vyatta-cfg-firewall.git - Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git)

Age	Commit message (Collapse)	Author
2012-06-06	create nfct helper policies and prepare VYATTA_CT_HELPER chain	Gaurav Sinha

2012-06-06	Merge branch 'user_space_helpers' into pacifica	Gaurav Sinha

2012-05-14	don't add CTHELPER chain by default on boot. add when needed.	Gaurav Sinha

2012-04-30	service names with hyphen need to be escaped using square brackets.	Gaurav Sinha

2012-04-16	create CT_HELPER chain in PREROUTING and OUTPUT	Gaurav Sinha

2012-04-16	fixing 7998	Gaurav Sinha

2012-03-23	include CT_TIMEOUT chain for conntrack timeouts.	Gaurav

2012-02-29	7047:use DEFLT instead of default	Gaurav

2012-02-29	fixing 7047	Gaurav

2011-12-27	Create VRRP output filter to filter IGMP from vmac interfaces	John Southworth

2011-12-12	Setup filter for VRRP vmac interfaces	John Southworth

2011-12-01	Bug 6063 ENH: Provide option(s) to globally allow stateful return traffic	Mohit Mehta
	* add code to set global policy for established, related, invalid states
2011-11-15	Move check-params-on-reboot script for conntrack hash size to	Daniil Baturin
	vyatta-conntrack, update automake rules and debian controls accordingly.
2011-08-29	Fix Bug 7477 firewall group negation doesn't work in vc6.3	Stig
	* use Ipset.pm method rather than CLI path to validate group name when using group as a match condition in a firewall ruleset
2011-07-15	Fix Bug 7340 Unable to apply modify firewall to interface when zone policy ↵	Mohit Mehta
	exists * change commit check to only check if the interface being applied firewall ruleset is in a zone if only the ruleset type is either name\|ipv6-name. Thus, ignoring the check when modify rule-set is being applied to an interface (cherry picked from commit 8b2b85a129d3cf23565efe7b0ee15871ebff15c0)
2011-05-20	add "two-stage commit" equivalent to previous fix for bug 5227.	An-Cheng Huang

2011-05-03	modify firewall groups to work with new commitnapa-dev	An-Cheng Huang

2011-04-18	* Fix Bug 6915 conntrack-hash-size reverts to default after upgrade	Mohit Mehta
	add script conntrack-hash-size in check-params-on-reboot.d to fix problem of 'firewall conntrack-hash-size' value being out-of-sync with the underlying value when newly installed image boots for the first time
2011-03-07	more ipset 6.0 change	An-Cheng Huang

2010-11-16	Updated to change in error location api.	Michael Larson

2010-10-30	Fix 5247: Firewall groups CLI becomes out of sync with ipset when sets and ↵	Stig Thormodsrud
	deletes are contained within a single commit
2010-10-19	add local hook setup/tear for filter table similar to in\|out hooks	Mohit Mehta

2010-10-19	use single variable to reference firewall IN and OUT hooks	Mohit Mehta

2010-10-15	missing paren	root

2010-10-15	additional errors w/ location of error.	root

2010-10-11	Use Sys::Syslog to avoid calling logger excessively	Stephen Hemminger

2010-10-01	move chain_referenced function to Mgr.pm module	Mohit Mehta

2010-09-21	* move count_iptables_rule to Iptables::Mgr and update it's usage	Mohit Mehta

2010-09-21	* separate out post fw hooks for IN, FWD, OUT. Use count_iptables_rule from lib	Mohit Mehta

2010-08-31	Fix 6125: iptables errors on boot up of mendocino	Stig Thormodsrud
	Shorten chain from VYATTA_PRE_CT_PREROUTING_HOOK to VYATTA_CT_PREROUTING_HOOK
2010-06-12	Dont tear down conntrack if the other table is using it.	Stig Thormodsrud

2010-06-12	Dont create FW_CONNTRACK if it already exists.	Stig Thormodsrud

2010-06-11	Add support for firewall enable-default-log.	Stig Thormodsrud

2010-06-10	Infrastruction needed for bug 5583.	Stig Thormodsrud

2010-05-17	Fix Bug 5588 Add ability to modify conntrack expectation table size	Mohit Mehta
	* added 'firewall conntrack-expect-table-size' to modify expect table's size * added 'firewall conntrack-hash-size' to set hash size for conntrack table
2010-04-09	Add VYATTA_PRE_DNAT_HOOK in nat PREROUTING table.	Stig Thormodsrud

2010-03-18	Fix firewall group parent delete while still referenced.	Stig Thormodsrud

2010-03-17	Fix 5453: can't delete "address" under "firewall group <> address-group <>"	Stig Thormodsrud

2010-03-05	Fix firewall conntrack teardown.	Stig Thormodsrud

2010-02-15	Fix 5227: firewall group config can get out of sync with ipset	Stig Thormodsrud

2010-02-02	Remove old Xorp template	Stephen Hemminger

2009-09-22	Bugfix 4951: Don't fail if IPv6 kernel module is not loaded.	Bob Gilligan
	Handle the case where the IPv6 kernel module is not loaded more gracefully.
2009-08-07	* Fix Bug 3625 Firewall protocol option should have a selection for TCP and UDP	Mohit Mehta
	added tcp_udp as a valid protocol value to match both tcp and udp in 1 rule
2009-07-31	Another attempt to fix 4760.	Stig Thormodsrud
	(cherry picked from commit 4dadce6ebca29e6f6d7120a44541fd99034417f2)
2009-07-31	Fix 4683: Firewall Rule number maximum 1024 reached	Stig Thormodsrud
	(cherry picked from commit 90fb731c3a846e9a951c6fd1c5f73082e2bcf93a)
2009-06-14	Fix 4581: Firewall name issue causes failed commit	Stig Thormodsrud

2009-06-02	Change firewall default-policy to default-action.	Stig Thormodsrud

2009-05-27	explicitly set conntrack table size to 16384 on system boot	Mohit Mehta

2009-05-11	Add 'reject' as a configurable value for default-policy	Mohit Mehta
	under name and ipv6-name rulesets
2009-05-08	Fix Bug 4388 firewall name shouldn't have been set after commit failed	Mohit Mehta
	* undo chain setup and refcnt work if chain rule failed during chain creation