projects
/
pve-firewall.git
/ history
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
first ⋅ prev ⋅
next
ruleset_generate_vm_rules: use 'warn' instead of 'die'
[pve-firewall.git]
/
src
/
PVE
/
Firewall.pm
2014-04-22
Dietmar Maurer
ruleset_generate_vm_rules: use 'warn' instead of 'die'
blob
|
commitdiff
|
raw
2014-04-22
Dietmar Maurer
ruleset_generate_vm_rule: avoid multiple calls to gener...
blob
|
commitdiff
|
raw
|
diff to current
2014-04-22
Dietmar Maurer
generate_nfqueue: code cleanup
blob
|
commitdiff
|
raw
|
diff to current
2014-04-22
Dietmar Maurer
ruleset_generate_rule: update all or nothing
blob
|
commitdiff
|
raw
|
diff to current
2014-04-22
Alexandre Derumier
update update_nf_conntrack_max && nf_conntrack_tcp_time...
blob
|
commitdiff
|
raw
|
diff to current
2014-04-22
Dietmar Maurer
code cleanup
blob
|
commitdiff
|
raw
|
diff to current
2014-04-22
Alexandre Derumier
iptables_get_chains : allow bridgevlan vmbrXvY
blob
|
commitdiff
|
raw
|
diff to current
2014-04-22
Alexandre Derumier
optimize : accept from physical interfaces on bridges
blob
|
commitdiff
|
raw
|
diff to current
2014-04-22
Alexandre Derumier
add aliases feature
blob
|
commitdiff
|
raw
|
diff to current
2014-04-18
Dietmar Maurer
only allow tcpflafgs and nosmurfs in host.fw
blob
|
commitdiff
|
raw
|
diff to current
2014-04-18
Dietmar Maurer
enable cluster wide rules
blob
|
commitdiff
|
raw
|
diff to current
2014-04-17
Alexandre Derumier
bugfix : ruleset_generate_cmdstr : use -d for destination
blob
|
commitdiff
|
raw
|
diff to current
2014-04-15
Dietmar Maurer
complete options API for host.fw
blob
|
commitdiff
|
raw
|
diff to current
2014-04-15
Dietmar Maurer
correctly initialize std chains
blob
|
commitdiff
|
raw
|
diff to current
2014-04-15
Dietmar Maurer
do not set persistent state if firewall is disabled
blob
|
commitdiff
|
raw
|
diff to current
2014-04-15
Dietmar Maurer
disable firewall by default
blob
|
commitdiff
|
raw
|
diff to current
2014-04-15
Alexandre Derumier
ips : allow --queue-bypass only for kernel 3.10
blob
|
commitdiff
|
raw
|
diff to current
2014-04-15
Dietmar Maurer
stop firewall inside update if firewall is disabled...
blob
|
commitdiff
|
raw
|
diff to current
2014-04-14
Dietmar Maurer
move host policy setting to cluster.fw
blob
|
commitdiff
|
raw
|
diff to current
2014-04-14
Dietmar Maurer
remove option dhcp for host.fw
blob
|
commitdiff
|
raw
|
diff to current
2014-04-14
Alexandre Derumier
add tunnable nf_conntrack_tcp_timeout_established value
blob
|
commitdiff
|
raw
|
diff to current
2014-04-11
Dietmar Maurer
copy_xxx_with_digest: do not copy undefined values
blob
|
commitdiff
|
raw
|
diff to current
2014-04-11
Dietmar Maurer
improve concurrent update handling
blob
|
commitdiff
|
raw
|
diff to current
2014-04-10
Dietmar Maurer
correctly encode section comments as utf8
blob
|
commitdiff
|
raw
|
diff to current
2014-04-10
Dietmar Maurer
support comments on ipset sections
blob
|
commitdiff
|
raw
|
diff to current
2014-04-10
Dietmar Maurer
security group API: protect against concurrent updates
blob
|
commitdiff
|
raw
|
diff to current
2014-04-10
Dietmar Maurer
define standard option pve-config-digest
blob
|
commitdiff
|
raw
|
diff to current
2014-04-09
Dietmar Maurer
support comments on group sections
blob
|
commitdiff
|
raw
|
diff to current
2014-04-09
Dietmar Maurer
correctly save security group rules
blob
|
commitdiff
|
raw
|
diff to current
2014-04-09
Dietmar Maurer
define standard option for security group names
blob
|
commitdiff
|
raw
|
diff to current
2014-04-09
Dietmar Maurer
correctly verify ipset name
blob
|
commitdiff
|
raw
|
diff to current
2014-04-08
Dietmar Maurer
ipset: implement create/delete API
blob
|
commitdiff
|
raw
|
diff to current
2014-04-08
Dietmar Maurer
fix ipset ref test in parse_address_list
blob
|
commitdiff
|
raw
|
diff to current
2014-04-07
Dietmar Maurer
improve ipset updates
blob
|
commitdiff
|
raw
|
diff to current
2014-04-07
Dietmar Maurer
start API for IPSet
blob
|
commitdiff
|
raw
|
diff to current
2014-04-07
Dietmar Maurer
ipset: only save ip/network once
blob
|
commitdiff
|
raw
|
diff to current
2014-04-07
Dietmar Maurer
correctly save ipset data
blob
|
commitdiff
|
raw
|
diff to current
2014-04-07
Dietmar Maurer
allow icmp port names
blob
|
commitdiff
|
raw
|
diff to current
2014-04-07
Dietmar Maurer
verify macro parameters when updating a rule using API
blob
|
commitdiff
|
raw
|
diff to current
2014-04-04
Dietmar Maurer
fix port parser
blob
|
commitdiff
|
raw
|
diff to current
2014-04-04
Dietmar Maurer
add macro descriptions (and API to read them)
blob
|
commitdiff
|
raw
|
diff to current
2014-04-03
Dietmar Maurer
implement delete parameter for rule update API
blob
|
commitdiff
|
raw
|
diff to current
2014-04-03
Dietmar Maurer
rule type and action are required parameters
blob
|
commitdiff
|
raw
|
diff to current
2014-04-03
Dietmar Maurer
simplify check for iprange
blob
|
commitdiff
|
raw
|
diff to current
2014-04-03
Dietmar Maurer
parse_address_list: add check for ipset references.
blob
|
commitdiff
|
raw
|
diff to current
2014-04-03
Dietmar Maurer
parse_address_list: only allow one ip range
blob
|
commitdiff
|
raw
|
diff to current
2014-04-03
Dietmar Maurer
ipset: check kernel version
blob
|
commitdiff
|
raw
|
diff to current
2014-04-03
Alexandre Derumier
rename netgroup to ipset
blob
|
commitdiff
|
raw
|
diff to current
2014-04-03
Alexandre Derumier
prefix ipset chains with PVEFW-
blob
|
commitdiff
|
raw
|
diff to current
2014-04-03
Alexandre Derumier
implemented ipset rules in iptables
blob
|
commitdiff
|
raw
|
diff to current
2014-04-02
Dietmar Maurer
really save options
blob
|
commitdiff
|
raw
|
diff to current
2014-04-02
Dietmar Maurer
implement rules API for <vmid>.fw
blob
|
commitdiff
|
raw
|
diff to current
2014-04-02
Dietmar Maurer
implement rules API for host.fw
blob
|
commitdiff
|
raw
|
diff to current
2014-04-01
Dietmar Maurer
delete trailing white space from 'ipset save' output.
blob
|
commitdiff
|
raw
|
diff to current
2014-04-01
Dietmar Maurer
avoid multiple calls to ipset_get_chains()
blob
|
commitdiff
|
raw
|
diff to current
2014-04-01
Alexandre Derumier
ipset : use only netgroup
blob
|
commitdiff
|
raw
|
diff to current
2014-03-31
Dietmar Maurer
remove unneccessary iptables code
blob
|
commitdiff
|
raw
|
diff to current
2014-03-31
Dietmar Maurer
avoid calls to iptables_rule_exist()
blob
|
commitdiff
|
raw
|
diff to current
2014-03-31
Dietmar Maurer
new method iptables_chain_digest() to compute digest
blob
|
commitdiff
|
raw
|
diff to current
2014-03-31
Dietmar Maurer
s/rulset/ruleset/
blob
|
commitdiff
|
raw
|
diff to current
2014-03-31
Dietmar Maurer
avoid calls to iptables_rule_exist
blob
|
commitdiff
|
raw
|
diff to current
2014-03-31
Dietmar Maurer
allow options and rules section in cluster.fw
blob
|
commitdiff
|
raw
|
diff to current
2014-03-31
Dietmar Maurer
rename groups.fw to cluster.fw
blob
|
commitdiff
|
raw
|
diff to current
2014-03-28
Dietmar Maurer
cleanup ipset code
blob
|
commitdiff
|
raw
|
diff to current
2014-03-28
Alexandre Derumier
implement ipset ip/net groups
blob
|
commitdiff
|
raw
|
diff to current
2014-03-27
Alexandre Derumier
cleanup ips detection
blob
|
commitdiff
|
raw
|
diff to current
2014-03-25
Dietmar Maurer
improve parameter verification
blob
|
commitdiff
|
raw
|
diff to current
2014-03-25
Dietmar Maurer
cleanup_fw_rule: only copy defined rule properties
blob
|
commitdiff
|
raw
|
diff to current
2014-03-25
Dietmar Maurer
do not expand macros on load
blob
|
commitdiff
|
raw
|
diff to current
2014-03-25
Dietmar Maurer
improve API
blob
|
commitdiff
|
raw
|
diff to current
2014-03-25
Alexandre Derumier
add ips optimizations
blob
|
commitdiff
|
raw
|
diff to current
2014-03-25
Alexandre Derumier
add optimize flag
blob
|
commitdiff
|
raw
|
diff to current
2014-03-25
Alexandre Derumier
add ips feature v7
blob
|
commitdiff
|
raw
|
diff to current
2014-03-21
Dietmar Maurer
code cleanup: use ruleset_generate_rule to generate...
blob
|
commitdiff
|
raw
|
diff to current
2014-03-21
Dietmar Maurer
assume rule is enabled if {enable} is not defined
blob
|
commitdiff
|
raw
|
diff to current
2014-03-21
Alexandre Derumier
dhcp out rule : use goto instead jump
blob
|
commitdiff
|
raw
|
diff to current
2014-03-20
Dietmar Maurer
use enable instead of disable
blob
|
commitdiff
|
raw
|
diff to current
2014-03-20
Dietmar Maurer
implement nosmurfs option for hiost firewall
blob
|
commitdiff
|
raw
|
diff to current
2014-03-20
Dietmar Maurer
implement option tcpflags for host firewall
blob
|
commitdiff
|
raw
|
diff to current
2014-03-20
Alexandre Derumier
generate_group_rules : fix check of security group
blob
|
commitdiff
|
raw
|
diff to current
2014-03-19
Dietmar Maurer
fix dhcp rule
blob
|
commitdiff
|
raw
|
diff to current
2014-03-19
Dietmar Maurer
allow to use utf8 encoded comments
blob
|
commitdiff
|
raw
|
diff to current
2014-03-19
Dietmar Maurer
remove optimization which accepts unrelated traffic
blob
|
commitdiff
|
raw
|
diff to current
2014-03-18
Dietmar Maurer
start VM firewall API
blob
|
commitdiff
|
raw
|
diff to current
2014-03-18
Dietmar Maurer
start host API
blob
|
commitdiff
|
raw
|
diff to current
2014-03-18
Dietmar Maurer
improve security group API
blob
|
commitdiff
|
raw
|
diff to current
2014-03-18
Dietmar Maurer
start API
blob
|
commitdiff
|
raw
|
diff to current
2014-03-18
Dietmar Maurer
new method load_security_groups()
blob
|
commitdiff
|
raw
|
diff to current
2014-03-17
Dietmar Maurer
remove obsolete comment
blob
|
commitdiff
|
raw
|
diff to current
2014-03-17
Dietmar Maurer
avoid dependency problems
blob
|
commitdiff
|
raw
|
diff to current
2014-03-14
Dietmar Maurer
improve log format
blob
|
commitdiff
|
raw
|
diff to current
2014-03-13
Dietmar Maurer
add simple nflog daemon
blob
|
commitdiff
|
raw
|
diff to current
2014-03-10
Dietmar Maurer
avoid use of --physdev-is-bridged whenever possible
blob
|
commitdiff
|
raw
|
diff to current
2014-03-10
Dietmar Maurer
use correct mac for veth containers
blob
|
commitdiff
|
raw
|
diff to current
2014-03-10
Dietmar Maurer
add reminder that we should use ULOG
blob
|
commitdiff
|
raw
|
diff to current
2014-03-07
Dietmar Maurer
do not use multiport for single port range
blob
|
commitdiff
|
raw
|
diff to current
2014-03-06
Dietmar Maurer
implement allow_bridge_route feature
blob
|
commitdiff
|
raw
|
diff to current
2014-03-06
Dietmar Maurer
use RETURN instead of ACCEPT to allow further processing
blob
|
commitdiff
|
raw
|
diff to current
2014-03-06
Dietmar Maurer
only update nf_conntrack_max if firewall is started
blob
|
commitdiff
|
raw
|
diff to current
2014-03-05
Dietmar Maurer
plug venet0 chains into PVEFW-INPUT and PVEFW-OUTPUT
blob
|
commitdiff
|
raw
|
diff to current
next