| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-03-05 | xml: T5738: use generic-disable-node building block for "disable" CLI nodes | Christian Breunig | |
| Make the code more uniform and maintainable. (cherry picked from commit 21b0bf0168697fdbe514ae49a4a28b39a91ec777) | |||
| 2024-02-01 | T4839: firewall: Add dynamic address group in firewall configuration, and ↵ | Nicolas Fort | |
| appropiate commands to populate such groups using source and destination address of the packet. (cherry picked from commit 6ce5fedb602c5ea0df52049a5e9c4fb4f5a86122) | |||
| 2024-02-01 | T5977: firewall: remove ipsec options in output chain rule definitions, ↵ | Nicolas Fort | |
| since it's not supported. (cherry picked from commit 9d490ecf616eb9d019beee37a3802705c4109d9d) | |||
| 2024-01-22 | firewall: T5729: T5681: T5217: backport subsystem from current branch | Christian Breunig | |
| This is a combined backport for all accumulated changes done to the firewall subsystem on the current branch. | |||
| 2024-01-18 | conntrack: T5376: T5779: backport from current | Christian Breunig | |
| Backport of the conntrack system from current branch. (cherry picked from commit fd0bcaf12) (cherry picked from commit 5acf5aced) (cherry picked from commit 42ff4d8a7) (cherry picked from commit 24a1a7059) | |||
| 2024-01-11 | Merge pull request #2793 from sarthurdev/T5550_sagitta | Christian Breunig | |
| interface: T5550: Interface source-validation priority over global value (backport) | |||
| 2024-01-08 | T5896: firewall: backport interface validator for firewall rules. | Nicolas Fort | |
| 2023-12-30 | firewall: T5834: Improve log message and simplify log-option include | Indrajit Raychaudhuri | |
| `include/firewall/rule-log-options.xml.i` is now more aptly renamed to `include/firewall/log-options.xml.i`. (cherry picked from commit 53a48f499ae9bcc2f657136bb7779b38aad1c242) | |||
| 2023-12-30 | firewall: T5834: Remove vestigial include file | Indrajit Raychaudhuri | |
| This file is a left over from previous refactoring and no longer referenced anywhere in the interface definitions. (cherry picked from commit f8f382b2195da8db8b730f107ffba16e67dac822) | |||
| 2023-12-30 | firewall: T5834: Rename 'enable-default-log' to 'default-log' | Indrajit Raychaudhuri | |
| Rename chain level defaults log option from `enable-default-log` to `default-log` for consistency. (cherry picked from commit 245e758aa2ea8779186d0c92d79d33170d036992) | |||
| 2023-12-15 | T5775: firewall: re-add state-policy to firewall. These commands are now ↵ | Nicolas Fort | |
| included in <set firewall global-options state-policy> node. | |||
| 2023-12-15 | firewall: T4502: add offload to firewall table actions | Bjarke Istrup Pedersen | |
| 2023-11-21 | T5419: firewall: backport firewall flowtable to Sagitta. | Nicolas Fort | |
| 2023-11-16 | T4072: firewall: backport bridge firewall to sagitta | Nicolas Fort | |
| 2023-11-14 | T5729: T5590: T5616: backport to sagita fwall marks, fix on firewall logs ↵ | Nicolas Fort | |
| parsing, and migration to valueless node for log and state matchers | |||
| 2023-11-01 | T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher ↵ | Nicolas Fort | |
| firewal, nat and nat66. (cherry picked from commit 51abbc0f1b2ccf4785cf7f29f1fe6f4af6007ee6) | |||
| 2023-10-23 | T5637: Firewall: add new rule at the end of base chains for default-actions. ↵ | Nicolas Fort | |
| This enables logs capabilities for default-action in base chains. | |||
| 2023-09-28 | firewall: T5614: Add support for matching on conntrack helper | sarthurdev | |
| (cherry picked from commit 81dee963a9ca3224ddbd54767a36efae5851a001) | |||
| 2023-09-06 | firewall: T3509: Split IPv4 and IPv6 reverse path filtering like on interfaces | sarthurdev | |
| 2023-08-23 | T5450: update smoketest and interface definition in order to work with new ↵ | Nicolas Fort | |
| firewall cli | |||
| 2023-08-11 | T5460: remove config-trap from firewall | Nicolas Fort | |
| 2023-08-11 | T5160: firewall refactor: fix regexep for connection-status. Create new file ↵ | Nicolas Fort | |
| with common matcher for ipv4 and ipv6, and use include on all chains for all this comman matchers | |||
| 2023-08-11 | T5160: firewall refactor: change default value for <default-action> from ↵ | Nicolas Fort | |
| <drop> to <accept> if default-action is not specified in base chains | |||
| 2023-08-11 | T5160: firewall refactor: move <set firewall ipv6 ipv6-name ...> to <set ↵ | Nicolas Fort | |
| firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip. | |||
| 2023-08-11 | T5160: firewall refactor: change firewall ip to firewall ipv4 | Nicolas Fort | |
| 2023-08-11 | T5160: firewall refactor: new cli structure. Update only all xml | Nicolas Fort | |
| 2023-07-31 | T5014: fix conflicts. Add code for redirection, which is causing conflicts. ↵ | Nicolas Fort | |
| Change code for new syntax | |||
| 2023-07-31 | T5014: nat: add source and destination nat options for configuring load ↵ | Nicolas Fort | |
| balance within a single rule. | |||
| 2023-03-21 | T5050: Firewall: Add log options | Nicolas Fort | |
| 2023-03-10 | Merge pull request #1871 from nicolas-fort/T5055 | Christian Breunig | |
| T5055: Firewall: add packet-type matcher in firewall and route policy | |||
| 2023-03-09 | xml: T4952: improve interface completion helper CLI experience | Christian Breunig | |
| 2023-03-06 | T5055: Firewall: add packet-type matcher in firewall and route policy | Nicolas Fort | |
| 2023-02-28 | T5037: Firewall: Add queue action and options to firewall | Nicolas Fort | |
| 2023-02-18 | T4886: allow connection-mark 0 value, which is acceptable | Nicolas Fort | |
| 2023-01-02 | T4904: keepalived virtual-server allow multiple ports with fwmark | Viacheslav Hletenko | |
| Allow multiple ports for high-availability virtual-server The current implementation allows balance only one "virtual" address and port between between several "real servers" Allow matching "fwmark" to set traffic which should be balanced Allow to set port 0 (all traffic) if we use "fwmark" Add health-check script set high-availability virtual-server 203.0.113.1 fwmark '111' set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 health-check script '/bin/true' set high-availability virtual-server 203.0.113.1 real-server 192.0.2.11 port '0' | |||
| 2022-12-23 | firewall: T2199: Fix typo in `rule-log-level.xml.i` header | sarthurdev | |
| 2022-12-23 | firewall: T2199: Add mac-address match to `destination` side | sarthurdev | |
| 2022-12-19 | T4886: Firewall and route policy: Add connection-mark feature to vyos. | Nicolas Fort | |
| 2022-12-17 | Merge pull request #1626 from nicolas-fort/fwall_group_interface | Christian Poessinger | |
| T4780: Firewall: add firewall groups in firewall. Extend matching cri… | |||
| 2022-12-15 | firewall: T4882: add missing ICMPv6 type names | initramfs | |
| 2022-11-24 | Merge pull request #1641 from Rain/T4612-arbitrary-netmasks | Christian Poessinger | |
| firewall: T4612: Support arbitrary netmasks | |||
| 2022-11-19 | T4780: Firewall: add firewall groups in firewall. Extend matching criteria ↵ | Nicolas Fort | |
| so this new group can be used in inbound and outbound matcher | |||
| 2022-11-03 | Merge pull request #1633 from sarthurdev/fqdn | Christian Poessinger | |
| firewall: T970: T1877: Add source/destination fqdn, refactor domain resolver, firewall groups in NAT | |||
| 2022-11-03 | firewall: T970: Refactor domain resolver, add firewall source/destination ↵ | sarthurdev | |
| `fqdn` node | |||
| 2022-11-03 | validators: T4795: migrate mac-address python validator to validate-value | Christian Poessinger | |
| Instead of spawning the Python interpreter for every mac-address to validate, rather use the base validate-value OCaml implementation which is much faster. This removes redundant code and also makes the CLI more responsive. Validator is moved out to a dedicated file instead of using XML inlined <regex> for the reason of re-usability. So if that regex needs to be touched again - it can all happen in one single file. | |||
| 2022-11-03 | xml: T4795: provide common and re-usable XML definitions for policy | Christian Poessinger | |
| Remove duplicated code and move to single-source of truth. | |||
| 2022-10-08 | firewall: T4612: Support arbitrary netmasks | Rain | |
| Add support for arbitrary netmasks on source/destination addresses in firewall rules. This is particularly useful with DHCPv6-PD when the delegated prefix changes periodically. | |||
| 2022-09-26 | T4700: Firewall: add interface matching criteria | Nicolas Fort | |
| 2022-09-22 | xml: T4698: validating a range must be explicitly enabled in the validator | Christian Poessinger | |
| This extends commit 28573ffe4f ("xml: T4698: drop validator name="range" and replace it with numeric"). The first version allowed both a range and discrete numbers to be validated by the numeric validator. This had a flaw as both 22 and 22-30 were valid at the same time. The generic "port-number.xml.i" building block only allows a discrete number. Now if a user set port 22-30 for e.g. SSH the daemon did no longer start. This is why range validation must be explicitly enabled. | |||
| 2022-09-21 | T4699: Firewall: Add return action, since jump action was added recently | Nicolas Fort | |
 |
index : vyos-1x.git | |
| VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) |
| summaryrefslogtreecommitdiff |