| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2011-12-27 | Create VRRP output filter to filter IGMP from vmac interfaces | John Southworth | |
| 2011-12-12 | Setup filter for VRRP vmac interfaces | John Southworth | |
| 2011-12-01 | Bug 6063 ENH: Provide option(s) to globally allow stateful return traffic | Mohit Mehta | |
| * add code to set global policy for established, related, invalid states | |||
| 2011-08-29 | Fix Bug 7477 firewall group negation doesn't work in vc6.3 | Stig | |
| * use Ipset.pm method rather than CLI path to validate group name when using group as a match condition in a firewall ruleset | |||
| 2011-07-15 | Fix Bug 7340 Unable to apply modify firewall to interface when zone policy ↵ | Mohit Mehta | |
| exists * change commit check to only check if the interface being applied firewall ruleset is in a zone if only the ruleset type is either name|ipv6-name. Thus, ignoring the check when modify rule-set is being applied to an interface (cherry picked from commit 8b2b85a129d3cf23565efe7b0ee15871ebff15c0) | |||
| 2011-05-20 | add "two-stage commit" equivalent to previous fix for bug 5227. | An-Cheng Huang | |
| 2011-05-03 | modify firewall groups to work with new commitnapa-dev | An-Cheng Huang | |
| 2011-03-07 | more ipset 6.0 change | An-Cheng Huang | |
| 2010-11-16 | Updated to change in error location api. | Michael Larson | |
| 2010-10-30 | Fix 5247: Firewall groups CLI becomes out of sync with ipset when sets and ↵ | Stig Thormodsrud | |
| deletes are contained within a single commit | |||
| 2010-10-19 | add local hook setup/tear for filter table similar to in|out hooks | Mohit Mehta | |
| 2010-10-19 | use single variable to reference firewall IN and OUT hooks | Mohit Mehta | |
| 2010-10-15 | missing paren | root | |
| 2010-10-15 | additional errors w/ location of error. | root | |
| 2010-10-11 | Use Sys::Syslog to avoid calling logger excessively | Stephen Hemminger | |
| 2010-10-01 | move chain_referenced function to Mgr.pm module | Mohit Mehta | |
| 2010-09-21 | * move count_iptables_rule to Iptables::Mgr and update it's usage | Mohit Mehta | |
| 2010-09-21 | * separate out post fw hooks for IN, FWD, OUT. Use count_iptables_rule from lib | Mohit Mehta | |
| 2010-08-31 | Fix 6125: iptables errors on boot up of mendocino | Stig Thormodsrud | |
| Shorten chain from VYATTA_PRE_CT_PREROUTING_HOOK to VYATTA_CT_PREROUTING_HOOK | |||
| 2010-06-12 | Dont tear down conntrack if the other table is using it. | Stig Thormodsrud | |
| 2010-06-12 | Dont create FW_CONNTRACK if it already exists. | Stig Thormodsrud | |
| 2010-06-11 | Add support for firewall enable-default-log. | Stig Thormodsrud | |
| 2010-06-10 | Infrastruction needed for bug 5583. | Stig Thormodsrud | |
| 2010-05-17 | Fix Bug 5588 Add ability to modify conntrack expectation table size | Mohit Mehta | |
| * added 'firewall conntrack-expect-table-size' to modify expect table's size * added 'firewall conntrack-hash-size' to set hash size for conntrack table | |||
| 2010-04-09 | Add VYATTA_PRE_DNAT_HOOK in nat PREROUTING table. | Stig Thormodsrud | |
| 2010-03-18 | Fix firewall group parent delete while still referenced. | Stig Thormodsrud | |
| 2010-03-17 | Fix 5453: can't delete "address" under "firewall group <> address-group <>" | Stig Thormodsrud | |
| 2010-03-05 | Fix firewall conntrack teardown. | Stig Thormodsrud | |
| 2010-02-15 | Fix 5227: firewall group config can get out of sync with ipset | Stig Thormodsrud | |
| 2010-02-02 | Remove old Xorp template | Stephen Hemminger | |
| 2009-09-22 | Bugfix 4951: Don't fail if IPv6 kernel module is not loaded. | Bob Gilligan | |
| Handle the case where the IPv6 kernel module is not loaded more gracefully. | |||
| 2009-08-07 | * Fix Bug 3625 Firewall protocol option should have a selection for TCP and UDP | Mohit Mehta | |
| added tcp_udp as a valid protocol value to match both tcp and udp in 1 rule | |||
| 2009-07-31 | Another attempt to fix 4760. | Stig Thormodsrud | |
| (cherry picked from commit 4dadce6ebca29e6f6d7120a44541fd99034417f2) | |||
| 2009-07-31 | Fix 4683: Firewall Rule number maximum 1024 reached | Stig Thormodsrud | |
| (cherry picked from commit 90fb731c3a846e9a951c6fd1c5f73082e2bcf93a) | |||
| 2009-06-14 | Fix 4581: Firewall name issue causes failed commit | Stig Thormodsrud | |
| 2009-06-02 | Change firewall default-policy to default-action. | Stig Thormodsrud | |
| 2009-05-27 | explicitly set conntrack table size to 16384 on system boot | Mohit Mehta | |
| 2009-05-11 | Add 'reject' as a configurable value for default-policy | Mohit Mehta | |
| under name and ipv6-name rulesets | |||
| 2009-05-08 | Fix Bug 4388 firewall name shouldn't have been set after commit failed | Mohit Mehta | |
| * undo chain setup and refcnt work if chain rule failed during chain creation | |||
| 2009-05-08 | Bugfix 4340: Enable net.netfilter.nf_conntrack_tcp_be_liberal by default. | Bob Gilligan | |
| The parameter in question loosens the "acceptability" check on TCP sequence and ACK numbers in the TCP conntrack module. This allows connection tracking to survive certain cases where packet loss would cause it to loose sync with the TCP endpoints. | |||
| 2009-05-05 | * don't allow user to create a chain that exists in the system. This may be | Mohit Mehta | |
| either vyatta/user defined chains or system chains such as INPUT, OUTPUT etc. * don't allow user to create chains with name starting from 'VZONE'. This is reserved for zone chains created by us. | |||
| 2009-05-01 | * setup table only for specific tree, not both filter and mangle | Mohit Mehta | |
| as we teardown table only for the tree that was in the CLI * remove 'next' statement for removed for loop * fix Bug 4244 - Committing firewall changes breaks WAN Load-balancing (WLB) we only delete chains that are configured under firewall and don't touch chains that might be owned by other features such as zone based firewall, WLB * remove unused code, code cleanup | |||
| 2009-04-27 | outlaw applying firewall to an interface that is defined under a zone | Mohit Mehta | |
| 2009-04-27 | Disable firewall debuging by default. | Stig Thormodsrud | |
| 2009-04-24 | enable/disable conntrack separately for ipv4/ipv6 | Stig Thormodsrud | |
| 2009-04-24 | Move setup/teardown out from top-level firewall node. | Stig Thormodsrud | |
| Add refcnts to know when to teardown. | |||
| 2009-04-13 | Add conntrack and post firewall hooks for IPv6. | Bob Gilligan | |
| 2009-04-13 | Fix bug where an empty firewall rule deletes the default drop policy. | Stig Thormodsrud | |
| 2009-04-13 | Move firewall "end" processing down to each table. | Stig Thormodsrud | |
| Fix bug for global enable/disable of conntrack. | |||
| 2009-04-09 | Add ability for firename to select default policy. | Stig Thormodsrud | |
 |
index : vyatta-cfg-firewall.git | |
| Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git) |
| summaryrefslogtreecommitdiff |