opensuse:susefirewall2.git
11 years agopackage directory with correct version
Ludwig Nussel [Tue, 3 Jan 2006 10:18:12 +0000 (10:18 +0000)]
package directory with correct version

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@133 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agouse svn revision in archive name
Ludwig Nussel [Tue, 3 Jan 2006 10:11:15 +0000 (10:11 +0000)]
use svn revision in archive name

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@132 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agofix initscript status reporting (#124869)
Ludwig Nussel [Tue, 3 Jan 2006 10:08:20 +0000 (10:08 +0000)]
fix initscript status reporting (#124869)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@131 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- fall back to normal iptables if iptables-batch fails
Ludwig Nussel [Mon, 1 Aug 2005 14:34:54 +0000 (14:34 +0000)]
- fall back to normal iptables if iptables-batch fails
- always add ip6tables drop rule in case REJECT doesn't work for some
  reason

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@130 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agodon't load ftp conntrack helpers by default
Ludwig Nussel [Mon, 1 Aug 2005 08:18:40 +0000 (08:18 +0000)]
don't load ftp conntrack helpers by default

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@129 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agomove docu generation rules into separate file
Ludwig Nussel [Mon, 1 Aug 2005 08:17:07 +0000 (08:17 +0000)]
move docu generation rules into separate file

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@128 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agodiscard errors from rpcinfo as some people don't have it running all the
Ludwig Nussel [Tue, 12 Jul 2005 10:02:55 +0000 (10:02 +0000)]
discard errors from rpcinfo as some people don't have it running all the
time

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@127 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agodon't print warning if ipv6 support is disabled
Ludwig Nussel [Tue, 5 Jul 2005 14:03:40 +0000 (14:03 +0000)]
don't print warning if ipv6 support is disabled

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@126 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agomark FW_ALLOW_INCOMING_HIGHPORTS_* as deprecated
Ludwig Nussel [Thu, 30 Jun 2005 08:34:07 +0000 (08:34 +0000)]
mark FW_ALLOW_INCOMING_HIGHPORTS_* as deprecated

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@125 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agopermit empty port in FW_TRUSTED_NETS
Ludwig Nussel [Tue, 28 Jun 2005 08:10:56 +0000 (08:10 +0000)]
permit empty port in FW_TRUSTED_NETS

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@124 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoadd target to sync to forgeftp
Ludwig Nussel [Tue, 28 Jun 2005 08:09:06 +0000 (08:09 +0000)]
add target to sync to forgeftp

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@123 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoinstall symlinks like they are in the rpm package
Ludwig Nussel [Wed, 15 Jun 2005 08:44:14 +0000 (08:44 +0000)]
install symlinks like they are in the rpm package

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@122 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agonew example for FW_TRUSTED_NETS
Ludwig Nussel [Wed, 15 Jun 2005 08:44:00 +0000 (08:44 +0000)]
new example for FW_TRUSTED_NETS

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@121 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agofix FW_ALLOW_INCOMING_HIGHPORTS_UDP
Ludwig Nussel [Wed, 15 Jun 2005 08:08:08 +0000 (08:08 +0000)]
fix FW_ALLOW_INCOMING_HIGHPORTS_UDP

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@120 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agouse /var/log/firewall
Ludwig Nussel [Mon, 9 May 2005 12:58:04 +0000 (12:58 +0000)]
use /var/log/firewall

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@119 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agofix check for iptables-batch
Ludwig Nussel [Mon, 9 May 2005 12:57:53 +0000 (12:57 +0000)]
fix check for iptables-batch

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@118 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agouse iptables-batch by default if available
Ludwig Nussel [Fri, 22 Apr 2005 09:16:33 +0000 (09:16 +0000)]
use iptables-batch by default if available
version 3.4

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@117 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- add batch commits to stop and close
Ludwig Nussel [Tue, 19 Apr 2005 12:03:00 +0000 (12:03 +0000)]
- add batch commits to stop and close
- move allowing udp ports before reject rules

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@116 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoreally use full path
Ludwig Nussel [Mon, 18 Apr 2005 13:55:46 +0000 (13:55 +0000)]
really use full path

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@115 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agouse full path to getopt and logger (#76703)
Ludwig Nussel [Mon, 11 Apr 2005 07:35:52 +0000 (07:35 +0000)]
use full path to getopt and logger (#76703)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@114 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agofix FW_ALLOW_CLASS_ROUTING (#75319)
Ludwig Nussel [Thu, 31 Mar 2005 08:28:28 +0000 (08:28 +0000)]
fix FW_ALLOW_CLASS_ROUTING (#75319)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@113 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoremove $PERSFWCONFIG, not used anymore
Ludwig Nussel [Wed, 30 Mar 2005 07:43:34 +0000 (07:43 +0000)]
remove $PERSFWCONFIG, not used anymore

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@112 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- include all sysctl in FW_KERNEL_SECURITY (#61429)
Ludwig Nussel [Wed, 16 Mar 2005 13:02:09 +0000 (13:02 +0000)]
- include all sysctl in FW_KERNEL_SECURITY (#61429)
- allow basic IPv6 tcp and icmp despite missing conntrack (#72865)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@111 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agochange stylesheet to make programlistings have a grey background again
Ludwig Nussel [Mon, 14 Mar 2005 13:49:55 +0000 (13:49 +0000)]
change stylesheet to make programlistings have a grey background again

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@110 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agofix reversed reject logic with ipv6 (#72414)
Ludwig Nussel [Mon, 14 Mar 2005 13:47:29 +0000 (13:47 +0000)]
fix reversed reject logic with ipv6 (#72414)
fix "any" interface (#72428)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@109 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoadd desktop file for susehelp
Ludwig Nussel [Fri, 11 Mar 2005 16:26:36 +0000 (16:26 +0000)]
add desktop file for susehelp

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@108 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agodefine ipsec matching parameters even if ipsec gets no special handling (#62352)
Ludwig Nussel [Tue, 1 Mar 2005 13:19:33 +0000 (13:19 +0000)]
define ipsec matching parameters even if ipsec gets no special handling (#62352)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@107 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- reorder rule creation to keep window where packets are dropped small
Ludwig Nussel [Mon, 21 Feb 2005 10:38:51 +0000 (10:38 +0000)]
- reorder rule creation to keep window where packets are dropped small
- fix missing space at some log messages

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@106 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoadd port to FW_FORWARD reply packet match rule
Ludwig Nussel [Fri, 18 Feb 2005 13:18:57 +0000 (13:18 +0000)]
add port to FW_FORWARD reply packet match rule

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@105 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agomore examples
Ludwig Nussel [Thu, 17 Feb 2005 11:06:14 +0000 (11:06 +0000)]
more examples

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@104 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoadd wlan interface to example
Ludwig Nussel [Thu, 17 Feb 2005 11:05:40 +0000 (11:05 +0000)]
add wlan interface to example

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@103 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agopackage style sheet
Ludwig Nussel [Thu, 17 Feb 2005 11:05:01 +0000 (11:05 +0000)]
package style sheet

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@102 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agopackage new docbook docu
Ludwig Nussel [Wed, 16 Feb 2005 14:48:06 +0000 (14:48 +0000)]
package new docbook docu

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@101 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoconvert readme as docbook
Ludwig Nussel [Wed, 16 Feb 2005 14:47:54 +0000 (14:47 +0000)]
convert readme as docbook

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@100 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoadd docbook-xml docu
Ludwig Nussel [Wed, 16 Feb 2005 13:27:58 +0000 (13:27 +0000)]
add docbook-xml docu

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@99 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- disable workaround for #46818
Ludwig Nussel [Thu, 3 Feb 2005 15:53:00 +0000 (15:53 +0000)]
- disable workaround for #46818
- add more examples to broadcast variable
- use proof-read text for update message

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@98 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- move conversion of old broadcast variables into separate file so it
Ludwig Nussel [Tue, 1 Feb 2005 12:12:16 +0000 (12:12 +0000)]
- move conversion of old broadcast variables into separate file so it
  can be called from the rpm post script
- add update message for broadcast variables

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@97 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoparse zones before interface evaluation
Ludwig Nussel [Mon, 31 Jan 2005 09:46:07 +0000 (09:46 +0000)]
parse zones before interface evaluation

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@96 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agofix init script requirement
Ludwig Nussel [Fri, 28 Jan 2005 17:13:18 +0000 (17:13 +0000)]
fix init script requirement

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@95 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- allow to define additional zones through FW_ZONES
Ludwig Nussel [Wed, 26 Jan 2005 12:53:12 +0000 (12:53 +0000)]
- allow to define additional zones through FW_ZONES
- remove FW_ALLOW_FW_TRACEROUTE from config file

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@94 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agobe more specific about deprecated variables
Ludwig Nussel [Tue, 25 Jan 2005 17:03:33 +0000 (17:03 +0000)]
be more specific about deprecated variables

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@93 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoswitch to silent if not run from a tty
Ludwig Nussel [Tue, 25 Jan 2005 16:45:28 +0000 (16:45 +0000)]
switch to silent if not run from a tty

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@92 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoallow protocols without port in FW_DROP*
Ludwig Nussel [Fri, 21 Jan 2005 10:47:45 +0000 (10:47 +0000)]
allow protocols without port in FW_DROP*

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@91 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoadd note about inconsistent iptables behavior (#49739)
Ludwig Nussel [Thu, 13 Jan 2005 13:09:40 +0000 (13:09 +0000)]
add note about inconsistent iptables behavior (#49739)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@90 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoallow source port in FW_SERVICES_{REJECT,DROP}
Ludwig Nussel [Tue, 11 Jan 2005 16:36:58 +0000 (16:36 +0000)]
allow source port in FW_SERVICES_{REJECT,DROP}

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@89 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- implement FW_SERVICES_ACCEPT_*
Ludwig Nussel [Tue, 11 Jan 2005 16:25:29 +0000 (16:25 +0000)]
- implement FW_SERVICES_ACCEPT_*
- recognise special protocol _rpc_ in FW_SERVICES_{ACCEPT,REJECT,DROP}_*

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@88 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- add -q option
Ludwig Nussel [Tue, 11 Jan 2005 11:49:19 +0000 (11:49 +0000)]
- add -q option
- don't warn if FW_MASQ_NETS is set to default 0/0
- create boot lock file in SuSEfirewall2_init to prevent useless
  firewall starts in rcnetwork
- use only SuSEfirewall2_init and ..._setup during boot

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@87 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- do not load ipv6 modules if FW_IPv6=no (#47545)
Ludwig Nussel [Wed, 5 Jan 2005 13:34:56 +0000 (13:34 +0000)]
- do not load ipv6 modules if FW_IPv6=no (#47545)
- move ipv6 checks into right place

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@86 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoadd qdisc file
Ludwig Nussel [Wed, 8 Dec 2004 16:13:15 +0000 (16:13 +0000)]
add qdisc file

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@85 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agomove qdisc settings into separate file
Ludwig Nussel [Wed, 8 Dec 2004 14:54:51 +0000 (14:54 +0000)]
move qdisc settings into separate file
do not call ip anymore as ip addresses are not used anyway
drop tos settings

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@84 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agofix FW_PROTECT_FROM_*
Ludwig Nussel [Wed, 8 Dec 2004 12:15:36 +0000 (12:15 +0000)]
fix FW_PROTECT_FROM_*

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@83 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoonly create zones that are actually needed
Ludwig Nussel [Tue, 7 Dec 2004 14:42:35 +0000 (14:42 +0000)]
only create zones that are actually needed

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@82 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agosplit broadcast stuff into separate zone specific variables
Ludwig Nussel [Tue, 7 Dec 2004 13:26:52 +0000 (13:26 +0000)]
split broadcast stuff into separate zone specific variables

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@81 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoremove zones that are set to no protection from list of zones so no
Ludwig Nussel [Mon, 6 Dec 2004 15:26:50 +0000 (15:26 +0000)]
remove zones that are set to no protection from list of zones so no
further rules are generated for them

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@80 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agodo not discriminate int, ext, dmz anymore
Ludwig Nussel [Mon, 6 Dec 2004 15:19:46 +0000 (15:19 +0000)]
do not discriminate int, ext, dmz anymore
make generic: PROTECT_FROM_INTERNAL -> PROTECT_FROM_*

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@79 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agomake FW_ALLOW_PING_* generic
Ludwig Nussel [Mon, 6 Dec 2004 13:54:40 +0000 (13:54 +0000)]
make FW_ALLOW_PING_* generic
fix forwarding (#48793)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@78 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoallow same icmp replies in forward chain as in input chain
Ludwig Nussel [Fri, 3 Dec 2004 14:28:20 +0000 (14:28 +0000)]
allow same icmp replies in forward chain as in input chain

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@77 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoremove comment
Ludwig Nussel [Fri, 3 Dec 2004 12:11:41 +0000 (12:11 +0000)]
remove comment

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@76 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoremove quickmode from config file
Ludwig Nussel [Fri, 3 Dec 2004 11:50:33 +0000 (11:50 +0000)]
remove quickmode from config file

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@75 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoremove no longer supported variables
Ludwig Nussel [Thu, 2 Dec 2004 17:15:36 +0000 (17:15 +0000)]
remove no longer supported variables

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@74 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agomatch redirected packets with fwmark so the port does not need to be
Ludwig Nussel [Thu, 2 Dec 2004 17:08:39 +0000 (17:08 +0000)]
match redirected packets with fwmark so the port does not need to be
opened

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@73 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agomove remaining functions to dynamic zones
Ludwig Nussel [Thu, 2 Dec 2004 16:50:21 +0000 (16:50 +0000)]
move remaining functions to dynamic zones

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@72 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agodrop icmp output rules, accept always
Ludwig Nussel [Thu, 2 Dec 2004 15:04:06 +0000 (15:04 +0000)]
drop icmp output rules, accept always

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@71 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- first steps towards dynamic zone names
Ludwig Nussel [Thu, 2 Dec 2004 14:12:12 +0000 (14:12 +0000)]
- first steps towards dynamic zone names
- drop auto protect and anti spoof features

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@70 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agofix install target
Ludwig Nussel [Wed, 1 Dec 2004 16:00:03 +0000 (16:00 +0000)]
fix install target

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@69 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agomove function call further down
Ludwig Nussel [Wed, 1 Dec 2004 15:59:55 +0000 (15:59 +0000)]
move function call further down

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@68 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoversion 3.3
Ludwig Nussel [Wed, 1 Dec 2004 12:21:06 +0000 (12:21 +0000)]
version 3.3

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@67 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- drop quickmode and personal firewall compat
Ludwig Nussel [Wed, 1 Dec 2004 12:13:45 +0000 (12:13 +0000)]
- drop quickmode and personal firewall compat
- more cleanup, start using getopt

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@66 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoanother helptext fix
Ludwig Nussel [Tue, 2 Nov 2004 11:01:10 +0000 (11:01 +0000)]
another helptext fix

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@65 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agofix some misleading comments
Ludwig Nussel [Tue, 2 Nov 2004 09:34:39 +0000 (09:34 +0000)]
fix some misleading comments

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@64 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- don't drop INVALID packets explicitly but rather let them fall through
Ludwig Nussel [Tue, 12 Oct 2004 11:08:13 +0000 (11:08 +0000)]
- don't drop INVALID packets explicitly but rather let them fall through
  to the default drop rule (#46818)
- send RST for INVALID ACK tcp packets (#46818)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@63 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoadd missing space (thx Andreas Schwab)
Ludwig Nussel [Tue, 28 Sep 2004 21:53:53 +0000 (21:53 +0000)]
add missing space (thx Andreas Schwab)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@62 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoallow ESTABLISHED,RELATED tcp and udp always (#46237)
Ludwig Nussel [Tue, 28 Sep 2004 16:19:39 +0000 (16:19 +0000)]
allow ESTABLISHED,RELATED tcp and udp always (#46237)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@61 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- some typo fixes from Volker Kuhlmann
Ludwig Nussel [Mon, 27 Sep 2004 15:04:21 +0000 (15:04 +0000)]
- some typo fixes from Volker Kuhlmann
- add feature FW_DEV_EXT=any to prevent common pitfall of packets on
  unconfigured interfaces beeing dropped (#46164, #46168)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@60 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agofix opening ports in zones other than external (#45776)
Ludwig Nussel [Wed, 22 Sep 2004 09:39:04 +0000 (09:39 +0000)]
fix opening ports in zones other than external (#45776)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@59 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agofix output log message
Ludwig Nussel [Mon, 20 Sep 2004 10:27:05 +0000 (10:27 +0000)]
fix output log message

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@58 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agobetter detection if state matchin is supported
Ludwig Nussel [Mon, 20 Sep 2004 10:16:15 +0000 (10:16 +0000)]
better detection if state matchin is supported
fix debug mode
really don't use REJECT if ip6tables has no reject target

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@57 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agodo not set ip_conntrack_max (#44846)
Ludwig Nussel [Tue, 14 Sep 2004 13:23:59 +0000 (13:23 +0000)]
do not set ip_conntrack_max (#44846)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@56 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoimplement open parameter
Ludwig Nussel [Tue, 14 Sep 2004 10:59:08 +0000 (10:59 +0000)]
implement open parameter

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@55 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoadd "on" and "off" parameters to add or remove initscripts
Ludwig Nussel [Fri, 3 Sep 2004 14:13:22 +0000 (14:13 +0000)]
add "on" and "off" parameters to add or remove initscripts

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@54 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agodetect whether to use iptables or ip6tables in FW_SERVICES_REJECT_* and
Ludwig Nussel [Fri, 3 Sep 2004 14:02:25 +0000 (14:02 +0000)]
detect whether to use iptables or ip6tables in FW_SERVICES_REJECT_* and
FW_SERVICES_DROP_*

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@53 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoset FW_MASQ_DEV to zero if personal-firewall is enabled without
Ludwig Nussel [Mon, 30 Aug 2004 15:02:10 +0000 (15:02 +0000)]
set FW_MASQ_DEV to zero if personal-firewall is enabled without
masquerading (#44076)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@52 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agocall awk directly since $AWK is set too late
Ludwig Nussel [Mon, 30 Aug 2004 14:49:08 +0000 (14:49 +0000)]
call awk directly since $AWK is set too late

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@51 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- support invidual services in FW_ALLOW_FW_BROADCAST (#44393)
Ludwig Nussel [Mon, 30 Aug 2004 14:22:37 +0000 (14:22 +0000)]
- support invidual services in FW_ALLOW_FW_BROADCAST (#44393)
- always also open portmapper port if any rpc services are to be opened

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@50 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- allow related connections even in 'close' mode to allow DNS replies during
Ludwig Nussel [Thu, 26 Aug 2004 10:18:09 +0000 (10:18 +0000)]
- allow related connections even in 'close' mode to allow DNS replies during
  boot (#44202, #44268)
- add net parameter to FW_SERVICES_DROP_* and FW_SERVICES_REJECT_*
- set default log limit to 3/minute
- remove accidently slipped in default drop of ssh

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@49 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agofix typo
Ludwig Nussel [Mon, 23 Aug 2004 14:42:49 +0000 (14:42 +0000)]
fix typo

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@48 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoadd helper for pretty log display
Ludwig Nussel [Mon, 23 Aug 2004 10:55:09 +0000 (10:55 +0000)]
add helper for pretty log display

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@47 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- don't install perl help with executable bits set
Ludwig Nussel [Mon, 23 Aug 2004 10:31:09 +0000 (10:31 +0000)]
- don't install perl help with executable bits set
- add new update message

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@46 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agorework some more comments
Ludwig Nussel [Fri, 20 Aug 2004 15:45:52 +0000 (15:45 +0000)]
rework some more comments

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@45 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoinitial support for ipv6
Ludwig Nussel [Fri, 20 Aug 2004 15:45:39 +0000 (15:45 +0000)]
initial support for ipv6

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@44 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago$@ is correct here of course
Ludwig Nussel [Thu, 12 Aug 2004 12:43:18 +0000 (12:43 +0000)]
$@ is correct here of course

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@43 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agonew helper script SuSEfirewall2-rpcinfo which determines ports of rpc
Ludwig Nussel [Thu, 12 Aug 2004 12:32:25 +0000 (12:32 +0000)]
new helper script SuSEfirewall2-rpcinfo which determines ports of rpc
services running as root

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@42 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoadd gpl header
Ludwig Nussel [Thu, 12 Aug 2004 12:27:35 +0000 (12:27 +0000)]
add gpl header

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@41 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoinstall sysconfig scripts
Ludwig Nussel [Fri, 6 Aug 2004 14:01:57 +0000 (14:01 +0000)]
install sysconfig scripts

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@40 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agodoku cleanup
Ludwig Nussel [Fri, 6 Aug 2004 13:48:03 +0000 (13:48 +0000)]
doku cleanup

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@39 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agonew
Ludwig Nussel [Fri, 6 Aug 2004 13:21:37 +0000 (13:21 +0000)]
new

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@38 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agomore cleanup
Ludwig Nussel [Wed, 4 Aug 2004 15:59:09 +0000 (15:59 +0000)]
more cleanup
introduce FW_LOG_LIMIT

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@37 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoconsistent handling of log * critical|accept
Ludwig Nussel [Wed, 4 Aug 2004 13:48:56 +0000 (13:48 +0000)]
consistent handling of log * critical|accept
more cleanup

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@36 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- rewrite most parsing stuff
Ludwig Nussel [Wed, 4 Aug 2004 10:51:16 +0000 (10:51 +0000)]
- rewrite most parsing stuff
- use shell functions
- update GPL to current revision
- new options FW_SERVICES_DROP_EXT, FW_SERVICES_REJECT_EXT

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@35 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoimplement batch mode using iptables-batch
Ludwig Nussel [Wed, 28 Jul 2004 14:44:28 +0000 (14:44 +0000)]
implement batch mode using iptables-batch

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@34 b36d0de6-17df-0310-aa5c-c2ebc275e154