| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2018-06-24 | Merge branch 'current' into lithiumlithium | Daniil Baturin | |
| Conflicts: debian/changelog | |||
| 2018-04-11 | Task T35 - fixing prune_deleted_sets for inet6 family | Marian Tudosoiu | |
| 2018-03-26 | Task T35 - fixing scoping rules | mtudosoiu | |
| 2018-03-23 | Task T35 change to solve port-group issue | Marian Tudosoiu | |
| 2018-03-14 | Task T35 place ipv6 groups under group config tree | mtudosoiu | |
| 2018-03-12 | Task T35 - add support for IPv6 firewall adddress and network groups | Marian Tudosoiu | |
| 2015-12-22 | Remove dead code from the IPset module. | Daniil Baturin | |
| Slightly related to #628. | |||
| 2015-12-12 | vyatta-cfg-firewall: update network-group check to allow "this" network | Alex Harpin | |
| Update the check for network-groups to allow zero net addresses as they are accepted by the current version of ipset used in VyOS, rejecting only the 0.0.0.0/0 address. This allows the "this" network (0.0.0.0/8) to be used in network-groups. Bug #628 http://bugzilla.vyos.net/show_bug.cgi?id=628 | |||
| 2015-12-12 | vyatta-cfg-firewall: formatting changes for style consistency | Alex Harpin | |
| Update lib/Vyatta/Iptables/AddressFilter.pm, IpSet.pm, Mgr.pm and Rule.pm to maintain style and consistency. | |||
| 2014-08-02 | Bug #128: do not call ipset for every port/address in range. | Daniil Baturin | |
| ipset now supports adding ranges natively. Deletion still requires deleting every member in this version though. | |||
| 2013-01-22 | Fixing 8622 | Gaurav Sinha | |
| (cherry picked from commit 6870e3d05f62ceecf4824f551861106409761b35) | |||
| 2012-11-20 | Fix rc usage as per ispet_delete and other commands | Gaurav Sinha | |
| (cherry picked from commit caae72ccbf2c7f77c637cc51096546404ea8c837) | |||
| 2012-11-19 | Add signal handler to handle CTRL+C to avoid commit blockade on lock file | Gaurav Sinha | |
| (cherry picked from commit 69de682b364d7bce7aefecb00a4e06eceaeb834d) (cherry picked from commit ed9540b4a92d2abb6719d36418f3827ac313a59d) | |||
| 2012-11-19 | added reset all groups functions | Gaurav Sinha | |
| (cherry picked from commit b090e8cf73480ba6bbf967bf1fbd8f59e1a8843d) Conflicts: scripts/firewall/vyatta-ipset.pl (cherry picked from commit 2c2cd1aef9eada852084ecebb3c76e468cc56a2a) | |||
| 2012-11-19 | reset functions for named ipset rule implementation with commit lock | Gaurav Sinha | |
| (cherry picked from commit 6b7808bf6c8dd9d1d9e993969358db2be135beff) Conflicts: scripts/firewall/vyatta-ipset.pl (cherry picked from commit 977f7ad60c252ed3c23176d5e764cd9231784fc7) | |||
| 2012-11-19 | initial script for reset firewall group command | Gaurav Sinha | |
| (cherry picked from commit c10ab7f443c581ffd31779f6e32b0d28f5c8366f) (cherry picked from commit 2029744d3b7cc83b7568e3fa474c8d079efece38) Conflicts: scripts/firewall/vyatta-ipset.pl | |||
| 2012-10-06 | PBR: config command validations, help strings etc. cleaned up and | susheela | |
| includes fixes for 8355, 8362, 8365. | |||
| 2012-09-13 | 8330: return rule number in error message | Gaurav Sinha | |
| 2012-09-07 | Fixing 3167, mandate multiport values after single port, remove misleading ↵ | Gaurav Sinha | |
| error message (cherry picked from commit 94381cfb92ead6d5f32ab37bace5a1cf46efbb9e) | |||
| 2012-09-05 | add support for main table | Robert Bays | |
| 2012-09-03 | changes to policy tables to add accept | Robert Bays | |
| updates to dscp node.def for better help text | |||
| 2012-09-03 | initial checkin for pbr functionality | Robert Bays | |
| 2012-06-22 | fixing 8173: moving CT_HELPER chain just before CTTIMEOUT | Gaurav Sinha | |
| (cherry picked from commit faacba00db46c29fc652217653f9fe0564c1ebac) | |||
| 2012-06-07 | Adding functions to conditionally add CT_HELPER chain and remove when not in ↵ | Gaurav Sinha | |
| use, neither by FW nor by NAT. | |||
| 2012-04-30 | service names with hyphen need to be escaped using square brackets. | Gaurav Sinha | |
| 2012-02-29 | fixing 7047 | Gaurav | |
| 2011-12-01 | Bug 6063 ENH: Provide option(s) to globally allow stateful return traffic | Mohit Mehta | |
| * add code to set global policy for established, related, invalid states | |||
| 2011-05-03 | modify firewall groups to work with new commitnapa-dev | An-Cheng Huang | |
| 2011-03-04 | changes for ipset 6.0 | An-Cheng Huang | |
| 2010-11-29 | Fix 6442: Request to remove "Error: ipt_disable_conntrack failed to find | Stig Thormodsrud | |
| Don't print scary messages when trying to delete something thats not there. | |||
| 2010-11-29 | Merge branch 'mendocino' of http://git.vyatta.com/vyatta-cfg-firewall into ↵ | Stig Thormodsrud | |
| mendocino | |||
| 2010-11-29 | Show if logging is enabled on the default action. | Stig Thormodsrud | |
| 2010-11-11 | Fix Bug 6421 cannot set content-inspection in the same | Mohit Mehta | |
| direction for two or more interfaces * invoke all iptables commands using sudo in the Mgr module. also fixes this bug where chain_referenced was returning wrong value due to permissions issue | |||
| 2010-10-30 | Fix 5247: Firewall groups CLI becomes out of sync with ipset when sets and ↵ | Stig Thormodsrud | |
| deletes are contained within a single commit | |||
| 2010-10-15 | Change snort queue target use default queue. | Stig Thormodsrud | |
| 2010-10-15 | Fix 6296: "iptables: No chain..." message when committing the firewall group ↵ | Stig Thormodsrud | |
| configuration. - redirect stderr | |||
| 2010-10-14 | Add Iptables::Mgr route to get queue target. | Stig Thormodsrud | |
| 2010-10-01 | move chain_referenced function to Mgr.pm module | Mohit Mehta | |
| 2010-09-21 | * move count_iptables_rule to Iptables::Mgr and update it's usage | Mohit Mehta | |
| 2010-09-10 | Fix Bug 5309 Allow modifyining TCP MSS option | Mohit Mehta | |
| * add the ability to modify TCP MSS value using modify|ipv6-modify rulesets | |||
| 2010-08-31 | Fix 6125: iptables errors on boot up of mendocino | Stig Thormodsrud | |
| Shorten chain from VYATTA_PRE_CT_PREROUTING_HOOK to VYATTA_CT_PREROUTING_HOOK | |||
| 2010-08-11 | get rid of lintian warnings | An-Cheng Huang | |
| 2010-07-13 | Fix Bug 5744 unable to use firewall group with recent match condition | Mohit Mehta | |
| * use --match-set instead of --set for ipset match * re-arrange rules when ipset and recent match are used together. instead of appending recent match conditions to the rule; place them before ipset match conditions * add debugging output to look at generated rules | |||
| 2010-06-11 | Add support for firewall enable-default-log. | Stig Thormodsrud | |
| 2010-06-11 | Fix ipt_disable_conntrack() to delete correct chain. | Stig Thormodsrud | |
| 2010-06-10 | Infrastruction needed for bug 5583. | Stig Thormodsrud | |
| 2010-05-06 | Make sure perl packages load successfully | Stephen Hemminger | |
| Standard practice is to end package module with 1; | |||
| 2010-03-24 | Fix 5203: negation in firewall rule causes deprecation message | Stig Thormodsrud | |
| 2010-03-17 | Fix 5453: can't delete "address" under "firewall group <> address-group <> " | Stig Thormodsrud | |
| 2010-02-15 | Fix 5227: firewall group config can get out of sync with ipset | Stig Thormodsrud | |
 |
index : vyatta-cfg-firewall.git | |
| Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git) |
| summaryrefslogtreecommitdiff |