opensuse:susefirewall2.git
7 years agocheck whether IPv6 support is available when stopping the firewall (bnc#442118) SLE-10-SP4
Ludwig Nussel [Wed, 10 Nov 2010 13:00:49 +0000 (14:00 +0100)]
check whether IPv6 support is available when stopping the firewall (bnc#442118)

Conflicts:

SuSEfirewall2

7 years agoremove kernel ipv6 module detection (bnc#617033)
Ludwig Nussel [Mon, 28 Jun 2010 15:06:20 +0000 (17:06 +0200)]
remove kernel ipv6 module detection (bnc#617033)

7 years agocheck status of SuSEfirewall2 without triggering module load (bnc#435653)
Ludwig Nussel [Wed, 10 Nov 2010 12:21:03 +0000 (13:21 +0100)]
check status of SuSEfirewall2 without triggering module load (bnc#435653)

Conflicts:

SuSEfirewall2

7 years agodon't check for /proc/net/stat/nf_conntrack when checking for ipv6 support
Ludwig Nussel [Fri, 28 Mar 2008 13:38:20 +0000 (13:38 +0000)]
don't check for /proc/net/stat/nf_conntrack when checking for ipv6 support

That file is not available if no modules are loaded yet

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@187 b36d0de6-17df-0310-aa5c-c2ebc275e154

7 years agodon't modify the ip local port range SLE-10-SP2 SLE-10-SP3
Ludwig Nussel [Wed, 10 Sep 2008 07:40:41 +0000 (07:40 +0000)]
don't modify the ip local port range

7 years agodon't try to load ip6tables modules if ipv6 is disabled (#297621) SLE-10-SP3-GA
Ludwig Nussel [Mon, 6 Aug 2007 14:21:35 +0000 (14:21 +0000)]
don't try to load ip6tables modules if ipv6 is disabled (#297621)

7 years agoauto detect bridge interfaces and permit traffic
Ludwig Nussel [Thu, 3 Apr 2008 15:42:03 +0000 (15:42 +0000)]
auto detect bridge interfaces and permit traffic
(bnc#375482)

12 years agoinstall rule for interface 'any' last in order to make it work with SLE-10-GA
Ludwig Nussel [Tue, 6 Jun 2006 07:12:31 +0000 (07:12 +0000)]
install rule for interface 'any' last in order to make it work with
additional zones like DMZ (#181308)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@144 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agofix FW_FORWARD not working with ipsec flag (#170530)
Ludwig Nussel [Mon, 22 May 2006 11:36:19 +0000 (11:36 +0000)]
fix FW_FORWARD not working with ipsec flag (#170530)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@143 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- correct docu for FW_KERNEL_SECURITY SLE-10-tar
Ludwig Nussel [Thu, 30 Mar 2006 09:18:30 +0000 (09:18 +0000)]
- correct docu for FW_KERNEL_SECURITY

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@142 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- don't change igmp_max_memberships (#162086)
Ludwig Nussel [Thu, 30 Mar 2006 09:09:19 +0000 (09:09 +0000)]
- don't change igmp_max_memberships (#162086)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@141 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- introduce FW_FORWARD_ALWAYS_INOUT_DEV for use with XEN (#154133)
Ludwig Nussel [Wed, 29 Mar 2006 10:04:06 +0000 (10:04 +0000)]
- introduce FW_FORWARD_ALWAYS_INOUT_DEV for use with XEN (#154133)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@140 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agolog and drop multicast packets separately to not flood other log
Ludwig Nussel [Mon, 6 Mar 2006 15:31:32 +0000 (15:31 +0000)]
log and drop multicast packets separately to not flood other log
targets (#155326)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@139 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- don't try to use v6 state matching if /proc/net/stat/nf_conntrack
Ludwig Nussel [Thu, 2 Mar 2006 13:50:38 +0000 (13:50 +0000)]
- don't try to use v6 state matching if /proc/net/stat/nf_conntrack
  doesn't exist as it won't work without (#151776)
- reject v6 packets by default to avoid timeouts (#145758)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@138 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- allow FW_FORWARD_MASQ without FW_MASQ_NETS
Ludwig Nussel [Mon, 20 Feb 2006 13:22:39 +0000 (13:22 +0000)]
- allow FW_FORWARD_MASQ without FW_MASQ_NETS

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@137 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agonot needed
Ludwig Nussel [Fri, 17 Feb 2006 14:09:40 +0000 (14:09 +0000)]
not needed

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@136 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoip6t_state is now included in xt_state
Ludwig Nussel [Wed, 1 Feb 2006 14:43:21 +0000 (14:43 +0000)]
ip6t_state is now included in xt_state

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@135 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agodon't change setting for ECN and TCP syncookies as those are already
Ludwig Nussel [Tue, 10 Jan 2006 12:46:13 +0000 (12:46 +0000)]
don't change setting for ECN and TCP syncookies as those are already
configurable via /etc/sysconfig/sysctl

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@134 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agopackage directory with correct version
Ludwig Nussel [Tue, 3 Jan 2006 10:18:12 +0000 (10:18 +0000)]
package directory with correct version

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@133 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agouse svn revision in archive name
Ludwig Nussel [Tue, 3 Jan 2006 10:11:15 +0000 (10:11 +0000)]
use svn revision in archive name

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@132 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agofix initscript status reporting (#124869)
Ludwig Nussel [Tue, 3 Jan 2006 10:08:20 +0000 (10:08 +0000)]
fix initscript status reporting (#124869)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@131 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- fall back to normal iptables if iptables-batch fails
Ludwig Nussel [Mon, 1 Aug 2005 14:34:54 +0000 (14:34 +0000)]
- fall back to normal iptables if iptables-batch fails
- always add ip6tables drop rule in case REJECT doesn't work for some
  reason

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@130 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agodon't load ftp conntrack helpers by default
Ludwig Nussel [Mon, 1 Aug 2005 08:18:40 +0000 (08:18 +0000)]
don't load ftp conntrack helpers by default

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@129 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agomove docu generation rules into separate file
Ludwig Nussel [Mon, 1 Aug 2005 08:17:07 +0000 (08:17 +0000)]
move docu generation rules into separate file

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@128 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agodiscard errors from rpcinfo as some people don't have it running all the
Ludwig Nussel [Tue, 12 Jul 2005 10:02:55 +0000 (10:02 +0000)]
discard errors from rpcinfo as some people don't have it running all the
time

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@127 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agodon't print warning if ipv6 support is disabled
Ludwig Nussel [Tue, 5 Jul 2005 14:03:40 +0000 (14:03 +0000)]
don't print warning if ipv6 support is disabled

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@126 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agomark FW_ALLOW_INCOMING_HIGHPORTS_* as deprecated
Ludwig Nussel [Thu, 30 Jun 2005 08:34:07 +0000 (08:34 +0000)]
mark FW_ALLOW_INCOMING_HIGHPORTS_* as deprecated

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@125 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agopermit empty port in FW_TRUSTED_NETS
Ludwig Nussel [Tue, 28 Jun 2005 08:10:56 +0000 (08:10 +0000)]
permit empty port in FW_TRUSTED_NETS

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@124 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoadd target to sync to forgeftp
Ludwig Nussel [Tue, 28 Jun 2005 08:09:06 +0000 (08:09 +0000)]
add target to sync to forgeftp

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@123 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoinstall symlinks like they are in the rpm package
Ludwig Nussel [Wed, 15 Jun 2005 08:44:14 +0000 (08:44 +0000)]
install symlinks like they are in the rpm package

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@122 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agonew example for FW_TRUSTED_NETS
Ludwig Nussel [Wed, 15 Jun 2005 08:44:00 +0000 (08:44 +0000)]
new example for FW_TRUSTED_NETS

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@121 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agofix FW_ALLOW_INCOMING_HIGHPORTS_UDP
Ludwig Nussel [Wed, 15 Jun 2005 08:08:08 +0000 (08:08 +0000)]
fix FW_ALLOW_INCOMING_HIGHPORTS_UDP

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@120 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agouse /var/log/firewall
Ludwig Nussel [Mon, 9 May 2005 12:58:04 +0000 (12:58 +0000)]
use /var/log/firewall

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@119 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agofix check for iptables-batch
Ludwig Nussel [Mon, 9 May 2005 12:57:53 +0000 (12:57 +0000)]
fix check for iptables-batch

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@118 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agouse iptables-batch by default if available
Ludwig Nussel [Fri, 22 Apr 2005 09:16:33 +0000 (09:16 +0000)]
use iptables-batch by default if available
version 3.4

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@117 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- add batch commits to stop and close
Ludwig Nussel [Tue, 19 Apr 2005 12:03:00 +0000 (12:03 +0000)]
- add batch commits to stop and close
- move allowing udp ports before reject rules

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@116 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoreally use full path
Ludwig Nussel [Mon, 18 Apr 2005 13:55:46 +0000 (13:55 +0000)]
really use full path

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@115 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agouse full path to getopt and logger (#76703)
Ludwig Nussel [Mon, 11 Apr 2005 07:35:52 +0000 (07:35 +0000)]
use full path to getopt and logger (#76703)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@114 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agofix FW_ALLOW_CLASS_ROUTING (#75319)
Ludwig Nussel [Thu, 31 Mar 2005 08:28:28 +0000 (08:28 +0000)]
fix FW_ALLOW_CLASS_ROUTING (#75319)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@113 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoremove $PERSFWCONFIG, not used anymore
Ludwig Nussel [Wed, 30 Mar 2005 07:43:34 +0000 (07:43 +0000)]
remove $PERSFWCONFIG, not used anymore

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@112 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- include all sysctl in FW_KERNEL_SECURITY (#61429)
Ludwig Nussel [Wed, 16 Mar 2005 13:02:09 +0000 (13:02 +0000)]
- include all sysctl in FW_KERNEL_SECURITY (#61429)
- allow basic IPv6 tcp and icmp despite missing conntrack (#72865)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@111 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agochange stylesheet to make programlistings have a grey background again
Ludwig Nussel [Mon, 14 Mar 2005 13:49:55 +0000 (13:49 +0000)]
change stylesheet to make programlistings have a grey background again

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@110 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agofix reversed reject logic with ipv6 (#72414)
Ludwig Nussel [Mon, 14 Mar 2005 13:47:29 +0000 (13:47 +0000)]
fix reversed reject logic with ipv6 (#72414)
fix "any" interface (#72428)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@109 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoadd desktop file for susehelp
Ludwig Nussel [Fri, 11 Mar 2005 16:26:36 +0000 (16:26 +0000)]
add desktop file for susehelp

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@108 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agodefine ipsec matching parameters even if ipsec gets no special handling (#62352)
Ludwig Nussel [Tue, 1 Mar 2005 13:19:33 +0000 (13:19 +0000)]
define ipsec matching parameters even if ipsec gets no special handling (#62352)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@107 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- reorder rule creation to keep window where packets are dropped small
Ludwig Nussel [Mon, 21 Feb 2005 10:38:51 +0000 (10:38 +0000)]
- reorder rule creation to keep window where packets are dropped small
- fix missing space at some log messages

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@106 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoadd port to FW_FORWARD reply packet match rule
Ludwig Nussel [Fri, 18 Feb 2005 13:18:57 +0000 (13:18 +0000)]
add port to FW_FORWARD reply packet match rule

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@105 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agomore examples
Ludwig Nussel [Thu, 17 Feb 2005 11:06:14 +0000 (11:06 +0000)]
more examples

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@104 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoadd wlan interface to example
Ludwig Nussel [Thu, 17 Feb 2005 11:05:40 +0000 (11:05 +0000)]
add wlan interface to example

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@103 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agopackage style sheet
Ludwig Nussel [Thu, 17 Feb 2005 11:05:01 +0000 (11:05 +0000)]
package style sheet

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@102 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agopackage new docbook docu
Ludwig Nussel [Wed, 16 Feb 2005 14:48:06 +0000 (14:48 +0000)]
package new docbook docu

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@101 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoconvert readme as docbook
Ludwig Nussel [Wed, 16 Feb 2005 14:47:54 +0000 (14:47 +0000)]
convert readme as docbook

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@100 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoadd docbook-xml docu
Ludwig Nussel [Wed, 16 Feb 2005 13:27:58 +0000 (13:27 +0000)]
add docbook-xml docu

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@99 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- disable workaround for #46818
Ludwig Nussel [Thu, 3 Feb 2005 15:53:00 +0000 (15:53 +0000)]
- disable workaround for #46818
- add more examples to broadcast variable
- use proof-read text for update message

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@98 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- move conversion of old broadcast variables into separate file so it
Ludwig Nussel [Tue, 1 Feb 2005 12:12:16 +0000 (12:12 +0000)]
- move conversion of old broadcast variables into separate file so it
  can be called from the rpm post script
- add update message for broadcast variables

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@97 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoparse zones before interface evaluation
Ludwig Nussel [Mon, 31 Jan 2005 09:46:07 +0000 (09:46 +0000)]
parse zones before interface evaluation

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@96 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agofix init script requirement
Ludwig Nussel [Fri, 28 Jan 2005 17:13:18 +0000 (17:13 +0000)]
fix init script requirement

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@95 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- allow to define additional zones through FW_ZONES
Ludwig Nussel [Wed, 26 Jan 2005 12:53:12 +0000 (12:53 +0000)]
- allow to define additional zones through FW_ZONES
- remove FW_ALLOW_FW_TRACEROUTE from config file

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@94 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agobe more specific about deprecated variables
Ludwig Nussel [Tue, 25 Jan 2005 17:03:33 +0000 (17:03 +0000)]
be more specific about deprecated variables

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@93 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoswitch to silent if not run from a tty
Ludwig Nussel [Tue, 25 Jan 2005 16:45:28 +0000 (16:45 +0000)]
switch to silent if not run from a tty

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@92 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoallow protocols without port in FW_DROP*
Ludwig Nussel [Fri, 21 Jan 2005 10:47:45 +0000 (10:47 +0000)]
allow protocols without port in FW_DROP*

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@91 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoadd note about inconsistent iptables behavior (#49739)
Ludwig Nussel [Thu, 13 Jan 2005 13:09:40 +0000 (13:09 +0000)]
add note about inconsistent iptables behavior (#49739)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@90 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoallow source port in FW_SERVICES_{REJECT,DROP}
Ludwig Nussel [Tue, 11 Jan 2005 16:36:58 +0000 (16:36 +0000)]
allow source port in FW_SERVICES_{REJECT,DROP}

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@89 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- implement FW_SERVICES_ACCEPT_*
Ludwig Nussel [Tue, 11 Jan 2005 16:25:29 +0000 (16:25 +0000)]
- implement FW_SERVICES_ACCEPT_*
- recognise special protocol _rpc_ in FW_SERVICES_{ACCEPT,REJECT,DROP}_*

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@88 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- add -q option
Ludwig Nussel [Tue, 11 Jan 2005 11:49:19 +0000 (11:49 +0000)]
- add -q option
- don't warn if FW_MASQ_NETS is set to default 0/0
- create boot lock file in SuSEfirewall2_init to prevent useless
  firewall starts in rcnetwork
- use only SuSEfirewall2_init and ..._setup during boot

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@87 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- do not load ipv6 modules if FW_IPv6=no (#47545)
Ludwig Nussel [Wed, 5 Jan 2005 13:34:56 +0000 (13:34 +0000)]
- do not load ipv6 modules if FW_IPv6=no (#47545)
- move ipv6 checks into right place

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@86 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoadd qdisc file
Ludwig Nussel [Wed, 8 Dec 2004 16:13:15 +0000 (16:13 +0000)]
add qdisc file

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@85 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agomove qdisc settings into separate file
Ludwig Nussel [Wed, 8 Dec 2004 14:54:51 +0000 (14:54 +0000)]
move qdisc settings into separate file
do not call ip anymore as ip addresses are not used anyway
drop tos settings

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@84 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agofix FW_PROTECT_FROM_*
Ludwig Nussel [Wed, 8 Dec 2004 12:15:36 +0000 (12:15 +0000)]
fix FW_PROTECT_FROM_*

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@83 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoonly create zones that are actually needed
Ludwig Nussel [Tue, 7 Dec 2004 14:42:35 +0000 (14:42 +0000)]
only create zones that are actually needed

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@82 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agosplit broadcast stuff into separate zone specific variables
Ludwig Nussel [Tue, 7 Dec 2004 13:26:52 +0000 (13:26 +0000)]
split broadcast stuff into separate zone specific variables

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@81 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoremove zones that are set to no protection from list of zones so no
Ludwig Nussel [Mon, 6 Dec 2004 15:26:50 +0000 (15:26 +0000)]
remove zones that are set to no protection from list of zones so no
further rules are generated for them

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@80 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agodo not discriminate int, ext, dmz anymore
Ludwig Nussel [Mon, 6 Dec 2004 15:19:46 +0000 (15:19 +0000)]
do not discriminate int, ext, dmz anymore
make generic: PROTECT_FROM_INTERNAL -> PROTECT_FROM_*

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@79 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agomake FW_ALLOW_PING_* generic
Ludwig Nussel [Mon, 6 Dec 2004 13:54:40 +0000 (13:54 +0000)]
make FW_ALLOW_PING_* generic
fix forwarding (#48793)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@78 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoallow same icmp replies in forward chain as in input chain
Ludwig Nussel [Fri, 3 Dec 2004 14:28:20 +0000 (14:28 +0000)]
allow same icmp replies in forward chain as in input chain

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@77 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoremove comment
Ludwig Nussel [Fri, 3 Dec 2004 12:11:41 +0000 (12:11 +0000)]
remove comment

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@76 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoremove quickmode from config file
Ludwig Nussel [Fri, 3 Dec 2004 11:50:33 +0000 (11:50 +0000)]
remove quickmode from config file

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@75 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoremove no longer supported variables
Ludwig Nussel [Thu, 2 Dec 2004 17:15:36 +0000 (17:15 +0000)]
remove no longer supported variables

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@74 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agomatch redirected packets with fwmark so the port does not need to be
Ludwig Nussel [Thu, 2 Dec 2004 17:08:39 +0000 (17:08 +0000)]
match redirected packets with fwmark so the port does not need to be
opened

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@73 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agomove remaining functions to dynamic zones
Ludwig Nussel [Thu, 2 Dec 2004 16:50:21 +0000 (16:50 +0000)]
move remaining functions to dynamic zones

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@72 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agodrop icmp output rules, accept always
Ludwig Nussel [Thu, 2 Dec 2004 15:04:06 +0000 (15:04 +0000)]
drop icmp output rules, accept always

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@71 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- first steps towards dynamic zone names
Ludwig Nussel [Thu, 2 Dec 2004 14:12:12 +0000 (14:12 +0000)]
- first steps towards dynamic zone names
- drop auto protect and anti spoof features

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@70 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agofix install target
Ludwig Nussel [Wed, 1 Dec 2004 16:00:03 +0000 (16:00 +0000)]
fix install target

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@69 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agomove function call further down
Ludwig Nussel [Wed, 1 Dec 2004 15:59:55 +0000 (15:59 +0000)]
move function call further down

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@68 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoversion 3.3
Ludwig Nussel [Wed, 1 Dec 2004 12:21:06 +0000 (12:21 +0000)]
version 3.3

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@67 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years ago- drop quickmode and personal firewall compat
Ludwig Nussel [Wed, 1 Dec 2004 12:13:45 +0000 (12:13 +0000)]
- drop quickmode and personal firewall compat
- more cleanup, start using getopt

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@66 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agoanother helptext fix
Ludwig Nussel [Tue, 2 Nov 2004 11:01:10 +0000 (11:01 +0000)]
another helptext fix

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@65 b36d0de6-17df-0310-aa5c-c2ebc275e154

13 years agofix some misleading comments
Ludwig Nussel [Tue, 2 Nov 2004 09:34:39 +0000 (09:34 +0000)]
fix some misleading comments

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@64 b36d0de6-17df-0310-aa5c-c2ebc275e154

14 years ago- don't drop INVALID packets explicitly but rather let them fall through
Ludwig Nussel [Tue, 12 Oct 2004 11:08:13 +0000 (11:08 +0000)]
- don't drop INVALID packets explicitly but rather let them fall through
  to the default drop rule (#46818)
- send RST for INVALID ACK tcp packets (#46818)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@63 b36d0de6-17df-0310-aa5c-c2ebc275e154

14 years agoadd missing space (thx Andreas Schwab)
Ludwig Nussel [Tue, 28 Sep 2004 21:53:53 +0000 (21:53 +0000)]
add missing space (thx Andreas Schwab)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@62 b36d0de6-17df-0310-aa5c-c2ebc275e154

14 years agoallow ESTABLISHED,RELATED tcp and udp always (#46237)
Ludwig Nussel [Tue, 28 Sep 2004 16:19:39 +0000 (16:19 +0000)]
allow ESTABLISHED,RELATED tcp and udp always (#46237)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@61 b36d0de6-17df-0310-aa5c-c2ebc275e154

14 years ago- some typo fixes from Volker Kuhlmann
Ludwig Nussel [Mon, 27 Sep 2004 15:04:21 +0000 (15:04 +0000)]
- some typo fixes from Volker Kuhlmann
- add feature FW_DEV_EXT=any to prevent common pitfall of packets on
  unconfigured interfaces beeing dropped (#46164, #46168)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@60 b36d0de6-17df-0310-aa5c-c2ebc275e154

14 years agofix opening ports in zones other than external (#45776)
Ludwig Nussel [Wed, 22 Sep 2004 09:39:04 +0000 (09:39 +0000)]
fix opening ports in zones other than external (#45776)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@59 b36d0de6-17df-0310-aa5c-c2ebc275e154

14 years agofix output log message
Ludwig Nussel [Mon, 20 Sep 2004 10:27:05 +0000 (10:27 +0000)]
fix output log message

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@58 b36d0de6-17df-0310-aa5c-c2ebc275e154

14 years agobetter detection if state matchin is supported
Ludwig Nussel [Mon, 20 Sep 2004 10:16:15 +0000 (10:16 +0000)]
better detection if state matchin is supported
fix debug mode
really don't use REJECT if ip6tables has no reject target

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@57 b36d0de6-17df-0310-aa5c-c2ebc275e154

14 years agodo not set ip_conntrack_max (#44846)
Ludwig Nussel [Tue, 14 Sep 2004 13:23:59 +0000 (13:23 +0000)]
do not set ip_conntrack_max (#44846)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@56 b36d0de6-17df-0310-aa5c-c2ebc275e154

14 years agoimplement open parameter
Ludwig Nussel [Tue, 14 Sep 2004 10:59:08 +0000 (10:59 +0000)]
implement open parameter

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@55 b36d0de6-17df-0310-aa5c-c2ebc275e154

14 years agoadd "on" and "off" parameters to add or remove initscripts
Ludwig Nussel [Fri, 3 Sep 2004 14:13:22 +0000 (14:13 +0000)]
add "on" and "off" parameters to add or remove initscripts

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@54 b36d0de6-17df-0310-aa5c-c2ebc275e154

14 years agodetect whether to use iptables or ip6tables in FW_SERVICES_REJECT_* and
Ludwig Nussel [Fri, 3 Sep 2004 14:02:25 +0000 (14:02 +0000)]
detect whether to use iptables or ip6tables in FW_SERVICES_REJECT_* and
FW_SERVICES_DROP_*

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@53 b36d0de6-17df-0310-aa5c-c2ebc275e154

14 years agoset FW_MASQ_DEV to zero if personal-firewall is enabled without
Ludwig Nussel [Mon, 30 Aug 2004 15:02:10 +0000 (15:02 +0000)]
set FW_MASQ_DEV to zero if personal-firewall is enabled without
masquerading (#44076)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@52 b36d0de6-17df-0310-aa5c-c2ebc275e154