| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2022-09-19 | ipset: T2189: optimized firewall groups performance | zsdc | |
| This commit optimizes the speed of interaction with the ipset. * removed extra `sudo` from `ipset` commands, because scripts that run `ipset` commands already run under `sudo`. This gives approximately 4x performance improvement. * replaced logic in the `member_exists` function for port groups. Instead of calling `ipset -T` for each port now the whole list is received in one command and a search process is done inside Perl. This significantly improves speed for port groups with long port ranges inside. * delete ip address and port ranges using a single command instead deleting each element individually. * added the same ranges validation for address-group as for port-group. | |||
| 2022-03-06 | ipset: T4002: Generate a temporary set name from UUID | zsdc | |
| ipset allows assigning set names up to 31 characters long. Currently, we use a process -PID number as a suffix for generating temporary set names. But this cuts effective set name to 25 characters only (`set name in CLI` + `-` + `PID number`), however in CLI we have a limit set to 31. So, set names with long prefixes cannot be configured. This commit replaces PID-based temporary name with UUID-based, which allows configuring set names with full name size. | |||
| 2019-06-19 | [ipset] T1456: Add check for duplicate items in port-group before commit | zsdc | |
| 2018-04-19 | Task T35 - enable prune-deleted-sets for inet6 family firewall templates | Marian Tudosoiu | |
| 2018-04-11 | Task T35 - fixing prune_deleted_sets for inet6 family | Marian Tudosoiu | |
| 2018-03-14 | Task T35 change to place ipv6 address-groups and network groups under group ↵ | Marian Tudosoiu | |
| config tree | |||
| 2018-03-12 | Task T35 - add support for IPv6 firewall adddress and network groups | Marian Tudosoiu | |
| 2012-11-21 | fix for 8492. Don't declare error and bail out on attempt to deletion of ipset. | Gaurav Sinha | |
| (cherry picked from commit 5853281f2c8514a40608b1e83eca65e4c25aae00) | |||
| 2012-11-19 | Bugfix 7613: cleanup firewall groups correctly | John Southworth | |
| 2012-11-19 | Add show functions for allowed scripts for firewall groups | Gaurav Sinha | |
| (cherry picked from commit 8a2bc83dff27b99a6cde3c396936741d96dc915c) (cherry picked from commit 48abdef97b582c8d857fe338d69492f55dfffdf2) | |||
| 2012-11-19 | Add warning prompt before doing reset | Gaurav Sinha | |
| (cherry picked from commit 3d248225eecc99e3e39c497f3a4bd76d5d3aac96) (cherry picked from commit fffe09f9d7a53d5d74bae6bafc2c7b7409a4babf) | |||
| 2012-11-19 | added reset all groups functions | Gaurav Sinha | |
| (cherry picked from commit b090e8cf73480ba6bbf967bf1fbd8f59e1a8843d) Conflicts: scripts/firewall/vyatta-ipset.pl (cherry picked from commit 2c2cd1aef9eada852084ecebb3c76e468cc56a2a) | |||
| 2012-11-19 | reset functions for named ipset rule implementation with commit lock | Gaurav Sinha | |
| (cherry picked from commit 6b7808bf6c8dd9d1d9e993969358db2be135beff) Conflicts: scripts/firewall/vyatta-ipset.pl (cherry picked from commit 977f7ad60c252ed3c23176d5e764cd9231784fc7) | |||
| 2012-11-19 | initial script for reset firewall group command | Gaurav Sinha | |
| (cherry picked from commit c10ab7f443c581ffd31779f6e32b0d28f5c8366f) (cherry picked from commit 2029744d3b7cc83b7568e3fa474c8d079efece38) Conflicts: scripts/firewall/vyatta-ipset.pl | |||
| 2012-04-30 | service names with hyphen need to be escaped using square brackets. | Gaurav Sinha | |
| 2011-08-29 | Fix Bug 7477 firewall group negation doesn't work in vc6.3 | Stig | |
| * use Ipset.pm method rather than CLI path to validate group name when using group as a match condition in a firewall ruleset | |||
| 2011-05-20 | add "two-stage commit" equivalent to previous fix for bug 5227. | An-Cheng Huang | |
| 2011-05-03 | modify firewall groups to work with new commitnapa-dev | An-Cheng Huang | |
| 2011-03-07 | more ipset 6.0 change | An-Cheng Huang | |
| 2010-10-30 | Fix 5247: Firewall groups CLI becomes out of sync with ipset when sets and ↵ | Stig Thormodsrud | |
| deletes are contained within a single commit | |||
| 2010-03-18 | Fix firewall group parent delete while still referenced. | Stig Thormodsrud | |
| 2010-03-17 | Fix 5453: can't delete "address" under "firewall group <> address-group <>" | Stig Thormodsrud | |
| 2010-02-15 | Fix 5227: firewall group config can get out of sync with ipset | Stig Thormodsrud | |
| 2009-07-31 | Another attempt to fix 4760. | Stig Thormodsrud | |
| (cherry picked from commit 4dadce6ebca29e6f6d7120a44541fd99034417f2) | |||
| 2009-02-15 | Add support for ranges in firewall group address & port. | Stig Thormodsrud | |
| 2009-02-13 | Add description and references to "show firewall group". | Stig Thormodsrud | |
| 2009-02-13 | Add show-set to display all sets. | Stig Thormodsrud | |
| 2009-02-13 | Add support for "show firewall group". | Stig Thormodsrud | |
| 2009-02-06 | Add carriage return to error message. | Stig Thormodsrud | |
| 2009-02-06 | Add validation of group type. | Stig Thormodsrud | |
| 2009-02-02 | Add 1st pass of firewall group support (ipset netfilter module | Stig Thormodsrud | |
| integration). | |||
 |
index : vyatta-cfg-firewall.git | |
| Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git) |
| summaryrefslogtreecommitdiff |