sad/firehol
1
0
Fork 0
mirror of https://github.com/firehol/firehol.git synced 2024-06-30 19:02:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,346 Commits 5 Branches 37 Tags 5.2 MiB
f1580c9c4f
Commit Graph

434 Commits

Author SHA1 Message Date
Philip Whineray
f1580c9c4f Add ipv6mld to handle the MLD protocol 
Multicast Listener Discovery should be allowed on networks with
multicast snooping enabled.
 2016-01-10 09:12:49 +00:00
Philip Whineray
006cacf1f8 Helper allows multiple stateless icmpv6 types/pair 
Prepare for MLD which has the same semantics as ND/RD as far as
some packets being stateless in one direction and other stateless in
the opposite, but has multiple types, not just one, per direction.
 2016-01-10 09:09:13 +00:00
Philip Whineray
9e1cdc96fd Fix command detection for : 
The : is a no-op in bash sometimes used as a fallback, but we had
stopped allowing it which causes a problem on very limited systems
such as openwrt.
 2016-01-10 09:07:16 +00:00
Philip Whineray
776aa593ea Add pre_up to hosts/switches 
Allows executing custom commands before an interface is brought up
 2016-01-10 09:05:48 +00:00
Costa Tsaousis (ktsaou)
c75dd31a18 fix for multiple bidirectional interfaces added one after another 2015-12-17 00:27:54 +02:00
Costa Tsaousis (ktsaou)
815ec23192 added handling of errors in generated output interface for bidirectional interfaces 2015-12-16 23:30:39 +02:00
Costa Tsaousis (ktsaou)
eaccf1e8ed added debug info of generated output interface when bidirectional is given 2015-12-16 23:20:58 +02:00
Costa Tsaousis (ktsaou)
6446b85308 added tracing info for the flow 2015-12-16 23:09:31 +02:00
Costa Tsaousis (ktsaou)
732ee488ba Merge branch 'master' of github.com:firehol/firehol 2015-12-10 18:54:12 +02:00
Costa Tsaousis (ktsaou)
acfa8146f8 added error info if optional commands are missing, but the ipsets enabled require it. 2015-12-10 18:54:00 +02:00
Costa Tsaousis
b88c6bfaed Merge pull request #111 from unki/fireqos.conf.path 
fireqos.in, locate fireqos.conf in FIREHOL_CONFIG_DIR
 2015-12-08 22:22:59 +02:00
Andreas Unterkircher
3891dcfeae fireqos.in, accept DSCP parameters case insensitive 2015-12-07 21:28:41 +01:00
Andreas Unterkircher
5e9239c8ce fireqos.in, if match has insidegre specified, limit filter to packets with protocol GRE (47) 2015-12-07 21:23:40 +01:00
Costa Tsaousis (ktsaou)
bd311cfb10 added jigsaw lists firehol/blocklist-ipsets#7 2015-12-07 21:05:44 +01:00
Costa Tsaousis (ktsaou)
66fa93a932 added jigsaw lists firehol/blocklist-ipsets#7 2015-12-06 15:43:52 +02:00
Andreas Unterkircher
81d89aa24a fireqos.in, fix incorrectly added TCP protocol match introduced by my previous patch 2015-12-05 21:35:04 +01:00
Andreas Unterkircher
8b153a4a9f enable FireQOS to match on IP, protocol and ports within GRE packets 2015-12-05 21:35:03 +01:00
Andreas Unterkircher
d7c91df62f fireqos.in, locate fireqos.conf in FIREHOL_CONFIG_DIR 2015-12-05 21:33:34 +01:00
Philip Whineray
633f4653c7 Clean up packaging 
Use configure.ac to maintain version number
Remove redundant NEWS (ChangeLog) and AUTHORS (THANKS) files
Move hooks to their own directory
Rename README to README.md to format nicely on github
Generate README for tar by removing git specifics from README.md
Automate tagging when -rc or final version set in configure.ac
Improve pre-commit checking
 2015-11-27 23:56:11 +00:00
Andreas Unterkircher
3b8f05cba7 firehol.in, on setting an DSCP value via a DSCP-class, use the right parameter which contains the class 2015-11-27 09:37:44 +01:00
Philip Whineray
3c53903c99 Move bash version checking to configure time 
Clean up version checking, to a single common macro
 2015-11-26 20:39:46 +00:00
Philip Whineray
2c9a2d4000 Extract common functions to functions.common.sh 
Version number detection, command detection, terminal setup and a few
other bits have moved.

The processed (not .in) scripts will look for it in e.g. /usr/local/lib/firehol
or wherever the system will install it. The .in scripts will look for it in
their own directory.

Updated the configure system so that it correctly replaces paths rather
via the Makefile rather than trying to subsitute NONE in configire.ac.

Extracted all of the configure-time command substitutions to a single
sed file which is used to process the script.in files. Extended the
package checks to cover this file.
 2015-11-25 23:36:29 +00:00
Andreas Unterkircher
893619e1c2 fireqos.ini, fail if DSCP and TOS match have been specified at the same time 2015-11-25 06:12:43 +01:00
Andreas Unterkircher
7d1d20db99 fireqos.in, add missing for-close 2015-11-23 09:57:22 +01:00
Andreas Unterkircher
7bc0993e55 fireqos.in, accept DSCP as match parameter 2015-11-23 09:32:55 +01:00
Andreas Unterkircher
b927f1a103 fireqos.in, remove trailing whitespaces 2015-11-23 09:32:45 +01:00
Philip Whineray
c36fdde175 Allow finding iprange in /usr/local/sbin 2015-11-22 11:52:57 +00:00
Philip Whineray
68e4496bce Eliminate dependency on brctl 2015-11-15 17:43:20 +00:00
Philip Whineray
c13b074048 Rely on external iprange, checking version 2015-11-15 17:11:59 +00:00
Philip Whineray
6765eb41dc Do a better job of honouring PAGER environment 2015-11-15 16:45:09 +00:00
Costa Tsaousis (ktsaou)
6a75a12265 fixed a typo 2015-11-14 21:12:25 +02:00
Costa Tsaousis (ktsaou)
e3282fcd45 added persistent nat even for multiple alternatives - implemented with firehol logic using the recent module 2015-11-14 20:50:09 +02:00
Costa Tsaousis (ktsaou)
bf335e2a14 added protection *connlimit* and *connrate*; removed default mask from parameter connlimit 2015-11-14 17:08:47 +02:00
Costa Tsaousis (ktsaou)
b029c56bec added rule option *connlog* to only log the first packet of connections; refactored *connlimit* to support all possible options; added *hashlimit* with all its options; most actions now accept the keywork *with* which also supports *with connlimit* and *with hashlimit* 2015-11-14 04:23:56 +02:00
Costa Tsaousis (ktsaou)
2c62697073 moved a log line that should respect the silent flag 2015-11-14 04:21:16 +02:00
Costa Tsaousis (ktsaou)
6c303b37de Merge branch 'master' of github.com:firehol/firehol 2015-11-13 00:29:05 +02:00
Costa Tsaousis (ktsaou)
a03049e7d4 added support for DNS temporary failures - in such cases, DNS resolution is retried up to 20 times (only when the DNS server responds with temporary DNS failure) 2015-11-13 00:28:48 +02:00
Costa Tsaousis (ktsaou)
747f718119 use iprange --diff mode for comparing ipset versions 2015-11-13 00:27:36 +02:00
Philip Whineray
b73d00f7d9 configure script now only detected needed commands 
When programs are disabled, their dependencies are omitted. Same
if ipv6 or ipv6 is disabled.
 2015-11-12 21:36:06 +00:00
Costa Tsaousis (ktsaou)
fb7eb84609 added option --quiet to silently check if ipsets differ with --diff 2015-11-12 03:30:27 +02:00
Costa Tsaousis (ktsaou)
3952fd0744 Merge branch 'master' of github.com:firehol/firehol 2015-11-12 03:19:15 +02:00
Costa Tsaousis (ktsaou)
e1f0e0d392 added option --diff to show the differences between ipsets 2015-11-12 03:19:00 +02:00
Philip Whineray
111aa66962 Add flags to disable ipv4/ipv6 in firehol 2015-11-11 22:37:53 +00:00
Philip Whineray
b670b4cd21 Allow configuring to not install specific scripts 
When not installing a script, also stop its documentation, example
files etc.
 2015-11-11 18:28:01 +00:00
Philip Whineray
fdef2baa35 Add comment regarding namespace problem 2015-11-11 07:54:28 +00:00
Philip Whineray
fde365ab94 Make sure use same defaults file for all 
Make it read-all so non-root use in update-ipsets is OK
Make the source test for readability so we do not get an error if not
 2015-11-11 07:44:28 +00:00
Costa Tsaousis (ktsaou)
d1473e1f59 fixed typos 2015-11-10 23:03:08 +02:00
Costa Tsaousis (ktsaou)
112a21c445 added prototype for custom/admin/user supplied downloaders; fixed an issue with git commits 2015-11-10 22:15:58 +02:00
Philip Whineray
370a6616f4 Honour the config directory set by configure 
Ensure that ipset_remove_all_tmp_sets() is defined before it can
be called in firehol_exit().
 2015-11-10 18:35:12 +00:00
Philip Whineray
d2ec651cdc Detect and use TAR_CMD 
A couple of other programs replaced
Allow unconfigured programs to detect iprange in-situ
 2015-11-10 07:26:59 +00:00