summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-11-290.14.0+vyos2+lithium15debian/0.14.0+vyos2+lithium15Alex Harpin
2015-11-28vyatta-cfg-firewall: drop executable permissions on node.defsAlex Harpin
Drop the executable permissions present on a number of node.defs to remove lintian warnings.
2015-11-28vyatta-cfg-firewall: check rules for errors before processing themAlex Harpin
Errors in firewall rules can cause either rules to be overwritten (completely or partially), dropped entirely, or just ending up with an inconsistent state in comparison to the current configuration. This can lead to unpredictable firewall results, which can't even be corrected by deleting all the firewall rules, only a reboot or manual intervention will correct the issue. Checking these rules for consistency in a separate loop before they are applied allows the errors to flagged up and the commit failed before the iptables are touched. Bug #623 http://bugzilla.vyos.net/show_bug.cgi?id=623
2015-11-28vyatta-cfg-firewall: formatting changes for style consistencyAlex Harpin
Update scripts/firewall/vyatta-firewall.pl to maintain style and consistency.
2015-11-28vyatta-cfg-firewall: update nfct commands to use the new syntaxAlex Harpin
Update the nfcft commands to use the new style syntax rather than the old, following the update of conntrack-tools to 1.4.3.
2015-10-240.14.0+vyos2+lithium14debian/0.14.0+vyos2+lithium14Alex Harpin
2015-10-24vyatta-cfg-firewall: temporarily disable p2p option in firewall configAlex Harpin
Both the userspace library and the associated kernel module for the iptables ipp2p match target are currently missing and so this configuration returns an error when used. Disabling this option temporarily until the above issue has been resolved. Bug #602 http://bugzilla.vyos.net/show_bug.cgi?id=602
2015-06-240.14.0+vyos2+lithium13debian/0.14.0+vyos2+lithium13Alex Harpin
2015-06-24vyatta-cfg-firewall: add port 1536 to the initial ct helper chainAlex Harpin
Add port 1536 to the initial VYATTA_CT_HELPER chain inline with the conntrack sqlnet module change in vyatta-conntrack. Bug #412 http://bugzilla.vyos.net/show_bug.cgi?id=412
2015-06-150.14.0+vyos2+lithium12debian/0.14.0+vyos2+lithium12Alex Harpin
2015-06-15vyatta-cfg-firewall: update dh_gencontrol with new development flagAlex Harpin
2015-05-15Merge pull request #4 from pasikarkkainen/local-pbrDaniil Baturin
Bug #252: Add support for local PBR
2015-05-14Added support for local PBR to gen-interface-policy-templates.plPasi Karkkainen
2015-05-14Added support for local PBR to vyatta-firewall.plPasi Karkkainen
2015-05-140.14.0+vyos2+lithium11debian/0.14.0+vyos2+lithium11Daniil Baturin
2015-05-14Missing comma in gen-interface-templates script interface hash.Daniil Baturin
2015-05-030.14.0+vyos2+lithium10debian/0.14.0+vyos2+lithium10Daniil Baturin
2015-05-03http://bugzilla.vyos.net/show_bug.cgi?id=494Carl Byington
Signed-off-by: Daniil Baturin <daniil@baturin.org>
2015-05-03fix syntax error from sortingCarl Byington
Signed-off-by: Daniil Baturin <daniil@baturin.org>
2015-05-03fix syntax error from sortingCarl Byington
Signed-off-by: Daniil Baturin <daniil@baturin.org>
2015-05-03add interfaces/vti/<intf>/policy add ↵Carl Byington
interfaces/ethernet/<intf>/vrrp/vrrp-group/policy remove interfaces/ethernet/<intf>/pppoa cleanup and sort lists of interfaces Signed-off-by: Daniil Baturin <daniil@baturin.org>
2015-05-03add firewall config for vrrp interfacesCarl Byington
Signed-off-by: Daniil Baturin <daniil@baturin.org>
2015-05-03add firewall config for vrrp interfacesCarl Byington
Signed-off-by: Daniil Baturin <daniil@baturin.org>
2015-05-030.14.0+vyos2+lithium9debian/0.14.0+vyos2+lithium9Daniil Baturin
2015-05-03Bug #406: display uncommited firewall group names in completion.Daniil Baturin
2015-04-090.14.0+vyos2+lithium8debian/0.14.0+vyos2+lithium8Daniil Baturin
2015-04-09Sanitize the package.Daniil Baturin
Add dependency on iptables. Don't build the cfg-serial package and don't generate templates for it, serial interfaces support is long dead. Generate templates for dummy interfaces.
2015-02-170.14.0+vyos2+lithium7debian/0.14.0+vyos2+lithium7Daniil Baturin
2015-02-16Merge pull request #2 from kouak/lithiumDaniil Baturin
Add SNPT and DNPT firewall hooks and load ip6t_NPT kernel module (#387)
2015-02-15Add SNPT and DNPT firewall hooks and load ip6t_NPT kernel module (#387)kouak
2015-02-140.14.0+vyos2+lithium6debian/0.14.0+vyos2+lithium6Daniil Baturin
2015-02-14Bug #487: complete names for added but not commited firewall rulesets.Daniil Baturin
2014-12-250.14.0+vyos2+lithium5debian/0.14.0+vyos2+lithium5Alex Harpin
2014-12-25Update maintainer addressAlex Harpin
2014-12-150.14.0+vyos2+lithium4debian/0.14.0+vyos2+lithium4Alex Harpin
2014-12-15Force releaseAlex Harpin
2014-11-210.14.0+vyos2+lithium3debian/0.14.0+vyos2+lithium3Daniil Baturin
2014-11-21Fix missing autogenerated chain for IPv6 policy routing.William Steve Applegate
Signed-off-by: Daniil Baturin <daniil@baturin.org>
2014-11-180.14.0+vyos2+lithium2debian/0.14.0+vyos2+lithium2Daniil Baturin
2014-11-18New branchDaniil Baturin
2014-09-200.13.91+vyos1+helium8debian/0.13.91+vyos1+helium8Daniil Baturin
2014-09-20Add VXLAN to generated templates.Daniil Baturin
2014-08-020.13.91+vyos1+helium7vyos/1.1.0-beta1debian/0.13.91+vyos1+helium7Daniil Baturin
2014-08-02Bug #115: disallow reserved firewall names in CLI validation.Daniil Baturin
2014-08-020.13.91+vyos1+helium6debian/0.13.91+vyos1+helium6Daniil Baturin
2014-08-02Bug #128: do not call ipset for every port/address in range.Daniil Baturin
ipset now supports adding ranges natively. Deletion still requires deleting every member in this version though.
2014-08-010.13.91+vyos1+helium5debian/0.13.91+vyos1+helium5Daniil Baturin
2014-08-01Bug #45: add port range validation to firewall templates.Daniil Baturin
2014-08-01Bug #45: add port range validation script.Daniil Baturin
2014-07-310.13.91+vyos1+helium4debian/0.13.91+vyos1+helium4Daniil Baturin
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-26 22:19:42 +0000