project/firewall3.git
8 years agoCosmetic output changes
Jo-Philipp Wich [Sun, 10 Mar 2013 19:41:20 +0000 (20:41 +0100)]
Cosmetic output changes

8 years agoOnly run includes and set sysctls if either v4 or v6 firewall was actually started
Jo-Philipp Wich [Sun, 10 Mar 2013 19:36:33 +0000 (20:36 +0100)]
Only run includes and set sysctls if either v4 or v6 firewall was actually started

8 years agoIntroduce fw3_no_family() helper macro and use it
Jo-Philipp Wich [Sun, 10 Mar 2013 19:29:48 +0000 (20:29 +0100)]
Introduce fw3_no_family() helper macro and use it

8 years agoRemove src_flags and running_src_flags from fw3_zone struct, rename dst_flags and...
Jo-Philipp Wich [Sun, 10 Mar 2013 19:19:46 +0000 (20:19 +0100)]
Remove src_flags and running_src_flags from fw3_zone struct, rename dst_flags and running_dst_flags to flags and running_flags

8 years agoDon't store zone src_flags in statefile anymore, read and write numeric state values...
Jo-Philipp Wich [Sun, 10 Mar 2013 19:14:06 +0000 (20:14 +0100)]
Don't store zone src_flags in statefile anymore, read and write numeric state values in hex notation

8 years agoIntroduce new enum values for zone src policies and map src policy to dst_flags bitfi...
Jo-Philipp Wich [Sun, 10 Mar 2013 19:09:16 +0000 (20:09 +0100)]
Introduce new enum values for zone src policies and map src policy to dst_flags bitfield, making the src_flags bitfield unnecessary

8 years agoSeparate running from current state flags in ipset handling, remove ipsets per family
Jo-Philipp Wich [Sun, 10 Mar 2013 18:39:39 +0000 (19:39 +0100)]
Separate running from current state flags in ipset handling, remove ipsets per family

8 years agoGet rid of redundant fw3_defaults object, instead add a running_flags bitfield to...
Jo-Philipp Wich [Sun, 10 Mar 2013 18:16:55 +0000 (19:16 +0100)]
Get rid of redundant fw3_defaults object, instead add a running_flags bitfield to the existing fw3_defaults structure

8 years agoProperly handle per zone user chain rules by fixing multiple logic errors
Jo-Philipp Wich [Sun, 10 Mar 2013 17:17:21 +0000 (18:17 +0100)]
Properly handle per zone user chain rules by fixing multiple logic errors

 * Track running zone state in separate bit fields
 * Track IPv4 and IPv6 custom chain state separately
 * Extend flag bitfields to 32 bit

8 years agoadd support for per-zone user chains
Jo-Philipp Wich [Thu, 7 Mar 2013 13:34:02 +0000 (14:34 +0100)]
add support for per-zone user chains

8 years agoSupport abstract "tcpudp" protocol
Jo-Philipp Wich [Thu, 7 Mar 2013 10:05:15 +0000 (11:05 +0100)]
Support abstract "tcpudp" protocol

8 years agointroduce support for enabled option in zones, forwards, rules, redirects, ipsets...
Jo-Philipp Wich [Sat, 2 Mar 2013 17:02:58 +0000 (18:02 +0100)]
introduce support for enabled option in zones, forwards, rules, redirects, ipsets and includes

8 years agouse dup'ed string in fw3_parse_monthdays()
Jo-Philipp Wich [Thu, 28 Feb 2013 13:07:22 +0000 (14:07 +0100)]
use dup'ed string in fw3_parse_monthdays()

8 years agogeneralize enum parsing
Jo-Philipp Wich [Thu, 28 Feb 2013 12:20:33 +0000 (13:20 +0100)]
generalize enum parsing

8 years agoremove unused notrack chain
Jo-Philipp Wich [Wed, 27 Feb 2013 21:56:01 +0000 (22:56 +0100)]
remove unused notrack chain

8 years agoclear conntrack table on flush
Jo-Philipp Wich [Wed, 27 Feb 2013 13:49:09 +0000 (14:49 +0100)]
clear conntrack table on flush

8 years agocosmetic change in printing of forward rules
Jo-Philipp Wich [Wed, 27 Feb 2013 13:40:51 +0000 (14:40 +0100)]
cosmetic change in printing of forward rules

8 years agoadd debug flag to monitor fw3_pr() calls, set policies to drop during reload
Jo-Philipp Wich [Wed, 27 Feb 2013 13:16:44 +0000 (14:16 +0100)]
add debug flag to monitor fw3_pr() calls, set policies to drop during reload

8 years agoadd support for setting sysctls, remove tcp_westwood option, its not present on curre...
Jo-Philipp Wich [Fri, 22 Feb 2013 13:30:21 +0000 (14:30 +0100)]
add support for setting sysctls, remove tcp_westwood option, its not present on current kernels

8 years agorun/load includes on start
Jo-Philipp Wich [Fri, 22 Feb 2013 12:32:12 +0000 (13:32 +0100)]
run/load includes on start

8 years agoadd reload command to selectively rebuild rules (to be invoked from hotplug handler...
Jo-Philipp Wich [Fri, 22 Feb 2013 11:49:33 +0000 (12:49 +0100)]
add reload command to selectively rebuild rules (to be invoked from hotplug handler) and make the restart command flush and recreate all rules

8 years agoadd support for includes
Jo-Philipp Wich [Fri, 22 Feb 2013 00:41:53 +0000 (01:41 +0100)]
add support for includes

8 years agouse hasbit() to test for invert flag of weekdays and monthdays
Jo-Philipp Wich [Thu, 21 Feb 2013 22:59:06 +0000 (23:59 +0100)]
use hasbit() to test for invert flag of weekdays and monthdays

8 years agoadd time match support
Jo-Philipp Wich [Thu, 21 Feb 2013 21:42:01 +0000 (22:42 +0100)]
add time match support

8 years agoremove now unsed fw3_free_list() helper
Jo-Philipp Wich [Thu, 21 Feb 2013 19:00:59 +0000 (20:00 +0100)]
remove now unsed fw3_free_list() helper

8 years agoremove ip range list hack since fw3_address can now represent true ranges
Jo-Philipp Wich [Thu, 21 Feb 2013 18:45:19 +0000 (19:45 +0100)]
remove ip range list hack since fw3_address can now represent true ranges

8 years agointroduce support for ip ranges
Jo-Philipp Wich [Thu, 21 Feb 2013 18:34:58 +0000 (19:34 +0100)]
introduce support for ip ranges

8 years agounify object freeing
Jo-Philipp Wich [Thu, 21 Feb 2013 17:49:56 +0000 (18:49 +0100)]
unify object freeing

8 years agorework runtime state tracking
Jo-Philipp Wich [Wed, 20 Feb 2013 20:05:45 +0000 (21:05 +0100)]
rework runtime state tracking

8 years agoonly emit zone flush commands if the zone is active for the current family
Jo-Philipp Wich [Wed, 20 Feb 2013 10:50:02 +0000 (11:50 +0100)]
only emit zone flush commands if the zone is active for the current family

8 years agorework ipset removal logic to only purge sets that are not in use by any family
Jo-Philipp Wich [Tue, 19 Feb 2013 23:58:02 +0000 (00:58 +0100)]
rework ipset removal logic to only purge sets that are not in use by any family

8 years agoprint a notification if forwards are skipped due to zone family mismatch
Jo-Philipp Wich [Tue, 19 Feb 2013 22:53:21 +0000 (23:53 +0100)]
print a notification if forwards are skipped due to zone family mismatch

8 years agodo not save state when printing rules
Jo-Philipp Wich [Tue, 19 Feb 2013 21:36:31 +0000 (22:36 +0100)]
do not save state when printing rules

8 years agointroduce global string array for enum names, remove private arrays
Jo-Philipp Wich [Tue, 19 Feb 2013 18:48:20 +0000 (19:48 +0100)]
introduce global string array for enum names, remove private arrays

8 years agotrack used family for ipsets
Jo-Philipp Wich [Tue, 19 Feb 2013 18:32:39 +0000 (19:32 +0100)]
track used family for ipsets

8 years agomake enum values unique to allow using them in bitfields directly, increase flag...
Jo-Philipp Wich [Tue, 19 Feb 2013 18:29:04 +0000 (19:29 +0100)]
make enum values unique to allow using them in bitfields directly, increase flag members to 16 bit

8 years agoconvert remaining occurences to hasbit() / setbit() helper macros
Jo-Philipp Wich [Tue, 19 Feb 2013 18:07:13 +0000 (19:07 +0100)]
convert remaining occurences to hasbit() / setbit() helper macros

8 years agorename flag fields in structures
Jo-Philipp Wich [Tue, 19 Feb 2013 17:58:22 +0000 (18:58 +0100)]
rename flag fields in structures

8 years agoproperly deal with only v4 or only v6 start/stop/restart
Jo-Philipp Wich [Tue, 19 Feb 2013 00:22:52 +0000 (01:22 +0100)]
properly deal with only v4 or only v6 start/stop/restart

8 years agoselectively delete chains in filter and nat tables
Jo-Philipp Wich [Mon, 18 Feb 2013 01:54:15 +0000 (02:54 +0100)]
selectively delete chains in filter and nat tables

8 years agorecord used zone chains in state file
Jo-Philipp Wich [Sun, 17 Feb 2013 23:25:48 +0000 (00:25 +0100)]
record used zone chains in state file

8 years agodestroy ipsets on explicit stop and flush, but not on restart
Jo-Philipp Wich [Sun, 17 Feb 2013 20:52:55 +0000 (21:52 +0100)]
destroy ipsets on explicit stop and flush, but not on restart

8 years agoadd missing fclose() in previous commit
Jo-Philipp Wich [Sun, 17 Feb 2013 19:49:52 +0000 (20:49 +0100)]
add missing fclose() in previous commit

8 years agoseparate state and lock files, use state file information to purge ipsets
Jo-Philipp Wich [Sun, 17 Feb 2013 19:22:18 +0000 (20:22 +0100)]
separate state and lock files, use state file information to purge ipsets

8 years agoinitial commit
Jo-Philipp Wich [Sun, 17 Feb 2013 13:31:47 +0000 (14:31 +0100)]
initial commit