Age | Commit message (Collapse) | Author | |
---|---|---|---|
2013-05-22 | Enable generation of SNMP traps on firewall config changes | James Davidson | |
Adds call to vyatta-firewall-trap.pl to end action of firewall nodes. | |||
2013-05-15 | Add config node for firewall config change trap | James Davidson | |
2012-10-06 | PBR: config command validations, help strings etc. cleaned up and | susheela | |
includes fixes for 8355, 8362, 8365. | |||
2012-09-03 | initial checkin for pbr functionality | Robert Bays | |
2012-08-29 | fix 8200, don't allow shim6 in allowed list of ipv4 protocols for firewall | Gaurav Sinha | |
2012-06-03 | Remove sudo from port-group syntax check call | John Southworth | |
2012-06-02 | Make firewall syntax checks use the vyatta-util library | John Southworth | |
2012-02-24 | Bug Fix for 7751, 7753, 7757 | Mohit Mehta | |
Add commit checks for 'state-policy' sub-tree | |||
2012-01-06 | Fix help string of state-policy for related connections | Mohit Mehta | |
2011-12-02 | Warn users when stateful rules are set with state-policy configured | Mohit Mehta | |
2011-12-01 | Bug 6063 ENH: Provide option(s) to globally allow stateful return traffic | Mohit Mehta | |
* add code to set global policy for established, related, invalid states | |||
2011-11-08 | Remove conntrack-related code from firewall top level template | Daniil Baturin | |
(it was moved to vyatta-conntrack). | |||
2011-11-05 | Remove remaining conntrack-related templates. | Daniil Baturin | |
2011-11-05 | Remove conntrack-related templates from firewall | Daniil Baturin | |
2011-05-03 | modify firewall groups to work with new commitnapa-dev | An-Cheng Huang | |
2011-01-10 | Fix Bug 6292 iptables chain-name must be reduced to 28 characters max | Mohit Mehta | |
* change syntax check to limit firewall ruleset names to 28 chars and bump firewall cfg-version to enable config migration (cherry picked from commit a0e5b2107d6073a103e0f0c04cc8656f8dc3816b) | |||
2010-11-24 | Merge branch 'mendocino' of vm:rel/vyatta-cfg-firewall into mendocino | Stephen Hemminger | |
2010-11-24 | Use regex to test for name length rather than wc program | Stephen Hemminger | |
More efficient to use shell pattern match to test for name length. | |||
2010-10-30 | Fix 5247: Firewall groups CLI becomes out of sync with ipset when sets and ↵ | Stig Thormodsrud | |
deletes are contained within a single commit | |||
2010-09-13 | Fix bug 6149 Warning on boot because of modprobe config file names | Mohit Mehta | |
* rename existing files instead of removing em. rename sip option file as well | |||
2010-09-13 | Fix Bug 6149 Warning on boot because of modprobe config file names | Mohit Mehta | |
* add .conf suffix to files in /etc/modprobe.d * remove old files without the suffix [from a previous release] during upgrade | |||
2010-09-10 | Fix Bug 5309 Allow modifyining TCP MSS option | Mohit Mehta | |
* add the ability to modify TCP MSS value using modify|ipv6-modify rulesets | |||
2010-08-17 | remove low-level config dir usage | An-Cheng Huang | |
2010-08-17 | update help text to use val_help | An-Cheng Huang | |
2010-08-17 | Fix 5917: FW: Max characters exceeded for ipset rule when using "set firewall | Stig Thormodsrud | |
group address-group" command - handle special case where temp group begins with a '-'. (cherry picked from commit fa22559d3baa7ae5443f14e0ff774c4d6a49cc36) | |||
2010-08-17 | fix bug 6055 firewall rule help strings are confusing | Mohit Mehta | |
* add val_help for firewall rule nodes (cherry picked from commit 0a1eb7471e1ec478b2eb22200ab5fc42eaba1e8e) | |||
2010-08-17 | fix range in help strings for count parameter under recent | Mohit Mehta | |
(cherry picked from commit 3210dfe5d41f926840fd9ee6981a9fa89534cfd7) | |||
2010-08-11 | remove CLI backend env variables usage | An-Cheng Huang | |
* use the new cli-shell-api instead. | |||
2010-07-27 | Fix 5917: FW: Max characters exceeded for ipset rule when using "set ↵ | Stig Thormodsrud | |
firewall group address-group" command (cherry picked from commit 37638769fdaf40c5882eef3614e02f0aadbb1bba) | |||
2010-07-27 | Convert firewall rules to val_help: | Stephen Hemminger | |
Convert some (but not all) of existing rules using comp_help: to use val_help: (cherry picked from commit 77e13fa992a50cc5721bbad64235bff8f8ecd50d) | |||
2010-07-21 | undo verb usage at the start of help strings | Mohit Mehta | |
2010-07-15 | Fix bug 4629 configuration limit of recent count firewall rule is 20 | Mohit Mehta | |
* raise recent count limit to 255. add syntax check to disallow invalid values | |||
2010-06-11 | Add support for firewall enable-default-log. | Stig Thormodsrud | |
2010-05-31 | Bugfix 5632: Add ability to configure SIP UDP port numbers. | Bob Gilligan | |
2010-05-20 | need to restart conntrackd when conntrack table size changes | Mohit Mehta | |
2010-05-17 | Fix Bug 5588 Add ability to modify conntrack expectation table size | Mohit Mehta | |
* added 'firewall conntrack-expect-table-size' to modify expect table's size * added 'firewall conntrack-hash-size' to set hash size for conntrack table | |||
2010-03-18 | Fix firewall group parent delete while still referenced. | Stig Thormodsrud | |
2010-02-15 | Fix 5227: firewall group config can get out of sync with ipset | Stig Thormodsrud | |
2010-01-04 | Add same restrictions to ipv6-firewall name | Stephen Hemminger | |
See Bug 4156 fix. | |||
2010-01-04 | Don't allow spaces or other shell-confusing characters in firewall name | Stephen Hemminger | |
Don't allow space, verticalbar, semicolon, ampersand, dollar sign, less or greater than in rule name. This is because of lack of quoting in perl processing Bug 4156 | |||
2009-11-30 | added required keyword to help text. | Michael Larson | |
2009-10-21 | move priority after tag nodes. | slioch | |
2009-10-20 | add priority to node.def files. | slioch | |
2009-10-02 | Change syntax exec to syntax pattern. | Stig Thormodsrud | |
2009-09-22 | Bugfix 4951: Don't fail if IPv6 kernel module is not loaded. | Bob Gilligan | |
Handle the case where the IPv6 kernel module is not loaded more gracefully. | |||
2009-08-31 | fix for bug 4794 SIP Helper/ALG module does not translate RTP traffic... | rbays | |
added new configuration parameters: firewall conntrack-options sip enable-indirect-media firewall conntrack-options sip enable-indirect-signalling (cherry picked from commit 8d73836b37bae1cb8e8211bc483bf55c51241542) | |||
2009-08-07 | * Fix Bug 3625 Firewall protocol option should have a selection for TCP and UDP | Mohit Mehta | |
added tcp_udp as a valid protocol value to match both tcp and udp in 1 rule | |||
2009-07-31 | Fix 4683: Firewall Rule number maximum 1024 reached | Stig Thormodsrud | |
(cherry picked from commit 90fb731c3a846e9a951c6fd1c5f73082e2bcf93a) | |||
2009-06-15 | Fix negate of firewall group. | Stig Thormodsrud | |
2009-06-15 | Firewall groups fail on bootup - change syntax check to commit check. | Stig Thormodsrud | |