Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-08-18 | firewall: T4622: Add TCP MSS option | Viacheslav Hletenko | |
Ability to drop|accept packets based on TCP MSS size set firewall name <tag> rule <tag> tcp mss '501-1460' | |||
2022-07-04 | firewall: T4299: Add ability to inverse match country codes | sarthurdev | |
2022-06-11 | firewall: T4299: Add support for GeoIP filtering | sarthurdev | |
2022-06-10 | xml: drop not always applicable REQUIRED suffix from completion help string | Christian Poessinger | |
If a parameter is required is determined from the Python string on commit. This "indicator" is not used consistently and sometimes missing, or added where it is not required anymore due to Python script improvement/rewrite. | |||
2022-06-10 | Merge pull request #1322 from nicolas-fort/T3907-fwall-log | Daniil Baturin | |
Firewall: T3907: add log-level options in firewall | |||
2022-05-28 | firewall: T970: Add firewall group domain-group | Viacheslav Hletenko | |
Domain group allows to filter addresses by domain main Resolved addresses as elements are stored to named "nft set" that used in the nftables rules Also added a dynamic "resolver" systemd daemon vyos-domain-group-resolve.service which starts python script for the domain-group addresses resolving by timeout 300 sec set firewall group domain-group DOMAINS address 'example.com' set firewall group domain-group DOMAINS address 'example.org' set firewall name FOO rule 10 action 'drop' set firewall name FOO rule 10 source group domain-group 'DOMAINS' set interfaces ethernet eth0 firewall local name 'FOO' nft list table ip filter table ip filter { set DOMAINS { type ipv4_addr flags interval elements = { 192.0.2.1, 192.0.2.85, 203.0.113.55, 203.0.113.58 } } chain NAME_FOO { ip saddr @DOMAINS counter packets 0 bytes 0 drop comment "FOO-10" counter packets 0 bytes 0 return comment "FOO default-action accept" } } | |||
2022-05-27 | Firewall: T3907: Revert migration script 6-to-7 and add new 7-to-8 | Nicolas Fort | |
2022-05-11 | Firewall: T3907: add log-level options in firewall | Nicolas Fort | |
2022-05-09 | Merge pull request #1279 from nicolas-fort/T990 | Christian Poessinger | |
Firewall: T990: Add snat and dnat connection status on firewall | |||
2022-04-29 | xml: T4047: use full string match in the regex validator | Christian Poessinger | |
2022-04-23 | Firewall: T990: Modifications for new connection-status cli | Nicolas Fort | |
2022-04-11 | Firewall: T990: Add snat and dst connection status on firewall | Nicolas Fort | |
2022-04-08 | Firewall: T990: Add snat and dnat connection status on firewall | Nicolas Fort | |
2022-04-06 | firewall: T4345: Fix incorrect rule limit rate syntax | sarthurdev | |
2022-02-24 | scripts: T4269: node.def generator should automatically add default values | Christian Poessinger | |
Since introducing the XML <defaultValue> node it was common, but redundant, practice to also add a help string indicating which value would be used as default if the node is unset. This makes no sense b/c it's duplicated code/value/characters and prone to error. The node.def scripts should be extended to automatically render the appropriate default value into the CLI help string. For e.g. SSH the current PoC renders: $ cat templates-cfg/service/ssh/port/node.def multi: type: txt help: Port for SSH service (default: 22) val_help: u32:1-65535; Numeric IP port ... Not all subsystems are already migrated to get_config_dict() and make use of the defaults() call - those subsystems need to be migrated, first before the new default is added to the CLI help. | |||
2022-02-04 | firewall: T4209: Fix support for rule `recent` matches | sarthurdev | |
2022-01-21 | Firewall: T4186: Adding icmpv6 corrections, in corcondancy of what was done ↵ | Nicolas Fort | |
for icmp | |||
2022-01-21 | Firewall: T4186: typo correction on address-mask-reply description | Nicolas Fort | |
2022-01-21 | Firewall: T4186: Correct icmp type-name options for firewall rules | Nicolas Fort | |
2022-01-18 | firewall: T3560: Add support for MAC address groups | sarthurdev | |
2022-01-17 | firewall: policy: T4178: Migrate and refactor tcp flags | sarthurdev | |
* Add support for ECN and CWR flags | |||
2022-01-14 | firewall: T4178: Use lowercase for TCP flags and add an validator | sarthurdev | |
2022-01-10 | firewall: validators: T2199: Improve port validation | sarthurdev | |
2022-01-07 | xml: firewall: T4130: add protocol completion helper all and tcp_udp | Christian Poessinger | |
2022-01-04 | firewall: T4134: Fix completion help for protocols | Viacheslav | |
2021-12-06 | firewall: T2199: Migrate firewall to XML/Python | sarthurdev | |
2021-08-29 | xml: add missing "u32:" value declarator on integer ranges | Christian Poessinger | |
2021-07-02 | xml: provide building block for a generic description node | Christian Poessinger | |
2021-05-25 | firewall: T3568: add XML definitions for firewall | Viacheslav Hletenko | |
Add XML for configuration mode firewall. Used for future rewriting it to Python style. |