vyatta-cfg-firewall.git/scripts, branch jenner

vyatta-cfg-firewall.git/scripts, branch jenner Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git) https://git.amelek.net/vyos/vyatta-cfg-firewall.git/atom?h=jenner 2009-07-31T23:01:30+00:00 Another attempt to fix 4760. 2009-07-31T23:01:30+00:00 Stig Thormodsrud stig@vyatta.com 2009-07-31T23:01:30+00:00 urn:sha1:4dadce6ebca29e6f6d7120a44541fd99034417f2 Fix 4683: Firewall Rule number maximum 1024 reached 2009-07-10T23:50:03+00:00 Stig Thormodsrud stig@vyatta.com 2009-07-10T23:50:03+00:00 urn:sha1:90fb731c3a846e9a951c6fd1c5f73082e2bcf93a Fix 4581: Firewall name issue causes failed commit 2009-06-14T18:14:37+00:00 Stig Thormodsrud stig@vyatta.com 2009-06-14T18:14:37+00:00 urn:sha1:a4521d45fa8deb8b3431579d5b3bc2016592fbdc Change firewall default-policy to default-action. 2009-06-03T01:47:41+00:00 Stig Thormodsrud stig@vyatta.com 2009-06-03T01:47:41+00:00 urn:sha1:c5795f63dea325bc4a1f9a1f02b6b0d510731ffb explicitly set conntrack table size to 16384 on system boot 2009-05-27T20:59:04+00:00 Mohit Mehta mohit.mehta@vyatta.com 2009-05-27T20:59:04+00:00 urn:sha1:4e3586d818580ecc8b9721f3bb47f3efa6d67a5e Add 'reject' as a configurable value for default-policy 2009-05-11T23:54:02+00:00 Mohit Mehta mohit.mehta@vyatta.com 2009-05-11T23:54:02+00:00 urn:sha1:7820d87bcf833391f4b2dbbc90bee57dfa91f545 under name and ipv6-name rulesets Fix Bug 4388 firewall name shouldn't have been set after commit failed 2009-05-09T00:14:04+00:00 Mohit Mehta mohit.mehta@vyatta.com 2009-05-09T00:14:04+00:00 urn:sha1:c690c60ff29d8ee2f3f62bc38d99c05f3300002f * undo chain setup and refcnt work if chain rule failed during chain creation Bugfix 4340: Enable net.netfilter.nf_conntrack_tcp_be_liberal by default. 2009-05-08T20:36:18+00:00 Bob Gilligan gilligan@vyatta.com 2009-05-08T20:36:18+00:00 urn:sha1:2cc639cacae969af4f36a7b587f86ac479ebe729 The parameter in question loosens the "acceptability" check on TCP sequence and ACK numbers in the TCP conntrack module. This allows connection tracking to survive certain cases where packet loss would cause it to loose sync with the TCP endpoints. * don't allow user to create a chain that exists in the system. This may be 2009-05-05T18:34:06+00:00 Mohit Mehta mohit.mehta@vyatta.com 2009-05-05T18:34:06+00:00 urn:sha1:af9b647c46b09a8ad84b68264fd2bfb65c9dd98e either vyatta/user defined chains or system chains such as INPUT, OUTPUT etc. * don't allow user to create chains with name starting from 'VZONE'. This is reserved for zone chains created by us. * setup table only for specific tree, not both filter and mangle 2009-05-01T23:25:39+00:00 Mohit Mehta mohit.mehta@vyatta.com 2009-05-01T23:25:39+00:00 urn:sha1:7b34e9152366c6e60720bc065b4e3d1cd57b7fa6 as we teardown table only for the tree that was in the CLI * remove 'next' statement for removed for loop * fix Bug 4244 - Committing firewall changes breaks WAN Load-balancing (WLB) we only delete chains that are configured under firewall and don't touch chains that might be owned by other features such as zone based firewall, WLB * remove unused code, code cleanup