vyatta-cfg-firewall (0.13.7-42) unstable; urgency=low * Add 'reject' as a configurable value for default-policy -- Mohit Mehta Mon, 11 May 2009 16:58:26 -0700 vyatta-cfg-firewall (0.13.7-41) unstable; urgency=low [ Bob Gilligan ] * Bugfix 4340: Enable net.netfilter.nf_conntrack_tcp_be_liberal by default. [ Mohit Mehta ] * Fix Bug 4388 firewall name shouldn't have been set after commit failed -- Mohit Mehta Fri, 08 May 2009 17:19:24 -0700 vyatta-cfg-firewall (0.13.7-40) unstable; urgency=low * * don't allow user to create a chain that exists in the system. This may be -- Mohit Mehta Tue, 05 May 2009 11:51:19 -0700 vyatta-cfg-firewall (0.13.7-39) unstable; urgency=low * * setup table only for specific tree, not both filter and mangle -- Mohit Mehta Fri, 01 May 2009 16:33:59 -0700 vyatta-cfg-firewall (0.13.7-38) unstable; urgency=low * Handle files moved from other packages to this package. -- Bob Gilligan Wed, 29 Apr 2009 16:01:44 -0700 vyatta-cfg-firewall (0.13.7-37) unstable; urgency=low * Rename virtual-ethernet to pseudo-ethernet -- Stephen Hemminger Wed, 29 Apr 2009 12:33:08 -0700 vyatta-cfg-firewall (0.13.7-36) unstable; urgency=low * outlaw applying firewall to an interface that is defined under a zone -- Mohit Mehta Mon, 27 Apr 2009 17:20:49 -0700 vyatta-cfg-firewall (0.13.7-35) unstable; urgency=low * Disable firewall debuging by default. -- Stig Thormodsrud Mon, 27 Apr 2009 15:37:15 -0700 vyatta-cfg-firewall (0.13.7-34) unstable; urgency=low * enable/disable conntrack separately for ipv4/ipv6 -- Stig Thormodsrud Fri, 24 Apr 2009 18:17:26 -0700 vyatta-cfg-firewall (0.13.7-33) unstable; urgency=low * Move setup/teardown out from top-level firewall node. -- Stig Thormodsrud Fri, 24 Apr 2009 16:20:03 -0700 vyatta-cfg-firewall (0.13.7-32) unstable; urgency=low [ Stephen Hemminger ] * Add support for virtual-ethernet [ Bob Gilligan ] * bugfix 4297: Don't allow modify rulesets on local traffic. -- Bob Gilligan Fri, 24 Apr 2009 14:32:27 -0700 vyatta-cfg-firewall (0.13.7-31) unstable; urgency=low * Fix Bug 4261 - Features missing in various firewall sub-trees -- Mohit Mehta Wed, 22 Apr 2009 16:25:44 -0700 vyatta-cfg-firewall (0.13.7-30) unstable; urgency=low * Add conntrack and post firewall hooks for IPv6. -- Bob Gilligan Mon, 13 Apr 2009 15:15:40 -0700 vyatta-cfg-firewall (0.13.7-29) unstable; urgency=low * Move firewall "end" processing down to each table. * Fix bug where an empty firewall rule deletes the default drop policy. -- Stig Thormodsrud Mon, 13 Apr 2009 13:58:29 -0700 vyatta-cfg-firewall (0.13.7-28) unstable; urgency=low * Fix faulty search loop. * Add ability for firename to select default policy. -- Stig Thormodsrud Thu, 09 Apr 2009 11:28:51 -0700 vyatta-cfg-firewall (0.13.7-27) unstable; urgency=low * Apply interface firewalls to separate VYATTA_(IN|OUT)_HOOK. -- Stig Thormodsrud Tue, 07 Apr 2009 19:46:53 -0700 vyatta-cfg-firewall (0.13.7-26) unstable; urgency=low * Bugfix 4261: Add support to configure "limit" for IPv6 modify rulesets. -- Bob Gilligan Fri, 03 Apr 2009 14:21:44 -0700 vyatta-cfg-firewall (0.13.7-25) unstable; urgency=low * Bugfix 4261: Add support to configure "limit" in IPv6. -- Bob Gilligan Fri, 03 Apr 2009 14:13:10 -0700 vyatta-cfg-firewall (0.13.7-24) unstable; urgency=low [ Stig Thormodsrud ] * Allow user configurable default-policy on firewall. * Revert "Allow user configurable default-policy on firewall." [ Stephen Hemminger ] * Cleanup perl code that generates templates [ Stig Thormodsrud ] * Remove extra carriage return that was breaking the generated firewall -- Stig Thormodsrud Tue, 31 Mar 2009 18:02:34 -0700 vyatta-cfg-firewall (0.13.7-23) unstable; urgency=low * * add 'redirect' to Valid ICMPv6 Types -- Mohit Mehta Thu, 26 Mar 2009 11:32:39 -0700 vyatta-cfg-firewall (0.13.7-22) unstable; urgency=low * Doing strict ES won't work for router -- Stephen Hemminger Fri, 13 Mar 2009 10:19:02 -0700 vyatta-cfg-firewall (0.13.7-21) unstable; urgency=low * Enable strict host matching * Don't use -P -- Stephen Hemminger Thu, 12 Mar 2009 11:32:50 -0700 vyatta-cfg-firewall (0.13.7-20) unstable; urgency=low * Bugfix 4203: Name of template should be classical-ipoa, not classical_ipoa -- Bob Gilligan Tue, 10 Mar 2009 16:34:31 -0700 vyatta-cfg-firewall (0.13.7-19) unstable; urgency=low * Automatically generate more per-interface firewall templates. -- Bob Gilligan Mon, 09 Mar 2009 11:19:04 -0700 vyatta-cfg-firewall (0.13.7-18) unstable; urgency=low * Remove per-interface firewall templates; They are now generated. -- Bob Gilligan Fri, 06 Mar 2009 17:09:08 -0800 vyatta-cfg-firewall (0.13.7-17) unstable; urgency=low * Don't attempt to delete ruleset from "other" trees -- Bob Gilligan Wed, 04 Mar 2009 12:00:51 -0800 vyatta-cfg-firewall (0.13.7-16) unstable; urgency=low * Fix generated templates for ethernet vifs. -- Bob Gilligan Tue, 03 Mar 2009 18:15:47 -0800 vyatta-cfg-firewall (0.13.7-15) unstable; urgency=low [ Stig Thormodsrud ] * Revert "Make sure to quote $VAR(@)." * Use single quote around $VAR(@). [ Bob Gilligan ] * The generated-templates directory holds only derived files. [ Stig Thormodsrud ] * Add allow/comp_help to firewall action. * Limit address range to a /24, but make easy to change if it's deam too restrictive. * Prevent ';' from being used in a firewall name. * Fix 3422: fw logging fails if logprefix is too long (> 29 characters) -- Stig Thormodsrud Sun, 01 Mar 2009 12:17:09 -0800 vyatta-cfg-firewall (0.13.7-14) unstable; urgency=low [ Stig Thormodsrud ] * Limit firewall name to 29 characters since that is the iptables/ip6tables [ Mohit Mehta ] * add ipv6 accept_redirects and accept_source_route under firewall [ Stig Thormodsrud ] * Make sure to quote $VAR(@). [ Mohit Mehta ] -- Mohit Mehta Tue, 24 Feb 2009 18:56:15 -0800 vyatta-cfg-firewall (0.13.7-13) unstable; urgency=low [ Mohit Mehta ] * Fix Bug 4150 enable loose reverse path filtering [ Bob Gilligan ] * Allow IPv6 firewall rulesets to be configured on an interface independent of IPv4. -- Bob Gilligan Tue, 24 Feb 2009 16:43:15 -0800 vyatta-cfg-firewall (0.13.7-12) unstable; urgency=low * Add "ipv6-modify" firewall configuration sub-tree. -- Bob Gilligan Mon, 23 Feb 2009 12:00:44 -0800 vyatta-cfg-firewall (0.13.7-11) unstable; urgency=low * Fix Bug 3951 default values for kernel tunable security parameters under firewall * Fix Bug 3951 default values for kernel tunable security parameters under firewall -- Mohit Mehta Thu, 19 Feb 2009 19:14:17 -0800 vyatta-cfg-firewall (0.13.7-10) unstable; urgency=low * Multiple updates for IPv6: -- Bob Gilligan Wed, 18 Feb 2009 16:52:51 -0800 vyatta-cfg-firewall (0.13.7-9) UNRELEASED; urgency=low * Add check for address range starting with higher address. * Add natural-order sort for displaying address/network groups. -- Stig Thormodsrud Mon, 16 Feb 2009 13:28:42 -0800 vyatta-cfg-firewall (0.13.7-8) UNRELEASED; urgency=low * Add support for ranges in firewall group address & port. * Change delete_member_range to use the same subnet prefix. * Reduce duplicate code. -- Stig Thormodsrud Mon, 16 Feb 2009 11:59:41 -0800 vyatta-cfg-firewall (0.13.7-7) unstable; urgency=low [ Mohit Mehta ] * no need to use loop to echo allowed values [ Stig Thormodsrud ] * Add allow values for firewall groups. * Add firewall group nodes to firewall modify. * Add check for combining network-group and address-group. * Add support for "show firewall group". * Cache exists() to reduce calls to external /usr/sbin/ipset. * Add show-set to display all sets. [ Mohit Mehta ] * Fix Bug 4074 firewall broadcast ping parameter needs to be clarified [ Stig Thormodsrud ] * Add description and references to "show firewall group". * Make "show firewall group" work for operator. -- Stig Thormodsrud Fri, 13 Feb 2009 20:52:51 -0800 vyatta-cfg-firewall (0.13.7-6) unstable; urgency=low [ Stig Thormodsrud ] * Add back parameter that was dropped when converting to use run_cmd(). * Add more firewall group validation before calling ipset. * Add more validation of firewall network-group before calling ipset. * Add space in front of match rule just in case other match rules don't. * Clean up mapping between vyatta firewall group_type vs ipset set_type. * Change sudo usage to be more consistent. * Add check for combination of IP range and network-group. [ Mohit Mehta ] * better off storing icmp type-names than depend on iptables help -- Mohit Mehta Thu, 12 Feb 2009 17:33:55 -0800 vyatta-cfg-firewall (0.13.7-5) unstable; urgency=low * Delete commented out code. * Add validation of group type. * Add carriage return to error message. -- Stig Thormodsrud Mon, 09 Feb 2009 10:22:42 -0800 vyatta-cfg-firewall (0.13.7-4) unstable; urgency=low * changing debian version string -- Mohit Mehta Thu, 05 Feb 2009 18:52:36 -0800 vyatta-cfg-firewall (0.13.7-3) unstable; urgency=low [ Stig Thormodsrud ] * Reduce duplicate code. * Reduce duplicate code in setup/setupOrig. * Add validation that group and non-groups can't be used in the same src/dst rule. * Reduce duplicate code in setup/setupOrig. [ Mohit Mehta ] * display appropriate anywhere address depending on IPv4 or IPv6 -- Mohit Mehta Thu, 05 Feb 2009 18:41:00 -0800 vyatta-cfg-firewall (0.13.7-2) unstable; urgency=low [ Bob Gilligan ] * Rever to specific IP version in help text. * Bugfix 4052: Support PPPOE over an ethernet VIF. [ Stig Thormodsrud ] * Add 1st pass of firewall group support (ipset netfilter module * Fix call to returnValue that should be returnOrigValue. [ Stephen Hemminger ] * Remove prototype * Enable strict checking * Fix perlcritic warnings * Turn on strict checking and fix warnings -- Stephen Hemminger Tue, 03 Feb 2009 09:24:52 -0800 vyatta-cfg-firewall (0.13.7-1) unstable; urgency=low * Fix Bug 2741 ENH: filter based on ICMP Type/code by name -- Mohit Mehta Fri, 30 Jan 2009 18:39:18 -0800 vyatta-cfg-firewall (0.13.7) unstable; urgency=low [ Bob Gilligan ] * Add support for IPv6 address ranges. [ Mohit Mehta ] * Use iptables comment to identify CLI rule numbers in iptables output -- Mohit Mehta Fri, 30 Jan 2009 11:17:19 -0800 vyatta-cfg-firewall (0.13.6) unstable; urgency=low * Fix Bug 2474 https://bugzilla.vyatta.com/show_bug.cgi?id=2474 -- Mohit Mehta Mon, 26 Jan 2009 16:45:01 -0800 vyatta-cfg-firewall (0.13.5) unstable; urgency=low * Bugfix 4062: Don't reference parameters outside the config tree. -- Bob Gilligan Fri, 23 Jan 2009 14:09:27 -0800 vyatta-cfg-firewall (0.13.4) unstable; urgency=low * Initial support for IPv6. -- Bob Gilligan Thu, 22 Jan 2009 13:36:29 -0800 vyatta-cfg-firewall (0.13.3) unstable; urgency=low * UNRELEASED * - Fix Bug 2223 Add rate rate limiting / burst limiting functions to the Vyatta firewall * Fix Bug 3653 Add the ability to configure time-based firewall rules * Fix Bug 3653 Add the ability to configure time-based firewall rules -- Mohit Mehta Fri, 16 Jan 2009 18:33:11 -0800 vyatta-cfg-firewall (0.13.2) unstable; urgency=low * UNRELEASED * Fix Bug 3653 Add the ability to configure time-based firewall rules -- Mohit Mehta Tue, 13 Jan 2009 18:09:11 -0800 vyatta-cfg-firewall (0.13.1) unstable; urgency=low [ An-Cheng Huang ] * add support for development build [ Stephen Hemminger ] * Rename VyattaIpTablesRule to Vyatta::IpTables::Rule * Convert to Vyatta::Config * Convert VyattaConfig to Vyatta::Config * Fix reference to Vyatta::Misc [ An-Cheng Huang ] * fix for perl module reorganization * add ipp2p config options [ Stig Thormodsrud ] * Convert to use Vyatta:: [ Bob Gilligan ] * Cleanup firewall templates for readability. Update help strings to reflect IPv4. [ Stig Thormodsrud ] * Warning are now enabled - don't reference undefined values. [ An-Cheng Huang ] * update maintainer information * "files" file should be removed before package build [ Stig Thormodsrud ] * Fix 3626: Not all protocol numbers are accepted in firewall rules. * Fix 2563: Add firewall-rule specific disable configuration parameter. [ An-Cheng Huang ] -- An-Cheng Huang Thu, 08 Jan 2009 09:20:14 -0800 vyatta-cfg-firewall (0.13) unstable; urgency=low 3.2.0 [ Mark O'Brien ] [ Bob Gilligan ] * Bugfix: 3684 [ Stephen Hemminger ] * add firewall hooks for ethernet bonding [ An-Cheng Huang ] * fix for bug 3622: add pre-SNAT hook * fix for bug 3604: add fragment matching options * fix conntrack enabling mechanism * fix for bug 2224: add "recent" matching [ Mark O'Brien ] -- Mark O'Brien Tue, 25 Nov 2008 19:08:40 -0800 vyatta-cfg-firewall (0.12) unstable; urgency=low 3.1.3 [ Mark O'Brien ] [ An-Cheng Huang ] * fix conntrack enabling mechanism [ Mark O'Brien ] -- Mark O'Brien Tue, 19 Aug 2008 17:48:24 -0700 vyatta-cfg-firewall (0.11) unstable; urgency=low 3.1.1 [ Mark O'Brien ] [ An-Cheng Huang ] * increment firewall config syntax version for hollywood. [ Mark O'Brien ] -- Mark O'Brien Sat, 28 Jun 2008 11:22:07 -0700 vyatta-cfg-firewall (0.10) unstable; urgency=low 3.1.0 [ Mark O'Brien ] [ Stephen Hemminger ] * Use regular snmpd [ Bob Gilligan ] * Bugfix: 2120 * Bugfix: 2122 [ rbalocca ] * Add vyatta-snmpd [ An-Cheng Huang ] * rename "mangle" to "modify" [ rbalocca ] * Ignore derived files [ An-Cheng Huang ] * allow firewall rule to match inbound IPsec packets. * add "inspect" action (maps to QUEUE) so "custom" traffic-filter for IPS * add mangle table support to firewall configuration. initial implementation [ rbalocca ] * Convert to our method of changelog creation [ Bob Gilligan ] * Add firewall templates for PPPOA, PPPOE, and classical IP over ATM, on [ Mohit Mehta ] * Fix Bug 3069 Help strings should be standardized [ An-Cheng Huang ] * add post-firewall hook for other features * fix for bug 3127: look for an exact match to replace/delete. [ Mark O'Brien ] -- Mark O'Brien Tue, 17 Jun 2008 09:26:05 -0700 vyatta-cfg-firewall (0.9) unstable; urgency=low 3.0.5 -- Mark O'Brien Tue, 06 May 2008 12:43:09 -0700 vyatta-cfg-firewall (0.8) unstable; urgency=low 3.0.4 -- Mark O'Brien Mon, 05 May 2008 16:40:28 -0700 vyatta-cfg-firewall (0.7) unstable; urgency=low 3.0.3 [ Mark O'Brien ] [ rbalocca ] * Indicate the VC4.0.2 release candidate in the changelog [ Mark O'Brien ] -- Mark O'Brien Tue, 29 Apr 2008 16:42:09 -0700 vyatta-cfg-firewall (0.6) unstable; urgency=low VC4.0.2 [ Mark O'Brien ] [ An-Cheng Huang ] * fix for bug 3167: get the actual return status from iptables. * fix for bug 3167: disallow multiport specification if both source and [ Mark O'Brien ] -- Mark O'Brien Sat, 19 Apr 2008 11:55:56 -0700 vyatta-cfg-firewall (0.5) unstable; urgency=low VC4.0.2 release candidate [ Mark O'Brien ] [ An-Cheng Huang ] * fix for bug 3127: look for an exact match to replace/delete. [ Mark O'Brien ] -- Mark O'Brien Wed, 16 Apr 2008 09:49:51 -0700 vyatta-cfg-firewall (0.4) unstable; urgency=low 3.0.2 [ Mark O'Brien ] * 3.0.1 [ rbalocca ] * Fix debian dependencies * Set dependencies on either bash or vyatta-bash [ Mark O'Brien ] -- Mark O'Brien Fri, 04 Apr 2008 18:00:16 -0700 vyatta-cfg-firewall (0.3) unstable; urgency=low VC4.0.1 [ Mark O'Brien ] [ An-Cheng Huang ] * fix a problem in the interaction between "firewall" and "interfaces". [ Stephen Hemminger ] * Replace VPL with GPLv2 * Change to GPLv2 * Update debian/copyright for GPLv2 * update from VPL1 to GPLv2 [ Mark O'Brien ] -- Mark O'Brien Tue, 18 Mar 2008 19:03:26 -0700 vyatta-cfg-firewall (0.2) unstable; urgency=low vc4.0.0 [ Mark O'Brien ] [ An-Cheng Huang ] * convert templates to new syntax * fix for bug 2591: update help text * fix for bug 2528: collapse source/destination "address" and "network". * fix for bug 2789: merge port configuration options. * merge ports in show output * merge address range into address * add address validation * move common module to vyatta-cfg [ Bob Gilligan ] * Extend firewall support to PPPOE interfaces. [ Stig Thormodsrud ] * Add firewall node to tunnel interface * Remove vif node as it's not valid for tunnel interfaces. [ Mark O'Brien ] -- Mark O'Brien Mon, 25 Feb 2008 17:38:04 -0800 vyatta-cfg-firewall (0.1) unstable; urgency=low * Initial Release. -- Bob Gilligan Mon, 10 Dec 2007 11:03:18 -0700