Ecosyste.ms: OpenCollective

An open API service for software projects hosted on Open Collective.

github.com/vyos/vyatta-cfg-firewall

Configuration templates and scripts for the firewall subsystem.
https://github.com/vyos/vyatta-cfg-firewall

Disable firewall debuging by default.

3c18274ae44a090979532ddb3e65d2f3df5ad97e authored almost 16 years ago
0.13.7-34

d34f84aeb1ae253e667fa3b2f46259b65b372f0c authored almost 16 years ago
enable/disable conntrack separately for ipv4/ipv6

bf645391ae00362f4a1bda669a29718005c57a8b authored almost 16 years ago
0.13.7-33

d6401a056f643a7dc27d0703ee9a29ba20970924 authored almost 16 years ago
Move setup/teardown out from top-level firewall node.

Add refcnts to know when to teardown.

8a4b8a8238220a082d30364631d23da675a48361 authored almost 16 years ago
0.13.7-32

974a9ed041c84d9023fd972c5dd6f3648afd6daf authored almost 16 years ago
bugfix 4297: Don't allow modify rulesets on local traffic.

7b24a1d602390d12befb29f84b1c3de18fc9e363 authored almost 16 years ago
Add support for virtual-ethernet

773c2a20182c559b72a2e87b4c2bcc5de1309936 authored almost 16 years ago
0.13.7-31

22754cd3f8c353ad994806210c1a0b01904160bf authored almost 16 years ago
Fix Bug 4261 - Features missing in various firewall sub-trees

add 'disable', 'fragment', 'ipsec', and 'recent' under 'firewall modify' tree

761dddfa736c43984e00970393c68a5cf08f792c authored almost 16 years ago
0.13.7-30

0f67fe37ef5990b223ce6f11f7c29c7e0b7a87c1 authored almost 16 years ago
Add conntrack and post firewall hooks for IPv6.

b50f5f2cbc68c35aede11d79d5ec6f5833da5eb7 authored almost 16 years ago
0.13.7-29

b626c511458aec9492c428eb4da07116e99bbd72 authored almost 16 years ago
Fix bug where an empty firewall rule deletes the default drop policy.

5d2407391cbfc274aa819a9a62a688250ecaf627 authored almost 16 years ago
Move firewall "end" processing down to each table.

Fix bug for global enable/disable of conntrack.

4b77669da9c2c16db3f5a3696335bab386f4cf11 authored almost 16 years ago
0.13.7-28

f7d5ec8f1a6d0552d2aff417ff2064dea0fed4de authored almost 16 years ago
Add ability for firename to select default policy.

22ca661c3cd95ef08459b83d010b31bd6e851b67 authored almost 16 years ago
Fix faulty search loop.

789bb8a2bbce86b064460ac62fa09c25323d5f44 authored almost 16 years ago
0.13.7-27

6a29e7f2c5b3a7c08f7f058cf168ff065022f3b0 authored almost 16 years ago
Apply interface firewalls to separate VYATTA_(IN|OUT)_HOOK.

This enforces in firewall to be processed before out firewall.

6cc3f2cb82db6de6685541ba6f177906ad2758be authored almost 16 years ago
0.13.7-26

7b5f6ad8cb6b48e7f0e8586be77c1a34e5c8d9cd authored almost 16 years ago
Bugfix 4261: Add support to configure "limit" for IPv6 modify rulesets.

6a18584f4e272cd4ddad197a65e0337a2ba73ed9 authored almost 16 years ago
0.13.7-25

9dc89a7776f8d14e110b3b6aeef9ab29712ebac8 authored almost 16 years ago
Bugfix 4261: Add support to configure "limit" in IPv6.

7f112fb9038fe78e0bd955f5dd5a7a4c55abc9c4 authored almost 16 years ago
0.13.7-24

4f89a9ff057c77cea53d8ee0e29ac1efa1fe0df6 authored almost 16 years ago
Remove extra carriage return that was breaking the generated firewall

template.

afd4793c1f2a174651926f8c2bf5790fe66bab3b authored almost 16 years ago
Cleanup perl code that generates templates

1. Check for errors in open/mkdir
2. Use mkdir_p in perl rather than calling system
3. Use Perl ...

91ac330a0cd0cd0896aee34829d0de4860cd35f3 authored almost 16 years ago
Revert "Allow user configurable default-policy on firewall."

Further test identified a problem.
The patch is broken if a packet must do both an in & out filte...

108ef51e412a379905a6a8d354e7e21d10e9d1cc authored almost 16 years ago
Allow user configurable default-policy on firewall.

754d0f4d855a59020afa20ad8867218708b5c978 authored almost 16 years ago
0.13.7-23

a3185dcd028446ef14a96bca5ae0cf4a8333e99c authored almost 16 years ago
* add 'redirect' to Valid ICMPv6 Types

* add comp_help for ICMPv4 type-name

52e57dd02b64034e6232e046ee82e93b6709d173 authored almost 16 years ago
0.13.7-22

5febb22b44a1c93628cf070350770fed55512e4d authored almost 16 years ago
Merge branch 'jenner' of suva.vyatta.com:/git/vyatta-cfg-firewall into jenner

d9151999f5279afeed16c0493c5175a1f13d661d authored almost 16 years ago
Doing strict ES won't work for router

Need a different kind of filter to fix 4061. (Not sure if
it is even possible as firewall rule s...

11a6cc493149f92913634dda3b491079188a334d authored almost 16 years ago
0.13.7-21

8286cf3a04de49e2d0f3ab9f9cf1dc8b0f38cd47 authored almost 16 years ago
Don't use -P

Changing default property of rules screws up other things

7981321561add3874ca28f1f59bb170b7e214de2 authored almost 16 years ago
Enable strict host matching

Bug 4061
Host (INPUT) chain will only accept packets where destination address
matches address o...

a76180820eb08f3957ab36e25cada8ab0f0ccc5d authored almost 16 years ago
0.13.7-20

e2c1d71f7e57956a01959846178bb132d68d14f6 authored almost 16 years ago
Bugfix 4203: Name of template should be classical-ipoa, not classical_ipoa

4d15ce7be6bc73201418f2f6913fabba7d274612 authored almost 16 years ago
0.13.7-19

1d2ba4ca4c27ab8b6dc6a33b93a47d6bb9de5c11 authored almost 16 years ago
Automatically generate more per-interface firewall templates.

Added code to generate at build time the templates for: bridge, openvpn,
multilink, serial, and...

6205244649a9c9c0d0ff7e74e446e3d454a53cde authored almost 16 years ago
0.13.7-18

0a7ec38e2828b10936cbfd2d50380d64b9ddc06d authored almost 16 years ago
Remove per-interface firewall templates; They are now generated.

0ade1dc05ae3a5f564ab2ddd7f3e528ff8adc232 authored almost 16 years ago
0.13.7-17

c8cd682ee2dbd71d085fe3b4aaf453afd5aa5108 authored almost 16 years ago
Don't attempt to delete ruleset from "other" trees

When a ruleset was being applied to an interface, the code previously
attempted to find out if t...

68c50c0fd6c97e89598fffae230127d249e94cf1 authored almost 16 years ago
0.13.7-16

5c08813dd428ffb12f8a9ca1bb82dd446b82942f authored almost 16 years ago
Fix generated templates for ethernet vifs.

ccb8e496443eeb1ce0ae3bb4f2c56acb43db1976 authored almost 16 years ago
0.13.7-15

b3912f36ed534bcad5beeda06df6cc34d48ab489 authored almost 16 years ago
Fix 3422: fw logging fails if logprefix is too long (> 29 characters)

a58874011506c6fcfe60929cc10cdc742fba6056 authored almost 16 years ago
Prevent ';' from being used in a firewall name.

2f684d00985f67469db874805caeedf83cf2e1eb authored almost 16 years ago
Limit address range to a /24, but make easy to change if it's deam too restrictive.

09b937160c8aadf443ce9788af93b3e4a225645a authored almost 16 years ago
Add allow/comp_help to firewall action.

250a07e2a816fdf7d295d743fcc892faae8e9c9a authored almost 16 years ago
The generated-templates directory holds only derived files.

c79bf0610f9319d285f4f0d52b5ff0e9fab42064 authored almost 16 years ago
Use single quote around $VAR(@).

e95c589fc2782077915b0c388eef340b14c4de80 authored almost 16 years ago
Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jenner

b40f9494b98f625c8725f1d40af1983fe44a91e7 authored almost 16 years ago
Revert "Make sure to quote $VAR(@)."

This reverts commit c5595b67948166f65c8ea2c1ce1890b9aa27fd3d.

904604d014faa334de4700dee94674ac57a514a3 authored almost 16 years ago
0.13.7-14

a444cc5afad16e00d6ac14858096f5e4422007f9 authored almost 16 years ago
Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jenner

9bcaf042a85c64cae228ab1fd6c328fea7417db7 authored almost 16 years ago
Make sure to quote $VAR(@).

c5595b67948166f65c8ea2c1ce1890b9aa27fd3d authored almost 16 years ago
add ipv6 accept_redirects and accept_source_route under firewall

31dfa0fb522cb00a7354fb613f296769d347173e authored almost 16 years ago
Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jenner

d3353e7f9b2f703e2fd559497b7a7fb190f20835 authored almost 16 years ago
Limit firewall name to 29 characters since that is the iptables/ip6tables

limit.

9a8c3eeb15e12160d9dd9dbcda8f6e4fa26126ba authored almost 16 years ago
0.13.7-13

1da35e6327ffa795f7b294536d7479997db32a33 authored almost 16 years ago
Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jenner

4ca33aafa19c13e458b8b0d3b068ce46b83bba87 authored almost 16 years ago
Allow IPv6 firewall rulesets to be configured on an interface independent of IPv4.

Replaced the hand-coded config templates under each type of interface with script-generated
temp...

ed474cdf0e084d653ed06916f0ec297810e23831 authored almost 16 years ago
Fix Bug 4150 enable loose reverse path filtering

7505fdcd0feca189b759306301cac445ec44d525 authored almost 16 years ago
0.13.7-12

d8520ae0d6930a29a3e46d4d385b021fc3733024 authored almost 16 years ago
Add "ipv6-modify" firewall configuration sub-tree.

d766dd656ad8af7219ff604609215a76596d13a8 authored almost 16 years ago
0.13.7-11

ca464052ad78c6d840c9982fb5d9f1f016f7e3c9 authored almost 16 years ago
Fix Bug 3951 default values for kernel tunable security parameters under firewall

55863b16fdaa0337c4f1df00ef045f3b646b24b6 authored almost 16 years ago
Fix Bug 3951 default values for kernel tunable security parameters under firewall

3c18b9bf9a01575dd6cab370670382a1dd3a1fcf authored almost 16 years ago
0.13.7-10

bb1a5a5e64956a50a8baf8bd8c1c49a9c60b9f12 authored almost 16 years ago
Multiple updates for IPv6:

- Added ICMPv6 config tree
- Removed ICMP config tree (it's not used in IPv6)
- Removed fragm...

a45a989da21314560c336578344caff7ac6393fb authored almost 16 years ago
Fix changelog

f986b33eff26c8a99e98b0a3034e8372219c9b0c authored almost 16 years ago
- Add check for address range starting with higher address.

- Add natural-order sort for displaying address/network groups.

ecb1cc830bef3fa9afcd589fb557159d0630349e authored almost 16 years ago
Reduce duplicate code.

a6948fb19340ed4728db70598f96bbafedf21192 authored almost 16 years ago
Change delete_member_range to use the same subnet prefix.

2052ef741fd7cda0add48a2c5efd87f8cc4cfef9 authored almost 16 years ago
Add support for ranges in firewall group address & port.

e64e39512d6909150cb189c7d59fb72db4216ddb authored almost 16 years ago
0.13.7-7

c0e91ced01c7b87a818577245969aeedb7aa5796 authored almost 16 years ago
Make "show firewall group" work for operator.

12ef68bcce62a683c146bfca3cdc89712bac36e5 authored almost 16 years ago
Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jenner

9c6be933f21bd3336eb7c666873817fbe7a79246 authored almost 16 years ago
Add description and references to "show firewall group".

f638fad8d8550624c2ea2928f562fb953a27456c authored almost 16 years ago
Fix Bug 4074 firewall broadcast ping parameter needs to be clarified

make behavior as documented i.e. icmp broadcast pings are ignored
unless 'firewall broadcast-ping...

af24ef45b9bea36b44a95273a3b5688a405ac0c0 authored almost 16 years ago
Add show-set to display all sets.

95aa4b58d430551ec0087f1951f4a2d7e18a2497 authored almost 16 years ago
Cache exists() to reduce calls to external /usr/sbin/ipset.

4d030e8c3c0f289de8471b91bc6b789592254b46 authored almost 16 years ago
Add support for "show firewall group".

de14ea1af63db350e7174f75c9ace4fb13ded6bd authored almost 16 years ago
Add check for combining network-group and address-group.

46bd9ea2b372a4668cec4f098af3c606cd3302ac authored almost 16 years ago
Add firewall group nodes to firewall modify.

323917b9b20833bd28a6343bab3d38280ee12048 authored almost 16 years ago
Merge branch 'jenner' of http://git.vyatta.com/vyatta-cfg-firewall into jenner

7c9ee1f612ff874eb6ebce3d68d3815db74da93a authored almost 16 years ago
Add allow values for firewall groups.

6c9b63d77208edc15f2c70ffb845662a8a2ab845 authored almost 16 years ago
no need to use loop to echo allowed values

5e820945c90bd220f32f6ad7798bcd64ff52b5b6 authored almost 16 years ago
0.13.7-6

ee70977b5fb4f7be25e7a33b17eb2081d591598c authored almost 16 years ago
better off storing icmp type-names than depend on iptables help

cab2ace4d9f56720a7d184900b8ead30e5e0a189 authored almost 16 years ago
Add check for combination of IP range and network-group.

c1fcf5f5764e258663e6bc532783fa3c0a29d4a2 authored almost 16 years ago
Change sudo usage to be more consistent.

4beccd593b07fe93c35efcf6b8922abb58306102 authored almost 16 years ago
Clean up mapping between vyatta firewall group_type vs ipset set_type.

180c8382cef817f789fa322e06d2ce5a2a46a39d authored almost 16 years ago
Add space in front of match rule just in case other match rules don't.

8916a90af5ba3322bf7aa339919cdf3ac151dced authored almost 16 years ago
Add more validation of firewall network-group before calling ipset.

586f847fd9c6fb94fd794029e90351b4ff6f7e05 authored almost 16 years ago
Add more firewall group validation before calling ipset.

9887700a0bcc22d646090ad263bff6b0895fb77c authored almost 16 years ago
Add back parameter that was dropped when converting to use run_cmd().

3a624b78f5b0d50ef09953986d3289aecfa5fab7 authored almost 16 years ago