| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2009-03-04 | Don't attempt to delete ruleset from "other" trees | Bob Gilligan | |
| When a ruleset was being applied to an interface, the code previously attempted to find out if that ruleset name was being applied to that same interface and in the same direction, but under a different "tree" name (e.g. "name", "ipv6-name", "modify", etc.). If it found a match, it would delete the other rule. But the matching logic was insufficient, so it killed off some random other rule instead. There is really no need to perform this check anyway, so I have removed it. | |||
| 2009-02-24 | Allow IPv6 firewall rulesets to be configured on an interface independent of ↵ | Bob Gilligan | |
| IPv4. Replaced the hand-coded config templates under each type of interface with script-generated templates. This should be easier to maintain as we add new types of interfaces. Added sub-trees for "modify", "ipv6-name" and "ipv6-modify" under "in", "out" and "local" for all interfaces. Added command-completion for ruleset names being configured on an interface. | |||
| 2009-02-09 | Add back parameter that was dropped when converting to use run_cmd(). | Stig Thormodsrud | |
| 2009-02-04 | Delete commented out code. | Stig Thormodsrud | |
| 2009-02-03 | Turn on strict checking and fix warnings | Stephen Hemminger | |
| Turn on strict checking and fix the resulting errors. Get rid of perlcritic warnings. | |||
| 2009-01-29 | Use iptables comment to identify CLI rule numbers in iptables output | Mohit Mehta | |
| 2009-01-23 | Bugfix 4062: Don't reference parameters outside the config tree. | Bob Gilligan | |
| The AddressFilter module was reaching up the config tree to find a config parameter that was used to determine whether the address type was IPv4 or IPv6. This breaks when the functions are called from some locations in the config tree. I added explicity function calls to allow the caller to to set the IP version, obviating the need to reference a config parameter to determin the IP version. | |||
| 2009-01-21 | Initial support for IPv6. | Bob Gilligan | |
| 2008-12-03 | fix for perl module reorganization | An-Cheng Huang | |
| 2008-11-24 | Convert VyattaConfig to Vyatta::Config | Stephen Hemminger | |
| 2008-11-21 | Rename VyattaIpTablesRule to Vyatta::IpTables::Rule | Stephen Hemminger | |
| 2008-08-07 | fix conntrack enabling mechanism | An-Cheng Huang | |
| 2008-06-04 | rename "mangle" to "modify" | An-Cheng Huang | |
| 2008-05-09 | add mangle table support to firewall configuration. initial implementation | An-Cheng Huang | |
| allows MARK and DSCP jump targets. | |||
| 2008-04-21 | Merge branch 'glendale' into hollywood | rbalocca | |
| 2008-04-16 | fix for bug 3167: get the actual return status from iptables. | An-Cheng Huang | |
| 2008-04-08 | add post-firewall hook for other features | An-Cheng Huang | |
| 2008-04-08 | fix for bug 3127: look for an exact match to replace/delete. | An-Cheng Huang | |
| 2008-04-08 | fix for bug 3127: look for an exact match to replace/delete. | An-Cheng Huang | |
| 2008-02-29 | fix a problem in the interaction between "firewall" and "interfaces". | An-Cheng Huang | |
| 2007-12-31 | Bugfix: 2553 | Bob Gilligan | |
| Send output from "iptables" commands to syslog, not stdout or stderr, so that it doesn't confuse users, but remains available for debugging and troubleshooting. | |||
| 2007-12-28 | Bugfix: 2553 | Bob Gilligan | |
| Eliminate debug output from firewall configuration script so that user is not confused by it. | |||
| 2007-12-10 | Initial setup of vyatta-cfg-firewall package. | Bob Gilligan | |
 |
index : vyatta-cfg-firewall.git | |
| Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git) |
| summaryrefslogtreecommitdiff |