| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2014-08-02 | Bug #128: do not call ipset for every port/address in range. | Daniil Baturin | |
| ipset now supports adding ranges natively. Deletion still requires deleting every member in this version though. | |||
| 2013-01-22 | Fixing 8622 | Gaurav Sinha | |
| (cherry picked from commit 6870e3d05f62ceecf4824f551861106409761b35) | |||
| 2012-11-20 | Fix rc usage as per ispet_delete and other commands | Gaurav Sinha | |
| (cherry picked from commit caae72ccbf2c7f77c637cc51096546404ea8c837) | |||
| 2012-11-19 | Add signal handler to handle CTRL+C to avoid commit blockade on lock file | Gaurav Sinha | |
| (cherry picked from commit 69de682b364d7bce7aefecb00a4e06eceaeb834d) (cherry picked from commit ed9540b4a92d2abb6719d36418f3827ac313a59d) | |||
| 2012-11-19 | added reset all groups functions | Gaurav Sinha | |
| (cherry picked from commit b090e8cf73480ba6bbf967bf1fbd8f59e1a8843d) Conflicts: scripts/firewall/vyatta-ipset.pl (cherry picked from commit 2c2cd1aef9eada852084ecebb3c76e468cc56a2a) | |||
| 2012-11-19 | reset functions for named ipset rule implementation with commit lock | Gaurav Sinha | |
| (cherry picked from commit 6b7808bf6c8dd9d1d9e993969358db2be135beff) Conflicts: scripts/firewall/vyatta-ipset.pl (cherry picked from commit 977f7ad60c252ed3c23176d5e764cd9231784fc7) | |||
| 2012-11-19 | initial script for reset firewall group command | Gaurav Sinha | |
| (cherry picked from commit c10ab7f443c581ffd31779f6e32b0d28f5c8366f) (cherry picked from commit 2029744d3b7cc83b7568e3fa474c8d079efece38) Conflicts: scripts/firewall/vyatta-ipset.pl | |||
| 2012-10-06 | PBR: config command validations, help strings etc. cleaned up and | susheela | |
| includes fixes for 8355, 8362, 8365. | |||
| 2012-09-13 | 8330: return rule number in error message | Gaurav Sinha | |
| 2012-09-07 | Fixing 3167, mandate multiport values after single port, remove misleading ↵ | Gaurav Sinha | |
| error message (cherry picked from commit 94381cfb92ead6d5f32ab37bace5a1cf46efbb9e) | |||
| 2012-09-05 | add support for main table | Robert Bays | |
| 2012-09-03 | changes to policy tables to add accept | Robert Bays | |
| updates to dscp node.def for better help text | |||
| 2012-09-03 | initial checkin for pbr functionality | Robert Bays | |
| 2012-06-22 | fixing 8173: moving CT_HELPER chain just before CTTIMEOUT | Gaurav Sinha | |
| (cherry picked from commit faacba00db46c29fc652217653f9fe0564c1ebac) | |||
| 2012-06-07 | Adding functions to conditionally add CT_HELPER chain and remove when not in ↵ | Gaurav Sinha | |
| use, neither by FW nor by NAT. | |||
| 2012-04-30 | service names with hyphen need to be escaped using square brackets. | Gaurav Sinha | |
| 2012-02-29 | fixing 7047 | Gaurav | |
| 2011-12-01 | Bug 6063 ENH: Provide option(s) to globally allow stateful return traffic | Mohit Mehta | |
| * add code to set global policy for established, related, invalid states | |||
| 2011-05-03 | modify firewall groups to work with new commitnapa-dev | An-Cheng Huang | |
| 2011-03-04 | changes for ipset 6.0 | An-Cheng Huang | |
| 2010-11-29 | Fix 6442: Request to remove "Error: ipt_disable_conntrack failed to find | Stig Thormodsrud | |
| Don't print scary messages when trying to delete something thats not there. | |||
| 2010-11-29 | Merge branch 'mendocino' of http://git.vyatta.com/vyatta-cfg-firewall into ↵ | Stig Thormodsrud | |
| mendocino | |||
| 2010-11-29 | Show if logging is enabled on the default action. | Stig Thormodsrud | |
| 2010-11-11 | Fix Bug 6421 cannot set content-inspection in the same | Mohit Mehta | |
| direction for two or more interfaces * invoke all iptables commands using sudo in the Mgr module. also fixes this bug where chain_referenced was returning wrong value due to permissions issue | |||
| 2010-10-30 | Fix 5247: Firewall groups CLI becomes out of sync with ipset when sets and ↵ | Stig Thormodsrud | |
| deletes are contained within a single commit | |||
| 2010-10-15 | Change snort queue target use default queue. | Stig Thormodsrud | |
| 2010-10-15 | Fix 6296: "iptables: No chain..." message when committing the firewall group ↵ | Stig Thormodsrud | |
| configuration. - redirect stderr | |||
| 2010-10-14 | Add Iptables::Mgr route to get queue target. | Stig Thormodsrud | |
| 2010-10-01 | move chain_referenced function to Mgr.pm module | Mohit Mehta | |
| 2010-09-21 | * move count_iptables_rule to Iptables::Mgr and update it's usage | Mohit Mehta | |
| 2010-09-10 | Fix Bug 5309 Allow modifyining TCP MSS option | Mohit Mehta | |
| * add the ability to modify TCP MSS value using modify|ipv6-modify rulesets | |||
| 2010-08-31 | Fix 6125: iptables errors on boot up of mendocino | Stig Thormodsrud | |
| Shorten chain from VYATTA_PRE_CT_PREROUTING_HOOK to VYATTA_CT_PREROUTING_HOOK | |||
| 2010-08-11 | get rid of lintian warnings | An-Cheng Huang | |
| 2010-07-13 | Fix Bug 5744 unable to use firewall group with recent match condition | Mohit Mehta | |
| * use --match-set instead of --set for ipset match * re-arrange rules when ipset and recent match are used together. instead of appending recent match conditions to the rule; place them before ipset match conditions * add debugging output to look at generated rules | |||
| 2010-06-11 | Add support for firewall enable-default-log. | Stig Thormodsrud | |
| 2010-06-11 | Fix ipt_disable_conntrack() to delete correct chain. | Stig Thormodsrud | |
| 2010-06-10 | Infrastruction needed for bug 5583. | Stig Thormodsrud | |
| 2010-05-06 | Make sure perl packages load successfully | Stephen Hemminger | |
| Standard practice is to end package module with 1; | |||
| 2010-03-24 | Fix 5203: negation in firewall rule causes deprecation message | Stig Thormodsrud | |
| 2010-03-17 | Fix 5453: can't delete "address" under "firewall group <> address-group <> " | Stig Thormodsrud | |
| 2010-02-15 | Fix 5227: firewall group config can get out of sync with ipset | Stig Thormodsrud | |
| 2010-02-12 | Fix 5326: firewall group address range wraps at 255. | Stig Thormodsrud | |
| 2010-01-22 | Fix 5248: Firewall config and show commands hang when showing and committing ↵ | Stig Thormodsrud | |
| address groups. | |||
| 2009-12-22 | Fix Bug 5173 Firewall becomes out of sync with iptables when logging is used | Mohit Mehta | |
| with action inspect in a rule - increment num of rules with inspect + log | |||
| 2009-08-07 | * Fix Bug 3625 Firewall protocol option should have a selection for TCP and UDP | Mohit Mehta | |
| added tcp_udp as a valid protocol value to match both tcp and udp in 1 rule | |||
| 2009-08-06 | prevent possible situation where the two iptables rules for match condition | Mohit Mehta | |
| 'recent' have different match conditions by moving code for recent to last (cherry picked from commit 0bd1f3013d93c0cf688cda075a3548fb94e6c6d2) | |||
| 2009-08-05 | add tcp_udp as a valid key to hash. feature developer is responsible | Mohit Mehta | |
| for allowing user to use tcp_udp as a valid protocol. currently, this option is planned to be used for NAT and firewall only | |||
| 2009-07-31 | Fix 4683: Firewall Rule number maximum 1024 reached | Stig Thormodsrud | |
| (cherry picked from commit 90fb731c3a846e9a951c6fd1c5f73082e2bcf93a) | |||
| 2009-06-15 | Fix negate of firewall group. | Stig Thormodsrud | |
| 2009-06-02 | Change firewall default-policy to default-action. | Stig Thormodsrud | |
 |
index : vyatta-cfg-firewall.git | |
| Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git) |
| summaryrefslogtreecommitdiff |