summaryrefslogtreecommitdiff
path: root/data/templates/firewall/nftables-defines.j2
AgeCommit message (Collapse)Author
2024-08-01T4072: firewall: extend firewall bridge capabilities, in order to include ↵Nicolas Fort
new chains, priorities, and firewall groups
2024-01-25T4839: firewall: Add dynamic address group in firewall configuration, and ↵Nicolas Fort
appropiate commands to populate such groups using source and destination address of the packet.
2023-09-07T4072: add firewall bridge filtering. First implementation only applies for ↵Nicolas Fort
forward chain and few matchers. Should be extended in the future.
2022-12-17Merge pull request #1626 from nicolas-fort/fwall_group_interfaceChristian Poessinger
T4780: Firewall: add firewall groups in firewall. Extend matching cri…
2022-11-19T4780: Firewall: add firewall groups in firewall. Extend matching criteria ↵Nicolas Fort
so this new group can be used in inbound and outbound matcher
2022-11-03firewall: T970: Refactor domain resolver, add firewall source/destination ↵sarthurdev
`fqdn` node
2022-09-16firewall: T2199: enable "auto-merge" on setsChristian Poessinger
vyos@vyos# show firewall +name foo { + rule 1 { + action accept + packet-length 100 + packet-length 105 + packet-length 200-300 + packet-length 220-250 + } +} will report a nftables error upon load: Error: conflicting intervals specified With nftables 1.0.3 there is an "auto-merge" option which corrects this: https://lwn.net/Articles/896732/
2022-06-14firewall: T4147: Use named sets for firewall groupssarthurdev
* Refactor nftables clean-up code * Adds policy route test for using firewall groups
2022-06-10firewall: T478: Add support for nesting groupssarthurdev
2022-05-01firewall: T4353: fix Jinja2 linting errorsChristian Poessinger