vyatta-cfg-firewall.git - Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git)

Age	Commit message (Collapse)	Author
2022-03-10	Merge pull request #32 from zdc/T4002-equuleus1.3.2	Christian Poessinger
	ipset: T4002: Generate a temporary set name from UUID
2022-03-06	ipset: T4002: Generate a temporary set name from UUID	zsdc
	ipset allows assigning set names up to 31 characters long. Currently, we use a process -PID number as a suffix for generating temporary set names. But this cuts effective set name to 25 characters only (`set name in CLI` + `-` + `PID number`), however in CLI we have a limit set to 31. So, set names with long prefixes cannot be configured. This commit replaces PID-based temporary name with UUID-based, which allows configuring set names with full name size.
2022-01-29	Merge pull request #29 from goodNETnick/default-rule-num	Christian Poessinger
	firewall: T4100: default action number
2022-01-11	firewall: T4100: default action number	goodNETnick

2021-12-31	Merge pull request #27 from goodNETnick/equuleus	Christian Poessinger
	Firewall: T4100: increase maximum number of rules
2021-12-27	Firewall: T4100: increase maximum number of rules	root
	(cherry picked from commit df69f68e09b82f3e1ee928963709b1263cea5bdf)
2021-12-27	Firewall: T4100: increase maximum number of rules	pkmaster

2021-09-24	Merge pull request #25 from vfreex/bridge-vifs-equuleus	Christian Poessinger
	T3115: Add firewall options for bridge vifs
2021-09-24	T3115: Add firewall options for bridge vifs	Yuxiang Zhu

2021-06-25	T2023: macsec: fix interface tree reference	Christian Poessinger

2021-06-13	T2023: add macsec interface firewall support	Christian Poessinger
	(cherry picked from commit 44f91525cc72a26b365bb24cab22344bc5e06540)
2021-06-13	T3620: rename wirelessmodem -> wwan	Christian Poessinger
	(cherry picked from commit c5a8a802fa017808ba044d9151dd35a48ae60b94)
2021-05-25	firewall: ICMP code/type: T3569	srividya0208
	Fixed the completion help for icmp code & type which was showing out of range values 0-4294967295 than the allowed values i.e. 0-255 (cherry picked from commit c89cbf844bc2f54fb599ab7bbb7821f3160b7d28)
2021-04-20	conntrack: T3290: remove references to removed GRE plugins	Brandon Stepler
	(cherry picked from commit 55fe5936b39b9ba20b6ac927f3b8930ed2d0af60)
2021-04-05	T3456: add missing priority when removing per interface firewall rules	Christian Poessinger
	This is the second commit for fixing this issue, the first was for the policy based routing and fixed in commit dc80ce45f95 ("T3456: add missing priority when deleting interface policy"). set firewall name FOO rule 10 action 'accept' set interfaces ethernet eth0 firewall local name 'FOO' commit This was not able to be removed again in one commit, two commits are required. vyos@r4-roll# delete firewall [edit] vyos@r4-roll# delete interfaces ethernet eth0 firewall [edit] vyos@r4-roll# commit [ firewall name FOO ] Firewall configuration error: Cannot delete rule set "FOO" (still in use) delete [ firewall name FOO ] failed delete [ firewall ] failed Commit failed [edit] vyos@r4-roll# (cherry picked from commit 8e1ab2a747a26a3a574c411b95ffb2a3ca7e3854)
2021-04-05	T3456: add missing priority when deleting interface policy	Christian Poessinger
	set interfaces ethernet eth1 policy route 'LAN-POLICY-BASED-ROUTING' set policy route LAN-POLICY-BASED-ROUTING rule 10 destination set policy route LAN-POLICY-BASED-ROUTING rule 10 disable set policy route LAN-POLICY-BASED-ROUTING rule 10 set table '10' set policy route LAN-POLICY-BASED-ROUTING rule 10 source address '192.168.0.119/32' set policy route LAN-POLICY-BASED-ROUTING rule 20 destination set policy route LAN-POLICY-BASED-ROUTING rule 20 set table '100' set policy route LAN-POLICY-BASED-ROUTING rule 20 source address '192.168.0.240' This was not able to be deleted in only one commit, two commits were required. vyos@vyos# delete policy vyos@vyos# delete interfaces ethernet eth1 policy vyos@vyos# commit [ policy route LAN-POLICY-BASED-ROUTING ] Firewall configuration error: Cannot delete rule set "LAN-POLICY-BASED-ROUTING" (still in use) delete [ policy route LAN-POLICY-BASED-ROUTING ] failed [[]] failed Commit failed copy failed [/opt/vyatta/config/tmp/tmp_7724/work/.unionfs-fuse][/opt/vyatta/config/tmp/new_config_7724/.unionfs-fuse] Failed to generate committed config [edit] vyos@vyos# (cherry picked from commit dc80ce45f95e243afc6c3d9016f051cfab690846)
2021-04-04	Jenkins: use build library from proper branch "equuleus"	Christian Poessinger

2021-01-08	Debian: also package files for dummy interfaces	Christian Poessinger
	(cherry picked from commit eba416df08429eead009b30b7b72a286dd194dd4)
2021-01-04	Update debian version.	Daniil Baturin

2020-11-27	Merge pull request #19 from sever-sever/T2868	Daniil Baturin
	cfg-firewall: T2868: Delete option pmtu for tcp-mss
2020-11-27	cfg-firewall: T2868: Delete option pmtu for tcp-mss	sever-sever

2020-07-29	Debian: set compatibility level to 9	Christian Poessinger

2020-07-29	Merge pull request #18 from sever-sever/T1241	Daniil Baturin
	firewall: T1241: Check file before del
2020-07-29	firewall: T1241: Check file before del	sever-sever

2020-06-23	Jenkins: T2625: migrate to build library	Christian Poessinger

2020-03-21	Jenkins: T1870: support GitHub PullRequest builds	Christian Poessinger

2020-02-23	pppoe: T1318: de-nest pppoe interface	Christian Poessinger

2019-12-27	Jenkins: make pipeline branch independent	Christian Poessinger

2019-12-18	Merge branch 'equuleus' of github.com:vyos/vyatta-cfg-firewall into current	Christian Poessinger
	* 'equuleus' of github.com:vyos/vyatta-cfg-firewall: Jenkins: import Pipeline from vyos-1x commit bd00ec7 update Jenkins file for equuleus
2019-09-28	Jenkins: import Pipeline from vyos-1x commit bd00ec7	Christian Poessinger

2019-09-28	Jenkins: import Pipeline from vyos-1x commit bd00ec7VyOS_1.2-2019Q4	Christian Poessinger

2019-09-28	Jenkins: import Pipeline from vyos-1x commit 4d225f6	Christian Poessinger

2019-08-14	update Jenkins file for equuleus	UnicronNL

2019-06-23	Merge pull request #15 from woodypl/current	Christian Poessinger
	T1471: Fix wireguard entry in firewall template generator.
2019-06-23	T1471: Fix wireguard entry in firewall template generator.	Paweł Drewniak

2019-06-20	Merge pull request #14 from zdc/T1456	Daniil Baturin
	[ipset] T1456: Add check for duplicate items in port-group before commit
2019-06-19	[ipset] T1456: Add check for duplicate items in port-group before commit	zsdc

2019-05-21	Create Jenkinsfile current	Kim Hagen

2019-02-08	T484: Rules can't be deleted from firewall rule sets used in zone policies	Joshua McBeth

2019-02-08	Revert "Bug #T171 fix Open Task T171 Unable to Delte Rule"	Christian Poessinger
	This reverts commit d1164b989295016436f20caa709603ec5d85a4d3.
2019-01-29	Merge pull request #12 from mevertse/current	hagbard-01
	T166: Changed NPTv6 to use NETMAP
2019-01-29	Merge branch 'current' of https://github.com/mevertse/vyatta-cfg-firewall ↵	Merijn Evertse
	into HEAD
2019-01-29	T166: Changed NPTv6 to use NETMAP	Merijn Evertse

2018-12-17	T1111: use unique recent packet list names in rules.	Daniil Baturin

2018-12-16	T1087: add wireguard to interface template generators.	Daniil Baturin

2018-11-18	T573: add support for matching IPv6 hop limit.	Daniil Baturin
	Patch by Ray Patrick Soucy.
2018-11-13	T1006: replace check_prefix_boundary with ipaddrcheck.	Daniil Baturin

2018-10-26	T59: Inspect action still exists in firewall and should be removed	hagbard

2018-07-24	T666: remove the firewall option from the old VRRP CLI.	Daniil Baturin
	If left in place, it will create incorrect command definition tree when vyatta-vrrp is removed and cause config loading errors.
2018-06-24	T710: remove dependency on vyatta-util.	Daniil Baturin