summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-11-04Add dependency on version of vyatta-cfg-systemoxnard-nat-enhancementsStephen Hemminger
Need version with pseudo-ethernet vif support (cherry picked from commit 1097c1d6e33341590d884dfdc5e172f9ad041e45)
2011-11-04fix duplicate definiton in MakefileStephen Hemminger
Causes warning in Debian testing (cherry picked from commit 2b84bd692a6489eeba1fcfe5ecb1fb19c0dd8627)
2011-11-04Add support for vif on pseudo-ethernetStephen Hemminger
(cherry picked from commit 0da55b5a617f711cbae8d642a26cb5bcc7658e7f)
2011-11-04Fix Bug 7477 firewall group negation doesn't work in vc6.3Stig
* use Ipset.pm method rather than CLI path to validate group name when using group as a match condition in a firewall ruleset (cherry picked from commit 77e338a9b5e668fb1104e2fb939a90b4d73f7ab0)
2011-11-04Fix READMEMohit Mehta
(cherry picked from commit f7c2e4d1dbc9caa12aff8ab384695844c3c8df7b)
2011-11-04Fix Bug 7340 Unable to apply modify firewall to interface when zone policy ↵Mohit Mehta
exists * change commit check to only check if the interface being applied firewall ruleset is in a zone if only the ruleset type is either name|ipv6-name. Thus, ignoring the check when modify rule-set is being applied to an interface (cherry picked from commit 8b2b85a129d3cf23565efe7b0ee15871ebff15c0) (cherry picked from commit 0d3699267b313a59f3e5500c1cab7f00f43b7712)
2011-11-04add "two-stage commit" equivalent to previous fix for bug 5227.An-Cheng Huang
(cherry picked from commit 7a753ec2407d775635adc0df54dac21f59950ecb)
2011-11-04modify firewall groups to work with new commitAn-Cheng Huang
(cherry picked from commit 22d37f427054b52bd724c17d9656bca6dee7d3c5)
2011-11-04* Fix Bug 6915 conntrack-hash-size reverts to default after upgradeMohit Mehta
add script conntrack-hash-size in check-params-on-reboot.d to fix problem of 'firewall conntrack-hash-size' value being out-of-sync with the underlying value when newly installed image boots for the first time (cherry picked from commit d2a481a204e619b8a47ceed11a87173cc4de892c)
2011-11-04more ipset 6.0 changeAn-Cheng Huang
(cherry picked from commit d271c70b1b42dbeff56c895c4d7902a99150e675)
2011-11-04changes for ipset 6.0An-Cheng Huang
(cherry picked from commit 4148f9d04c01f8f75b1aadaf1b5f297ded264376)
2011-11-04Partial fix for bug 6759 serial packages are incorrectly included in virt ISOMohit Mehta
* make vyatta-cfg-firewall-serial depend on vyatta-serial (cherry picked from commit 791d184b9457b2a73a861e84980461c7b31692c8)
2011-11-04Fix Bug 6292 iptables chain-name must be reduced to 28 characters maxMohit Mehta
* change syntax check to limit firewall ruleset names to 28 chars and bump firewall cfg-version to enable config migration (cherry picked from commit a0e5b2107d6073a103e0f0c04cc8656f8dc3816b) (cherry picked from commit 435bf038f32a968424030da43b4a85ec50e02767)
2011-11-04Delete conntrack modprobe config file from automake rules.Daniil Baturin
2011-11-04Remove conntrack modprobe config file (will be in vyatta-conntrack now).Daniil Baturin
2011-11-01Remove remaining conntrack-related templates.Daniil Baturin
2011-09-12Update automake rules to match new config version.Daniil Baturin
2011-08-16Remove conntrack-related templates from firewallDaniil Baturin
2011-08-16Change firewall config version from 3 to 4Daniil Baturin
2010-12-060.13.38debian/0.13.38Stephen Hemminger
2010-12-06Fix help text for firewall interface rulesStephen Hemminger
Bug 6111 Don't use "Set inbound" instead use "Inbound"
2010-12-030.13.37debian/0.13.37Stephen Hemminger
2010-12-03Fix help text in generated templatesStephen Hemminger
Do not use verb (Set) in help text. Do not put date on generated templates (no useful value).
2010-11-290.13.36debian/0.13.36Stig Thormodsrud
2010-11-29Fix 6442: Request to remove "Error: ipt_disable_conntrack failed to findStig Thormodsrud
Don't print scary messages when trying to delete something thats not there.
2010-11-290.13.35debian/0.13.35Stig Thormodsrud
2010-11-29Merge branch 'mendocino' of http://git.vyatta.com/vyatta-cfg-firewall into ↵Stig Thormodsrud
mendocino
2010-11-29Show if logging is enabled on the default action.Stig Thormodsrud
2010-11-240.13.34debian/0.13.34Stephen Hemminger
2010-11-24Merge branch 'mendocino' of vm:rel/vyatta-cfg-firewall into mendocinoStephen Hemminger
2010-11-24Use regex to test for name length rather than wc programStephen Hemminger
More efficient to use shell pattern match to test for name length.
2010-11-160.13.33debian/0.13.33Michael Larson
2010-11-16Updated to change in error location api.Michael Larson
2010-11-110.13.32debian/0.13.32Mohit Mehta
2010-11-11Fix Bug 6421 cannot set content-inspection in the sameMohit Mehta
direction for two or more interfaces * invoke all iptables commands using sudo in the Mgr module. also fixes this bug where chain_referenced was returning wrong value due to permissions issue
2010-10-300.13.31debian/0.13.31Stig Thormodsrud
2010-10-30Fix 5247: Firewall groups CLI becomes out of sync with ipset when sets and ↵Stig Thormodsrud
deletes are contained within a single commit
2010-10-190.13.30debian/0.13.30Mohit Mehta
2010-10-19add local hook setup/tear for filter table similar to in|out hooksMohit Mehta
2010-10-19use single variable to reference firewall IN and OUT hooksMohit Mehta
2010-10-150.13.29debian/0.13.29Stig Thormodsrud
2010-10-15Change snort queue target use default queue.Stig Thormodsrud
2010-10-150.13.28debian/0.13.28Stig Thormodsrud
2010-10-15Fix 6296: "iptables: No chain..." message when committing the firewall group ↵Stig Thormodsrud
configuration. - redirect stderr
2010-10-150.13.27debian/0.13.27root
2010-10-15missing parenroot
2010-10-150.13.26debian/0.13.26root
2010-10-15additional errors w/ location of error.root
2010-10-140.13.25debian/0.13.25Stig Thormodsrud
2010-10-14Add Iptables::Mgr route to get queue target.Stig Thormodsrud