| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2012-10-06 | PBR: config command validations, help strings etc. cleaned up and | susheela | |
| includes fixes for 8355, 8362, 8365. | |||
| 2012-09-13 | 8330: return rule number in error message | Gaurav Sinha | |
| 2012-09-07 | Fixing 3167, mandate multiport values after single port, remove misleading ↵ | Gaurav Sinha | |
| error message (cherry picked from commit 94381cfb92ead6d5f32ab37bace5a1cf46efbb9e) | |||
| 2012-09-05 | add support for main table | Robert Bays | |
| 2012-09-03 | changes to policy tables to add accept | Robert Bays | |
| updates to dscp node.def for better help text | |||
| 2012-09-03 | initial checkin for pbr functionality | Robert Bays | |
| 2012-06-22 | fixing 8173: moving CT_HELPER chain just before CTTIMEOUT | Gaurav Sinha | |
| (cherry picked from commit faacba00db46c29fc652217653f9fe0564c1ebac) | |||
| 2012-06-07 | Adding functions to conditionally add CT_HELPER chain and remove when not in ↵ | Gaurav Sinha | |
| use, neither by FW nor by NAT. | |||
| 2012-04-30 | service names with hyphen need to be escaped using square brackets. | Gaurav Sinha | |
| 2012-02-29 | fixing 7047 | Gaurav | |
| 2011-12-01 | Bug 6063 ENH: Provide option(s) to globally allow stateful return traffic | Mohit Mehta | |
| * add code to set global policy for established, related, invalid states | |||
| 2011-05-03 | modify firewall groups to work with new commitnapa-dev | An-Cheng Huang | |
| 2011-03-04 | changes for ipset 6.0 | An-Cheng Huang | |
| 2010-11-29 | Fix 6442: Request to remove "Error: ipt_disable_conntrack failed to find | Stig Thormodsrud | |
| Don't print scary messages when trying to delete something thats not there. | |||
| 2010-11-29 | Merge branch 'mendocino' of http://git.vyatta.com/vyatta-cfg-firewall into ↵ | Stig Thormodsrud | |
| mendocino | |||
| 2010-11-29 | Show if logging is enabled on the default action. | Stig Thormodsrud | |
| 2010-11-11 | Fix Bug 6421 cannot set content-inspection in the same | Mohit Mehta | |
| direction for two or more interfaces * invoke all iptables commands using sudo in the Mgr module. also fixes this bug where chain_referenced was returning wrong value due to permissions issue | |||
| 2010-10-30 | Fix 5247: Firewall groups CLI becomes out of sync with ipset when sets and ↵ | Stig Thormodsrud | |
| deletes are contained within a single commit | |||
| 2010-10-15 | Change snort queue target use default queue. | Stig Thormodsrud | |
| 2010-10-15 | Fix 6296: "iptables: No chain..." message when committing the firewall group ↵ | Stig Thormodsrud | |
| configuration. - redirect stderr | |||
| 2010-10-14 | Add Iptables::Mgr route to get queue target. | Stig Thormodsrud | |
| 2010-10-01 | move chain_referenced function to Mgr.pm module | Mohit Mehta | |
| 2010-09-21 | * move count_iptables_rule to Iptables::Mgr and update it's usage | Mohit Mehta | |
| 2010-09-10 | Fix Bug 5309 Allow modifyining TCP MSS option | Mohit Mehta | |
| * add the ability to modify TCP MSS value using modify|ipv6-modify rulesets | |||
| 2010-08-31 | Fix 6125: iptables errors on boot up of mendocino | Stig Thormodsrud | |
| Shorten chain from VYATTA_PRE_CT_PREROUTING_HOOK to VYATTA_CT_PREROUTING_HOOK | |||
| 2010-08-11 | get rid of lintian warnings | An-Cheng Huang | |
| 2010-07-13 | Fix Bug 5744 unable to use firewall group with recent match condition | Mohit Mehta | |
| * use --match-set instead of --set for ipset match * re-arrange rules when ipset and recent match are used together. instead of appending recent match conditions to the rule; place them before ipset match conditions * add debugging output to look at generated rules | |||
| 2010-06-11 | Add support for firewall enable-default-log. | Stig Thormodsrud | |
| 2010-06-11 | Fix ipt_disable_conntrack() to delete correct chain. | Stig Thormodsrud | |
| 2010-06-10 | Infrastruction needed for bug 5583. | Stig Thormodsrud | |
| 2010-05-06 | Make sure perl packages load successfully | Stephen Hemminger | |
| Standard practice is to end package module with 1; | |||
| 2010-03-24 | Fix 5203: negation in firewall rule causes deprecation message | Stig Thormodsrud | |
| 2010-03-17 | Fix 5453: can't delete "address" under "firewall group <> address-group <> " | Stig Thormodsrud | |
| 2010-02-15 | Fix 5227: firewall group config can get out of sync with ipset | Stig Thormodsrud | |
| 2010-02-12 | Fix 5326: firewall group address range wraps at 255. | Stig Thormodsrud | |
| 2010-01-22 | Fix 5248: Firewall config and show commands hang when showing and committing ↵ | Stig Thormodsrud | |
| address groups. | |||
| 2009-12-22 | Fix Bug 5173 Firewall becomes out of sync with iptables when logging is used | Mohit Mehta | |
| with action inspect in a rule - increment num of rules with inspect + log | |||
| 2009-08-07 | * Fix Bug 3625 Firewall protocol option should have a selection for TCP and UDP | Mohit Mehta | |
| added tcp_udp as a valid protocol value to match both tcp and udp in 1 rule | |||
| 2009-08-06 | prevent possible situation where the two iptables rules for match condition | Mohit Mehta | |
| 'recent' have different match conditions by moving code for recent to last (cherry picked from commit 0bd1f3013d93c0cf688cda075a3548fb94e6c6d2) | |||
| 2009-08-05 | add tcp_udp as a valid key to hash. feature developer is responsible | Mohit Mehta | |
| for allowing user to use tcp_udp as a valid protocol. currently, this option is planned to be used for NAT and firewall only | |||
| 2009-07-31 | Fix 4683: Firewall Rule number maximum 1024 reached | Stig Thormodsrud | |
| (cherry picked from commit 90fb731c3a846e9a951c6fd1c5f73082e2bcf93a) | |||
| 2009-06-15 | Fix negate of firewall group. | Stig Thormodsrud | |
| 2009-06-02 | Change firewall default-policy to default-action. | Stig Thormodsrud | |
| 2009-06-02 | * add default value of 1 for 'limit burst' in its node.def | Mohit Mehta | |
| * add comp_help for 'limit rate' * make sure 'limit rate' is not less than 1/time unit | |||
| 2009-05-14 | Fix 4390: Firewall config error: Cannot specify multiple ports when both | Stig Thormodsrud | |
| source and destination ports are specified. | |||
| 2009-04-09 | Add ability for firename to select default policy. | Stig Thormodsrud | |
| 2009-02-28 | Fix 3422: fw logging fails if logprefix is too long (> 29 characters) | Stig Thormodsrud | |
| 2009-02-27 | Limit address range to a /24, but make easy to change if it's deam too ↵ | Stig Thormodsrud | |
| restrictive. | |||
| 2009-02-18 | Multiple updates for IPv6: | Bob Gilligan | |
| - Added ICMPv6 config tree - Removed ICMP config tree (it's not used in IPv6) - Removed fragmentation tree (it's not used in IPv6) - Improved parsing for source and destination address parameters - Improved parsing for protocol parameter | |||
| 2009-02-16 | - Add check for address range starting with higher address. | Stig Thormodsrud | |
| - Add natural-order sort for displaying address/network groups. | |||
 |
index : vyatta-cfg-firewall.git | |
| Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git) |
| summaryrefslogtreecommitdiff |