projects
/
pve-firewall.git
/ history
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
first ⋅ prev ⋅
next
cleanup after old change
[pve-firewall.git]
/
src
/
PVE
/
Firewall.pm
2016-03-07
Wolfgang Bumiller
cleanup after old change
blob
|
commitdiff
|
raw
2016-03-07
Wolfgang Bumiller
ndp: use PVEFW-SET-ACCEPT-MARK and move rules further...
blob
|
commitdiff
|
raw
|
diff to current
2016-03-07
Wolfgang Bumiller
Add radv option to VM options.
blob
|
commitdiff
|
raw
|
diff to current
2016-03-07
Wolfgang Bumiller
only allow icmp names in the destination port field
blob
|
commitdiff
|
raw
|
diff to current
2016-03-07
Dominik Csapak
fix 901: encode unicode characters in sha digest
blob
|
commitdiff
|
raw
|
diff to current
2016-02-19
Wolfgang Bumiller
Add router-solicitation to NeighborDiscovery macro
blob
|
commitdiff
|
raw
|
diff to current
2016-02-19
Wolfgang Bumiller
Add ndp option to host and VM firewall options
blob
|
commitdiff
|
raw
|
diff to current
2016-02-16
Alen Grizonic
firewall ipversion comparison fix
blob
|
commitdiff
|
raw
|
diff to current
2016-02-16
Wolfgang Bumiller
Add ipv6 macros to the macro list
blob
|
commitdiff
|
raw
|
diff to current
2016-02-16
Wolfgang Bumiller
allow numeric icmp types
blob
|
commitdiff
|
raw
|
diff to current
2016-02-16
Wolfgang Bumiller
ip6tables accepts both spellings of the word neighbor
blob
|
commitdiff
|
raw
|
diff to current
2016-02-16
Wolfgang Bumiller
add DHCPv6 macro
blob
|
commitdiff
|
raw
|
diff to current
2016-02-16
Wolfgang Bumiller
ipv6 neighbor discovery and solicitation macros
blob
|
commitdiff
|
raw
|
diff to current
2015-03-16
Dietmar Maurer
always use local_network alias if specified by user
blob
|
commitdiff
|
raw
|
diff to current
2015-03-15
Dietmar Maurer
correctly emit ipv6 rules for host firewall
blob
|
commitdiff
|
raw
|
diff to current
2015-02-09
Dietmar Maurer
fix alias lookup
blob
|
commitdiff
|
raw
|
diff to current
2014-12-12
Alexandre Derumier
firewall update : load cluster conf for host rules
blob
|
commitdiff
|
raw
|
diff to current
2014-12-05
Dietmar Maurer
do not use ipset list chains
blob
|
commitdiff
|
raw
|
diff to current
2014-11-28
Dietmar Maurer
fix ipset remove order
blob
|
commitdiff
|
raw
|
diff to current
2014-11-28
Dietmar Maurer
verify_rule: correctly set ipversion for aliases
blob
|
commitdiff
|
raw
|
diff to current
2014-11-28
Dietmar Maurer
save restore commands into files (debug help)
blob
|
commitdiff
|
raw
|
diff to current
2014-11-17
Dietmar Maurer
API2::Firewall::IPSet: fix alias check for ipv6 addresses
blob
|
commitdiff
|
raw
|
diff to current
2014-11-10
Dietmar Maurer
get_ipset_cmdlist: avoid restore problems due to wrong...
blob
|
commitdiff
|
raw
|
diff to current
2014-11-10
Dietmar Maurer
improve error messages
blob
|
commitdiff
|
raw
|
diff to current
2014-11-10
Dietmar Maurer
do not emit smurfs chain for ipv6
blob
|
commitdiff
|
raw
|
diff to current
2014-11-10
Dietmar Maurer
ipv6 addrtype does not work with kernel 2.6.32, use...
blob
|
commitdiff
|
raw
|
diff to current
2014-11-04
Alexandre Derumier
ip6tables : remove_pvefw_chains
blob
|
commitdiff
|
raw
|
diff to current
2014-11-04
Alexandre Derumier
apply ipv6 ruleset
blob
|
commitdiff
|
raw
|
diff to current
2014-11-04
Alexandre Derumier
compile ipv6 ruleset
blob
|
commitdiff
|
raw
|
diff to current
2014-11-04
Alexandre Derumier
add ip6tables standard chains
blob
|
commitdiff
|
raw
|
diff to current
2014-11-04
Dietmar Maurer
add icmpv6 support
blob
|
commitdiff
|
raw
|
diff to current
2014-11-04
Dietmar Maurer
add ipv6 ipset support
blob
|
commitdiff
|
raw
|
diff to current
2014-11-03
Dietmar Maurer
resolve_alias: use better regex to detect alias
blob
|
commitdiff
|
raw
|
diff to current
2014-10-31
Dietmar Maurer
code cleanup
blob
|
commitdiff
|
raw
|
diff to current
2014-10-31
Alexandre Derumier
check ipversion of aliases
blob
|
commitdiff
|
raw
|
diff to current
2014-10-31
Alexandre Derumier
skip group rules generation if rule ipversion don't...
blob
|
commitdiff
|
raw
|
diff to current
2014-10-31
Dietmar Maurer
use integer compare for $ipversion
blob
|
commitdiff
|
raw
|
diff to current
2014-10-31
Alexandre Derumier
enable hostfw for ipv4 only
blob
|
commitdiff
|
raw
|
diff to current
2014-10-31
Dietmar Maurer
fix venet rule generation: venet can have ipv4 and...
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Dietmar Maurer
$ipversion is interger, so use '!=' instead of string...
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Alexandre Derumier
skip vms rules generation if rule ipversion don't match...
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Dietmar Maurer
verify_rule: detected mixed ipv4/ipv6 addresses
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Dietmar Maurer
parse_address_list: improve type detection
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Dietmar Maurer
parse_address_list: make sure we only have one type...
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Dietmar Maurer
fix error message
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Dietmar Maurer
rename pve-fw-v4addr-spec to pve-fw-addr-spec
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Alexandre Derumier
parse_rules src && dst ipversion
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Dietmar Maurer
cleanup generate_std_chains: don't overwrite global...
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Alexandre Derumier
move $pve_std_chains to $pve_std_chains->{$ipversion}
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Alexandre Derumier
split compile to compile_iptables_filter
blob
|
commitdiff
|
raw
|
diff to current
2014-10-14
Dietmar Maurer
fix max ipset name lenght
blob
|
commitdiff
|
raw
|
diff to current
2014-07-21
Dietmar Maurer
Firewall/IPSet: implement permission
blob
|
commitdiff
|
raw
|
diff to current
2014-06-26
Dietmar Maurer
generate MAC and IP filter rules if firewall is enabled...
blob
|
commitdiff
|
raw
|
diff to current
2014-06-12
Dietmar Maurer
use separate ipfilter ipset on each interface
blob
|
commitdiff
|
raw
|
diff to current
2014-06-11
Dietmar Maurer
add support for ipfilter ipset
blob
|
commitdiff
|
raw
|
diff to current
2014-06-04
Dietmar Maurer
generate /etc/pve/firewall directory automatically
blob
|
commitdiff
|
raw
|
diff to current
2014-06-04
Dietmar Maurer
avoid errors about undefined values
blob
|
commitdiff
|
raw
|
diff to current
2014-06-04
Dietmar Maurer
remove ipsets when firewall disabled
blob
|
commitdiff
|
raw
|
diff to current
2014-06-04
Dietmar Maurer
return empty ruleset if firewall disabled in cluster.fw
blob
|
commitdiff
|
raw
|
diff to current
2014-06-02
Dietmar Maurer
improve error message
blob
|
commitdiff
|
raw
|
diff to current
2014-06-02
Dietmar Maurer
generate warnings when we read the configuration file
blob
|
commitdiff
|
raw
|
diff to current
2014-05-30
Dietmar Maurer
pass ipset errors to GUI
blob
|
commitdiff
|
raw
|
diff to current
2014-05-30
Dietmar Maurer
skip non-existent aliases inside ipset configuration
blob
|
commitdiff
|
raw
|
diff to current
2014-05-30
Dietmar Maurer
remove dead code from previous commit
blob
|
commitdiff
|
raw
|
diff to current
2014-05-30
Dietmar Maurer
code cleanup - introcduce new method resolve_alias
blob
|
commitdiff
|
raw
|
diff to current
2014-05-30
Dietmar Maurer
cleanup: try to use more consistent method naming
blob
|
commitdiff
|
raw
|
diff to current
2014-05-30
Dietmar Maurer
API fix: allow aliases in IPSets
blob
|
commitdiff
|
raw
|
diff to current
2014-05-30
Dietmar Maurer
parser: verify group and ipset names
blob
|
commitdiff
|
raw
|
diff to current
2014-05-28
Dietmar Maurer
introduce ipset_name_pattern to avoid confusion
blob
|
commitdiff
|
raw
|
diff to current
2014-05-28
Dietmar Maurer
limit alias/ipset name length to 64 characters
blob
|
commitdiff
|
raw
|
diff to current
2014-05-28
Dietmar Maurer
fix ipset match - s/src/dst/
blob
|
commitdiff
|
raw
|
diff to current
2014-05-28
Dietmar Maurer
implement VM ipsets, allow long ipset names
blob
|
commitdiff
|
raw
|
diff to current
2014-05-27
Dietmar Maurer
implement ipsets for VM/CT
blob
|
commitdiff
|
raw
|
diff to current
2014-05-27
Dietmar Maurer
white space cleanup
blob
|
commitdiff
|
raw
|
diff to current
2014-05-27
Dietmar Maurer
implement aliases at VM level
blob
|
commitdiff
|
raw
|
diff to current
2014-05-27
Alexandre Derumier
optimize blacklist : create a PVEFW-blacklist chain
blob
|
commitdiff
|
raw
|
diff to current
2014-05-26
Dietmar Maurer
skip diabled rules and rules with errors early
blob
|
commitdiff
|
raw
|
diff to current
2014-05-26
Dietmar Maurer
ruleset_generate_vm_rules: skip rules with errors
blob
|
commitdiff
|
raw
|
diff to current
2014-05-26
Dietmar Maurer
improve rule verification
blob
|
commitdiff
|
raw
|
diff to current
2014-05-26
Dietmar Maurer
pass $rule_env (cluster/host/vm/ct) to rule parser.
blob
|
commitdiff
|
raw
|
diff to current
2014-05-23
Dietmar Maurer
improve error handling
blob
|
commitdiff
|
raw
|
diff to current
2014-05-23
Dietmar Maurer
allow to read rule with errors
blob
|
commitdiff
|
raw
|
diff to current
2014-05-21
Dietmar Maurer
improve rules API
blob
|
commitdiff
|
raw
|
diff to current
2014-05-21
Dietmar Maurer
fix API: property sport/dport requires protocol
blob
|
commitdiff
|
raw
|
diff to current
2014-05-21
Dietmar Maurer
fix test/test-errors3 - protect rule generation with...
blob
|
commitdiff
|
raw
|
diff to current
2014-05-21
Dietmar Maurer
allow igmp traffic
blob
|
commitdiff
|
raw
|
diff to current
2014-05-21
Dietmar Maurer
fix for test case test/test-errors1
blob
|
commitdiff
|
raw
|
diff to current
2014-05-21
Dietmar Maurer
rename cluster_network to local_network, introduce...
blob
|
commitdiff
|
raw
|
diff to current
2014-05-21
Dietmar Maurer
Introduce new management ipset
blob
|
commitdiff
|
raw
|
diff to current
2014-05-21
Dietmar Maurer
do not use ctstate in corosync rule
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
start alias support for VMs
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
do not enable VM firewall by default
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
allow tests without cluster.fw and host.fw configuration
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
also allow VNC and SPICE traffic inside cluster_network
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
do not use -s for outgoing corosync rules
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
implement setter for cluster_network
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
fix regression test for previous commits
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
use $accept_action for standard rules
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
add standard rules after user rules
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
fix corosync rules (restrict to cluster network)
blob
|
commitdiff
|
raw
|
diff to current
next