summaryrefslogtreecommitdiff
path: root/templates/firewall
AgeCommit message (Collapse)Author
2013-05-22Enable generation of SNMP traps on firewall config changesJames Davidson
Adds call to vyatta-firewall-trap.pl to end action of firewall nodes.
2013-05-15Add config node for firewall config change trapJames Davidson
2012-10-06PBR: config command validations, help strings etc. cleaned up andsusheela
includes fixes for 8355, 8362, 8365.
2012-09-03initial checkin for pbr functionalityRobert Bays
2012-08-29fix 8200, don't allow shim6 in allowed list of ipv4 protocols for firewallGaurav Sinha
2012-06-03Remove sudo from port-group syntax check callJohn Southworth
2012-06-02Make firewall syntax checks use the vyatta-util libraryJohn Southworth
2012-02-24Bug Fix for 7751, 7753, 7757Mohit Mehta
Add commit checks for 'state-policy' sub-tree
2012-01-06Fix help string of state-policy for related connectionsMohit Mehta
2011-12-02Warn users when stateful rules are set with state-policy configuredMohit Mehta
2011-12-01Bug 6063 ENH: Provide option(s) to globally allow stateful return trafficMohit Mehta
* add code to set global policy for established, related, invalid states
2011-11-08Remove conntrack-related code from firewall top level templateDaniil Baturin
(it was moved to vyatta-conntrack).
2011-11-05Remove remaining conntrack-related templates.Daniil Baturin
2011-11-05Remove conntrack-related templates from firewallDaniil Baturin
2011-05-03modify firewall groups to work with new commitnapa-devAn-Cheng Huang
2011-01-10Fix Bug 6292 iptables chain-name must be reduced to 28 characters maxMohit Mehta
* change syntax check to limit firewall ruleset names to 28 chars and bump firewall cfg-version to enable config migration (cherry picked from commit a0e5b2107d6073a103e0f0c04cc8656f8dc3816b)
2010-11-24Merge branch 'mendocino' of vm:rel/vyatta-cfg-firewall into mendocinoStephen Hemminger
2010-11-24Use regex to test for name length rather than wc programStephen Hemminger
More efficient to use shell pattern match to test for name length.
2010-10-30Fix 5247: Firewall groups CLI becomes out of sync with ipset when sets and ↵Stig Thormodsrud
deletes are contained within a single commit
2010-09-13Fix bug 6149 Warning on boot because of modprobe config file namesMohit Mehta
* rename existing files instead of removing em. rename sip option file as well
2010-09-13Fix Bug 6149 Warning on boot because of modprobe config file namesMohit Mehta
* add .conf suffix to files in /etc/modprobe.d * remove old files without the suffix [from a previous release] during upgrade
2010-09-10Fix Bug 5309 Allow modifyining TCP MSS optionMohit Mehta
* add the ability to modify TCP MSS value using modify|ipv6-modify rulesets
2010-08-17remove low-level config dir usageAn-Cheng Huang
2010-08-17update help text to use val_helpAn-Cheng Huang
2010-08-17Fix 5917: FW: Max characters exceeded for ipset rule when using "set firewallStig Thormodsrud
group address-group" command - handle special case where temp group begins with a '-'. (cherry picked from commit fa22559d3baa7ae5443f14e0ff774c4d6a49cc36)
2010-08-17fix bug 6055 firewall rule help strings are confusingMohit Mehta
* add val_help for firewall rule nodes (cherry picked from commit 0a1eb7471e1ec478b2eb22200ab5fc42eaba1e8e)
2010-08-17fix range in help strings for count parameter under recentMohit Mehta
(cherry picked from commit 3210dfe5d41f926840fd9ee6981a9fa89534cfd7)
2010-08-11remove CLI backend env variables usageAn-Cheng Huang
* use the new cli-shell-api instead.
2010-07-27Fix 5917: FW: Max characters exceeded for ipset rule when using "set ↵Stig Thormodsrud
firewall group address-group" command (cherry picked from commit 37638769fdaf40c5882eef3614e02f0aadbb1bba)
2010-07-27Convert firewall rules to val_help:Stephen Hemminger
Convert some (but not all) of existing rules using comp_help: to use val_help: (cherry picked from commit 77e13fa992a50cc5721bbad64235bff8f8ecd50d)
2010-07-21undo verb usage at the start of help stringsMohit Mehta
2010-07-15Fix bug 4629 configuration limit of recent count firewall rule is 20Mohit Mehta
* raise recent count limit to 255. add syntax check to disallow invalid values
2010-06-11Add support for firewall enable-default-log.Stig Thormodsrud
2010-05-31Bugfix 5632: Add ability to configure SIP UDP port numbers.Bob Gilligan
2010-05-20need to restart conntrackd when conntrack table size changesMohit Mehta
2010-05-17Fix Bug 5588 Add ability to modify conntrack expectation table sizeMohit Mehta
* added 'firewall conntrack-expect-table-size' to modify expect table's size * added 'firewall conntrack-hash-size' to set hash size for conntrack table
2010-03-18Fix firewall group parent delete while still referenced.Stig Thormodsrud
2010-02-15Fix 5227: firewall group config can get out of sync with ipsetStig Thormodsrud
2010-01-04Add same restrictions to ipv6-firewall nameStephen Hemminger
See Bug 4156 fix.
2010-01-04Don't allow spaces or other shell-confusing characters in firewall nameStephen Hemminger
Don't allow space, verticalbar, semicolon, ampersand, dollar sign, less or greater than in rule name. This is because of lack of quoting in perl processing Bug 4156
2009-11-30added required keyword to help text.Michael Larson
2009-10-21move priority after tag nodes.slioch
2009-10-20add priority to node.def files.slioch
2009-10-02Change syntax exec to syntax pattern.Stig Thormodsrud
2009-09-22Bugfix 4951: Don't fail if IPv6 kernel module is not loaded.Bob Gilligan
Handle the case where the IPv6 kernel module is not loaded more gracefully.
2009-08-31fix for bug 4794 SIP Helper/ALG module does not translate RTP traffic...rbays
added new configuration parameters: firewall conntrack-options sip enable-indirect-media firewall conntrack-options sip enable-indirect-signalling (cherry picked from commit 8d73836b37bae1cb8e8211bc483bf55c51241542)
2009-08-07* Fix Bug 3625 Firewall protocol option should have a selection for TCP and UDPMohit Mehta
added tcp_udp as a valid protocol value to match both tcp and udp in 1 rule
2009-07-31Fix 4683: Firewall Rule number maximum 1024 reachedStig Thormodsrud
(cherry picked from commit 90fb731c3a846e9a951c6fd1c5f73082e2bcf93a)
2009-06-15Fix negate of firewall group.Stig Thormodsrud
2009-06-15Firewall groups fail on bootup - change syntax check to commit check.Stig Thormodsrud