summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2009-03-30Cleanup perl code that generates templatesStephen Hemminger
1. Check for errors in open/mkdir 2. Use mkdir_p in perl rather than calling system 3. Use Perl Best Practices style 3 arg open 4. Put less blank lines in templates 5. reindent with perltidy 6. turn on warnings
2009-03-27Revert "Allow user configurable default-policy on firewall."Stig Thormodsrud
Further test identified a problem. The patch is broken if a packet must do both an in & out filter. This reverts commit 754d0f4d855a59020afa20ad8867218708b5c978.
2009-03-27Allow user configurable default-policy on firewall.Stig Thormodsrud
2009-03-260.13.7-23debian/0.13.7-23Mohit Mehta
2009-03-26* add 'redirect' to Valid ICMPv6 TypesMohit Mehta
* add comp_help for ICMPv4 type-name
2009-03-130.13.7-22debian/0.13.7-22Stephen Hemminger
2009-03-13Merge branch 'jenner' of suva.vyatta.com:/git/vyatta-cfg-firewall into jennerStephen Hemminger
2009-03-12Doing strict ES won't work for routerStephen Hemminger
Need a different kind of filter to fix 4061. (Not sure if it is even possible as firewall rule since it depends on quagga config rules).
2009-03-120.13.7-21debian/0.13.7-21Stephen Hemminger
2009-03-12Don't use -PStephen Hemminger
Changing default property of rules screws up other things
2009-03-12Enable strict host matchingStephen Hemminger
Bug 4061 Host (INPUT) chain will only accept packets where destination address matches address on incoming interface.
2009-03-100.13.7-20debian/0.13.7-20Bob Gilligan
2009-03-10Bugfix 4203: Name of template should be classical-ipoa, not classical_ipoaBob Gilligan
2009-03-090.13.7-19debian/0.13.7-19Bob Gilligan
2009-03-09Automatically generate more per-interface firewall templates.Bob Gilligan
Added code to generate at build time the templates for: bridge, openvpn, multilink, serial, and wirelessmodem interfaces.
2009-03-060.13.7-18debian/0.13.7-18Bob Gilligan
2009-03-06Remove per-interface firewall templates; They are now generated.Bob Gilligan
2009-03-040.13.7-17debian/0.13.7-17Bob Gilligan
2009-03-04Don't attempt to delete ruleset from "other" treesBob Gilligan
When a ruleset was being applied to an interface, the code previously attempted to find out if that ruleset name was being applied to that same interface and in the same direction, but under a different "tree" name (e.g. "name", "ipv6-name", "modify", etc.). If it found a match, it would delete the other rule. But the matching logic was insufficient, so it killed off some random other rule instead. There is really no need to perform this check anyway, so I have removed it.
2009-03-030.13.7-16debian/0.13.7-16Bob Gilligan
2009-03-03Fix generated templates for ethernet vifs.Bob Gilligan
2009-03-010.13.7-15debian/0.13.7-15Stig Thormodsrud
2009-02-28Fix 3422: fw logging fails if logprefix is too long (> 29 characters)Stig Thormodsrud
2009-02-27Prevent ';' from being used in a firewall name.Stig Thormodsrud
2009-02-27Limit address range to a /24, but make easy to change if it's deam too ↵Stig Thormodsrud
restrictive.
2009-02-26Add allow/comp_help to firewall action.Stig Thormodsrud
2009-02-25The generated-templates directory holds only derived files.Bob Gilligan
2009-02-25Use single quote around $VAR(@).Stig Thormodsrud
2009-02-25Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jennerStig Thormodsrud
2009-02-25Revert "Make sure to quote $VAR(@)."Stig Thormodsrud
This reverts commit c5595b67948166f65c8ea2c1ce1890b9aa27fd3d.
2009-02-240.13.7-14debian/0.13.7-14Mohit Mehta
2009-02-24Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jennerStig Thormodsrud
2009-02-24Make sure to quote $VAR(@).Stig Thormodsrud
2009-02-24add ipv6 accept_redirects and accept_source_route under firewallMohit Mehta
2009-02-24Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jennerStig Thormodsrud
2009-02-24Limit firewall name to 29 characters since that is the iptables/ip6tablesStig Thormodsrud
limit.
2009-02-240.13.7-13debian/0.13.7-13Bob Gilligan
2009-02-24Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jennerBob Gilligan
2009-02-24Allow IPv6 firewall rulesets to be configured on an interface independent of ↵Bob Gilligan
IPv4. Replaced the hand-coded config templates under each type of interface with script-generated templates. This should be easier to maintain as we add new types of interfaces. Added sub-trees for "modify", "ipv6-name" and "ipv6-modify" under "in", "out" and "local" for all interfaces. Added command-completion for ruleset names being configured on an interface.
2009-02-24Fix Bug 4150 enable loose reverse path filteringMohit Mehta
2009-02-230.13.7-12debian/0.13.7-12Bob Gilligan
2009-02-23Add "ipv6-modify" firewall configuration sub-tree.Bob Gilligan
2009-02-190.13.7-11debian/0.13.7-11Mohit Mehta
2009-02-19Fix Bug 3951 default values for kernel tunable security parameters under ↵Mohit Mehta
firewall
2009-02-19Fix Bug 3951 default values for kernel tunable security parameters under ↵Mohit Mehta
firewall
2009-02-180.13.7-10debian/0.13.7-10Bob Gilligan
2009-02-18Multiple updates for IPv6:Bob Gilligan
- Added ICMPv6 config tree - Removed ICMP config tree (it's not used in IPv6) - Removed fragmentation tree (it's not used in IPv6) - Improved parsing for source and destination address parameters - Improved parsing for protocol parameter
2009-02-16Fix changelogdebian/0.13.7-9Stig Thormodsrud
2009-02-16- Add check for address range starting with higher address.Stig Thormodsrud
- Add natural-order sort for displaying address/network groups.
2009-02-15Reduce duplicate code.Stig Thormodsrud
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-27 23:49:18 +0000