vyatta-cfg-firewall.git - Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git)

Age	Commit message (Collapse)	Author
2014-08-02	Bug #115: disallow reserved firewall names in CLI validation.	Daniil Baturin

2014-08-01	Bug #45: add port range validation to firewall templates.	Daniil Baturin

2014-07-31	Bug #108: add an option to enable RFC1337 TCP TIME-WAIT hazards protection	Daniil Baturin

2014-04-27	Bug #144: change priorities so route policy is after firewall groups	Daniil Baturin
	so it's possible to use firewall groups in it. Fix suggested by Cesar Fazan.
2013-05-22	Enable generation of SNMP traps on firewall config changes	James Davidson
	Adds call to vyatta-firewall-trap.pl to end action of firewall nodes.
2013-05-15	Add config node for firewall config change trap	James Davidson

2012-10-06	Merge branch 'pacifica' of git.vyatta.com:/git/vyatta-cfg-firewall into pacifica	susheela

2012-10-06	PBR: config command validations, help strings etc. cleaned up and	susheela
	includes fixes for 8355, 8362, 8365.
2012-10-04	Bug 8200: Changed gred to not display shim6	Bharat

2012-09-13	Bug 8348: policy route <> rule <> action, 'modify' shouldn't be allowed	Robert Bays

2012-09-05	reserve upper table numbers for future use	Robert Bays

2012-09-05	add support for main table	Robert Bays

2012-09-03	changes to policy tables to add accept	Robert Bays
	updates to dscp node.def for better help text
2012-09-03	Table should be between 1-250, not 1-249.	Robert Bays

2012-09-03	Add val_help for table numbers	Robert Bays

2012-09-03	lower priority on policy route node so it is run before interfaces	Robert Bays

2012-09-03	initial checkin for pbr functionality	Robert Bays

2012-08-29	fix 8200, don't allow shim6 in allowed list of ipv4 protocols for firewall	Gaurav Sinha

2012-06-03	Remove sudo from port-group syntax check call	John Southworth

2012-06-02	Make firewall syntax checks use the vyatta-util library	John Southworth

2012-02-24	Bug Fix for 7751, 7753, 7757	Mohit Mehta
	Add commit checks for 'state-policy' sub-tree
2012-01-06	Fix help string of state-policy for related connections	Mohit Mehta

2011-12-02	Warn users when stateful rules are set with state-policy configured	Mohit Mehta

2011-12-01	Bug 6063 ENH: Provide option(s) to globally allow stateful return traffic	Mohit Mehta
	* add code to set global policy for established, related, invalid states
2011-11-08	Remove conntrack-related code from firewall top level template	Daniil Baturin
	(it was moved to vyatta-conntrack).
2011-11-05	Remove remaining conntrack-related templates.	Daniil Baturin

2011-11-05	Remove conntrack-related templates from firewall	Daniil Baturin

2011-05-03	modify firewall groups to work with new commitnapa-dev	An-Cheng Huang

2011-01-10	Fix Bug 6292 iptables chain-name must be reduced to 28 characters max	Mohit Mehta
	* change syntax check to limit firewall ruleset names to 28 chars and bump firewall cfg-version to enable config migration (cherry picked from commit a0e5b2107d6073a103e0f0c04cc8656f8dc3816b)
2010-11-24	Merge branch 'mendocino' of vm:rel/vyatta-cfg-firewall into mendocino	Stephen Hemminger

2010-11-24	Use regex to test for name length rather than wc program	Stephen Hemminger
	More efficient to use shell pattern match to test for name length.
2010-10-30	Fix 5247: Firewall groups CLI becomes out of sync with ipset when sets and ↵	Stig Thormodsrud
	deletes are contained within a single commit
2010-09-13	Fix bug 6149 Warning on boot because of modprobe config file names	Mohit Mehta
	* rename existing files instead of removing em. rename sip option file as well
2010-09-13	Fix Bug 6149 Warning on boot because of modprobe config file names	Mohit Mehta
	* add .conf suffix to files in /etc/modprobe.d * remove old files without the suffix [from a previous release] during upgrade
2010-09-10	Fix Bug 5309 Allow modifyining TCP MSS option	Mohit Mehta
	* add the ability to modify TCP MSS value using modify\|ipv6-modify rulesets
2010-08-17	remove low-level config dir usage	An-Cheng Huang

2010-08-17	update help text to use val_help	An-Cheng Huang

2010-08-17	Fix 5917: FW: Max characters exceeded for ipset rule when using "set firewall	Stig Thormodsrud
	group address-group" command - handle special case where temp group begins with a '-'. (cherry picked from commit fa22559d3baa7ae5443f14e0ff774c4d6a49cc36)
2010-08-17	fix bug 6055 firewall rule help strings are confusing	Mohit Mehta
	* add val_help for firewall rule nodes (cherry picked from commit 0a1eb7471e1ec478b2eb22200ab5fc42eaba1e8e)
2010-08-17	fix range in help strings for count parameter under recent	Mohit Mehta
	(cherry picked from commit 3210dfe5d41f926840fd9ee6981a9fa89534cfd7)
2010-08-11	remove CLI backend env variables usage	An-Cheng Huang
	* use the new cli-shell-api instead.
2010-07-27	Fix 5917: FW: Max characters exceeded for ipset rule when using "set ↵	Stig Thormodsrud
	firewall group address-group" command (cherry picked from commit 37638769fdaf40c5882eef3614e02f0aadbb1bba)
2010-07-27	Convert firewall rules to val_help:	Stephen Hemminger
	Convert some (but not all) of existing rules using comp_help: to use val_help: (cherry picked from commit 77e13fa992a50cc5721bbad64235bff8f8ecd50d)
2010-07-21	undo verb usage at the start of help strings	Mohit Mehta

2010-07-15	Fix bug 4629 configuration limit of recent count firewall rule is 20	Mohit Mehta
	* raise recent count limit to 255. add syntax check to disallow invalid values
2010-06-11	Add support for firewall enable-default-log.	Stig Thormodsrud

2010-05-31	Bugfix 5632: Add ability to configure SIP UDP port numbers.	Bob Gilligan

2010-05-20	need to restart conntrackd when conntrack table size changes	Mohit Mehta

2010-05-17	Fix Bug 5588 Add ability to modify conntrack expectation table size	Mohit Mehta
	* added 'firewall conntrack-expect-table-size' to modify expect table's size * added 'firewall conntrack-hash-size' to set hash size for conntrack table
2010-03-18	Fix firewall group parent delete while still referenced.	Stig Thormodsrud