| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-04-20 | conntrack: T3290: remove references to removed GRE plugins | Brandon Stepler | |
| (cherry picked from commit 55fe5936b39b9ba20b6ac927f3b8930ed2d0af60) | |||
| 2019-01-29 | Merge branch 'current' of https://github.com/mevertse/vyatta-cfg-firewall ↵ | Merijn Evertse | |
| into HEAD | |||
| 2019-01-29 | T166: Changed NPTv6 to use NETMAP | Merijn Evertse | |
| 2016-05-20 | Revert "vyatta-cfg-firewall: update nfct commands to use the new syntax" | Kim Hagen | |
| Debian jessie version still uses older syntax This reverts commit 8c08408d1309b2664067b3a793d7df3b24d36cf3. | |||
| 2015-11-28 | vyatta-cfg-firewall: update nfct commands to use the new syntax | Alex Harpin | |
| Update the nfcft commands to use the new style syntax rather than the old, following the update of conntrack-tools to 1.4.3. | |||
| 2015-06-24 | vyatta-cfg-firewall: add port 1536 to the initial ct helper chain | Alex Harpin | |
| Add port 1536 to the initial VYATTA_CT_HELPER chain inline with the conntrack sqlnet module change in vyatta-conntrack. Bug #412 http://bugzilla.vyos.net/show_bug.cgi?id=412 | |||
| 2015-02-15 | Add SNPT and DNPT firewall hooks and load ip6t_NPT kernel module (#387) | kouak | |
| 2012-08-22 | Merge branch 'pacifica' of git.vyatta.com:/git/vyatta-cfg-firewall into pacifica | Gaurav Sinha | |
| 2012-08-22 | move CT_IGNORE chain up, first in raw table | Gaurav Sinha | |
| 2012-08-09 | Bugfix 8271: Remove Vestigial VRRP hooks. The implementation changed and ↵ | John Southworth | |
| these are no longer needed. | |||
| 2012-08-07 | add conntrack raw table ignore chain | Gaurav Sinha | |
| 2012-06-18 | fix 8112 | Gaurav Sinha | |
| 2012-06-06 | create nfct helper policies and prepare VYATTA_CT_HELPER chain | Gaurav Sinha | |
| 2012-05-14 | don't add CTHELPER chain by default on boot. add when needed. | Gaurav Sinha | |
| 2012-04-16 | create CT_HELPER chain in PREROUTING and OUTPUT | Gaurav Sinha | |
| 2012-04-16 | fixing 7998 | Gaurav Sinha | |
| 2012-03-23 | include CT_TIMEOUT chain for conntrack timeouts. | Gaurav | |
| 2011-12-27 | Create VRRP output filter to filter IGMP from vmac interfaces | John Southworth | |
| 2011-12-12 | Setup filter for VRRP vmac interfaces | John Southworth | |
| 2011-12-01 | Bug 6063 ENH: Provide option(s) to globally allow stateful return traffic | Mohit Mehta | |
| * add code to set global policy for established, related, invalid states | |||
| 2010-09-21 | * separate out post fw hooks for IN, FWD, OUT. Use count_iptables_rule from lib | Mohit Mehta | |
| 2010-08-31 | Fix 6125: iptables errors on boot up of mendocino | Stig Thormodsrud | |
| Shorten chain from VYATTA_PRE_CT_PREROUTING_HOOK to VYATTA_CT_PREROUTING_HOOK | |||
| 2010-06-10 | Infrastruction needed for bug 5583. | Stig Thormodsrud | |
| 2010-05-17 | Fix Bug 5588 Add ability to modify conntrack expectation table size | Mohit Mehta | |
| * added 'firewall conntrack-expect-table-size' to modify expect table's size * added 'firewall conntrack-hash-size' to set hash size for conntrack table | |||
| 2010-04-09 | Add VYATTA_PRE_DNAT_HOOK in nat PREROUTING table. | Stig Thormodsrud | |
| 2009-09-22 | Bugfix 4951: Don't fail if IPv6 kernel module is not loaded. | Bob Gilligan | |
| Handle the case where the IPv6 kernel module is not loaded more gracefully. | |||
| 2009-05-27 | explicitly set conntrack table size to 16384 on system boot | Mohit Mehta | |
| 2009-05-08 | Bugfix 4340: Enable net.netfilter.nf_conntrack_tcp_be_liberal by default. | Bob Gilligan | |
| The parameter in question loosens the "acceptability" check on TCP sequence and ACK numbers in the TCP conntrack module. This allows connection tracking to survive certain cases where packet loss would cause it to loose sync with the TCP endpoints. | |||
| 2009-04-13 | Add conntrack and post firewall hooks for IPv6. | Bob Gilligan | |
| 2009-03-12 | Doing strict ES won't work for router | Stephen Hemminger | |
| Need a different kind of filter to fix 4061. (Not sure if it is even possible as firewall rule since it depends on quagga config rules). | |||
| 2009-03-12 | Don't use -P | Stephen Hemminger | |
| Changing default property of rules screws up other things | |||
| 2009-03-12 | Enable strict host matching | Stephen Hemminger | |
| Bug 4061 Host (INPUT) chain will only accept packets where destination address matches address on incoming interface. | |||
| 2008-08-21 | fix for bug 3622: add pre-SNAT hook | An-Cheng Huang | |
| 2008-04-08 | add post-firewall hook for other features | An-Cheng Huang | |
| 2008-03-10 | update from VPL1 to GPLv2 | Stephen Hemminger | |
| 2007-12-10 | Update vyatta-cfg-firewall package. | Bob Gilligan | |
 |
index : vyatta-cfg-firewall.git | |
| Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git) |
| summaryrefslogtreecommitdiff |