| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2023-09-07 | T4072: add firewall bridge filtering. First implementation only applies for ↵ | Nicolas Fort | |
| forward chain and few matchers. Should be extended in the future. | |||
| 2023-08-23 | T5450: update smoketest and interface definition in order to work with new ↵ | Nicolas Fort | |
| firewall cli | |||
| 2023-08-11 | T5460: remove config-trap from firewall | Nicolas Fort | |
| 2023-08-11 | T5160: firewall refactor: fix regexep for connection-status. Create new file ↵ | Nicolas Fort | |
| with common matcher for ipv4 and ipv6, and use include on all chains for all this comman matchers | |||
| 2023-08-11 | T5160: firewall refactor: change default value for <default-action> from ↵ | Nicolas Fort | |
| <drop> to <accept> if default-action is not specified in base chains | |||
| 2023-08-11 | T5160: firewall refactor: move <set firewall ipv6 ipv6-name ...> to <set ↵ | Nicolas Fort | |
| firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip. | |||
| 2023-08-11 | T5160: firewall refactor: change firewall ip to firewall ipv4 | Nicolas Fort | |
| 2023-08-11 | T5160: firewall refactor: new cli structure. Update only all xml | Nicolas Fort | |
| 2023-07-31 | T5014: fix conflicts. Add code for redirection, which is causing conflicts. ↵ | Nicolas Fort | |
| Change code for new syntax | |||
| 2023-07-31 | T5014: nat: add source and destination nat options for configuring load ↵ | Nicolas Fort | |
| balance within a single rule. | |||
| 2023-03-21 | T5050: Firewall: Add log options | Nicolas Fort | |
| 2023-03-10 | Merge pull request #1871 from nicolas-fort/T5055 | Christian Breunig | |
| T5055: Firewall: add packet-type matcher in firewall and route policy | |||
| 2023-03-09 | xml: T4952: improve interface completion helper CLI experience | Christian Breunig | |
| 2023-03-06 | T5055: Firewall: add packet-type matcher in firewall and route policy | Nicolas Fort | |
| 2023-02-28 | T5037: Firewall: Add queue action and options to firewall | Nicolas Fort | |
| 2023-02-18 | T4886: allow connection-mark 0 value, which is acceptable | Nicolas Fort | |
| 2023-01-02 | T4904: keepalived virtual-server allow multiple ports with fwmark | Viacheslav Hletenko | |
| Allow multiple ports for high-availability virtual-server The current implementation allows balance only one "virtual" address and port between between several "real servers" Allow matching "fwmark" to set traffic which should be balanced Allow to set port 0 (all traffic) if we use "fwmark" Add health-check script set high-availability virtual-server 203.0.113.1 fwmark '111' set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 health-check script '/bin/true' set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 port '0' | |||
| 2022-12-23 | firewall: T2199: Fix typo in `rule-log-level.xml.i` header | sarthurdev | |
| 2022-12-23 | firewall: T2199: Add mac-address match to `destination` side | sarthurdev | |
| 2022-12-19 | T4886: Firewall and route policy: Add connection-mark feature to vyos. | Nicolas Fort | |
| 2022-12-17 | Merge pull request #1626 from nicolas-fort/fwall_group_interface | Christian Poessinger | |
| T4780: Firewall: add firewall groups in firewall. Extend matching cri… | |||
| 2022-12-15 | firewall: T4882: add missing ICMPv6 type names | initramfs | |
| 2022-11-24 | Merge pull request #1641 from Rain/T4612-arbitrary-netmasks | Christian Poessinger | |
| firewall: T4612: Support arbitrary netmasks | |||
| 2022-11-19 | T4780: Firewall: add firewall groups in firewall. Extend matching criteria ↵ | Nicolas Fort | |
| so this new group can be used in inbound and outbound matcher | |||
| 2022-11-03 | Merge pull request #1633 from sarthurdev/fqdn | Christian Poessinger | |
| firewall: T970: T1877: Add source/destination fqdn, refactor domain resolver, firewall groups in NAT | |||
| 2022-11-03 | firewall: T970: Refactor domain resolver, add firewall source/destination ↵ | sarthurdev | |
| `fqdn` node | |||
| 2022-11-03 | validators: T4795: migrate mac-address python validator to validate-value | Christian Poessinger | |
| Instead of spawning the Python interpreter for every mac-address to validate, rather use the base validate-value OCaml implementation which is much faster. This removes redundant code and also makes the CLI more responsive. Validator is moved out to a dedicated file instead of using XML inlined <regex> for the reason of re-usability. So if that regex needs to be touched again - it can all happen in one single file. | |||
| 2022-11-03 | xml: T4795: provide common and re-usable XML definitions for policy | Christian Poessinger | |
| Remove duplicated code and move to single-source of truth. | |||
| 2022-10-08 | firewall: T4612: Support arbitrary netmasks | Rain | |
| Add support for arbitrary netmasks on source/destination addresses in firewall rules. This is particularly useful with DHCPv6-PD when the delegated prefix changes periodically. | |||
| 2022-09-26 | T4700: Firewall: add interface matching criteria | Nicolas Fort | |
| 2022-09-22 | xml: T4698: validating a range must be explicitly enabled in the validator | Christian Poessinger | |
| This extends commit 28573ffe4f ("xml: T4698: drop validator name="range" and replace it with numeric"). The first version allowed both a range and discrete numbers to be validated by the numeric validator. This had a flaw as both 22 and 22-30 were valid at the same time. The generic "port-number.xml.i" building block only allows a discrete number. Now if a user set port 22-30 for e.g. SSH the daemon did no longer start. This is why range validation must be explicitly enabled. | |||
| 2022-09-21 | T4699: Firewall: Add return action, since jump action was added recently | Nicolas Fort | |
| 2022-09-17 | Merge pull request #1546 from nicolas-fort/fwall-jump | Christian Poessinger | |
| T4699: Firewall: Add jump action in firewall ruleset | |||
| 2022-09-16 | T4699: Firewall: Add jump action in firewall rulest | Nicolas Fort | |
| 2022-09-16 | xml: T4698: drop validator name="range" and replace it with numeric | Christian Poessinger | |
| After T4669 added support for range validation to the OCaml validator there is no need to keep the slow Python validator in place. Raplace all occurances of <validator name="range" argument="--min=1 --max=65535"/> with <validator name="numeric" argument="--range 1-65535"/>. | |||
| 2022-09-13 | firewall: T2199: Refactor firewall + zone-policy, move interfaces under ↵ | sarthurdev | |
| firewall node * Refactor firewall and zone-policy rule creation and cleanup * Migrate interface firewall values to `firewall interfaces <name> <direction> name/ipv6-name <name>` * Remove `firewall-interface.py` conf script | |||
| 2022-09-07 | T1024: Firewall and Policy route: add option to match dscp value, both on ↵ | Nicolas Fort | |
| firewall and in policy route | |||
| 2022-09-06 | T4670: policy route: extend matching criteria for policy route and route6. ↵ | Nicolas Fort | |
| Matching criteria added: ttl/hoplimit and packet-length | |||
| 2022-09-03 | firewall: T4651: re-implement packet-length CLI option to use <multi/> | Christian Poessinger | |
| 2022-09-03 | firewall: T3568: improve default-action help string | Christian Poessinger | |
| 2022-09-03 | firewall: T3568: add XML include block for eq,gt,lt options | Christian Poessinger | |
| 2022-09-02 | Merge branch 'T4651' of https://github.com/nicolas-fort/vyos-1x into firewall | Christian Poessinger | |
| * 'T4651' of https://github.com/nicolas-fort/vyos-1x: Firewall: T4651: Change proposed cli from ip-length to packet-length Firewall: T4651: Add options to match packet size on firewall rules. | |||
| 2022-09-01 | Firewall: T4651: Change proposed cli from ip-length to packet-length | Nicolas Fort | |
| 2022-08-30 | firewall: T4655: implement XML defaultValue for name and ipv6-name | Christian Poessinger | |
| This extends the implementation of commit 0cc7e0a49094 ("firewall: T4655: Fix default action 'drop' for the firewall") in a way that we can now also use the XML <defaultValue> node under "firewall name" and "firewall ipv6-name". This is a much cleaner approach which also adds the default value automatically to the CLIs completion helper ("?"). | |||
| 2022-08-30 | firewall: T3568: rename XML building blocks to match CLI node name | Christian Poessinger | |
| 2022-08-18 | firewall: T4622: Add TCP MSS option | Viacheslav Hletenko | |
| Ability to drop|accept packets based on TCP MSS size set firewall name <tag> rule <tag> tcp mss '501-1460' | |||
| 2022-07-04 | firewall: T4299: Add ability to inverse match country codes | sarthurdev | |
| 2022-06-11 | firewall: T4299: Add support for GeoIP filtering | sarthurdev | |
| 2022-06-10 | xml: drop not always applicable REQUIRED suffix from completion help string | Christian Poessinger | |
| If a parameter is required is determined from the Python string on commit. This "indicator" is not used consistently and sometimes missing, or added where it is not required anymore due to Python script improvement/rewrite. | |||
| 2022-06-10 | Merge pull request #1322 from nicolas-fort/T3907-fwall-log | Daniil Baturin | |
| Firewall: T3907: add log-level options in firewall | |||
 |
index : vyos-1x.git | |
| VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) |
| summaryrefslogtreecommitdiff |