projects
/
pve-firewall.git
/ history
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
first ⋅ prev ⋅
next
prepare code for more generic firewall logging
[pve-firewall.git]
/
src
/
PVE
/
Firewall.pm
2017-10-19
Tom Weber
prepare code for more generic firewall logging
blob
|
commitdiff
|
raw
2017-10-19
Tom Weber
remove unused $rule_format
blob
|
commitdiff
|
raw
|
diff to current
2017-04-10
Wolfgang Bumiller
log errors encountered by the daemon to syslog
blob
|
commitdiff
|
raw
|
diff to current
2017-04-10
Wolfgang Bumiller
forbid trailing commas in lists
blob
|
commitdiff
|
raw
|
diff to current
2016-11-29
Wolfgang Bumiller
ipsets: catch zero-prefix entries
blob
|
commitdiff
|
raw
|
diff to current
2016-11-29
Wolfgang Bumiller
improve search for local-network
blob
|
commitdiff
|
raw
|
diff to current
2016-10-06
Wolfgang Bumiller
don't try to apply ports to rules which don't support...
blob
|
commitdiff
|
raw
|
diff to current
2016-10-06
Wolfgang Bumiller
remove redundant checks
blob
|
commitdiff
|
raw
|
diff to current
2016-09-06
Emmanuel Kasper
add multicast DNS to the list of Macros
blob
|
commitdiff
|
raw
|
diff to current
2016-09-05
Dietmar Maurer
add missing parameter descriptions
blob
|
commitdiff
|
raw
|
diff to current
2016-06-03
Dominik Csapak
fix allowed group name length
blob
|
commitdiff
|
raw
|
diff to current
2016-06-03
Wolfgang Bumiller
use pve-common's ipv4_mask_hash_localnet
blob
|
commitdiff
|
raw
|
diff to current
2016-05-17
Fabian Grünbichler
fix #972: make PVEFW-FWBR-* rule order stable
blob
|
commitdiff
|
raw
|
diff to current
2016-04-21
Fabian Grünbichler
fix #945: add uninitialized check in lxc ipset compilation
blob
|
commitdiff
|
raw
|
diff to current
2016-04-01
Dietmar Maurer
move option definition to PVE::Firewall
blob
|
commitdiff
|
raw
|
diff to current
2016-04-01
Wolfgang Bumiller
use only the top bit for our accept marks
blob
|
commitdiff
|
raw
|
diff to current
2016-04-01
Dietmar Maurer
add description to DHCPv6 macro
blob
|
commitdiff
|
raw
|
diff to current
2016-03-31
Dietmar Maurer
cleanup descriptions (use single quote instead of backt...
blob
|
commitdiff
|
raw
|
diff to current
2016-03-31
Dietmar Maurer
cleanup descriptions (correctly quote backslash)
blob
|
commitdiff
|
raw
|
diff to current
2016-03-31
Dietmar Maurer
add property descriptions to improve docs
blob
|
commitdiff
|
raw
|
diff to current
2016-03-08
Fabian Grünbichler
Use cfs_config_path from PVE::QemuConfig
blob
|
commitdiff
|
raw
|
diff to current
2016-03-03
Fabian Grünbichler
LXC refactoring
blob
|
commitdiff
|
raw
|
diff to current
2016-03-03
Wolfgang Bumiller
whitespace cleanup
blob
|
commitdiff
|
raw
|
diff to current
2016-03-03
Wolfgang Bumiller
ipfilter: include configured container IPs by default
blob
|
commitdiff
|
raw
|
diff to current
2016-03-03
Wolfgang Bumiller
added the 'ipfilter' option
blob
|
commitdiff
|
raw
|
diff to current
2016-03-02
Wolfgang Bumiller
ipv6: fix ip_compress_address_call
blob
|
commitdiff
|
raw
|
diff to current
2016-03-02
Wolfgang Bumiller
ipfilter: imiplicitly add the default link local address
blob
|
commitdiff
|
raw
|
diff to current
2016-03-02
Wolfgang Bumiller
split compile_ipsets() out of compile_iptables_filter()
blob
|
commitdiff
|
raw
|
diff to current
2016-03-02
Wolfgang Bumiller
cleanup after old change
blob
|
commitdiff
|
raw
|
diff to current
2016-03-02
Wolfgang Bumiller
ndp: use PVEFW-SET-ACCEPT-MARK and move rules further...
blob
|
commitdiff
|
raw
|
diff to current
2016-03-02
Wolfgang Bumiller
only allow icmp names in the destination port field
blob
|
commitdiff
|
raw
|
diff to current
2016-02-29
Dominik Csapak
fix 901: encode unicode characters in sha digest
blob
|
commitdiff
|
raw
|
diff to current
2016-02-27
Wolfgang Bumiller
Add radv option to VM options.
blob
|
commitdiff
|
raw
|
diff to current
2016-02-19
Wolfgang Bumiller
Add router-solicitation to NeighborDiscovery macro
blob
|
commitdiff
|
raw
|
diff to current
2016-02-19
Wolfgang Bumiller
Add ndp option to host and VM firewall options
blob
|
commitdiff
|
raw
|
diff to current
2016-02-08
Fabian Grünbichler
Don't leave empty FW config files behind
blob
|
commitdiff
|
raw
|
diff to current
2016-01-26
Wolfgang Bumiller
add DHCPv6 macro
blob
|
commitdiff
|
raw
|
diff to current
2016-01-26
Wolfgang Bumiller
add dhcpv6 support to the dhcp option
blob
|
commitdiff
|
raw
|
diff to current
2016-01-07
Wolfgang Bumiller
use $security_group_name_pattern in iptables_get_chains
blob
|
commitdiff
|
raw
|
diff to current
2016-01-07
Wolfgang Bumiller
fix some regular expressions mixups
blob
|
commitdiff
|
raw
|
diff to current
2015-10-23
Wolfgang Bumiller
allow numeric icmp types
blob
|
commitdiff
|
raw
|
diff to current
2015-09-16
Dietmar Maurer
add better inline documentation
blob
|
commitdiff
|
raw
|
diff to current
2015-09-08
Dietmar Maurer
iptables_get_chains: fix veth device name
blob
|
commitdiff
|
raw
|
diff to current
2015-08-25
Alen Grizonic
subroutine for cloning vm's firewall config file
blob
|
commitdiff
|
raw
|
diff to current
2015-08-19
Alen Grizonic
firewall remove config file subroutine added
blob
|
commitdiff
|
raw
|
diff to current
2015-08-12
Alen Grizonic
removed firewall code for openVZ
blob
|
commitdiff
|
raw
|
diff to current
2015-08-10
Alen Grizonic
added firewall code for lxc
blob
|
commitdiff
|
raw
|
diff to current
2015-08-04
Alen Grizonic
firewall ipversion comparison fix
blob
|
commitdiff
|
raw
|
diff to current
2015-07-28
Wolfgang Bumiller
local_network: ipv6 support + correctness
blob
|
commitdiff
|
raw
|
diff to current
2015-07-28
Wolfgang Bumiller
fix ipv6 address normalization
blob
|
commitdiff
|
raw
|
diff to current
2015-07-23
Wolfgang Bumiller
ipv6 neighbor discovery and solicitation macros
blob
|
commitdiff
|
raw
|
diff to current
2015-07-23
Wolfgang Bumiller
Add ipv6 macros to the macro list
blob
|
commitdiff
|
raw
|
diff to current
2015-07-23
Wolfgang Bumiller
ip6tables accepts both spellings of the word neighbor
blob
|
commitdiff
|
raw
|
diff to current
2015-07-22
Alen Grizonic
firewall - Ceph macro added
blob
|
commitdiff
|
raw
|
diff to current
2015-06-26
Alen Grizonic
firewall_module_duplicate
blob
|
commitdiff
|
raw
|
diff to current
2015-06-26
Alen Grizonic
firewall autodisable
blob
|
commitdiff
|
raw
|
diff to current
2015-03-16
Dietmar Maurer
always use local_network alias if specified by user
blob
|
commitdiff
|
raw
|
diff to current
2015-03-15
Dietmar Maurer
correctly emit ipv6 rules for host firewall
blob
|
commitdiff
|
raw
|
diff to current
2015-02-27
Dietmar Maurer
fix path to ipset binary
blob
|
commitdiff
|
raw
|
diff to current
2015-02-09
Dietmar Maurer
fix alias lookup
blob
|
commitdiff
|
raw
|
diff to current
2014-12-12
Alexandre Derumier
firewall update : load cluster conf for host rules
blob
|
commitdiff
|
raw
|
diff to current
2014-12-05
Dietmar Maurer
do not use ipset list chains
blob
|
commitdiff
|
raw
|
diff to current
2014-11-28
Dietmar Maurer
fix ipset remove order
blob
|
commitdiff
|
raw
|
diff to current
2014-11-28
Dietmar Maurer
verify_rule: correctly set ipversion for aliases
blob
|
commitdiff
|
raw
|
diff to current
2014-11-28
Dietmar Maurer
save restore commands into files (debug help)
blob
|
commitdiff
|
raw
|
diff to current
2014-11-17
Dietmar Maurer
API2::Firewall::IPSet: fix alias check for ipv6 addresses
blob
|
commitdiff
|
raw
|
diff to current
2014-11-10
Dietmar Maurer
get_ipset_cmdlist: avoid restore problems due to wrong...
blob
|
commitdiff
|
raw
|
diff to current
2014-11-10
Dietmar Maurer
improve error messages
blob
|
commitdiff
|
raw
|
diff to current
2014-11-10
Dietmar Maurer
do not emit smurfs chain for ipv6
blob
|
commitdiff
|
raw
|
diff to current
2014-11-10
Dietmar Maurer
ipv6 addrtype does not work with kernel 2.6.32, use...
blob
|
commitdiff
|
raw
|
diff to current
2014-11-04
Alexandre Derumier
ip6tables : remove_pvefw_chains
blob
|
commitdiff
|
raw
|
diff to current
2014-11-04
Alexandre Derumier
apply ipv6 ruleset
blob
|
commitdiff
|
raw
|
diff to current
2014-11-04
Alexandre Derumier
compile ipv6 ruleset
blob
|
commitdiff
|
raw
|
diff to current
2014-11-04
Alexandre Derumier
add ip6tables standard chains
blob
|
commitdiff
|
raw
|
diff to current
2014-11-04
Dietmar Maurer
add icmpv6 support
blob
|
commitdiff
|
raw
|
diff to current
2014-11-04
Dietmar Maurer
add ipv6 ipset support
blob
|
commitdiff
|
raw
|
diff to current
2014-11-03
Dietmar Maurer
resolve_alias: use better regex to detect alias
blob
|
commitdiff
|
raw
|
diff to current
2014-10-31
Dietmar Maurer
code cleanup
blob
|
commitdiff
|
raw
|
diff to current
2014-10-31
Alexandre Derumier
check ipversion of aliases
blob
|
commitdiff
|
raw
|
diff to current
2014-10-31
Alexandre Derumier
skip group rules generation if rule ipversion don't...
blob
|
commitdiff
|
raw
|
diff to current
2014-10-31
Dietmar Maurer
use integer compare for $ipversion
blob
|
commitdiff
|
raw
|
diff to current
2014-10-31
Alexandre Derumier
enable hostfw for ipv4 only
blob
|
commitdiff
|
raw
|
diff to current
2014-10-31
Dietmar Maurer
fix venet rule generation: venet can have ipv4 and...
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Dietmar Maurer
$ipversion is interger, so use '!=' instead of string...
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Alexandre Derumier
skip vms rules generation if rule ipversion don't match...
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Dietmar Maurer
verify_rule: detected mixed ipv4/ipv6 addresses
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Dietmar Maurer
parse_address_list: improve type detection
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Dietmar Maurer
parse_address_list: make sure we only have one type...
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Dietmar Maurer
fix error message
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Dietmar Maurer
rename pve-fw-v4addr-spec to pve-fw-addr-spec
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Alexandre Derumier
parse_rules src && dst ipversion
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Dietmar Maurer
cleanup generate_std_chains: don't overwrite global...
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Alexandre Derumier
move $pve_std_chains to $pve_std_chains->{$ipversion}
blob
|
commitdiff
|
raw
|
diff to current
2014-10-30
Alexandre Derumier
split compile to compile_iptables_filter
blob
|
commitdiff
|
raw
|
diff to current
2014-10-14
Dietmar Maurer
fix max ipset name lenght
blob
|
commitdiff
|
raw
|
diff to current
2014-07-21
Dietmar Maurer
Firewall/IPSet: implement permission
blob
|
commitdiff
|
raw
|
diff to current
2014-06-26
Dietmar Maurer
generate MAC and IP filter rules if firewall is enabled...
blob
|
commitdiff
|
raw
|
diff to current
2014-06-12
Dietmar Maurer
use separate ipfilter ipset on each interface
blob
|
commitdiff
|
raw
|
diff to current
2014-06-11
Dietmar Maurer
add support for ipfilter ipset
blob
|
commitdiff
|
raw
|
diff to current
2014-06-04
Dietmar Maurer
generate /etc/pve/firewall directory automatically
blob
|
commitdiff
|
raw
|
diff to current
next