| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2012-06-18 | fix 8112 | Gaurav Sinha | |
| (cherry picked from commit e63154e1c5b7052b99fa76a0111b5c65aebea940) | |||
| 2012-06-11 | create nfct helper policies and prepare VYATTA_CT_HELPER chain | Gaurav Sinha | |
| (cherry picked from commit 4da13393a7c42547d256a19f7663dd9f1f3e2771) | |||
| 2012-05-14 | don't add CTHELPER chain by default on boot. add when needed. | Gaurav Sinha | |
| 2012-04-16 | create CT_HELPER chain in PREROUTING and OUTPUT | Gaurav Sinha | |
| 2012-04-16 | fixing 7998 | Gaurav Sinha | |
| 2012-03-23 | include CT_TIMEOUT chain for conntrack timeouts. | Gaurav | |
| 2011-12-27 | Create VRRP output filter to filter IGMP from vmac interfaces | John Southworth | |
| 2011-12-12 | Setup filter for VRRP vmac interfaces | John Southworth | |
| 2011-12-01 | Bug 6063 ENH: Provide option(s) to globally allow stateful return traffic | Mohit Mehta | |
| * add code to set global policy for established, related, invalid states | |||
| 2010-09-21 | * separate out post fw hooks for IN, FWD, OUT. Use count_iptables_rule from lib | Mohit Mehta | |
| 2010-08-31 | Fix 6125: iptables errors on boot up of mendocino | Stig Thormodsrud | |
| Shorten chain from VYATTA_PRE_CT_PREROUTING_HOOK to VYATTA_CT_PREROUTING_HOOK | |||
| 2010-06-10 | Infrastruction needed for bug 5583. | Stig Thormodsrud | |
| 2010-05-17 | Fix Bug 5588 Add ability to modify conntrack expectation table size | Mohit Mehta | |
| * added 'firewall conntrack-expect-table-size' to modify expect table's size * added 'firewall conntrack-hash-size' to set hash size for conntrack table | |||
| 2010-04-09 | Add VYATTA_PRE_DNAT_HOOK in nat PREROUTING table. | Stig Thormodsrud | |
| 2009-09-22 | Bugfix 4951: Don't fail if IPv6 kernel module is not loaded. | Bob Gilligan | |
| Handle the case where the IPv6 kernel module is not loaded more gracefully. | |||
| 2009-05-27 | explicitly set conntrack table size to 16384 on system boot | Mohit Mehta | |
| 2009-05-08 | Bugfix 4340: Enable net.netfilter.nf_conntrack_tcp_be_liberal by default. | Bob Gilligan | |
| The parameter in question loosens the "acceptability" check on TCP sequence and ACK numbers in the TCP conntrack module. This allows connection tracking to survive certain cases where packet loss would cause it to loose sync with the TCP endpoints. | |||
| 2009-04-13 | Add conntrack and post firewall hooks for IPv6. | Bob Gilligan | |
| 2009-03-12 | Doing strict ES won't work for router | Stephen Hemminger | |
| Need a different kind of filter to fix 4061. (Not sure if it is even possible as firewall rule since it depends on quagga config rules). | |||
| 2009-03-12 | Don't use -P | Stephen Hemminger | |
| Changing default property of rules screws up other things | |||
| 2009-03-12 | Enable strict host matching | Stephen Hemminger | |
| Bug 4061 Host (INPUT) chain will only accept packets where destination address matches address on incoming interface. | |||
| 2008-08-21 | fix for bug 3622: add pre-SNAT hook | An-Cheng Huang | |
| 2008-04-08 | add post-firewall hook for other features | An-Cheng Huang | |
| 2008-03-10 | update from VPL1 to GPLv2 | Stephen Hemminger | |
| 2007-12-10 | Update vyatta-cfg-firewall package. | Bob Gilligan | |
 |
index : vyatta-cfg-firewall.git | |
| Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git) |
| summaryrefslogtreecommitdiff |