| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-01-22 | firewall: T5729: T5681: T5217: backport subsystem from current branch | Christian Breunig | |
| This is a combined backport for all accumulated changes done to the firewall subsystem on the current branch. | |||
| 2024-01-12 | T5922: firewall: fix intra-zone filtering parsing rules; update firewall ↵ | Nicolas Fort | |
| smoketest (cherry picked from commit 5c4c873f9c36459bc7bad73208450ee802440929) | |||
| 2024-01-11 | Merge pull request #2793 from sarthurdev/T5550_sagitta | Christian Breunig | |
| interface: T5550: Interface source-validation priority over global value (backport) | |||
| 2023-12-30 | firewall: T5834: Rename 'enable-default-log' to 'default-log' | Indrajit Raychaudhuri | |
| Rename chain level defaults log option from `enable-default-log` to `default-log` for consistency. (cherry picked from commit 245e758aa2ea8779186d0c92d79d33170d036992) | |||
| 2023-12-15 | T5775: firewall: re-add state-policy to firewall. These commands are now ↵ | Nicolas Fort | |
| included in <set firewall global-options state-policy> node. | |||
| 2023-12-15 | firewall: T4502: add offload to firewall table actions | Bjarke Istrup Pedersen | |
| 2023-11-21 | T5419: firewall: backport firewall flowtable to Sagitta. | Nicolas Fort | |
| 2023-11-16 | T4072: firewall: backport bridge firewall to sagitta | Nicolas Fort | |
| 2023-11-14 | T5729: T5590: T5616: backport to sagita fwall marks, fix on firewall logs ↵ | Nicolas Fort | |
| parsing, and migration to valueless node for log and state matchers | |||
| 2023-11-01 | T5681: Firewall,Nat and Nat66: simplified and standarize interface matcher ↵ | Nicolas Fort | |
| firewal, nat and nat66. (cherry picked from commit 51abbc0f1b2ccf4785cf7f29f1fe6f4af6007ee6) | |||
| 2023-10-23 | T5637: Firewall: add new rule at the end of base chains for default-actions. ↵ | Nicolas Fort | |
| This enables logs capabilities for default-action in base chains. | |||
| 2023-10-20 | T5541: firewall: re-add zone-based firewall. | Nicolas Fort | |
| 2023-09-28 | firewall: T5614: Add support for matching on conntrack helper | sarthurdev | |
| (cherry picked from commit 81dee963a9ca3224ddbd54767a36efae5851a001) | |||
| 2023-09-06 | firewall: T3509: Split IPv4 and IPv6 reverse path filtering like on interfaces | sarthurdev | |
| 2023-08-26 | firewall: T5080: Disable conntrack unless required by rules | sarthurdev | |
| 2023-08-25 | firewall: T3509: Add support for IPv6 return path filtering | sarthurdev | |
| 2023-08-23 | T5450: update smoketest and interface definition in order to work with new ↵ | Nicolas Fort | |
| firewall cli | |||
| 2023-08-11 | T5160: firewall refactor: change default value for <default-action> from ↵ | Nicolas Fort | |
| <drop> to <accept> if default-action is not specified in base chains | |||
| 2023-08-11 | T5160: firewall refactor: move <set firewall ipv6 ipv6-name ...> to <set ↵ | Nicolas Fort | |
| firewall ipv6 name ...> . Also fix some unexpected behaviour with geoip. | |||
| 2023-08-11 | T5160: firewal refactor: fix tabulation for geo-ip parsing code. Typo fix in ↵ | Nicolas Fort | |
| firewall smoketest | |||
| 2023-08-11 | T5160: firewall refactor: change firewall ip to firewall ipv4 | Nicolas Fort | |
| 2023-08-11 | T5160: firewall refactor: re-add missing code in template.py which was ↵ | Nicolas Fort | |
| accidentaly removed. Update smokestest: remove zone test and fix test_sysfs test | |||
| 2023-08-11 | T5160: firewall refactor: new cli structure. Add migration script and update ↵ | Nicolas Fort | |
| smoketest | |||
| 2023-07-14 | T5195: vyos.util -> vyos.utils package refactoring (#2093) | Christian Breunig | |
| * T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io | |||
| 2023-03-31 | T5128: Add contraint for firewall interface. Also update smoketest to ↵ | Nicolas Fort | |
| include at least one wildcarded interface | |||
| 2023-03-21 | T5050: Firewall: Add log options | Nicolas Fort | |
| 2023-03-06 | T5055: Firewall: add packet-type matcher in firewall and route policy | Nicolas Fort | |
| 2023-02-28 | T5037: Firewall: Add queue action and options to firewall | Nicolas Fort | |
| 2022-12-19 | T4886: Firewall and route policy: Add connection-mark feature to vyos. | Nicolas Fort | |
| 2022-12-17 | Merge pull request #1626 from nicolas-fort/fwall_group_interface | Christian Poessinger | |
| T4780: Firewall: add firewall groups in firewall. Extend matching cri… | |||
| 2022-11-24 | Merge pull request #1641 from Rain/T4612-arbitrary-netmasks | Christian Poessinger | |
| firewall: T4612: Support arbitrary netmasks | |||
| 2022-11-19 | T4780: Firewall: add firewall groups in firewall. Extend matching criteria ↵ | Nicolas Fort | |
| so this new group can be used in inbound and outbound matcher | |||
| 2022-11-03 | firewall: T970: Refactor domain resolver, add firewall source/destination ↵ | sarthurdev | |
| `fqdn` node | |||
| 2022-10-08 | firewall: T4612: Support arbitrary netmasks | Rain | |
| Add support for arbitrary netmasks on source/destination addresses in firewall rules. This is particularly useful with DHCPv6-PD when the delegated prefix changes periodically. | |||
| 2022-09-26 | T4700: Firewall: add interface matching criteria | Nicolas Fort | |
| 2022-09-21 | T4699: Firewall: Add return action, since jump action was added recently | Nicolas Fort | |
| 2022-09-16 | T4699: Firewall: Add jump action in firewall rulest | Nicolas Fort | |
| 2022-09-14 | firewall: nat66: policy: T2199: Fix smoketests for nftables updated output | sarthurdev | |
| 2022-09-13 | zone-policy: T2199: Migrate zone-policy to firewall node | sarthurdev | |
| 2022-09-13 | firewall: T4605: Rename filter tables to vyos_filter | sarthurdev | |
| 2022-09-13 | firewall: T2199: Refactor firewall + zone-policy, move interfaces under ↵ | sarthurdev | |
| firewall node * Refactor firewall and zone-policy rule creation and cleanup * Migrate interface firewall values to `firewall interfaces <name> <direction> name/ipv6-name <name>` * Remove `firewall-interface.py` conf script | |||
| 2022-09-07 | T1024: Firewall and Policy route: add option to match dscp value, both on ↵ | Nicolas Fort | |
| firewall and in policy route | |||
| 2022-09-03 | firewall: T4651: re-implement packet-length CLI option to use <multi/> | Christian Poessinger | |
| 2022-09-03 | smoketest: firewall: add re-usable variables when running testcases | Christian Poessinger | |
| 2022-09-01 | Firewall: T4651: Change proposed cli from ip-length to packet-length | Nicolas Fort | |
| 2022-08-27 | Firewall: T4651: Add options to match packet size on firewall rules. | Nicolas Fort | |
| 2022-08-18 | firewall: T4622: Add TCP MSS option | Viacheslav Hletenko | |
| Ability to drop|accept packets based on TCP MSS size set firewall name <tag> rule <tag> tcp mss '501-1460' | |||
| 2022-07-04 | firewall: T4299: Add ability to inverse match country codes | sarthurdev | |
| 2022-06-14 | firewall: T970: Use set prefix to domain groups | sarthurdev | |
| 2022-06-14 | firewall: T4147: Use named sets for firewall groups | sarthurdev | |
| * Refactor nftables clean-up code * Adds policy route test for using firewall groups | |||
 |
index : vyos-1x.git | |
| VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) |
| summaryrefslogtreecommitdiff |