| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2010-05-31 | Bugfix 5632: Add ability to configure SIP UDP port numbers. | Bob Gilligan | |
| 2010-05-20 | need to restart conntrackd when conntrack table size changes | Mohit Mehta | |
| 2010-05-17 | Fix Bug 5588 Add ability to modify conntrack expectation table size | Mohit Mehta | |
| * added 'firewall conntrack-expect-table-size' to modify expect table's size * added 'firewall conntrack-hash-size' to set hash size for conntrack table | |||
| 2010-03-18 | Fix firewall group parent delete while still referenced. | Stig Thormodsrud | |
| 2010-02-15 | Fix 5227: firewall group config can get out of sync with ipset | Stig Thormodsrud | |
| 2010-01-04 | Add same restrictions to ipv6-firewall name | Stephen Hemminger | |
| See Bug 4156 fix. | |||
| 2010-01-04 | Don't allow spaces or other shell-confusing characters in firewall name | Stephen Hemminger | |
| Don't allow space, verticalbar, semicolon, ampersand, dollar sign, less or greater than in rule name. This is because of lack of quoting in perl processing Bug 4156 | |||
| 2009-11-30 | added required keyword to help text. | Michael Larson | |
| 2009-10-21 | move priority after tag nodes. | slioch | |
| 2009-10-20 | add priority to node.def files. | slioch | |
| 2009-10-02 | Change syntax exec to syntax pattern. | Stig Thormodsrud | |
| 2009-09-22 | Bugfix 4951: Don't fail if IPv6 kernel module is not loaded. | Bob Gilligan | |
| Handle the case where the IPv6 kernel module is not loaded more gracefully. | |||
| 2009-08-31 | fix for bug 4794 SIP Helper/ALG module does not translate RTP traffic... | rbays | |
| added new configuration parameters: firewall conntrack-options sip enable-indirect-media firewall conntrack-options sip enable-indirect-signalling (cherry picked from commit 8d73836b37bae1cb8e8211bc483bf55c51241542) | |||
| 2009-08-07 | * Fix Bug 3625 Firewall protocol option should have a selection for TCP and UDP | Mohit Mehta | |
| added tcp_udp as a valid protocol value to match both tcp and udp in 1 rule | |||
| 2009-07-31 | Fix 4683: Firewall Rule number maximum 1024 reached | Stig Thormodsrud | |
| (cherry picked from commit 90fb731c3a846e9a951c6fd1c5f73082e2bcf93a) | |||
| 2009-06-15 | Fix negate of firewall group. | Stig Thormodsrud | |
| 2009-06-15 | Firewall groups fail on bootup - change syntax check to commit check. | Stig Thormodsrud | |
| 2009-06-02 | Change syntax err msg from default-policy to default-action. | Stig Thormodsrud | |
| 2009-06-02 | Change firewall default-policy to default-action. | Stig Thormodsrud | |
| 2009-06-02 | * fix syntax error message | Mohit Mehta | |
| 2009-06-02 | Make firewall group comp_help more consistent with the rest of the cli. | Stig Thormodsrud | |
| 2009-06-02 | * add default value of 1 for 'limit burst' in its node.def | Mohit Mehta | |
| * add comp_help for 'limit rate' * make sure 'limit rate' is not less than 1/time unit | |||
| 2009-05-13 | rectify regex check | Mohit Mehta | |
| 2009-05-12 | Fix Bug 4394 reject is an invalid action for rules in modify rulesets | Mohit Mehta | |
| * remove reject as an allowed value for action field in modify & ipv6-modify firewall rulesets | |||
| 2009-05-11 | Add 'reject' as a configurable value for default-policy | Mohit Mehta | |
| under name and ipv6-name rulesets | |||
| 2009-05-05 | * don't allow user to create a chain that exists in the system. This may be | Mohit Mehta | |
| either vyatta/user defined chains or system chains such as INPUT, OUTPUT etc. * don't allow user to create chains with name starting from 'VZONE'. This is reserved for zone chains created by us. | |||
| 2009-05-01 | * setup table only for specific tree, not both filter and mangle | Mohit Mehta | |
| as we teardown table only for the tree that was in the CLI * remove 'next' statement for removed for loop * fix Bug 4244 - Committing firewall changes breaks WAN Load-balancing (WLB) we only delete chains that are configured under firewall and don't touch chains that might be owned by other features such as zone based firewall, WLB * remove unused code, code cleanup | |||
| 2009-04-24 | Move setup/teardown out from top-level firewall node. | Stig Thormodsrud | |
| Add refcnts to know when to teardown. | |||
| 2009-04-22 | Fix Bug 4261 - Features missing in various firewall sub-trees | Mohit Mehta | |
| add 'disable', 'fragment', 'ipsec', and 'recent' under 'firewall modify' tree | |||
| 2009-04-13 | Move firewall "end" processing down to each table. | Stig Thormodsrud | |
| Fix bug for global enable/disable of conntrack. | |||
| 2009-04-09 | Add ability for firename to select default policy. | Stig Thormodsrud | |
| 2009-04-07 | Apply interface firewalls to separate VYATTA_(IN|OUT)_HOOK. | Stig Thormodsrud | |
| This enforces in firewall to be processed before out firewall. | |||
| 2009-04-03 | Bugfix 4261: Add support to configure "limit" for IPv6 modify rulesets. | Bob Gilligan | |
| 2009-04-03 | Bugfix 4261: Add support to configure "limit" in IPv6. | Bob Gilligan | |
| 2009-03-27 | Revert "Allow user configurable default-policy on firewall." | Stig Thormodsrud | |
| Further test identified a problem. The patch is broken if a packet must do both an in & out filter. This reverts commit 754d0f4d855a59020afa20ad8867218708b5c978. | |||
| 2009-03-27 | Allow user configurable default-policy on firewall. | Stig Thormodsrud | |
| 2009-03-26 | * add 'redirect' to Valid ICMPv6 Types | Mohit Mehta | |
| * add comp_help for ICMPv4 type-name | |||
| 2009-02-27 | Prevent ';' from being used in a firewall name. | Stig Thormodsrud | |
| 2009-02-26 | Add allow/comp_help to firewall action. | Stig Thormodsrud | |
| 2009-02-25 | Use single quote around $VAR(@). | Stig Thormodsrud | |
| 2009-02-25 | Revert "Make sure to quote $VAR(@)." | Stig Thormodsrud | |
| This reverts commit c5595b67948166f65c8ea2c1ce1890b9aa27fd3d. | |||
| 2009-02-24 | Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jenner | Stig Thormodsrud | |
| 2009-02-24 | Make sure to quote $VAR(@). | Stig Thormodsrud | |
| 2009-02-24 | add ipv6 accept_redirects and accept_source_route under firewall | Mohit Mehta | |
| 2009-02-24 | Limit firewall name to 29 characters since that is the iptables/ip6tables | Stig Thormodsrud | |
| limit. | |||
| 2009-02-24 | Fix Bug 4150 enable loose reverse path filtering | Mohit Mehta | |
| 2009-02-23 | Add "ipv6-modify" firewall configuration sub-tree. | Bob Gilligan | |
| 2009-02-19 | Fix Bug 3951 default values for kernel tunable security parameters under ↵ | Mohit Mehta | |
| firewall | |||
| 2009-02-19 | Fix Bug 3951 default values for kernel tunable security parameters under ↵ | Mohit Mehta | |
| firewall | |||
| 2009-02-18 | Multiple updates for IPv6: | Bob Gilligan | |
| - Added ICMPv6 config tree - Removed ICMP config tree (it's not used in IPv6) - Removed fragmentation tree (it's not used in IPv6) - Improved parsing for source and destination address parameters - Improved parsing for protocol parameter | |||
 |
index : vyatta-cfg-firewall.git | |
| Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git) |
| summaryrefslogtreecommitdiff |