project/firewall3.git
11 years agoadd support for setting sysctls, remove tcp_westwood option, its not present on curre...
Jo-Philipp Wich [Fri, 22 Feb 2013 13:30:21 +0000 (14:30 +0100)]
add support for setting sysctls, remove tcp_westwood option, its not present on current kernels

11 years agorun/load includes on start
Jo-Philipp Wich [Fri, 22 Feb 2013 12:32:12 +0000 (13:32 +0100)]
run/load includes on start

11 years agoadd reload command to selectively rebuild rules (to be invoked from hotplug handler...
Jo-Philipp Wich [Fri, 22 Feb 2013 11:49:33 +0000 (12:49 +0100)]
add reload command to selectively rebuild rules (to be invoked from hotplug handler) and make the restart command flush and recreate all rules

11 years agoadd support for includes
Jo-Philipp Wich [Fri, 22 Feb 2013 00:41:53 +0000 (01:41 +0100)]
add support for includes

11 years agouse hasbit() to test for invert flag of weekdays and monthdays
Jo-Philipp Wich [Thu, 21 Feb 2013 22:59:06 +0000 (23:59 +0100)]
use hasbit() to test for invert flag of weekdays and monthdays

11 years agoadd time match support
Jo-Philipp Wich [Thu, 21 Feb 2013 21:42:01 +0000 (22:42 +0100)]
add time match support

11 years agoremove now unsed fw3_free_list() helper
Jo-Philipp Wich [Thu, 21 Feb 2013 19:00:59 +0000 (20:00 +0100)]
remove now unsed fw3_free_list() helper

11 years agoremove ip range list hack since fw3_address can now represent true ranges
Jo-Philipp Wich [Thu, 21 Feb 2013 18:45:19 +0000 (19:45 +0100)]
remove ip range list hack since fw3_address can now represent true ranges

11 years agointroduce support for ip ranges
Jo-Philipp Wich [Thu, 21 Feb 2013 18:34:58 +0000 (19:34 +0100)]
introduce support for ip ranges

11 years agounify object freeing
Jo-Philipp Wich [Thu, 21 Feb 2013 17:49:56 +0000 (18:49 +0100)]
unify object freeing

11 years agorework runtime state tracking
Jo-Philipp Wich [Wed, 20 Feb 2013 20:05:45 +0000 (21:05 +0100)]
rework runtime state tracking

11 years agoonly emit zone flush commands if the zone is active for the current family
Jo-Philipp Wich [Wed, 20 Feb 2013 10:50:02 +0000 (11:50 +0100)]
only emit zone flush commands if the zone is active for the current family

11 years agorework ipset removal logic to only purge sets that are not in use by any family
Jo-Philipp Wich [Tue, 19 Feb 2013 23:58:02 +0000 (00:58 +0100)]
rework ipset removal logic to only purge sets that are not in use by any family

11 years agoprint a notification if forwards are skipped due to zone family mismatch
Jo-Philipp Wich [Tue, 19 Feb 2013 22:53:21 +0000 (23:53 +0100)]
print a notification if forwards are skipped due to zone family mismatch

11 years agodo not save state when printing rules
Jo-Philipp Wich [Tue, 19 Feb 2013 21:36:31 +0000 (22:36 +0100)]
do not save state when printing rules

11 years agointroduce global string array for enum names, remove private arrays
Jo-Philipp Wich [Tue, 19 Feb 2013 18:48:20 +0000 (19:48 +0100)]
introduce global string array for enum names, remove private arrays

11 years agotrack used family for ipsets
Jo-Philipp Wich [Tue, 19 Feb 2013 18:32:39 +0000 (19:32 +0100)]
track used family for ipsets

11 years agomake enum values unique to allow using them in bitfields directly, increase flag...
Jo-Philipp Wich [Tue, 19 Feb 2013 18:29:04 +0000 (19:29 +0100)]
make enum values unique to allow using them in bitfields directly, increase flag members to 16 bit

11 years agoconvert remaining occurences to hasbit() / setbit() helper macros
Jo-Philipp Wich [Tue, 19 Feb 2013 18:07:13 +0000 (19:07 +0100)]
convert remaining occurences to hasbit() / setbit() helper macros

11 years agorename flag fields in structures
Jo-Philipp Wich [Tue, 19 Feb 2013 17:58:22 +0000 (18:58 +0100)]
rename flag fields in structures

11 years agoproperly deal with only v4 or only v6 start/stop/restart
Jo-Philipp Wich [Tue, 19 Feb 2013 00:22:52 +0000 (01:22 +0100)]
properly deal with only v4 or only v6 start/stop/restart

11 years agoselectively delete chains in filter and nat tables
Jo-Philipp Wich [Mon, 18 Feb 2013 01:54:15 +0000 (02:54 +0100)]
selectively delete chains in filter and nat tables

11 years agorecord used zone chains in state file
Jo-Philipp Wich [Sun, 17 Feb 2013 23:25:48 +0000 (00:25 +0100)]
record used zone chains in state file

11 years agodestroy ipsets on explicit stop and flush, but not on restart
Jo-Philipp Wich [Sun, 17 Feb 2013 20:52:55 +0000 (21:52 +0100)]
destroy ipsets on explicit stop and flush, but not on restart

11 years agoadd missing fclose() in previous commit
Jo-Philipp Wich [Sun, 17 Feb 2013 19:49:52 +0000 (20:49 +0100)]
add missing fclose() in previous commit

11 years agoseparate state and lock files, use state file information to purge ipsets
Jo-Philipp Wich [Sun, 17 Feb 2013 19:22:18 +0000 (20:22 +0100)]
separate state and lock files, use state file information to purge ipsets

11 years agoinitial commit
Jo-Philipp Wich [Sun, 17 Feb 2013 13:31:47 +0000 (14:31 +0100)]
initial commit