Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-04-19 | Task T35 - enable prune-deleted-sets for inet6 family firewall templates | Marian Tudosoiu | |
2018-03-23 | Task T35 change to solve port-group issue | Marian Tudosoiu | |
2018-03-14 | Task T35 place ipv6 groups under group config tree | Marian Tudosoiu | |
2018-03-14 | Task T35 place ipv6 groups under group config tree | mtudosoiu | |
2018-03-14 | Task T35 place ipv6 groups under group config tree | mtudosoiu | |
2018-03-14 | Task T35 place ipv6 groups under group config tree | mtudosoiu | |
2018-03-14 | Task T35 place ipv6 groups under group config tree | mtudosoiu | |
2018-03-14 | Task T35 place ipv6 groups under group config tree | mtudosoiu | |
2018-03-14 | Task T35 change to place ipv6 address-groups and network groups under group ↵ | Marian Tudosoiu | |
config tree | |||
2018-03-12 | Task T35 add generation of SNMP traps on firewall config changes | Marian Tudosoiu | |
2018-03-12 | Task T35 - add support for IPv6 firewall adddress and network groups | Marian Tudosoiu | |
2015-12-12 | vyatta-cfg-firewall: update network-group check to allow "this" network | Alex Harpin | |
Update the check for network-groups to allow zero net addresses as they are accepted by the current version of ipset used in VyOS, rejecting only the 0.0.0.0/0 address. This allows the "this" network (0.0.0.0/8) to be used in network-groups. Bug #628 http://bugzilla.vyos.net/show_bug.cgi?id=628 | |||
2015-10-24 | vyatta-cfg-firewall: temporarily disable p2p option in firewall config | Alex Harpin | |
Both the userspace library and the associated kernel module for the iptables ipp2p match target are currently missing and so this configuration returns an error when used. Disabling this option temporarily until the above issue has been resolved. Bug #602 http://bugzilla.vyos.net/show_bug.cgi?id=602 | |||
2015-05-03 | Bug #406: display uncommited firewall group names in completion. | Daniil Baturin | |
2014-08-02 | Bug #115: disallow reserved firewall names in CLI validation. | Daniil Baturin | |
2014-08-01 | Bug #45: add port range validation to firewall templates. | Daniil Baturin | |
2014-07-31 | Bug #108: add an option to enable RFC1337 TCP TIME-WAIT hazards protection | Daniil Baturin | |
2013-05-22 | Enable generation of SNMP traps on firewall config changes | James Davidson | |
Adds call to vyatta-firewall-trap.pl to end action of firewall nodes. | |||
2013-05-15 | Add config node for firewall config change trap | James Davidson | |
2012-10-06 | PBR: config command validations, help strings etc. cleaned up and | susheela | |
includes fixes for 8355, 8362, 8365. | |||
2012-09-03 | initial checkin for pbr functionality | Robert Bays | |
2012-08-29 | fix 8200, don't allow shim6 in allowed list of ipv4 protocols for firewall | Gaurav Sinha | |
2012-06-03 | Remove sudo from port-group syntax check call | John Southworth | |
2012-06-02 | Make firewall syntax checks use the vyatta-util library | John Southworth | |
2012-02-24 | Bug Fix for 7751, 7753, 7757 | Mohit Mehta | |
Add commit checks for 'state-policy' sub-tree | |||
2012-01-06 | Fix help string of state-policy for related connections | Mohit Mehta | |
2011-12-02 | Warn users when stateful rules are set with state-policy configured | Mohit Mehta | |
2011-12-01 | Bug 6063 ENH: Provide option(s) to globally allow stateful return traffic | Mohit Mehta | |
* add code to set global policy for established, related, invalid states | |||
2011-11-08 | Remove conntrack-related code from firewall top level template | Daniil Baturin | |
(it was moved to vyatta-conntrack). | |||
2011-11-05 | Remove remaining conntrack-related templates. | Daniil Baturin | |
2011-11-05 | Remove conntrack-related templates from firewall | Daniil Baturin | |
2011-05-03 | modify firewall groups to work with new commitnapa-dev | An-Cheng Huang | |
2011-01-10 | Fix Bug 6292 iptables chain-name must be reduced to 28 characters max | Mohit Mehta | |
* change syntax check to limit firewall ruleset names to 28 chars and bump firewall cfg-version to enable config migration (cherry picked from commit a0e5b2107d6073a103e0f0c04cc8656f8dc3816b) | |||
2010-11-24 | Merge branch 'mendocino' of vm:rel/vyatta-cfg-firewall into mendocino | Stephen Hemminger | |
2010-11-24 | Use regex to test for name length rather than wc program | Stephen Hemminger | |
More efficient to use shell pattern match to test for name length. | |||
2010-10-30 | Fix 5247: Firewall groups CLI becomes out of sync with ipset when sets and ↵ | Stig Thormodsrud | |
deletes are contained within a single commit | |||
2010-09-13 | Fix bug 6149 Warning on boot because of modprobe config file names | Mohit Mehta | |
* rename existing files instead of removing em. rename sip option file as well | |||
2010-09-13 | Fix Bug 6149 Warning on boot because of modprobe config file names | Mohit Mehta | |
* add .conf suffix to files in /etc/modprobe.d * remove old files without the suffix [from a previous release] during upgrade | |||
2010-09-10 | Fix Bug 5309 Allow modifyining TCP MSS option | Mohit Mehta | |
* add the ability to modify TCP MSS value using modify|ipv6-modify rulesets | |||
2010-08-17 | remove low-level config dir usage | An-Cheng Huang | |
2010-08-17 | update help text to use val_help | An-Cheng Huang | |
2010-08-17 | Fix 5917: FW: Max characters exceeded for ipset rule when using "set firewall | Stig Thormodsrud | |
group address-group" command - handle special case where temp group begins with a '-'. (cherry picked from commit fa22559d3baa7ae5443f14e0ff774c4d6a49cc36) | |||
2010-08-17 | fix bug 6055 firewall rule help strings are confusing | Mohit Mehta | |
* add val_help for firewall rule nodes (cherry picked from commit 0a1eb7471e1ec478b2eb22200ab5fc42eaba1e8e) | |||
2010-08-17 | fix range in help strings for count parameter under recent | Mohit Mehta | |
(cherry picked from commit 3210dfe5d41f926840fd9ee6981a9fa89534cfd7) | |||
2010-08-11 | remove CLI backend env variables usage | An-Cheng Huang | |
* use the new cli-shell-api instead. | |||
2010-07-27 | Fix 5917: FW: Max characters exceeded for ipset rule when using "set ↵ | Stig Thormodsrud | |
firewall group address-group" command (cherry picked from commit 37638769fdaf40c5882eef3614e02f0aadbb1bba) | |||
2010-07-27 | Convert firewall rules to val_help: | Stephen Hemminger | |
Convert some (but not all) of existing rules using comp_help: to use val_help: (cherry picked from commit 77e13fa992a50cc5721bbad64235bff8f8ecd50d) | |||
2010-07-21 | undo verb usage at the start of help strings | Mohit Mehta | |
2010-07-15 | Fix bug 4629 configuration limit of recent count firewall rule is 20 | Mohit Mehta | |
* raise recent count limit to 255. add syntax check to disallow invalid values | |||
2010-06-11 | Add support for firewall enable-default-log. | Stig Thormodsrud | |