projects
/
pve-firewall.git
/ history
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
first ⋅ prev ⋅
next
skip non-existent aliases inside ipset configuration
[pve-firewall.git]
/
src
/
PVE
/
Firewall.pm
2014-05-30
Dietmar Maurer
skip non-existent aliases inside ipset configuration
blob
|
commitdiff
|
raw
2014-05-30
Dietmar Maurer
remove dead code from previous commit
blob
|
commitdiff
|
raw
|
diff to current
2014-05-30
Dietmar Maurer
code cleanup - introcduce new method resolve_alias
blob
|
commitdiff
|
raw
|
diff to current
2014-05-30
Dietmar Maurer
cleanup: try to use more consistent method naming
blob
|
commitdiff
|
raw
|
diff to current
2014-05-30
Dietmar Maurer
API fix: allow aliases in IPSets
blob
|
commitdiff
|
raw
|
diff to current
2014-05-30
Dietmar Maurer
parser: verify group and ipset names
blob
|
commitdiff
|
raw
|
diff to current
2014-05-28
Dietmar Maurer
introduce ipset_name_pattern to avoid confusion
blob
|
commitdiff
|
raw
|
diff to current
2014-05-28
Dietmar Maurer
limit alias/ipset name length to 64 characters
blob
|
commitdiff
|
raw
|
diff to current
2014-05-28
Dietmar Maurer
fix ipset match - s/src/dst/
blob
|
commitdiff
|
raw
|
diff to current
2014-05-28
Dietmar Maurer
implement VM ipsets, allow long ipset names
blob
|
commitdiff
|
raw
|
diff to current
2014-05-27
Dietmar Maurer
implement ipsets for VM/CT
blob
|
commitdiff
|
raw
|
diff to current
2014-05-27
Dietmar Maurer
white space cleanup
blob
|
commitdiff
|
raw
|
diff to current
2014-05-27
Dietmar Maurer
implement aliases at VM level
blob
|
commitdiff
|
raw
|
diff to current
2014-05-27
Alexandre Derumier
optimize blacklist : create a PVEFW-blacklist chain
blob
|
commitdiff
|
raw
|
diff to current
2014-05-26
Dietmar Maurer
skip diabled rules and rules with errors early
blob
|
commitdiff
|
raw
|
diff to current
2014-05-26
Dietmar Maurer
ruleset_generate_vm_rules: skip rules with errors
blob
|
commitdiff
|
raw
|
diff to current
2014-05-26
Dietmar Maurer
improve rule verification
blob
|
commitdiff
|
raw
|
diff to current
2014-05-26
Dietmar Maurer
pass $rule_env (cluster/host/vm/ct) to rule parser.
blob
|
commitdiff
|
raw
|
diff to current
2014-05-23
Dietmar Maurer
improve error handling
blob
|
commitdiff
|
raw
|
diff to current
2014-05-23
Dietmar Maurer
allow to read rule with errors
blob
|
commitdiff
|
raw
|
diff to current
2014-05-21
Dietmar Maurer
improve rules API
blob
|
commitdiff
|
raw
|
diff to current
2014-05-21
Dietmar Maurer
fix API: property sport/dport requires protocol
blob
|
commitdiff
|
raw
|
diff to current
2014-05-21
Dietmar Maurer
fix test/test-errors3 - protect rule generation with...
blob
|
commitdiff
|
raw
|
diff to current
2014-05-21
Dietmar Maurer
allow igmp traffic
blob
|
commitdiff
|
raw
|
diff to current
2014-05-21
Dietmar Maurer
fix for test case test/test-errors1
blob
|
commitdiff
|
raw
|
diff to current
2014-05-21
Dietmar Maurer
rename cluster_network to local_network, introduce...
blob
|
commitdiff
|
raw
|
diff to current
2014-05-21
Dietmar Maurer
Introduce new management ipset
blob
|
commitdiff
|
raw
|
diff to current
2014-05-21
Dietmar Maurer
do not use ctstate in corosync rule
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
start alias support for VMs
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
do not enable VM firewall by default
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
allow tests without cluster.fw and host.fw configuration
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
also allow VNC and SPICE traffic inside cluster_network
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
do not use -s for outgoing corosync rules
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
implement setter for cluster_network
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
fix regression test for previous commits
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
use $accept_action for standard rules
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
add standard rules after user rules
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
fix corosync rules (restrict to cluster network)
blob
|
commitdiff
|
raw
|
diff to current
2014-05-20
Dietmar Maurer
remove wrong corosync rules using port 9000
blob
|
commitdiff
|
raw
|
diff to current
2014-05-19
Dietmar Maurer
allow API/SSH/SPICE/VNC traffic on local cluster networ...
blob
|
commitdiff
|
raw
|
diff to current
2014-05-19
Dietmar Maurer
add init function
blob
|
commitdiff
|
raw
|
diff to current
2014-05-19
Dietmar Maurer
avoid logs by default
blob
|
commitdiff
|
raw
|
diff to current
2014-05-19
Dietmar Maurer
remove unused parameters
blob
|
commitdiff
|
raw
|
diff to current
2014-05-19
Alexandre Derumier
birectionnal macros cleanups
blob
|
commitdiff
|
raw
|
diff to current
2014-05-19
Dietmar Maurer
change rule format: use named parameters
blob
|
commitdiff
|
raw
|
diff to current
2014-05-16
Dietmar Maurer
cleanup firewall service implementation
blob
|
commitdiff
|
raw
|
diff to current
2014-05-16
Alexandre Derumier
bypass PVEFW-VENET-IN|OUT for unfirewalled venet0 ips
blob
|
commitdiff
|
raw
|
diff to current
2014-05-16
Dietmar Maurer
do not abort if security groups does not exists
blob
|
commitdiff
|
raw
|
diff to current
2014-05-15
Dietmar Maurer
fix security groups for VMs
blob
|
commitdiff
|
raw
|
diff to current
2014-05-15
Dietmar Maurer
correctly emit group rules for host
blob
|
commitdiff
|
raw
|
diff to current
2014-05-15
Dietmar Maurer
correctly use dest instead of source
blob
|
commitdiff
|
raw
|
diff to current
2014-05-15
Dietmar Maurer
allow GROUP rule without iface
blob
|
commitdiff
|
raw
|
diff to current
2014-05-15
Alexandre Derumier
only add tap rules for interface with firewall=1
blob
|
commitdiff
|
raw
|
diff to current
2014-05-14
Alexandre Derumier
fix interface in rules for host-in and host-out
blob
|
commitdiff
|
raw
|
diff to current
2014-05-14
Alexandre Derumier
move blacklist inside ruleset_chain_add_input_filters
blob
|
commitdiff
|
raw
|
diff to current
2014-05-14
Alexandre Derumier
remove optimize option
blob
|
commitdiff
|
raw
|
diff to current
2014-05-14
Dietmar Maurer
delete trailing whitespace cleanup
blob
|
commitdiff
|
raw
|
diff to current
2014-05-14
Alexandre Derumier
allow multiple spaces in venet0 ip list
blob
|
commitdiff
|
raw
|
diff to current
2014-05-14
Alexandre Derumier
rename link+ to fwln+
blob
|
commitdiff
|
raw
|
diff to current
2014-05-13
Alexandre Derumier
bugfix : allow multiples venet0 ip in 1 container
blob
|
commitdiff
|
raw
|
diff to current
2014-05-13
Alexandre Derumier
insert PVEFW-IPS after vm rules generation v2
blob
|
commitdiff
|
raw
|
diff to current
2014-05-13
Dietmar Maurer
allow to read config from test directory
blob
|
commitdiff
|
raw
|
diff to current
2014-05-13
Dietmar Maurer
use PVEFW-VENET-IN/OUT inside PVEFW-INPUT/OUTPUT chains
blob
|
commitdiff
|
raw
|
diff to current
2014-05-13
Dietmar Maurer
move nosmurfs, tcpflags and conntrack established outsi...
blob
|
commitdiff
|
raw
|
diff to current
2014-05-13
Dietmar Maurer
remove dead code
blob
|
commitdiff
|
raw
|
diff to current
2014-05-13
Dietmar Maurer
add PVEFW-VENET-IN && PVEFW-VENET-OUT chains
blob
|
commitdiff
|
raw
|
diff to current
2014-05-13
Dietmar Maurer
remove bridge chains
blob
|
commitdiff
|
raw
|
diff to current
2014-05-13
Dietmar Maurer
use hex digest to avoid url encoding problems
blob
|
commitdiff
|
raw
|
diff to current
2014-05-13
Dietmar Maurer
avoid error about undefined array
blob
|
commitdiff
|
raw
|
diff to current
2014-05-06
Dietmar Maurer
remove allow_bridge_route setting
blob
|
commitdiff
|
raw
|
diff to current
2014-04-23
Alexandre Derumier
add global ipset blacklist
blob
|
commitdiff
|
raw
|
diff to current
2014-04-22
Dietmar Maurer
generate_ipset: skip undefined ipsets
blob
|
commitdiff
|
raw
|
diff to current
2014-04-22
Dietmar Maurer
start API for aliases
blob
|
commitdiff
|
raw
|
diff to current
2014-04-22
Dietmar Maurer
correctly save aliases
blob
|
commitdiff
|
raw
|
diff to current
2014-04-22
Dietmar Maurer
ruleset_generate_vm_rules: use 'warn' instead of 'die'
blob
|
commitdiff
|
raw
|
diff to current
2014-04-22
Dietmar Maurer
ruleset_generate_vm_rule: avoid multiple calls to gener...
blob
|
commitdiff
|
raw
|
diff to current
2014-04-22
Dietmar Maurer
generate_nfqueue: code cleanup
blob
|
commitdiff
|
raw
|
diff to current
2014-04-22
Dietmar Maurer
ruleset_generate_rule: update all or nothing
blob
|
commitdiff
|
raw
|
diff to current
2014-04-22
Alexandre Derumier
update update_nf_conntrack_max && nf_conntrack_tcp_time...
blob
|
commitdiff
|
raw
|
diff to current
2014-04-22
Dietmar Maurer
code cleanup
blob
|
commitdiff
|
raw
|
diff to current
2014-04-22
Alexandre Derumier
iptables_get_chains : allow bridgevlan vmbrXvY
blob
|
commitdiff
|
raw
|
diff to current
2014-04-22
Alexandre Derumier
optimize : accept from physical interfaces on bridges
blob
|
commitdiff
|
raw
|
diff to current
2014-04-22
Alexandre Derumier
add aliases feature
blob
|
commitdiff
|
raw
|
diff to current
2014-04-18
Dietmar Maurer
only allow tcpflafgs and nosmurfs in host.fw
blob
|
commitdiff
|
raw
|
diff to current
2014-04-18
Dietmar Maurer
enable cluster wide rules
blob
|
commitdiff
|
raw
|
diff to current
2014-04-17
Alexandre Derumier
bugfix : ruleset_generate_cmdstr : use -d for destination
blob
|
commitdiff
|
raw
|
diff to current
2014-04-15
Dietmar Maurer
complete options API for host.fw
blob
|
commitdiff
|
raw
|
diff to current
2014-04-15
Dietmar Maurer
correctly initialize std chains
blob
|
commitdiff
|
raw
|
diff to current
2014-04-15
Dietmar Maurer
do not set persistent state if firewall is disabled
blob
|
commitdiff
|
raw
|
diff to current
2014-04-15
Dietmar Maurer
disable firewall by default
blob
|
commitdiff
|
raw
|
diff to current
2014-04-15
Alexandre Derumier
ips : allow --queue-bypass only for kernel 3.10
blob
|
commitdiff
|
raw
|
diff to current
2014-04-15
Dietmar Maurer
stop firewall inside update if firewall is disabled...
blob
|
commitdiff
|
raw
|
diff to current
2014-04-14
Dietmar Maurer
move host policy setting to cluster.fw
blob
|
commitdiff
|
raw
|
diff to current
2014-04-14
Dietmar Maurer
remove option dhcp for host.fw
blob
|
commitdiff
|
raw
|
diff to current
2014-04-14
Alexandre Derumier
add tunnable nf_conntrack_tcp_timeout_established value
blob
|
commitdiff
|
raw
|
diff to current
2014-04-11
Dietmar Maurer
copy_xxx_with_digest: do not copy undefined values
blob
|
commitdiff
|
raw
|
diff to current
2014-04-11
Dietmar Maurer
improve concurrent update handling
blob
|
commitdiff
|
raw
|
diff to current
2014-04-10
Dietmar Maurer
correctly encode section comments as utf8
blob
|
commitdiff
|
raw
|
diff to current
2014-04-10
Dietmar Maurer
support comments on ipset sections
blob
|
commitdiff
|
raw
|
diff to current
2014-04-10
Dietmar Maurer
security group API: protect against concurrent updates
blob
|
commitdiff
|
raw
|
diff to current
next