| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2009-05-12 | Fix Bug 4394 reject is an invalid action for rules in modify rulesets | Mohit Mehta | |
| * remove reject as an allowed value for action field in modify & ipv6-modify firewall rulesets | |||
| 2009-05-11 | 0.13.7-42debian/0.13.7-42 | Mohit Mehta | |
| 2009-05-11 | Add 'reject' as a configurable value for default-policy | Mohit Mehta | |
| under name and ipv6-name rulesets | |||
| 2009-05-08 | 0.13.7-41debian/0.13.7-41 | Mohit Mehta | |
| 2009-05-08 | Fix Bug 4388 firewall name shouldn't have been set after commit failed | Mohit Mehta | |
| * undo chain setup and refcnt work if chain rule failed during chain creation | |||
| 2009-05-08 | Bugfix 4340: Enable net.netfilter.nf_conntrack_tcp_be_liberal by default. | Bob Gilligan | |
| The parameter in question loosens the "acceptability" check on TCP sequence and ACK numbers in the TCP conntrack module. This allows connection tracking to survive certain cases where packet loss would cause it to loose sync with the TCP endpoints. | |||
| 2009-05-05 | 0.13.7-40debian/0.13.7-40 | Mohit Mehta | |
| 2009-05-05 | * don't allow user to create a chain that exists in the system. This may be | Mohit Mehta | |
| either vyatta/user defined chains or system chains such as INPUT, OUTPUT etc. * don't allow user to create chains with name starting from 'VZONE'. This is reserved for zone chains created by us. | |||
| 2009-05-01 | 0.13.7-39debian/0.13.7-39 | Mohit Mehta | |
| 2009-05-01 | * setup table only for specific tree, not both filter and mangle | Mohit Mehta | |
| as we teardown table only for the tree that was in the CLI * remove 'next' statement for removed for loop * fix Bug 4244 - Committing firewall changes breaks WAN Load-balancing (WLB) we only delete chains that are configured under firewall and don't touch chains that might be owned by other features such as zone based firewall, WLB * remove unused code, code cleanup | |||
| 2009-04-29 | 0.13.7-38debian/0.13.7-38 | Bob Gilligan | |
| 2009-04-29 | Handle files moved from other packages to this package. | Bob Gilligan | |
| Add "Replace:" clause for each package from which files were moved. | |||
| 2009-04-29 | 0.13.7-37debian/0.13.7-37 | Stephen Hemminger | |
| 2009-04-29 | Rename virtual-ethernet to pseudo-ethernet | Stephen Hemminger | |
| 2009-04-27 | 0.13.7-36debian/0.13.7-36 | Mohit Mehta | |
| 2009-04-27 | outlaw applying firewall to an interface that is defined under a zone | Mohit Mehta | |
| 2009-04-27 | 0.13.7-35debian/0.13.7-35 | Stig Thormodsrud | |
| 2009-04-27 | Disable firewall debuging by default. | Stig Thormodsrud | |
| 2009-04-24 | 0.13.7-34debian/0.13.7-34 | Stig Thormodsrud | |
| 2009-04-24 | enable/disable conntrack separately for ipv4/ipv6 | Stig Thormodsrud | |
| 2009-04-24 | 0.13.7-33debian/0.13.7-33 | Stig Thormodsrud | |
| 2009-04-24 | Move setup/teardown out from top-level firewall node. | Stig Thormodsrud | |
| Add refcnts to know when to teardown. | |||
| 2009-04-24 | 0.13.7-32debian/0.13.7-32 | Bob Gilligan | |
| 2009-04-24 | bugfix 4297: Don't allow modify rulesets on local traffic. | Bob Gilligan | |
| 2009-04-24 | Add support for virtual-ethernet | Stephen Hemminger | |
| 2009-04-22 | 0.13.7-31debian/0.13.7-31 | Mohit Mehta | |
| 2009-04-22 | Fix Bug 4261 - Features missing in various firewall sub-trees | Mohit Mehta | |
| add 'disable', 'fragment', 'ipsec', and 'recent' under 'firewall modify' tree | |||
| 2009-04-13 | 0.13.7-30debian/0.13.7-30 | Bob Gilligan | |
| 2009-04-13 | Add conntrack and post firewall hooks for IPv6. | Bob Gilligan | |
| 2009-04-13 | 0.13.7-29debian/0.13.7-29 | Stig Thormodsrud | |
| 2009-04-13 | Fix bug where an empty firewall rule deletes the default drop policy. | Stig Thormodsrud | |
| 2009-04-13 | Move firewall "end" processing down to each table. | Stig Thormodsrud | |
| Fix bug for global enable/disable of conntrack. | |||
| 2009-04-09 | 0.13.7-28debian/0.13.7-28 | Stig Thormodsrud | |
| 2009-04-09 | Add ability for firename to select default policy. | Stig Thormodsrud | |
| 2009-04-08 | Fix faulty search loop. | Stig Thormodsrud | |
| 2009-04-07 | 0.13.7-27debian/0.13.7-27 | Stig Thormodsrud | |
| 2009-04-07 | Apply interface firewalls to separate VYATTA_(IN|OUT)_HOOK. | Stig Thormodsrud | |
| This enforces in firewall to be processed before out firewall. | |||
| 2009-04-03 | 0.13.7-26debian/0.13.7-26 | Bob Gilligan | |
| 2009-04-03 | Bugfix 4261: Add support to configure "limit" for IPv6 modify rulesets. | Bob Gilligan | |
| 2009-04-03 | 0.13.7-25debian/0.13.7-25 | Bob Gilligan | |
| 2009-04-03 | Bugfix 4261: Add support to configure "limit" in IPv6. | Bob Gilligan | |
| 2009-03-31 | 0.13.7-24debian/0.13.7-24 | Stig Thormodsrud | |
| 2009-03-31 | Remove extra carriage return that was breaking the generated firewall | Stig Thormodsrud | |
| template. | |||
| 2009-03-30 | Cleanup perl code that generates templates | Stephen Hemminger | |
| 1. Check for errors in open/mkdir 2. Use mkdir_p in perl rather than calling system 3. Use Perl Best Practices style 3 arg open 4. Put less blank lines in templates 5. reindent with perltidy 6. turn on warnings | |||
| 2009-03-27 | Revert "Allow user configurable default-policy on firewall." | Stig Thormodsrud | |
| Further test identified a problem. The patch is broken if a packet must do both an in & out filter. This reverts commit 754d0f4d855a59020afa20ad8867218708b5c978. | |||
| 2009-03-27 | Allow user configurable default-policy on firewall. | Stig Thormodsrud | |
| 2009-03-26 | 0.13.7-23debian/0.13.7-23 | Mohit Mehta | |
| 2009-03-26 | * add 'redirect' to Valid ICMPv6 Types | Mohit Mehta | |
| * add comp_help for ICMPv4 type-name | |||
| 2009-03-13 | 0.13.7-22debian/0.13.7-22 | Stephen Hemminger | |
| 2009-03-13 | Merge branch 'jenner' of suva.vyatta.com:/git/vyatta-cfg-firewall into jenner | Stephen Hemminger | |
 |
index : vyatta-cfg-firewall.git | |
| Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git) |
| summaryrefslogtreecommitdiff |