summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2010-02-12Fix 5326: firewall group address range wraps at 255.Stig Thormodsrud
2010-01-22Fix 5248: Firewall config and show commands hang when showing and committing ↵Stig Thormodsrud
address groups.
2009-12-22Fix Bug 5173 Firewall becomes out of sync with iptables when logging is usedMohit Mehta
with action inspect in a rule - increment num of rules with inspect + log
2009-08-07* Fix Bug 3625 Firewall protocol option should have a selection for TCP and UDPMohit Mehta
added tcp_udp as a valid protocol value to match both tcp and udp in 1 rule
2009-08-06prevent possible situation where the two iptables rules for match conditionMohit Mehta
'recent' have different match conditions by moving code for recent to last (cherry picked from commit 0bd1f3013d93c0cf688cda075a3548fb94e6c6d2)
2009-08-05add tcp_udp as a valid key to hash. feature developer is responsibleMohit Mehta
for allowing user to use tcp_udp as a valid protocol. currently, this option is planned to be used for NAT and firewall only
2009-07-31Fix 4683: Firewall Rule number maximum 1024 reachedStig Thormodsrud
(cherry picked from commit 90fb731c3a846e9a951c6fd1c5f73082e2bcf93a)
2009-06-15Fix negate of firewall group.Stig Thormodsrud
2009-06-02Change firewall default-policy to default-action.Stig Thormodsrud
2009-06-02* add default value of 1 for 'limit burst' in its node.defMohit Mehta
* add comp_help for 'limit rate' * make sure 'limit rate' is not less than 1/time unit
2009-05-14Fix 4390: Firewall config error: Cannot specify multiple ports when bothStig Thormodsrud
source and destination ports are specified.
2009-04-09Add ability for firename to select default policy.Stig Thormodsrud
2009-02-28Fix 3422: fw logging fails if logprefix is too long (> 29 characters)Stig Thormodsrud
2009-02-27Limit address range to a /24, but make easy to change if it's deam too ↵Stig Thormodsrud
restrictive.
2009-02-18Multiple updates for IPv6:Bob Gilligan
- Added ICMPv6 config tree - Removed ICMP config tree (it's not used in IPv6) - Removed fragmentation tree (it's not used in IPv6) - Improved parsing for source and destination address parameters - Improved parsing for protocol parameter
2009-02-16- Add check for address range starting with higher address.Stig Thormodsrud
- Add natural-order sort for displaying address/network groups.
2009-02-15Reduce duplicate code.Stig Thormodsrud
2009-02-15Change delete_member_range to use the same subnet prefix.Stig Thormodsrud
2009-02-15Add support for ranges in firewall group address & port.Stig Thormodsrud
2009-02-13Add description and references to "show firewall group".Stig Thormodsrud
2009-02-13Cache exists() to reduce calls to external /usr/sbin/ipset.Stig Thormodsrud
2009-02-13Add support for "show firewall group".Stig Thormodsrud
2009-02-12Add check for combining network-group and address-group.Stig Thormodsrud
2009-02-11Add check for combination of IP range and network-group.Stig Thormodsrud
2009-02-10Change sudo usage to be more consistent.Stig Thormodsrud
2009-02-10Clean up mapping between vyatta firewall group_type vs ipset set_type.Stig Thormodsrud
2009-02-10Add space in front of match rule just in case other match rules don't.Stig Thormodsrud
2009-02-10Add more validation of firewall network-group before calling ipset.Stig Thormodsrud
2009-02-10Add more firewall group validation before calling ipset.Stig Thormodsrud
2009-02-06Add validation of group type.Stig Thormodsrud
2009-02-05display appropriate anywhere address depending on IPv4 or IPv6Mohit Mehta
protocol should be displayed as all when no protocol set
2009-02-04Reduce duplicate code in setup/setupOrig.Stig Thormodsrud
2009-02-03Add validation that group and non-groups can't be used in the same src/dst rule.Stig Thormodsrud
2009-02-03Reduce duplicate code in setup/setupOrig.Stig Thormodsrud
2009-02-03Reduce duplicate code.Stig Thormodsrud
2009-02-03Fix perlcritic warningsStephen Hemminger
Should not explicitly return undef
2009-02-03Enable strict checkingStephen Hemminger
Enable strict perl checking.
2009-02-03Remove prototypeStephen Hemminger
Perl prototypes are broken and should never be used (see Perl Best Practices).
2009-02-03Fix call to returnValue that should be returnOrigValue.Stig Thormodsrud
2009-02-02Add 1st pass of firewall group support (ipset netfilter moduleStig Thormodsrud
integration).
2009-01-30Fix Bug 2741 ENH: filter based on ICMP Type/code by nameMohit Mehta
2009-01-29Use iptables comment to identify CLI rule numbers in iptables outputMohit Mehta
2009-01-26Add support for IPv6 address ranges.Bob Gilligan
2009-01-26Fix Bug 2474 https://bugzilla.vyatta.com/show_bug.cgi?id=2474Mohit Mehta
2009-01-23Bugfix 4062: Don't reference parameters outside the config tree.Bob Gilligan
The AddressFilter module was reaching up the config tree to find a config parameter that was used to determine whether the address type was IPv4 or IPv6. This breaks when the functions are called from some locations in the config tree. I added explicity function calls to allow the caller to to set the IP version, obviating the need to reference a config parameter to determin the IP version.
2009-01-21Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jennerBob Gilligan
2009-01-21Initial support for IPv6.Bob Gilligan
2009-01-16- Fix Bug 2223 Add rate rate limiting / burst limiting functions to the ↵Mohit Mehta
Vyatta firewall - Fix help strings for time-based firewall nodes
2009-01-14Fix Bug 3653 Add the ability to configure time-based firewall rulesMohit Mehta
- make available the option to use time with startdate and stopdate
2009-01-13Fix Bug 3653 Add the ability to configure time-based firewall rulesMohit Mehta
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-18 06:58:13 +0000