vyatta-cfg-firewall.git - Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git)

Age	Commit message (Collapse)	Author
2009-03-12	Doing strict ES won't work for router	Stephen Hemminger
	Need a different kind of filter to fix 4061. (Not sure if it is even possible as firewall rule since it depends on quagga config rules).
2009-03-12	0.13.7-21debian/0.13.7-21	Stephen Hemminger

2009-03-12	Don't use -P	Stephen Hemminger
	Changing default property of rules screws up other things
2009-03-12	Enable strict host matching	Stephen Hemminger
	Bug 4061 Host (INPUT) chain will only accept packets where destination address matches address on incoming interface.
2009-03-10	0.13.7-20debian/0.13.7-20	Bob Gilligan

2009-03-10	Bugfix 4203: Name of template should be classical-ipoa, not classical_ipoa	Bob Gilligan

2009-03-09	0.13.7-19debian/0.13.7-19	Bob Gilligan

2009-03-09	Automatically generate more per-interface firewall templates.	Bob Gilligan
	Added code to generate at build time the templates for: bridge, openvpn, multilink, serial, and wirelessmodem interfaces.
2009-03-06	0.13.7-18debian/0.13.7-18	Bob Gilligan

2009-03-06	Remove per-interface firewall templates; They are now generated.	Bob Gilligan

2009-03-04	0.13.7-17debian/0.13.7-17	Bob Gilligan

2009-03-04	Don't attempt to delete ruleset from "other" trees	Bob Gilligan
	When a ruleset was being applied to an interface, the code previously attempted to find out if that ruleset name was being applied to that same interface and in the same direction, but under a different "tree" name (e.g. "name", "ipv6-name", "modify", etc.). If it found a match, it would delete the other rule. But the matching logic was insufficient, so it killed off some random other rule instead. There is really no need to perform this check anyway, so I have removed it.
2009-03-03	0.13.7-16debian/0.13.7-16	Bob Gilligan

2009-03-03	Fix generated templates for ethernet vifs.	Bob Gilligan

2009-03-01	0.13.7-15debian/0.13.7-15	Stig Thormodsrud

2009-02-28	Fix 3422: fw logging fails if logprefix is too long (> 29 characters)	Stig Thormodsrud

2009-02-27	Prevent ';' from being used in a firewall name.	Stig Thormodsrud

2009-02-27	Limit address range to a /24, but make easy to change if it's deam too ↵	Stig Thormodsrud
	restrictive.
2009-02-26	Add allow/comp_help to firewall action.	Stig Thormodsrud

2009-02-25	The generated-templates directory holds only derived files.	Bob Gilligan

2009-02-25	Use single quote around $VAR(@).	Stig Thormodsrud

2009-02-25	Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jenner	Stig Thormodsrud

2009-02-25	Revert "Make sure to quote $VAR(@)."	Stig Thormodsrud
	This reverts commit c5595b67948166f65c8ea2c1ce1890b9aa27fd3d.
2009-02-24	0.13.7-14debian/0.13.7-14	Mohit Mehta

2009-02-24	Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jenner	Stig Thormodsrud

2009-02-24	Make sure to quote $VAR(@).	Stig Thormodsrud

2009-02-24	add ipv6 accept_redirects and accept_source_route under firewall	Mohit Mehta

2009-02-24	Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jenner	Stig Thormodsrud

2009-02-24	Limit firewall name to 29 characters since that is the iptables/ip6tables	Stig Thormodsrud
	limit.
2009-02-24	0.13.7-13debian/0.13.7-13	Bob Gilligan

2009-02-24	Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jenner	Bob Gilligan

2009-02-24	Allow IPv6 firewall rulesets to be configured on an interface independent of ↵	Bob Gilligan
	IPv4. Replaced the hand-coded config templates under each type of interface with script-generated templates. This should be easier to maintain as we add new types of interfaces. Added sub-trees for "modify", "ipv6-name" and "ipv6-modify" under "in", "out" and "local" for all interfaces. Added command-completion for ruleset names being configured on an interface.
2009-02-24	Fix Bug 4150 enable loose reverse path filtering	Mohit Mehta

2009-02-23	0.13.7-12debian/0.13.7-12	Bob Gilligan

2009-02-23	Add "ipv6-modify" firewall configuration sub-tree.	Bob Gilligan

2009-02-19	0.13.7-11debian/0.13.7-11	Mohit Mehta

2009-02-19	Fix Bug 3951 default values for kernel tunable security parameters under ↵	Mohit Mehta
	firewall
2009-02-19	Fix Bug 3951 default values for kernel tunable security parameters under ↵	Mohit Mehta
	firewall
2009-02-18	0.13.7-10debian/0.13.7-10	Bob Gilligan

2009-02-18	Multiple updates for IPv6:	Bob Gilligan
	- Added ICMPv6 config tree - Removed ICMP config tree (it's not used in IPv6) - Removed fragmentation tree (it's not used in IPv6) - Improved parsing for source and destination address parameters - Improved parsing for protocol parameter
2009-02-16	Fix changelogdebian/0.13.7-9	Stig Thormodsrud

2009-02-16	- Add check for address range starting with higher address.	Stig Thormodsrud
	- Add natural-order sort for displaying address/network groups.
2009-02-15	Reduce duplicate code.	Stig Thormodsrud

2009-02-15	Change delete_member_range to use the same subnet prefix.	Stig Thormodsrud

2009-02-15	Add support for ranges in firewall group address & port.	Stig Thormodsrud

2009-02-13	0.13.7-7debian/0.13.7-7	Stig Thormodsrud

2009-02-13	Make "show firewall group" work for operator.	Stig Thormodsrud

2009-02-13	Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jenner	Stig Thormodsrud

2009-02-13	Add description and references to "show firewall group".	Stig Thormodsrud

2009-02-13	Fix Bug 4074 firewall broadcast ping parameter needs to be clarified	Mohit Mehta
	make behavior as documented i.e. icmp broadcast pings are ignored unless 'firewall broadcast-ping' is set to 'enable' by user