summaryrefslogtreecommitdiff
path: root/templates/firewall
AgeCommit message (Collapse)Author
2009-05-11Add 'reject' as a configurable value for default-policyMohit Mehta
under name and ipv6-name rulesets
2009-05-05* don't allow user to create a chain that exists in the system. This may beMohit Mehta
either vyatta/user defined chains or system chains such as INPUT, OUTPUT etc. * don't allow user to create chains with name starting from 'VZONE'. This is reserved for zone chains created by us.
2009-05-01* setup table only for specific tree, not both filter and mangleMohit Mehta
as we teardown table only for the tree that was in the CLI * remove 'next' statement for removed for loop * fix Bug 4244 - Committing firewall changes breaks WAN Load-balancing (WLB) we only delete chains that are configured under firewall and don't touch chains that might be owned by other features such as zone based firewall, WLB * remove unused code, code cleanup
2009-04-24Move setup/teardown out from top-level firewall node.Stig Thormodsrud
Add refcnts to know when to teardown.
2009-04-22Fix Bug 4261 - Features missing in various firewall sub-treesMohit Mehta
add 'disable', 'fragment', 'ipsec', and 'recent' under 'firewall modify' tree
2009-04-13Move firewall "end" processing down to each table.Stig Thormodsrud
Fix bug for global enable/disable of conntrack.
2009-04-09Add ability for firename to select default policy.Stig Thormodsrud
2009-04-07Apply interface firewalls to separate VYATTA_(IN|OUT)_HOOK.Stig Thormodsrud
This enforces in firewall to be processed before out firewall.
2009-04-03Bugfix 4261: Add support to configure "limit" for IPv6 modify rulesets.Bob Gilligan
2009-04-03Bugfix 4261: Add support to configure "limit" in IPv6.Bob Gilligan
2009-03-27Revert "Allow user configurable default-policy on firewall."Stig Thormodsrud
Further test identified a problem. The patch is broken if a packet must do both an in & out filter. This reverts commit 754d0f4d855a59020afa20ad8867218708b5c978.
2009-03-27Allow user configurable default-policy on firewall.Stig Thormodsrud
2009-03-26* add 'redirect' to Valid ICMPv6 TypesMohit Mehta
* add comp_help for ICMPv4 type-name
2009-02-27Prevent ';' from being used in a firewall name.Stig Thormodsrud
2009-02-26Add allow/comp_help to firewall action.Stig Thormodsrud
2009-02-25Use single quote around $VAR(@).Stig Thormodsrud
2009-02-25Revert "Make sure to quote $VAR(@)."Stig Thormodsrud
This reverts commit c5595b67948166f65c8ea2c1ce1890b9aa27fd3d.
2009-02-24Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jennerStig Thormodsrud
2009-02-24Make sure to quote $VAR(@).Stig Thormodsrud
2009-02-24add ipv6 accept_redirects and accept_source_route under firewallMohit Mehta
2009-02-24Limit firewall name to 29 characters since that is the iptables/ip6tablesStig Thormodsrud
limit.
2009-02-24Fix Bug 4150 enable loose reverse path filteringMohit Mehta
2009-02-23Add "ipv6-modify" firewall configuration sub-tree.Bob Gilligan
2009-02-19Fix Bug 3951 default values for kernel tunable security parameters under ↵Mohit Mehta
firewall
2009-02-19Fix Bug 3951 default values for kernel tunable security parameters under ↵Mohit Mehta
firewall
2009-02-18Multiple updates for IPv6:Bob Gilligan
- Added ICMPv6 config tree - Removed ICMP config tree (it's not used in IPv6) - Removed fragmentation tree (it's not used in IPv6) - Improved parsing for source and destination address parameters - Improved parsing for protocol parameter
2009-02-15Add support for ranges in firewall group address & port.Stig Thormodsrud
2009-02-13Fix Bug 4074 firewall broadcast ping parameter needs to be clarifiedMohit Mehta
make behavior as documented i.e. icmp broadcast pings are ignored unless 'firewall broadcast-ping' is set to 'enable' by user
2009-02-12Add firewall group nodes to firewall modify.Stig Thormodsrud
2009-02-12Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jennerStig Thormodsrud
2009-02-12Add allow values for firewall groups.Stig Thormodsrud
2009-02-12no need to use loop to echo allowed valuesMohit Mehta
2009-02-12better off storing icmp type-names than depend on iptables helpMohit Mehta
2009-02-10Change sudo usage to be more consistent.Stig Thormodsrud
2009-02-06Add validation of group type.Stig Thormodsrud
2009-02-02Add 1st pass of firewall group support (ipset netfilter moduleStig Thormodsrud
integration).
2009-02-02Rever to specific IP version in help text.Bob Gilligan
2009-01-30Fix Bug 2741 ENH: filter based on ICMP Type/code by nameMohit Mehta
2009-01-26Fix Bug 2474 https://bugzilla.vyatta.com/show_bug.cgi?id=2474Mohit Mehta
2009-01-21Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jennerBob Gilligan
2009-01-21Initial support for IPv6.Bob Gilligan
2009-01-16- Fix Bug 2223 Add rate rate limiting / burst limiting functions to the ↵Mohit Mehta
Vyatta firewall - Fix help strings for time-based firewall nodes
2009-01-14Fix Bug 3653 Add the ability to configure time-based firewall rulesMohit Mehta
- make available the option to use time with startdate and stopdate
2009-01-14Fix Bug 3653 Add the ability to configure time-based firewall rulesMohit Mehta
- add time options under 'firewall modify <> rule <>'
2009-01-13Fix Bug 3653 Add the ability to configure time-based firewall rulesMohit Mehta
2008-12-22Fix 2563: Add firewall-rule specific disable configuration parameter.Stig Thormodsrud
2008-12-20Fix 3626: Not all protocol numbers are accepted in firewall rules.Stig Thormodsrud
2008-12-09Cleanup firewall templates for readability. Update help strings to reflect ↵Bob Gilligan
IPv4.
2008-12-03add ipp2p config optionsAn-Cheng Huang
2008-08-21fix for bug 3604: add fragment matching optionsAn-Cheng Huang
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-26 19:16:40 +0000