summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2009-02-25Revert "Make sure to quote $VAR(@)."Stig Thormodsrud
This reverts commit c5595b67948166f65c8ea2c1ce1890b9aa27fd3d.
2009-02-240.13.7-14debian/0.13.7-14Mohit Mehta
2009-02-24Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jennerStig Thormodsrud
2009-02-24Make sure to quote $VAR(@).Stig Thormodsrud
2009-02-24add ipv6 accept_redirects and accept_source_route under firewallMohit Mehta
2009-02-24Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jennerStig Thormodsrud
2009-02-24Limit firewall name to 29 characters since that is the iptables/ip6tablesStig Thormodsrud
limit.
2009-02-240.13.7-13debian/0.13.7-13Bob Gilligan
2009-02-24Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jennerBob Gilligan
2009-02-24Allow IPv6 firewall rulesets to be configured on an interface independent of ↵Bob Gilligan
IPv4. Replaced the hand-coded config templates under each type of interface with script-generated templates. This should be easier to maintain as we add new types of interfaces. Added sub-trees for "modify", "ipv6-name" and "ipv6-modify" under "in", "out" and "local" for all interfaces. Added command-completion for ruleset names being configured on an interface.
2009-02-24Fix Bug 4150 enable loose reverse path filteringMohit Mehta
2009-02-230.13.7-12debian/0.13.7-12Bob Gilligan
2009-02-23Add "ipv6-modify" firewall configuration sub-tree.Bob Gilligan
2009-02-190.13.7-11debian/0.13.7-11Mohit Mehta
2009-02-19Fix Bug 3951 default values for kernel tunable security parameters under ↵Mohit Mehta
firewall
2009-02-19Fix Bug 3951 default values for kernel tunable security parameters under ↵Mohit Mehta
firewall
2009-02-180.13.7-10debian/0.13.7-10Bob Gilligan
2009-02-18Multiple updates for IPv6:Bob Gilligan
- Added ICMPv6 config tree - Removed ICMP config tree (it's not used in IPv6) - Removed fragmentation tree (it's not used in IPv6) - Improved parsing for source and destination address parameters - Improved parsing for protocol parameter
2009-02-16Fix changelogdebian/0.13.7-9Stig Thormodsrud
2009-02-16- Add check for address range starting with higher address.Stig Thormodsrud
- Add natural-order sort for displaying address/network groups.
2009-02-15Reduce duplicate code.Stig Thormodsrud
2009-02-15Change delete_member_range to use the same subnet prefix.Stig Thormodsrud
2009-02-15Add support for ranges in firewall group address & port.Stig Thormodsrud
2009-02-130.13.7-7debian/0.13.7-7Stig Thormodsrud
2009-02-13Make "show firewall group" work for operator.Stig Thormodsrud
2009-02-13Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jennerStig Thormodsrud
2009-02-13Add description and references to "show firewall group".Stig Thormodsrud
2009-02-13Fix Bug 4074 firewall broadcast ping parameter needs to be clarifiedMohit Mehta
make behavior as documented i.e. icmp broadcast pings are ignored unless 'firewall broadcast-ping' is set to 'enable' by user
2009-02-13Add show-set to display all sets.Stig Thormodsrud
2009-02-13Cache exists() to reduce calls to external /usr/sbin/ipset.Stig Thormodsrud
2009-02-13Add support for "show firewall group".Stig Thormodsrud
2009-02-12Add check for combining network-group and address-group.Stig Thormodsrud
2009-02-12Add firewall group nodes to firewall modify.Stig Thormodsrud
2009-02-12Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jennerStig Thormodsrud
2009-02-12Add allow values for firewall groups.Stig Thormodsrud
2009-02-12no need to use loop to echo allowed valuesMohit Mehta
2009-02-120.13.7-6debian/0.13.7-6Mohit Mehta
2009-02-12better off storing icmp type-names than depend on iptables helpMohit Mehta
2009-02-11Add check for combination of IP range and network-group.Stig Thormodsrud
2009-02-10Change sudo usage to be more consistent.Stig Thormodsrud
2009-02-10Clean up mapping between vyatta firewall group_type vs ipset set_type.Stig Thormodsrud
2009-02-10Add space in front of match rule just in case other match rules don't.Stig Thormodsrud
2009-02-10Add more validation of firewall network-group before calling ipset.Stig Thormodsrud
2009-02-10Add more firewall group validation before calling ipset.Stig Thormodsrud
2009-02-09Add back parameter that was dropped when converting to use run_cmd().Stig Thormodsrud
2009-02-090.13.7-5debian/0.13.7-5Stig Thormodsrud
2009-02-06Add carriage return to error message.Stig Thormodsrud
2009-02-06Add validation of group type.Stig Thormodsrud
2009-02-06Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jennerStig Thormodsrud
2009-02-050.13.7-4debian/0.13.7-4Mohit Mehta