| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2009-04-13 | Move firewall "end" processing down to each table. | Stig Thormodsrud | |
| Fix bug for global enable/disable of conntrack. | |||
| 2009-04-09 | 0.13.7-28debian/0.13.7-28 | Stig Thormodsrud | |
| 2009-04-09 | Add ability for firename to select default policy. | Stig Thormodsrud | |
| 2009-04-08 | Fix faulty search loop. | Stig Thormodsrud | |
| 2009-04-07 | 0.13.7-27debian/0.13.7-27 | Stig Thormodsrud | |
| 2009-04-07 | Apply interface firewalls to separate VYATTA_(IN|OUT)_HOOK. | Stig Thormodsrud | |
| This enforces in firewall to be processed before out firewall. | |||
| 2009-04-03 | 0.13.7-26debian/0.13.7-26 | Bob Gilligan | |
| 2009-04-03 | Bugfix 4261: Add support to configure "limit" for IPv6 modify rulesets. | Bob Gilligan | |
| 2009-04-03 | 0.13.7-25debian/0.13.7-25 | Bob Gilligan | |
| 2009-04-03 | Bugfix 4261: Add support to configure "limit" in IPv6. | Bob Gilligan | |
| 2009-03-31 | 0.13.7-24debian/0.13.7-24 | Stig Thormodsrud | |
| 2009-03-31 | Remove extra carriage return that was breaking the generated firewall | Stig Thormodsrud | |
| template. | |||
| 2009-03-30 | Cleanup perl code that generates templates | Stephen Hemminger | |
| 1. Check for errors in open/mkdir 2. Use mkdir_p in perl rather than calling system 3. Use Perl Best Practices style 3 arg open 4. Put less blank lines in templates 5. reindent with perltidy 6. turn on warnings | |||
| 2009-03-27 | Revert "Allow user configurable default-policy on firewall." | Stig Thormodsrud | |
| Further test identified a problem. The patch is broken if a packet must do both an in & out filter. This reverts commit 754d0f4d855a59020afa20ad8867218708b5c978. | |||
| 2009-03-27 | Allow user configurable default-policy on firewall. | Stig Thormodsrud | |
| 2009-03-26 | 0.13.7-23debian/0.13.7-23 | Mohit Mehta | |
| 2009-03-26 | * add 'redirect' to Valid ICMPv6 Types | Mohit Mehta | |
| * add comp_help for ICMPv4 type-name | |||
| 2009-03-13 | 0.13.7-22debian/0.13.7-22 | Stephen Hemminger | |
| 2009-03-13 | Merge branch 'jenner' of suva.vyatta.com:/git/vyatta-cfg-firewall into jenner | Stephen Hemminger | |
| 2009-03-12 | Doing strict ES won't work for router | Stephen Hemminger | |
| Need a different kind of filter to fix 4061. (Not sure if it is even possible as firewall rule since it depends on quagga config rules). | |||
| 2009-03-12 | 0.13.7-21debian/0.13.7-21 | Stephen Hemminger | |
| 2009-03-12 | Don't use -P | Stephen Hemminger | |
| Changing default property of rules screws up other things | |||
| 2009-03-12 | Enable strict host matching | Stephen Hemminger | |
| Bug 4061 Host (INPUT) chain will only accept packets where destination address matches address on incoming interface. | |||
| 2009-03-10 | 0.13.7-20debian/0.13.7-20 | Bob Gilligan | |
| 2009-03-10 | Bugfix 4203: Name of template should be classical-ipoa, not classical_ipoa | Bob Gilligan | |
| 2009-03-09 | 0.13.7-19debian/0.13.7-19 | Bob Gilligan | |
| 2009-03-09 | Automatically generate more per-interface firewall templates. | Bob Gilligan | |
| Added code to generate at build time the templates for: bridge, openvpn, multilink, serial, and wirelessmodem interfaces. | |||
| 2009-03-06 | 0.13.7-18debian/0.13.7-18 | Bob Gilligan | |
| 2009-03-06 | Remove per-interface firewall templates; They are now generated. | Bob Gilligan | |
| 2009-03-04 | 0.13.7-17debian/0.13.7-17 | Bob Gilligan | |
| 2009-03-04 | Don't attempt to delete ruleset from "other" trees | Bob Gilligan | |
| When a ruleset was being applied to an interface, the code previously attempted to find out if that ruleset name was being applied to that same interface and in the same direction, but under a different "tree" name (e.g. "name", "ipv6-name", "modify", etc.). If it found a match, it would delete the other rule. But the matching logic was insufficient, so it killed off some random other rule instead. There is really no need to perform this check anyway, so I have removed it. | |||
| 2009-03-03 | 0.13.7-16debian/0.13.7-16 | Bob Gilligan | |
| 2009-03-03 | Fix generated templates for ethernet vifs. | Bob Gilligan | |
| 2009-03-01 | 0.13.7-15debian/0.13.7-15 | Stig Thormodsrud | |
| 2009-02-28 | Fix 3422: fw logging fails if logprefix is too long (> 29 characters) | Stig Thormodsrud | |
| 2009-02-27 | Prevent ';' from being used in a firewall name. | Stig Thormodsrud | |
| 2009-02-27 | Limit address range to a /24, but make easy to change if it's deam too ↵ | Stig Thormodsrud | |
| restrictive. | |||
| 2009-02-26 | Add allow/comp_help to firewall action. | Stig Thormodsrud | |
| 2009-02-25 | The generated-templates directory holds only derived files. | Bob Gilligan | |
| 2009-02-25 | Use single quote around $VAR(@). | Stig Thormodsrud | |
| 2009-02-25 | Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jenner | Stig Thormodsrud | |
| 2009-02-25 | Revert "Make sure to quote $VAR(@)." | Stig Thormodsrud | |
| This reverts commit c5595b67948166f65c8ea2c1ce1890b9aa27fd3d. | |||
| 2009-02-24 | 0.13.7-14debian/0.13.7-14 | Mohit Mehta | |
| 2009-02-24 | Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jenner | Stig Thormodsrud | |
| 2009-02-24 | Make sure to quote $VAR(@). | Stig Thormodsrud | |
| 2009-02-24 | add ipv6 accept_redirects and accept_source_route under firewall | Mohit Mehta | |
| 2009-02-24 | Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jenner | Stig Thormodsrud | |
| 2009-02-24 | Limit firewall name to 29 characters since that is the iptables/ip6tables | Stig Thormodsrud | |
| limit. | |||
| 2009-02-24 | 0.13.7-13debian/0.13.7-13 | Bob Gilligan | |
| 2009-02-24 | Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jenner | Bob Gilligan | |
 |
index : vyatta-cfg-firewall.git | |
| Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git) |
| summaryrefslogtreecommitdiff |