summaryrefslogtreecommitdiff
path: root/templates/firewall
AgeCommit message (Collapse)Author
2021-12-27Firewall: T4100: increase maximum number of rulesroot
2021-05-25firewall: ICMP code/type: T3569srividya0208
Fixed the completion help for icmp code & type which was showing out of range values 0-4294967295 than the allowed values i.e. 0-255
2019-06-19[ipset] T1456: Add check for duplicate items in port-group before commitzsdc
2018-11-18T573: add support for matching IPv6 hop limit.Daniil Baturin
Patch by Ray Patrick Soucy.
2018-11-13T1006: replace check_prefix_boundary with ipaddrcheck.Daniil Baturin
2018-10-26T59: Inspect action still exists in firewall and should be removedhagbard
2018-04-19Task T35 - enable prune-deleted-sets for inet6 family firewall templatesMarian Tudosoiu
2018-03-23Task T35 change to solve port-group issueMarian Tudosoiu
2018-03-14Task T35 place ipv6 groups under group config treeMarian Tudosoiu
2018-03-14Task T35 place ipv6 groups under group config treemtudosoiu
2018-03-14Task T35 place ipv6 groups under group config treemtudosoiu
2018-03-14Task T35 place ipv6 groups under group config treemtudosoiu
2018-03-14Task T35 place ipv6 groups under group config treemtudosoiu
2018-03-14Task T35 place ipv6 groups under group config treemtudosoiu
2018-03-14Task T35 change to place ipv6 address-groups and network groups under group ↵Marian Tudosoiu
config tree
2018-03-12Task T35 add generation of SNMP traps on firewall config changesMarian Tudosoiu
2018-03-12Task T35 - add support for IPv6 firewall adddress and network groupsMarian Tudosoiu
2015-12-12vyatta-cfg-firewall: update network-group check to allow "this" networkAlex Harpin
Update the check for network-groups to allow zero net addresses as they are accepted by the current version of ipset used in VyOS, rejecting only the 0.0.0.0/0 address. This allows the "this" network (0.0.0.0/8) to be used in network-groups. Bug #628 http://bugzilla.vyos.net/show_bug.cgi?id=628
2015-10-24vyatta-cfg-firewall: temporarily disable p2p option in firewall configAlex Harpin
Both the userspace library and the associated kernel module for the iptables ipp2p match target are currently missing and so this configuration returns an error when used. Disabling this option temporarily until the above issue has been resolved. Bug #602 http://bugzilla.vyos.net/show_bug.cgi?id=602
2015-05-03Bug #406: display uncommited firewall group names in completion.Daniil Baturin
2014-08-02Bug #115: disallow reserved firewall names in CLI validation.Daniil Baturin
2014-08-01Bug #45: add port range validation to firewall templates.Daniil Baturin
2014-07-31Bug #108: add an option to enable RFC1337 TCP TIME-WAIT hazards protectionDaniil Baturin
2013-05-22Enable generation of SNMP traps on firewall config changesJames Davidson
Adds call to vyatta-firewall-trap.pl to end action of firewall nodes.
2013-05-15Add config node for firewall config change trapJames Davidson
2012-10-06PBR: config command validations, help strings etc. cleaned up andsusheela
includes fixes for 8355, 8362, 8365.
2012-09-03initial checkin for pbr functionalityRobert Bays
2012-08-29fix 8200, don't allow shim6 in allowed list of ipv4 protocols for firewallGaurav Sinha
2012-06-03Remove sudo from port-group syntax check callJohn Southworth
2012-06-02Make firewall syntax checks use the vyatta-util libraryJohn Southworth
2012-02-24Bug Fix for 7751, 7753, 7757Mohit Mehta
Add commit checks for 'state-policy' sub-tree
2012-01-06Fix help string of state-policy for related connectionsMohit Mehta
2011-12-02Warn users when stateful rules are set with state-policy configuredMohit Mehta
2011-12-01Bug 6063 ENH: Provide option(s) to globally allow stateful return trafficMohit Mehta
* add code to set global policy for established, related, invalid states
2011-11-08Remove conntrack-related code from firewall top level templateDaniil Baturin
(it was moved to vyatta-conntrack).
2011-11-05Remove remaining conntrack-related templates.Daniil Baturin
2011-11-05Remove conntrack-related templates from firewallDaniil Baturin
2011-05-03modify firewall groups to work with new commitnapa-devAn-Cheng Huang
2011-01-10Fix Bug 6292 iptables chain-name must be reduced to 28 characters maxMohit Mehta
* change syntax check to limit firewall ruleset names to 28 chars and bump firewall cfg-version to enable config migration (cherry picked from commit a0e5b2107d6073a103e0f0c04cc8656f8dc3816b)
2010-11-24Merge branch 'mendocino' of vm:rel/vyatta-cfg-firewall into mendocinoStephen Hemminger
2010-11-24Use regex to test for name length rather than wc programStephen Hemminger
More efficient to use shell pattern match to test for name length.
2010-10-30Fix 5247: Firewall groups CLI becomes out of sync with ipset when sets and ↵Stig Thormodsrud
deletes are contained within a single commit
2010-09-13Fix bug 6149 Warning on boot because of modprobe config file namesMohit Mehta
* rename existing files instead of removing em. rename sip option file as well
2010-09-13Fix Bug 6149 Warning on boot because of modprobe config file namesMohit Mehta
* add .conf suffix to files in /etc/modprobe.d * remove old files without the suffix [from a previous release] during upgrade
2010-09-10Fix Bug 5309 Allow modifyining TCP MSS optionMohit Mehta
* add the ability to modify TCP MSS value using modify|ipv6-modify rulesets
2010-08-17remove low-level config dir usageAn-Cheng Huang
2010-08-17update help text to use val_helpAn-Cheng Huang
2010-08-17Fix 5917: FW: Max characters exceeded for ipset rule when using "set firewallStig Thormodsrud
group address-group" command - handle special case where temp group begins with a '-'. (cherry picked from commit fa22559d3baa7ae5443f14e0ff774c4d6a49cc36)
2010-08-17fix bug 6055 firewall rule help strings are confusingMohit Mehta
* add val_help for firewall rule nodes (cherry picked from commit 0a1eb7471e1ec478b2eb22200ab5fc42eaba1e8e)
2010-08-17fix range in help strings for count parameter under recentMohit Mehta
(cherry picked from commit 3210dfe5d41f926840fd9ee6981a9fa89534cfd7)
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-21 06:20:41 +0000