project/firewall3.git
10 years agoImplement support for "network" datatype and use it for masq_src / masq_dest
Jo-Philipp Wich [Mon, 18 Mar 2013 15:38:33 +0000 (16:38 +0100)]
Implement support for "network" datatype and use it for masq_src / masq_dest

10 years agoDo not accept option src_mac for SNAT rules
Jo-Philipp Wich [Mon, 18 Mar 2013 14:55:11 +0000 (15:55 +0100)]
Do not accept option src_mac for SNAT rules

10 years agoConsolidate and unify argument order for functions
Jo-Philipp Wich [Thu, 14 Mar 2013 15:07:41 +0000 (16:07 +0100)]
Consolidate and unify argument order for functions

10 years agoOnly perform locking for start, stop, restart, reload and flush operations, this...
Jo-Philipp Wich [Thu, 14 Mar 2013 14:21:18 +0000 (15:21 +0100)]
Only perform locking for start, stop, restart, reload and flush operations, this allows using fw3 network and fw3 device in includes

10 years agoImplement reload option for includes to decide whether includes should get reloaded...
Jo-Philipp Wich [Thu, 14 Mar 2013 13:48:37 +0000 (14:48 +0100)]
Implement reload option for includes to decide whether includes should get reloaded on firewall reloads (useful when they tap into internal chains)

10 years agoMake nat reflection src address configurable by introducing a reflection_src paramete...
Jo-Philipp Wich [Wed, 13 Mar 2013 15:25:56 +0000 (16:25 +0100)]
Make nat reflection src address configurable by introducing a reflection_src parameter which can be set to "external" or "internal"

10 years agoEmit hotplug calls when flushing / creating zone chains
Jo-Philipp Wich [Tue, 12 Mar 2013 18:43:41 +0000 (19:43 +0100)]
Emit hotplug calls when flushing / creating zone chains

10 years agoUnify fw3_default and fw3_target enums
Jo-Philipp Wich [Wed, 13 Mar 2013 13:01:52 +0000 (14:01 +0100)]
Unify fw3_default and fw3_target enums

10 years agoTrack used networks and devices in state file
Jo-Philipp Wich [Tue, 12 Mar 2013 18:34:16 +0000 (19:34 +0100)]
Track used networks and devices in state file

10 years agoUnify print_chains() implementations in utils.c fw3_pr_rulespec()
Jo-Philipp Wich [Tue, 12 Mar 2013 15:08:46 +0000 (16:08 +0100)]
Unify print_chains() implementations in utils.c fw3_pr_rulespec()

10 years agoInclude limits.h to fix compilation against eglibc
Jo-Philipp Wich [Mon, 11 Mar 2013 20:47:50 +0000 (21:47 +0100)]
Include limits.h to fix compilation against eglibc

10 years agoRework zone flush logic
Jo-Philipp Wich [Mon, 11 Mar 2013 11:46:32 +0000 (12:46 +0100)]
Rework zone flush logic

10 years agoChange fw3_no_family() macro to take bit field value directly
Jo-Philipp Wich [Sun, 10 Mar 2013 20:21:03 +0000 (21:21 +0100)]
Change fw3_no_family() macro to take bit field value directly

10 years agoCosmetic output changes
Jo-Philipp Wich [Sun, 10 Mar 2013 19:41:20 +0000 (20:41 +0100)]
Cosmetic output changes

10 years agoOnly run includes and set sysctls if either v4 or v6 firewall was actually started
Jo-Philipp Wich [Sun, 10 Mar 2013 19:36:33 +0000 (20:36 +0100)]
Only run includes and set sysctls if either v4 or v6 firewall was actually started

10 years agoIntroduce fw3_no_family() helper macro and use it
Jo-Philipp Wich [Sun, 10 Mar 2013 19:29:48 +0000 (20:29 +0100)]
Introduce fw3_no_family() helper macro and use it

10 years agoRemove src_flags and running_src_flags from fw3_zone struct, rename dst_flags and...
Jo-Philipp Wich [Sun, 10 Mar 2013 19:19:46 +0000 (20:19 +0100)]
Remove src_flags and running_src_flags from fw3_zone struct, rename dst_flags and running_dst_flags to flags and running_flags

10 years agoDon't store zone src_flags in statefile anymore, read and write numeric state values...
Jo-Philipp Wich [Sun, 10 Mar 2013 19:14:06 +0000 (20:14 +0100)]
Don't store zone src_flags in statefile anymore, read and write numeric state values in hex notation

10 years agoIntroduce new enum values for zone src policies and map src policy to dst_flags bitfi...
Jo-Philipp Wich [Sun, 10 Mar 2013 19:09:16 +0000 (20:09 +0100)]
Introduce new enum values for zone src policies and map src policy to dst_flags bitfield, making the src_flags bitfield unnecessary

10 years agoSeparate running from current state flags in ipset handling, remove ipsets per family
Jo-Philipp Wich [Sun, 10 Mar 2013 18:39:39 +0000 (19:39 +0100)]
Separate running from current state flags in ipset handling, remove ipsets per family

10 years agoGet rid of redundant fw3_defaults object, instead add a running_flags bitfield to...
Jo-Philipp Wich [Sun, 10 Mar 2013 18:16:55 +0000 (19:16 +0100)]
Get rid of redundant fw3_defaults object, instead add a running_flags bitfield to the existing fw3_defaults structure

10 years agoProperly handle per zone user chain rules by fixing multiple logic errors
Jo-Philipp Wich [Sun, 10 Mar 2013 17:17:21 +0000 (18:17 +0100)]
Properly handle per zone user chain rules by fixing multiple logic errors

 * Track running zone state in separate bit fields
 * Track IPv4 and IPv6 custom chain state separately
 * Extend flag bitfields to 32 bit

10 years agoadd support for per-zone user chains
Jo-Philipp Wich [Thu, 7 Mar 2013 13:34:02 +0000 (14:34 +0100)]
add support for per-zone user chains

10 years agoSupport abstract "tcpudp" protocol
Jo-Philipp Wich [Thu, 7 Mar 2013 10:05:15 +0000 (11:05 +0100)]
Support abstract "tcpudp" protocol

10 years agointroduce support for enabled option in zones, forwards, rules, redirects, ipsets...
Jo-Philipp Wich [Sat, 2 Mar 2013 17:02:58 +0000 (18:02 +0100)]
introduce support for enabled option in zones, forwards, rules, redirects, ipsets and includes

10 years agouse dup'ed string in fw3_parse_monthdays()
Jo-Philipp Wich [Thu, 28 Feb 2013 13:07:22 +0000 (14:07 +0100)]
use dup'ed string in fw3_parse_monthdays()

10 years agogeneralize enum parsing
Jo-Philipp Wich [Thu, 28 Feb 2013 12:20:33 +0000 (13:20 +0100)]
generalize enum parsing

10 years agoremove unused notrack chain
Jo-Philipp Wich [Wed, 27 Feb 2013 21:56:01 +0000 (22:56 +0100)]
remove unused notrack chain

10 years agoclear conntrack table on flush
Jo-Philipp Wich [Wed, 27 Feb 2013 13:49:09 +0000 (14:49 +0100)]
clear conntrack table on flush

10 years agocosmetic change in printing of forward rules
Jo-Philipp Wich [Wed, 27 Feb 2013 13:40:51 +0000 (14:40 +0100)]
cosmetic change in printing of forward rules

10 years agoadd debug flag to monitor fw3_pr() calls, set policies to drop during reload
Jo-Philipp Wich [Wed, 27 Feb 2013 13:16:44 +0000 (14:16 +0100)]
add debug flag to monitor fw3_pr() calls, set policies to drop during reload

10 years agoadd support for setting sysctls, remove tcp_westwood option, its not present on curre...
Jo-Philipp Wich [Fri, 22 Feb 2013 13:30:21 +0000 (14:30 +0100)]
add support for setting sysctls, remove tcp_westwood option, its not present on current kernels

10 years agorun/load includes on start
Jo-Philipp Wich [Fri, 22 Feb 2013 12:32:12 +0000 (13:32 +0100)]
run/load includes on start

10 years agoadd reload command to selectively rebuild rules (to be invoked from hotplug handler...
Jo-Philipp Wich [Fri, 22 Feb 2013 11:49:33 +0000 (12:49 +0100)]
add reload command to selectively rebuild rules (to be invoked from hotplug handler) and make the restart command flush and recreate all rules

10 years agoadd support for includes
Jo-Philipp Wich [Fri, 22 Feb 2013 00:41:53 +0000 (01:41 +0100)]
add support for includes

10 years agouse hasbit() to test for invert flag of weekdays and monthdays
Jo-Philipp Wich [Thu, 21 Feb 2013 22:59:06 +0000 (23:59 +0100)]
use hasbit() to test for invert flag of weekdays and monthdays

10 years agoadd time match support
Jo-Philipp Wich [Thu, 21 Feb 2013 21:42:01 +0000 (22:42 +0100)]
add time match support

10 years agoremove now unsed fw3_free_list() helper
Jo-Philipp Wich [Thu, 21 Feb 2013 19:00:59 +0000 (20:00 +0100)]
remove now unsed fw3_free_list() helper

10 years agoremove ip range list hack since fw3_address can now represent true ranges
Jo-Philipp Wich [Thu, 21 Feb 2013 18:45:19 +0000 (19:45 +0100)]
remove ip range list hack since fw3_address can now represent true ranges

10 years agointroduce support for ip ranges
Jo-Philipp Wich [Thu, 21 Feb 2013 18:34:58 +0000 (19:34 +0100)]
introduce support for ip ranges

10 years agounify object freeing
Jo-Philipp Wich [Thu, 21 Feb 2013 17:49:56 +0000 (18:49 +0100)]
unify object freeing

10 years agorework runtime state tracking
Jo-Philipp Wich [Wed, 20 Feb 2013 20:05:45 +0000 (21:05 +0100)]
rework runtime state tracking

10 years agoonly emit zone flush commands if the zone is active for the current family
Jo-Philipp Wich [Wed, 20 Feb 2013 10:50:02 +0000 (11:50 +0100)]
only emit zone flush commands if the zone is active for the current family

10 years agorework ipset removal logic to only purge sets that are not in use by any family
Jo-Philipp Wich [Tue, 19 Feb 2013 23:58:02 +0000 (00:58 +0100)]
rework ipset removal logic to only purge sets that are not in use by any family

10 years agoprint a notification if forwards are skipped due to zone family mismatch
Jo-Philipp Wich [Tue, 19 Feb 2013 22:53:21 +0000 (23:53 +0100)]
print a notification if forwards are skipped due to zone family mismatch

10 years agodo not save state when printing rules
Jo-Philipp Wich [Tue, 19 Feb 2013 21:36:31 +0000 (22:36 +0100)]
do not save state when printing rules

10 years agointroduce global string array for enum names, remove private arrays
Jo-Philipp Wich [Tue, 19 Feb 2013 18:48:20 +0000 (19:48 +0100)]
introduce global string array for enum names, remove private arrays

10 years agotrack used family for ipsets
Jo-Philipp Wich [Tue, 19 Feb 2013 18:32:39 +0000 (19:32 +0100)]
track used family for ipsets

10 years agomake enum values unique to allow using them in bitfields directly, increase flag...
Jo-Philipp Wich [Tue, 19 Feb 2013 18:29:04 +0000 (19:29 +0100)]
make enum values unique to allow using them in bitfields directly, increase flag members to 16 bit

10 years agoconvert remaining occurences to hasbit() / setbit() helper macros
Jo-Philipp Wich [Tue, 19 Feb 2013 18:07:13 +0000 (19:07 +0100)]
convert remaining occurences to hasbit() / setbit() helper macros

10 years agorename flag fields in structures
Jo-Philipp Wich [Tue, 19 Feb 2013 17:58:22 +0000 (18:58 +0100)]
rename flag fields in structures

10 years agoproperly deal with only v4 or only v6 start/stop/restart
Jo-Philipp Wich [Tue, 19 Feb 2013 00:22:52 +0000 (01:22 +0100)]
properly deal with only v4 or only v6 start/stop/restart

10 years agoselectively delete chains in filter and nat tables
Jo-Philipp Wich [Mon, 18 Feb 2013 01:54:15 +0000 (02:54 +0100)]
selectively delete chains in filter and nat tables

10 years agorecord used zone chains in state file
Jo-Philipp Wich [Sun, 17 Feb 2013 23:25:48 +0000 (00:25 +0100)]
record used zone chains in state file

10 years agodestroy ipsets on explicit stop and flush, but not on restart
Jo-Philipp Wich [Sun, 17 Feb 2013 20:52:55 +0000 (21:52 +0100)]
destroy ipsets on explicit stop and flush, but not on restart

10 years agoadd missing fclose() in previous commit
Jo-Philipp Wich [Sun, 17 Feb 2013 19:49:52 +0000 (20:49 +0100)]
add missing fclose() in previous commit

10 years agoseparate state and lock files, use state file information to purge ipsets
Jo-Philipp Wich [Sun, 17 Feb 2013 19:22:18 +0000 (20:22 +0100)]
separate state and lock files, use state file information to purge ipsets

10 years agoinitial commit
Jo-Philipp Wich [Sun, 17 Feb 2013 13:31:47 +0000 (14:31 +0100)]
initial commit