vyatta-cfg-firewall.git/scripts, branch equuleus

vyatta-cfg-firewall.git/scripts, branch equuleus Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git) https://git.amelek.net/vyos/vyatta-cfg-firewall.git/atom?h=equuleus 2024-04-09T13:35:41+00:00 T6215: Replace confusing error messages with clear ones 2024-04-09T13:35:41+00:00 aslanvyos 126803786+aslanvyos@users.noreply.github.com 2024-04-09T09:30:46+00:00 urn:sha1:572f8dbef0c5a596dfbe7bd9284238016662762e ipset: T2189: optimized firewall groups performance 2022-09-19T17:16:12+00:00 zsdc taras@vyos.io 2022-09-12T15:07:01+00:00 urn:sha1:d55b9e14c14011577354b69cc569d2652d5e31fd This commit optimizes the speed of interaction with the ipset. * removed extra `sudo` from `ipset` commands, because scripts that run `ipset` commands already run under `sudo`. This gives approximately 4x performance improvement. * replaced logic in the `member_exists` function for port groups. Instead of calling `ipset -T` for each port now the whole list is received in one command and a search process is done inside Perl. This significantly improves speed for port groups with long port ranges inside. * delete ip address and port ranges using a single command instead deleting each element individually. * added the same ranges validation for address-group as for port-group. ipset: T4002: Generate a temporary set name from UUID 2022-03-06T13:15:17+00:00 zsdc taras@vyos.io 2022-03-06T13:15:17+00:00 urn:sha1:2649cb10598e5b3ad605950afabcd6facd4eab70 ipset allows assigning set names up to 31 characters long. Currently, we use a process -PID number as a suffix for generating temporary set names. But this cuts effective set name to 25 characters only (`set name in CLI` + `-` + `PID number`), however in CLI we have a limit set to 31. So, set names with long prefixes cannot be configured. This commit replaces PID-based temporary name with UUID-based, which allows configuring set names with full name size. firewall: T4100: default action number 2022-01-12T03:56:33+00:00 goodNETnick pknet@ya.ru 2022-01-12T03:56:33+00:00 urn:sha1:7e00db319e5078c1f290e63a968af0c507c99bd4 conntrack: T3290: remove references to removed GRE plugins 2021-04-20T17:38:56+00:00 Brandon Stepler brandon@stepler.net 2021-02-11T02:30:00+00:00 urn:sha1:af9e3958cdcb20531c1f9394488482ac28c71072 (cherry picked from commit 55fe5936b39b9ba20b6ac927f3b8930ed2d0af60) firewall: T1241: Check file before del 2020-07-29T10:00:52+00:00 sever-sever v.gletenko@vyos.io 2020-07-29T09:33:34+00:00 urn:sha1:928722075e75859c7fdd646f7dc93bfcb0008f9a [ipset] T1456: Add check for duplicate items in port-group before commit 2019-06-19T19:24:41+00:00 zsdc taras@sentrium.io 2019-06-19T19:24:41+00:00 urn:sha1:835304e5aaa252e8b0bcf4651629cd089e670147 T484: Rules can't be deleted from firewall rule sets used in zone policies 2019-02-08T17:42:29+00:00 Joshua McBeth joshua.mcbeth@gmail.com 2017-12-04T02:43:25+00:00 urn:sha1:2cd6280b90042efac7c37be4835f70ed06514504 Revert "Bug #T171 fix Open Task T171 Unable to Delte Rule" 2019-02-08T17:42:29+00:00 Christian Poessinger christian@poessinger.com 2019-02-08T17:41:06+00:00 urn:sha1:5499f86a9b6702ce1e76d994402299fce3bbbc47 This reverts commit d1164b989295016436f20caa709603ec5d85a4d3. Merge branch 'current' of https://github.com/mevertse/vyatta-cfg-firewall into HEAD 2019-01-29T13:32:12+00:00 Merijn Evertse merijn@trans-ix.nl 2019-01-29T13:32:12+00:00 urn:sha1:012c8c62fe1cebc58089ae76d127a64e82508c13