
Philip Whineray
111aa66962
Add flags to disable ipv4/ipv6 in firehol
2015-11-11 22:37:53 +00:00
Philip Whineray
b670b4cd21
Allow configuring to not install specific scripts
...
When not installing a script, also stop its documentation, example
files etc.
2015-11-11 18:28:01 +00:00
Philip Whineray
fdef2baa35
Add comment regarding namespace problem
2015-11-11 07:54:28 +00:00
Philip Whineray
fde365ab94
Make sure use same defaults file for all
...
Make it read-all so non-root use in update-ipsets is OK
Make the source test for readability so we do not get an error if not
2015-11-11 07:44:28 +00:00
Costa Tsaousis (ktsaou)
d1473e1f59
fixed typos
2015-11-10 23:03:08 +02:00
Costa Tsaousis (ktsaou)
112a21c445
added prototype for custom/admin/user supplied downloaders; fixed an issue with git commits
2015-11-10 22:15:58 +02:00
Philip Whineray
370a6616f4
Honour the config directory set by configure
...
Ensure that ipset_remove_all_tmp_sets() is defined before it can
be called in firehol_exit().
2015-11-10 18:35:12 +00:00
Philip Whineray
d2ec651cdc
Detect and use TAR_CMD
...
A couple of other programs replaced
Allow unconfigured programs to detect iprange in-situ
2015-11-10 07:26:59 +00:00