| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2022-09-19 | ipset: T2189: optimized firewall groups performance | zsdc | |
| This commit optimizes the speed of interaction with the ipset. * removed extra `sudo` from `ipset` commands, because scripts that run `ipset` commands already run under `sudo`. This gives approximately 4x performance improvement. * replaced logic in the `member_exists` function for port groups. Instead of calling `ipset -T` for each port now the whole list is received in one command and a search process is done inside Perl. This significantly improves speed for port groups with long port ranges inside. * delete ip address and port ranges using a single command instead deleting each element individually. * added the same ranges validation for address-group as for port-group. | |||
| 2021-12-27 | Firewall: T4100: increase maximum number of rules | root | |
| (cherry picked from commit df69f68e09b82f3e1ee928963709b1263cea5bdf) | |||
| 2021-05-25 | firewall: ICMP code/type: T3569 | srividya0208 | |
| Fixed the completion help for icmp code & type which was showing out of range values 0-4294967295 than the allowed values i.e. 0-255 (cherry picked from commit c89cbf844bc2f54fb599ab7bbb7821f3160b7d28) | |||
| 2020-11-27 | cfg-firewall: T2868: Delete option pmtu for tcp-mss | sever-sever | |
| 2019-06-19 | [ipset] T1456: Add check for duplicate items in port-group before commit | zsdc | |
| 2018-11-18 | T573: add support for matching IPv6 hop limit. | Daniil Baturin | |
| Patch by Ray Patrick Soucy. | |||
| 2018-11-13 | T1006: replace check_prefix_boundary with ipaddrcheck. | Daniil Baturin | |
| 2018-10-26 | T59: Inspect action still exists in firewall and should be removed | hagbard | |
| 2018-04-20 | Merge pull request #11 from mtudosoiu/current | Daniil Baturin | |
| Task T35 - enable prune-deleted-sets for inet6 family firewall templates | |||
| 2018-04-19 | Task T35 - enable prune-deleted-sets for inet6 family firewall templates | Marian Tudosoiu | |
| 2018-03-26 | Merge pull request #9 from mtudosoiu/current | Daniil Baturin | |
| Task T35 change to solve port-group issue | |||
| 2018-03-23 | Task T35 change to solve port-group issue | Marian Tudosoiu | |
| 2018-03-16 | Merge pull request #8 from mtudosoiu/current | Daniil Baturin | |
| Task T35 place ipv6 groups under global group config tree | |||
| 2018-03-14 | Task T35 place ipv6 groups under group config tree | Marian Tudosoiu | |
| 2018-03-14 | Task T35 place ipv6 groups under group config tree | mtudosoiu | |
| 2018-03-14 | Task T35 place ipv6 groups under group config tree | mtudosoiu | |
| 2018-03-14 | Task T35 place ipv6 groups under group config tree | mtudosoiu | |
| 2018-03-14 | Task T35 place ipv6 groups under group config tree | mtudosoiu | |
| 2018-03-14 | Task T35 place ipv6 groups under group config tree | mtudosoiu | |
| 2018-03-14 | Task T35 change to place ipv6 address-groups and network groups under group ↵ | Marian Tudosoiu | |
| config tree | |||
| 2018-03-12 | Merge pull request #7 from mtudosoiu/current | Daniil Baturin | |
| Task T35 - add support for IPv6 firewall adddress and network groups | |||
| 2018-03-12 | Task T35 add generation of SNMP traps on firewall config changes | Marian Tudosoiu | |
| 2018-03-12 | Task T35 - add support for IPv6 firewall adddress and network groups | Marian Tudosoiu | |
| 2018-03-02 | Show uncommited groups and table in policy route rules completion (fixes T572). | Daniil Baturin | |
| 2015-12-12 | vyatta-cfg-firewall: update network-group check to allow "this" network | Alex Harpin | |
| Update the check for network-groups to allow zero net addresses as they are accepted by the current version of ipset used in VyOS, rejecting only the 0.0.0.0/0 address. This allows the "this" network (0.0.0.0/8) to be used in network-groups. Bug #628 http://bugzilla.vyos.net/show_bug.cgi?id=628 | |||
| 2015-11-28 | vyatta-cfg-firewall: drop executable permissions on node.defs | Alex Harpin | |
| Drop the executable permissions present on a number of node.defs to remove lintian warnings. | |||
| 2015-10-24 | vyatta-cfg-firewall: temporarily disable p2p option in firewall config | Alex Harpin | |
| Both the userspace library and the associated kernel module for the iptables ipp2p match target are currently missing and so this configuration returns an error when used. Disabling this option temporarily until the above issue has been resolved. Bug #602 http://bugzilla.vyos.net/show_bug.cgi?id=602 | |||
| 2015-05-03 | Bug #406: display uncommited firewall group names in completion. | Daniil Baturin | |
| 2014-08-02 | Bug #115: disallow reserved firewall names in CLI validation. | Daniil Baturin | |
| 2014-08-01 | Bug #45: add port range validation to firewall templates. | Daniil Baturin | |
| 2014-07-31 | Bug #108: add an option to enable RFC1337 TCP TIME-WAIT hazards protection | Daniil Baturin | |
| 2014-04-27 | Bug #144: change priorities so route policy is after firewall groups | Daniil Baturin | |
| so it's possible to use firewall groups in it. Fix suggested by Cesar Fazan. | |||
| 2013-05-22 | Enable generation of SNMP traps on firewall config changes | James Davidson | |
| Adds call to vyatta-firewall-trap.pl to end action of firewall nodes. | |||
| 2013-05-15 | Add config node for firewall config change trap | James Davidson | |
| 2012-10-06 | Merge branch 'pacifica' of git.vyatta.com:/git/vyatta-cfg-firewall into pacifica | susheela | |
| 2012-10-06 | PBR: config command validations, help strings etc. cleaned up and | susheela | |
| includes fixes for 8355, 8362, 8365. | |||
| 2012-10-04 | Bug 8200: Changed gred to not display shim6 | Bharat | |
| 2012-09-13 | Bug 8348: policy route <> rule <> action, 'modify' shouldn't be allowed | Robert Bays | |
| 2012-09-05 | reserve upper table numbers for future use | Robert Bays | |
| 2012-09-05 | add support for main table | Robert Bays | |
| 2012-09-03 | changes to policy tables to add accept | Robert Bays | |
| updates to dscp node.def for better help text | |||
| 2012-09-03 | Table should be between 1-250, not 1-249. | Robert Bays | |
| 2012-09-03 | Add val_help for table numbers | Robert Bays | |
| 2012-09-03 | lower priority on policy route node so it is run before interfaces | Robert Bays | |
| 2012-09-03 | initial checkin for pbr functionality | Robert Bays | |
| 2012-08-29 | fix 8200, don't allow shim6 in allowed list of ipv4 protocols for firewall | Gaurav Sinha | |
| 2012-06-03 | Remove sudo from port-group syntax check call | John Southworth | |
| 2012-06-02 | Make firewall syntax checks use the vyatta-util library | John Southworth | |
| 2012-02-24 | Bug Fix for 7751, 7753, 7757 | Mohit Mehta | |
| Add commit checks for 'state-policy' sub-tree | |||
| 2012-01-06 | Fix help string of state-policy for related connections | Mohit Mehta | |
 |
index : vyatta-cfg-firewall.git | |
| Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git) |
| summaryrefslogtreecommitdiff |