| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2011-11-04 | Fix Bug 7340 Unable to apply modify firewall to interface when zone policy ↵ | Mohit Mehta | |
| exists * change commit check to only check if the interface being applied firewall ruleset is in a zone if only the ruleset type is either name|ipv6-name. Thus, ignoring the check when modify rule-set is being applied to an interface (cherry picked from commit 8b2b85a129d3cf23565efe7b0ee15871ebff15c0) (cherry picked from commit 0d3699267b313a59f3e5500c1cab7f00f43b7712) | |||
| 2010-11-16 | Updated to change in error location api. | Michael Larson | |
| 2010-10-19 | add local hook setup/tear for filter table similar to in|out hooks | Mohit Mehta | |
| 2010-10-19 | use single variable to reference firewall IN and OUT hooks | Mohit Mehta | |
| 2010-10-15 | missing paren | root | |
| 2010-10-15 | additional errors w/ location of error. | root | |
| 2010-10-11 | Use Sys::Syslog to avoid calling logger excessively | Stephen Hemminger | |
| 2010-10-01 | move chain_referenced function to Mgr.pm module | Mohit Mehta | |
| 2010-09-21 | * move count_iptables_rule to Iptables::Mgr and update it's usage | Mohit Mehta | |
| 2010-09-21 | * separate out post fw hooks for IN, FWD, OUT. Use count_iptables_rule from lib | Mohit Mehta | |
| 2010-06-12 | Dont tear down conntrack if the other table is using it. | Stig Thormodsrud | |
| 2010-06-12 | Dont create FW_CONNTRACK if it already exists. | Stig Thormodsrud | |
| 2010-06-11 | Add support for firewall enable-default-log. | Stig Thormodsrud | |
| 2010-06-10 | Infrastruction needed for bug 5583. | Stig Thormodsrud | |
| 2010-03-05 | Fix firewall conntrack teardown. | Stig Thormodsrud | |
| 2009-08-07 | * Fix Bug 3625 Firewall protocol option should have a selection for TCP and UDP | Mohit Mehta | |
| added tcp_udp as a valid protocol value to match both tcp and udp in 1 rule | |||
| 2009-07-31 | Fix 4683: Firewall Rule number maximum 1024 reached | Stig Thormodsrud | |
| (cherry picked from commit 90fb731c3a846e9a951c6fd1c5f73082e2bcf93a) | |||
| 2009-06-14 | Fix 4581: Firewall name issue causes failed commit | Stig Thormodsrud | |
| 2009-06-02 | Change firewall default-policy to default-action. | Stig Thormodsrud | |
| 2009-05-11 | Add 'reject' as a configurable value for default-policy | Mohit Mehta | |
| under name and ipv6-name rulesets | |||
| 2009-05-08 | Fix Bug 4388 firewall name shouldn't have been set after commit failed | Mohit Mehta | |
| * undo chain setup and refcnt work if chain rule failed during chain creation | |||
| 2009-05-05 | * don't allow user to create a chain that exists in the system. This may be | Mohit Mehta | |
| either vyatta/user defined chains or system chains such as INPUT, OUTPUT etc. * don't allow user to create chains with name starting from 'VZONE'. This is reserved for zone chains created by us. | |||
| 2009-05-01 | * setup table only for specific tree, not both filter and mangle | Mohit Mehta | |
| as we teardown table only for the tree that was in the CLI * remove 'next' statement for removed for loop * fix Bug 4244 - Committing firewall changes breaks WAN Load-balancing (WLB) we only delete chains that are configured under firewall and don't touch chains that might be owned by other features such as zone based firewall, WLB * remove unused code, code cleanup | |||
| 2009-04-27 | outlaw applying firewall to an interface that is defined under a zone | Mohit Mehta | |
| 2009-04-27 | Disable firewall debuging by default. | Stig Thormodsrud | |
| 2009-04-24 | enable/disable conntrack separately for ipv4/ipv6 | Stig Thormodsrud | |
| 2009-04-24 | Move setup/teardown out from top-level firewall node. | Stig Thormodsrud | |
| Add refcnts to know when to teardown. | |||
| 2009-04-13 | Fix bug where an empty firewall rule deletes the default drop policy. | Stig Thormodsrud | |
| 2009-04-13 | Move firewall "end" processing down to each table. | Stig Thormodsrud | |
| Fix bug for global enable/disable of conntrack. | |||
| 2009-04-09 | Add ability for firename to select default policy. | Stig Thormodsrud | |
| 2009-04-08 | Fix faulty search loop. | Stig Thormodsrud | |
| 2009-04-07 | Apply interface firewalls to separate VYATTA_(IN|OUT)_HOOK. | Stig Thormodsrud | |
| This enforces in firewall to be processed before out firewall. | |||
| 2009-03-27 | Revert "Allow user configurable default-policy on firewall." | Stig Thormodsrud | |
| Further test identified a problem. The patch is broken if a packet must do both an in & out filter. This reverts commit 754d0f4d855a59020afa20ad8867218708b5c978. | |||
| 2009-03-27 | Allow user configurable default-policy on firewall. | Stig Thormodsrud | |
| 2009-03-04 | Don't attempt to delete ruleset from "other" trees | Bob Gilligan | |
| When a ruleset was being applied to an interface, the code previously attempted to find out if that ruleset name was being applied to that same interface and in the same direction, but under a different "tree" name (e.g. "name", "ipv6-name", "modify", etc.). If it found a match, it would delete the other rule. But the matching logic was insufficient, so it killed off some random other rule instead. There is really no need to perform this check anyway, so I have removed it. | |||
| 2009-02-24 | Allow IPv6 firewall rulesets to be configured on an interface independent of ↵ | Bob Gilligan | |
| IPv4. Replaced the hand-coded config templates under each type of interface with script-generated templates. This should be easier to maintain as we add new types of interfaces. Added sub-trees for "modify", "ipv6-name" and "ipv6-modify" under "in", "out" and "local" for all interfaces. Added command-completion for ruleset names being configured on an interface. | |||
| 2009-02-09 | Add back parameter that was dropped when converting to use run_cmd(). | Stig Thormodsrud | |
| 2009-02-04 | Delete commented out code. | Stig Thormodsrud | |
| 2009-02-03 | Turn on strict checking and fix warnings | Stephen Hemminger | |
| Turn on strict checking and fix the resulting errors. Get rid of perlcritic warnings. | |||
| 2009-01-29 | Use iptables comment to identify CLI rule numbers in iptables output | Mohit Mehta | |
| 2009-01-23 | Bugfix 4062: Don't reference parameters outside the config tree. | Bob Gilligan | |
| The AddressFilter module was reaching up the config tree to find a config parameter that was used to determine whether the address type was IPv4 or IPv6. This breaks when the functions are called from some locations in the config tree. I added explicity function calls to allow the caller to to set the IP version, obviating the need to reference a config parameter to determin the IP version. | |||
| 2009-01-21 | Initial support for IPv6. | Bob Gilligan | |
| 2008-12-03 | fix for perl module reorganization | An-Cheng Huang | |
| 2008-11-24 | Convert VyattaConfig to Vyatta::Config | Stephen Hemminger | |
| 2008-11-21 | Rename VyattaIpTablesRule to Vyatta::IpTables::Rule | Stephen Hemminger | |
| 2008-08-07 | fix conntrack enabling mechanism | An-Cheng Huang | |
| 2008-06-04 | rename "mangle" to "modify" | An-Cheng Huang | |
| 2008-05-09 | add mangle table support to firewall configuration. initial implementation | An-Cheng Huang | |
| allows MARK and DSCP jump targets. | |||
| 2008-04-21 | Merge branch 'glendale' into hollywood | rbalocca | |
| 2008-04-16 | fix for bug 3167: get the actual return status from iptables. | An-Cheng Huang | |
 |
index : vyatta-cfg-firewall.git | |
| Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git) |
| summaryrefslogtreecommitdiff |