opensuse:susefirewall2.git
8 years agonew script to create snapshots switch-to-git
Ludwig Nussel [Wed, 28 Oct 2009 15:41:59 +0000 (16:41 +0100)]
new script to create snapshots

8 years agofurther polishing of log drop policy
Ludwig Nussel [Tue, 15 Sep 2009 14:25:03 +0000 (14:25 +0000)]
further polishing of log drop policy

- separate drop rule for broadcast packets at end of chain
- only consider NEW udp packets as critical
- don't log INVALID packets as critical

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@226 b36d0de6-17df-0310-aa5c-c2ebc275e154

8 years agofix spelling error in sysconfig file (bnc#537427)
Ludwig Nussel [Tue, 15 Sep 2009 13:32:04 +0000 (13:32 +0000)]
fix spelling error in sysconfig file (bnc#537427)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@225 b36d0de6-17df-0310-aa5c-c2ebc275e154

8 years agodrop multicast packets silently (bnc#538053)
Ludwig Nussel [Tue, 15 Sep 2009 13:31:58 +0000 (13:31 +0000)]
drop multicast packets silently (bnc#538053)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@224 b36d0de6-17df-0310-aa5c-c2ebc275e154

8 years agoremove some debug messages
Ludwig Nussel [Mon, 27 Jul 2009 11:45:41 +0000 (11:45 +0000)]
remove some debug messages

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@223 b36d0de6-17df-0310-aa5c-c2ebc275e154

8 years agoallow disabling NOTRACK rules on lo (bnc#519526)
Ludwig Nussel [Mon, 27 Jul 2009 11:45:35 +0000 (11:45 +0000)]
allow disabling NOTRACK rules on lo (bnc#519526)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@222 b36d0de6-17df-0310-aa5c-c2ebc275e154

8 years agoallow to override interface zones
Ludwig Nussel [Mon, 27 Jul 2009 11:29:40 +0000 (11:29 +0000)]
allow to override interface zones

also report interfaces in /var/run

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@221 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agoremove chkconfig calls (bnc#522268)
Ludwig Nussel [Fri, 17 Jul 2009 09:59:41 +0000 (09:59 +0000)]
remove chkconfig calls (bnc#522268)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@220 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agouse ln -sf
Ludwig Nussel [Thu, 9 Jul 2009 13:48:31 +0000 (13:48 +0000)]
use ln -sf

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@219 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agodeprecate fw_custom_before_antispoofing and fw_custom_after_antispoofing, use fw_cust...
Ludwig Nussel [Thu, 9 Jul 2009 13:48:26 +0000 (13:48 +0000)]
deprecate fw_custom_before_antispoofing and fw_custom_after_antispoofing, use fw_custom_after_chain_creation instead

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@218 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agoallow to set FW_ZONE_DEFAULT via config file
Ludwig Nussel [Thu, 9 Jul 2009 13:48:21 +0000 (13:48 +0000)]
allow to set FW_ZONE_DEFAULT via config file

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@217 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agoadd not about use as bridging firewall
Ludwig Nussel [Thu, 9 Jul 2009 13:48:17 +0000 (13:48 +0000)]
add not about use as bridging firewall

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@216 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agoadd comments to fix vim syntax hilighting resync
Ludwig Nussel [Thu, 9 Jul 2009 13:48:12 +0000 (13:48 +0000)]
add comments to fix vim syntax hilighting resync

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@215 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agoupdate firewall hook script (patch by Marius)
Ludwig Nussel [Tue, 9 Jun 2009 14:15:32 +0000 (14:15 +0000)]
update firewall hook script (patch by Marius)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@214 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agobetter wording for BROADCAST in template
Ludwig Nussel [Tue, 9 Jun 2009 14:15:26 +0000 (14:15 +0000)]
better wording for BROADCAST in template

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@213 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agosilence an error from bash if a service config file is not available (bnc#487870)
Ludwig Nussel [Wed, 25 Mar 2009 12:12:39 +0000 (12:12 +0000)]
silence an error from bash if a service config file is not available (bnc#487870)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@212 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agoallow service files to specify kernel modules and allow related packets
Ludwig Nussel [Fri, 23 Jan 2009 09:37:12 +0000 (09:37 +0000)]
allow service files to specify kernel modules and allow related packets

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@211 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agofix version number in help text
Ludwig Nussel [Mon, 12 Jan 2009 08:17:13 +0000 (08:17 +0000)]
fix version number in help text

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@210 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agoadd note that ulog doesn't work with IPv6 (bnc#442756)
Ludwig Nussel [Mon, 10 Nov 2008 13:17:49 +0000 (13:17 +0000)]
add note that ulog doesn't work with IPv6 (bnc#442756)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@209 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agopoint to correct path for service files (bnc#425187)
Ludwig Nussel [Thu, 6 Nov 2008 12:16:18 +0000 (12:16 +0000)]
point to correct path for service files (bnc#425187)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@208 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agocheck whether IPv6 support is available when stopping the firewall (bnc#442118)
Ludwig Nussel [Thu, 6 Nov 2008 10:00:52 +0000 (10:00 +0000)]
check whether IPv6 support is available when stopping the firewall (bnc#442118)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@207 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agoadd missing iptables-batch commitpoint for IPv4
Ludwig Nussel [Wed, 15 Oct 2008 13:49:45 +0000 (13:49 +0000)]
add missing iptables-batch commitpoint for IPv4

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@206 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agocheck status of SuSEfirewall2 without triggering module load (bnc#435653)
Ludwig Nussel [Wed, 15 Oct 2008 13:49:40 +0000 (13:49 +0000)]
check status of SuSEfirewall2 without triggering module load (bnc#435653)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@205 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agoSuSEfirewall2_init: don't fail if /usr is not available (#429899)
Ludwig Nussel [Tue, 30 Sep 2008 08:47:35 +0000 (08:47 +0000)]
SuSEfirewall2_init: don't fail if /usr is not available (#429899)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@204 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agoexplain some common pitfalls around FW_SERVICES_ACCEPT_EXT
Ludwig Nussel [Fri, 12 Sep 2008 13:48:24 +0000 (13:48 +0000)]
explain some common pitfalls around FW_SERVICES_ACCEPT_EXT

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@203 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agoallow negated rules via ! in FW_FORWARD_MASQ (bnc#413046)
Ludwig Nussel [Fri, 12 Sep 2008 13:48:20 +0000 (13:48 +0000)]
allow negated rules via ! in FW_FORWARD_MASQ (bnc#413046)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@202 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agodon't modify the ip local port range
Ludwig Nussel [Wed, 10 Sep 2008 07:40:41 +0000 (07:40 +0000)]
don't modify the ip local port range

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@201 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agofix init script headers (patch by Werner)
Ludwig Nussel [Tue, 2 Sep 2008 09:21:47 +0000 (09:21 +0000)]
fix init script headers (patch by Werner)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@200 b36d0de6-17df-0310-aa5c-c2ebc275e154

9 years agofix "recent" match (bnc#413446)
Ludwig Nussel [Tue, 2 Sep 2008 09:11:31 +0000 (09:11 +0000)]
fix "recent" match (bnc#413446)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@199 b36d0de6-17df-0310-aa5c-c2ebc275e154

10 years agoadd raw table support (fate#978788)
Ludwig Nussel [Tue, 22 Jul 2008 08:46:48 +0000 (08:46 +0000)]
add raw table support (fate#978788)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@198 b36d0de6-17df-0310-aa5c-c2ebc275e154

10 years agouse correct rules to accept RELATED icmpv6 packets (bnc#396667)
Ludwig Nussel [Mon, 14 Jul 2008 07:28:35 +0000 (07:28 +0000)]
use correct rules to accept RELATED icmpv6 packets (bnc#396667)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@197 b36d0de6-17df-0310-aa5c-c2ebc275e154

10 years agoallow empty protocol in FW_SERVICES_ACCEPT_RELATED, FW_SERVICES_REJECT, FW_SERVICES_D...
Ludwig Nussel [Mon, 30 Jun 2008 15:26:46 +0000 (15:26 +0000)]
allow empty protocol in FW_SERVICES_ACCEPT_RELATED, FW_SERVICES_REJECT, FW_SERVICES_DROP, FW_SERVICES_ACCEPT

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@196 b36d0de6-17df-0310-aa5c-c2ebc275e154

10 years agoaccept icmp RELATED packets (bnc#382004)
Ludwig Nussel [Tue, 22 Apr 2008 09:09:26 +0000 (09:09 +0000)]
accept icmp RELATED packets (bnc#382004)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@195 b36d0de6-17df-0310-aa5c-c2ebc275e154

10 years agosysconfig file documentation improvements
Ludwig Nussel [Thu, 17 Apr 2008 12:54:16 +0000 (12:54 +0000)]
sysconfig file documentation improvements

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@194 b36d0de6-17df-0310-aa5c-c2ebc275e154

10 years agoauto detect bridge interfaces and permit traffic
Ludwig Nussel [Thu, 3 Apr 2008 15:42:03 +0000 (15:42 +0000)]
auto detect bridge interfaces and permit traffic
(bnc#375482)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@193 b36d0de6-17df-0310-aa5c-c2ebc275e154

10 years agoupdate links
Ludwig Nussel [Fri, 28 Mar 2008 14:00:48 +0000 (14:00 +0000)]
update links

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@192 b36d0de6-17df-0310-aa5c-c2ebc275e154

10 years agoremove obsolete files
Ludwig Nussel [Fri, 28 Mar 2008 13:50:20 +0000 (13:50 +0000)]
remove obsolete files

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@191 b36d0de6-17df-0310-aa5c-c2ebc275e154

10 years agoremove X-UnitedLinux tags from init scripts
Ludwig Nussel [Fri, 28 Mar 2008 13:50:15 +0000 (13:50 +0000)]
remove X-UnitedLinux tags from init scripts

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@190 b36d0de6-17df-0310-aa5c-c2ebc275e154

10 years agochange handling of RELATED packages
Ludwig Nussel [Fri, 28 Mar 2008 13:38:31 +0000 (13:38 +0000)]
change handling of RELATED packages

RELATED packages are no longer accepted unconditionally. One has to set
FW_SERVICES_ACCEPT_RELATED_* to accept them in certain zones.

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@189 b36d0de6-17df-0310-aa5c-c2ebc275e154

10 years agoallow to ignore certain broadcasts even if broadcasts in general are allowed which...
Ludwig Nussel [Fri, 28 Mar 2008 13:38:26 +0000 (13:38 +0000)]
allow to ignore certain broadcasts even if broadcasts in general are allowed which is the expected behavior

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@188 b36d0de6-17df-0310-aa5c-c2ebc275e154

10 years agodon't check for /proc/net/stat/nf_conntrack when checking for ipv6 support
Ludwig Nussel [Fri, 28 Mar 2008 13:38:20 +0000 (13:38 +0000)]
don't check for /proc/net/stat/nf_conntrack when checking for ipv6 support

That file is not available if no modules are loaded yet

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@187 b36d0de6-17df-0310-aa5c-c2ebc275e154

10 years agoupdate copyright header
Ludwig Nussel [Fri, 28 Mar 2008 13:38:14 +0000 (13:38 +0000)]
update copyright header

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@186 b36d0de6-17df-0310-aa5c-c2ebc275e154

10 years agofix typo in comment (#350651)
Ludwig Nussel [Mon, 7 Jan 2008 13:52:04 +0000 (13:52 +0000)]
fix typo in comment (#350651)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@185 b36d0de6-17df-0310-aa5c-c2ebc275e154

10 years agodon't reject port 113 by default anymore (#344337)
Ludwig Nussel [Wed, 28 Nov 2007 11:12:35 +0000 (11:12 +0000)]
don't reject port 113 by default anymore (#344337)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@184 b36d0de6-17df-0310-aa5c-c2ebc275e154

10 years agouse hwdesc2iface to convert old eth-id-* and eth-bus-* interface
Ludwig Nussel [Tue, 7 Aug 2007 12:56:31 +0000 (12:56 +0000)]
use hwdesc2iface to convert old eth-id-* and eth-bus-* interface
specifications to actual interface names.

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@183 b36d0de6-17df-0310-aa5c-c2ebc275e154

10 years agodon't try to load ip6tables modules if ipv6 is disabled (#297621)
Ludwig Nussel [Mon, 6 Aug 2007 14:21:35 +0000 (14:21 +0000)]
don't try to load ip6tables modules if ipv6 is disabled (#297621)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@182 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agoNew configuration options: FW_NOMASQ_NETS, FW_FORWARD_REJECT, FW_FORWARD_DROP
Ludwig Nussel [Fri, 6 Jul 2007 13:26:21 +0000 (13:26 +0000)]
New configuration options: FW_NOMASQ_NETS, FW_FORWARD_REJECT, FW_FORWARD_DROP

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@181 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agostart SuSEfirewall2_init as normal init script rather than during boot.d
Ludwig Nussel [Mon, 18 Jun 2007 15:05:21 +0000 (15:05 +0000)]
start SuSEfirewall2_init as normal init script rather than during boot.d

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@180 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agofix permissions of if-up script
Ludwig Nussel [Wed, 13 Jun 2007 15:01:41 +0000 (15:01 +0000)]
fix permissions of if-up script

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@179 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agoadd if-up script
Ludwig Nussel [Wed, 13 Jun 2007 14:44:53 +0000 (14:44 +0000)]
add if-up script

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@178 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agoadd separate bootlock and bootunlock actions
Ludwig Nussel [Wed, 13 Jun 2007 11:56:43 +0000 (11:56 +0000)]
add separate bootlock and bootunlock actions

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@177 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agomove removing the boot lock file into /sbin/SuSEfirewall2
Ludwig Nussel [Wed, 13 Jun 2007 09:07:11 +0000 (09:07 +0000)]
move removing the boot lock file into /sbin/SuSEfirewall2

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@176 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agoadd FW_FORWARD v6 example
Ludwig Nussel [Wed, 21 Mar 2007 15:29:23 +0000 (15:29 +0000)]
add FW_FORWARD v6 example

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@175 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agoFW_FORWARD works with v6 now
Ludwig Nussel [Wed, 21 Mar 2007 15:18:33 +0000 (15:18 +0000)]
FW_FORWARD works with v6 now

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@174 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agov6 support for FW_FORWARD
Ludwig Nussel [Wed, 21 Mar 2007 15:17:34 +0000 (15:17 +0000)]
v6 support for FW_FORWARD

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@173 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agomake FW_ALLOW_CLASS_ROUTING also work for IPv6
Ludwig Nussel [Wed, 21 Mar 2007 14:30:29 +0000 (14:30 +0000)]
make FW_ALLOW_CLASS_ROUTING also work for IPv6

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@172 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years ago- disable rules for related icmp packets as those are useless
Ludwig Nussel [Wed, 21 Mar 2007 09:42:12 +0000 (09:42 +0000)]
- disable rules for related icmp packets as those are useless
- accept icmpv6 in the OUTPUT chain to avoid excessive errors in log

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@171 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agoupdate some comments
Ludwig Nussel [Tue, 20 Mar 2007 12:41:20 +0000 (12:41 +0000)]
update some comments

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@170 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agoadd section about author and maintainer
Ludwig Nussel [Tue, 20 Mar 2007 09:23:12 +0000 (09:23 +0000)]
add section about author and maintainer

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@169 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years ago- enhance FW_ALLOW_CLASS_ROUTING to allow routing is specific zones only
Ludwig Nussel [Mon, 19 Mar 2007 16:29:28 +0000 (16:29 +0000)]
- enhance FW_ALLOW_CLASS_ROUTING to allow routing is specific zones only
- prevent unintended inter-class routing when masquerading is enabled on
  multiple interfaces in the same zone

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@168 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agoremove checks for binaries that are not requried anymore anyways
Ludwig Nussel [Thu, 8 Mar 2007 10:42:09 +0000 (10:42 +0000)]
remove checks for binaries that are not requried anymore anyways

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@167 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agoread service configuration files from /etc/sysconfig/SuSEfirewall2.d/services
Ludwig Nussel [Thu, 1 Mar 2007 15:41:57 +0000 (15:41 +0000)]
read service configuration files from /etc/sysconfig/SuSEfirewall2.d/services

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@166 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agofix FW_DEV_* not working (#244917)
Ludwig Nussel [Tue, 13 Feb 2007 08:58:09 +0000 (08:58 +0000)]
fix FW_DEV_* not working (#244917)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@165 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years ago- use /sys/class/net instead of /proc/sys/net/ipv[46]/conf/ to
Ludwig Nussel [Mon, 12 Feb 2007 11:14:12 +0000 (11:14 +0000)]
- use /sys/class/net instead of /proc/sys/net/ipv[46]/conf/ to
  determine whether an interface exists. Side effect: interfaces
  without ip also get filtering rules
- read FW_ZONE variable from ifcfg files for interfaces that are not
  listed in FW_DEV_*
- always use default zone for interfaces that are neither listed in
  FW_DEV_* nor have FW_ZONE set
- FW_DEV_*="any" sets default zone
- FW_MASQ_DEV="$FW_DEV_EXT" does not work with ifcfg method of
  specifying a zone. Use FW_MASQ_DEV="zone:ext" instead.
- remove old interface autodetection code
- set version to 3.6

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@164 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agodelete obsolete file
Ludwig Nussel [Mon, 12 Feb 2007 11:05:33 +0000 (11:05 +0000)]
delete obsolete file

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@163 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years ago- use local copy of susebooks.css
Ludwig Nussel [Mon, 12 Feb 2007 11:04:58 +0000 (11:04 +0000)]
- use local copy of susebooks.css
- update Make.rules

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@162 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agoadd a name tag to meta info of service template
Ludwig Nussel [Thu, 8 Feb 2007 09:14:34 +0000 (09:14 +0000)]
add a name tag to meta info of service template

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@161 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agofix typos found by Eric Auer
Ludwig Nussel [Tue, 16 Jan 2007 20:28:52 +0000 (20:28 +0000)]
fix typos found by Eric Auer

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@160 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agoonly log errors in the output chain if logging is actually enabled
Ludwig Nussel [Wed, 15 Nov 2006 00:58:47 +0000 (00:58 +0000)]
only log errors in the output chain if logging is actually enabled
(#219108)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@159 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agoreject packets in the internal zone by default
Ludwig Nussel [Wed, 20 Sep 2006 12:47:32 +0000 (12:47 +0000)]
reject packets in the internal zone by default

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@158 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agohonor zone specific FW_REJECT_* variables (#147263)
Ludwig Nussel [Wed, 20 Sep 2006 11:57:11 +0000 (11:57 +0000)]
honor zone specific FW_REJECT_* variables (#147263)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@157 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agoadd --force-local to tar options
Ludwig Nussel [Thu, 10 Aug 2006 14:00:57 +0000 (14:00 +0000)]
add --force-local to tar options

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@156 b36d0de6-17df-0310-aa5c-c2ebc275e154

11 years agofix wrong default value of FW_SERVICES_ACCEPT_EXT
Ludwig Nussel [Mon, 31 Jul 2006 11:37:04 +0000 (11:37 +0000)]
fix wrong default value of FW_SERVICES_ACCEPT_EXT

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@155 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoipt_recent_rcheck should be local too
Ludwig Nussel [Wed, 19 Jul 2006 14:44:34 +0000 (14:44 +0000)]
ipt_recent_rcheck should be local too

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@154 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoadd support for ipt_recent (#104602)
Ludwig Nussel [Wed, 19 Jul 2006 14:37:10 +0000 (14:37 +0000)]
add support for ipt_recent (#104602)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@153 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agofix --nobatch option
Ludwig Nussel [Wed, 19 Jul 2006 13:26:01 +0000 (13:26 +0000)]
fix --nobatch option

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@152 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agorotten
Ludwig Nussel [Mon, 17 Jul 2006 09:22:38 +0000 (09:22 +0000)]
rotten

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@151 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agomove config files to /usr/share/SuSEfirewall2/services
Ludwig Nussel [Mon, 17 Jul 2006 09:15:43 +0000 (09:15 +0000)]
move config files to /usr/share/SuSEfirewall2/services

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@150 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agobump version
Ludwig Nussel [Mon, 17 Jul 2006 08:54:42 +0000 (08:54 +0000)]
bump version

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@149 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoadd config variables for configuations feature
Ludwig Nussel [Mon, 17 Jul 2006 08:54:20 +0000 (08:54 +0000)]
add config variables for configuations feature

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@148 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agosupport alternative logging targets (#180078)
Ludwig Nussel [Mon, 17 Jul 2006 08:20:49 +0000 (08:20 +0000)]
support alternative logging targets (#180078)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@147 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoadd support for service configuration files in
Ludwig Nussel [Fri, 14 Jul 2006 13:50:13 +0000 (13:50 +0000)]
add support for service configuration files in
/etc/sysconfig/SuSEfirewall2.d via FW_CONFIGURATIONS_*
(fate #300687)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@146 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoremove superflous $LA (thanks Leendert Meyer)
Ludwig Nussel [Mon, 12 Jun 2006 06:32:03 +0000 (06:32 +0000)]
remove superflous $LA (thanks Leendert Meyer)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@145 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoinstall rule for interface 'any' last in order to make it work with SLE-10-GA
Ludwig Nussel [Tue, 6 Jun 2006 07:12:31 +0000 (07:12 +0000)]
install rule for interface 'any' last in order to make it work with
additional zones like DMZ (#181308)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@144 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agofix FW_FORWARD not working with ipsec flag (#170530)
Ludwig Nussel [Mon, 22 May 2006 11:36:19 +0000 (11:36 +0000)]
fix FW_FORWARD not working with ipsec flag (#170530)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@143 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- correct docu for FW_KERNEL_SECURITY SLE-10-tar
Ludwig Nussel [Thu, 30 Mar 2006 09:18:30 +0000 (09:18 +0000)]
- correct docu for FW_KERNEL_SECURITY

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@142 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- don't change igmp_max_memberships (#162086)
Ludwig Nussel [Thu, 30 Mar 2006 09:09:19 +0000 (09:09 +0000)]
- don't change igmp_max_memberships (#162086)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@141 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- introduce FW_FORWARD_ALWAYS_INOUT_DEV for use with XEN (#154133)
Ludwig Nussel [Wed, 29 Mar 2006 10:04:06 +0000 (10:04 +0000)]
- introduce FW_FORWARD_ALWAYS_INOUT_DEV for use with XEN (#154133)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@140 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agolog and drop multicast packets separately to not flood other log
Ludwig Nussel [Mon, 6 Mar 2006 15:31:32 +0000 (15:31 +0000)]
log and drop multicast packets separately to not flood other log
targets (#155326)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@139 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- don't try to use v6 state matching if /proc/net/stat/nf_conntrack
Ludwig Nussel [Thu, 2 Mar 2006 13:50:38 +0000 (13:50 +0000)]
- don't try to use v6 state matching if /proc/net/stat/nf_conntrack
  doesn't exist as it won't work without (#151776)
- reject v6 packets by default to avoid timeouts (#145758)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@138 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- allow FW_FORWARD_MASQ without FW_MASQ_NETS
Ludwig Nussel [Mon, 20 Feb 2006 13:22:39 +0000 (13:22 +0000)]
- allow FW_FORWARD_MASQ without FW_MASQ_NETS

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@137 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agonot needed
Ludwig Nussel [Fri, 17 Feb 2006 14:09:40 +0000 (14:09 +0000)]
not needed

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@136 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agoip6t_state is now included in xt_state
Ludwig Nussel [Wed, 1 Feb 2006 14:43:21 +0000 (14:43 +0000)]
ip6t_state is now included in xt_state

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@135 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agodon't change setting for ECN and TCP syncookies as those are already
Ludwig Nussel [Tue, 10 Jan 2006 12:46:13 +0000 (12:46 +0000)]
don't change setting for ECN and TCP syncookies as those are already
configurable via /etc/sysconfig/sysctl

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@134 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agopackage directory with correct version
Ludwig Nussel [Tue, 3 Jan 2006 10:18:12 +0000 (10:18 +0000)]
package directory with correct version

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@133 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agouse svn revision in archive name
Ludwig Nussel [Tue, 3 Jan 2006 10:11:15 +0000 (10:11 +0000)]
use svn revision in archive name

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@132 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agofix initscript status reporting (#124869)
Ludwig Nussel [Tue, 3 Jan 2006 10:08:20 +0000 (10:08 +0000)]
fix initscript status reporting (#124869)

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@131 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years ago- fall back to normal iptables if iptables-batch fails
Ludwig Nussel [Mon, 1 Aug 2005 14:34:54 +0000 (14:34 +0000)]
- fall back to normal iptables if iptables-batch fails
- always add ip6tables drop rule in case REJECT doesn't work for some
  reason

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@130 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agodon't load ftp conntrack helpers by default
Ludwig Nussel [Mon, 1 Aug 2005 08:18:40 +0000 (08:18 +0000)]
don't load ftp conntrack helpers by default

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@129 b36d0de6-17df-0310-aa5c-c2ebc275e154

12 years agomove docu generation rules into separate file
Ludwig Nussel [Mon, 1 Aug 2005 08:17:07 +0000 (08:17 +0000)]
move docu generation rules into separate file

git-svn-id: https://forgesvn1.novell.com/svn/susefirewall2/trunk@128 b36d0de6-17df-0310-aa5c-c2ebc275e154