projects
/
pve-firewall.git
/ history
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
first ⋅ prev ⋅
next
add ip6tables standard chains
[pve-firewall.git]
/
src
/
PVE
/
2014-11-04
Alexandre Derumier
add ip6tables standard chains
tree
|
commitdiff
2014-11-04
Dietmar Maurer
add icmpv6 support
tree
|
commitdiff
2014-11-04
Dietmar Maurer
add ipv6 ipset support
tree
|
commitdiff
2014-11-04
Dietmar Maurer
ipset_match: implement simulation of list type ipsets
tree
|
commitdiff
2014-11-03
Dietmar Maurer
resolve_alias: use better regex to detect alias
tree
|
commitdiff
2014-10-31
Dietmar Maurer
code cleanup
tree
|
commitdiff
2014-10-31
Alexandre Derumier
check ipversion of aliases
tree
|
commitdiff
2014-10-31
Alexandre Derumier
skip group rules generation if rule ipversion don't...
tree
|
commitdiff
2014-10-31
Dietmar Maurer
use integer compare for $ipversion
tree
|
commitdiff
2014-10-31
Alexandre Derumier
enable hostfw for ipv4 only
tree
|
commitdiff
2014-10-31
Dietmar Maurer
fix venet rule generation: venet can have ipv4 and...
tree
|
commitdiff
2014-10-30
Dietmar Maurer
$ipversion is interger, so use '!=' instead of string...
tree
|
commitdiff
2014-10-30
Alexandre Derumier
skip vms rules generation if rule ipversion don't match...
tree
|
commitdiff
2014-10-30
Dietmar Maurer
verify_rule: detected mixed ipv4/ipv6 addresses
tree
|
commitdiff
2014-10-30
Dietmar Maurer
parse_address_list: improve type detection
tree
|
commitdiff
2014-10-30
Dietmar Maurer
parse_address_list: make sure we only have one type...
tree
|
commitdiff
2014-10-30
Dietmar Maurer
fix error message
tree
|
commitdiff
2014-10-30
Dietmar Maurer
rename pve-fw-v4addr-spec to pve-fw-addr-spec
tree
|
commitdiff
2014-10-30
Alexandre Derumier
parse_rules src && dst ipversion
tree
|
commitdiff
2014-10-30
Dietmar Maurer
cleanup generate_std_chains: don't overwrite global...
tree
|
commitdiff
2014-10-30
Alexandre Derumier
move $pve_std_chains to $pve_std_chains->{$ipversion}
tree
|
commitdiff
2014-10-30
Alexandre Derumier
split compile to compile_iptables_filter
tree
|
commitdiff
2014-10-14
Dietmar Maurer
fix max ipset name lenght
tree
|
commitdiff
2014-07-21
Dietmar Maurer
Firewall/IPSet: implement permission
tree
|
commitdiff
2014-07-21
Dietmar Maurer
Firewall/Rules: add permissions
tree
|
commitdiff
2014-07-21
Dietmar Maurer
Firewall/Groups: add permissions
tree
|
commitdiff
2014-07-21
Dietmar Maurer
Firewall/VM: add permissions
tree
|
commitdiff
2014-07-21
Dietmar Maurer
Firewall/Host: add permissions
tree
|
commitdiff
2014-07-21
Dietmar Maurer
Firewall/Cluster: add permissions
tree
|
commitdiff
2014-06-26
Dietmar Maurer
generate MAC and IP filter rules if firewall is enabled...
tree
|
commitdiff
2014-06-26
Dietmar Maurer
proxy host rule API calls to correct node
tree
|
commitdiff
2014-06-12
Dietmar Maurer
implement negative ipset match
tree
|
commitdiff
2014-06-12
Dietmar Maurer
use separate ipfilter ipset on each interface
tree
|
commitdiff
2014-06-11
Dietmar Maurer
add support for ipfilter ipset
tree
|
commitdiff
2014-06-04
Dietmar Maurer
generate /etc/pve/firewall directory automatically
tree
|
commitdiff
2014-06-04
Dietmar Maurer
avoid errors about undefined values
tree
|
commitdiff
2014-06-04
Dietmar Maurer
remove ipsets when firewall disabled
tree
|
commitdiff
2014-06-04
Dietmar Maurer
return empty ruleset if firewall disabled in cluster.fw
tree
|
commitdiff
2014-06-02
Dietmar Maurer
improve error message
tree
|
commitdiff
2014-06-02
Dietmar Maurer
generate warnings when we read the configuration file
tree
|
commitdiff
2014-05-30
Dietmar Maurer
pass ipset errors to GUI
tree
|
commitdiff
2014-05-30
Dietmar Maurer
skip non-existent aliases inside ipset configuration
tree
|
commitdiff
2014-05-30
Dietmar Maurer
remove dead code from previous commit
tree
|
commitdiff
2014-05-30
Dietmar Maurer
code cleanup - introcduce new method resolve_alias
tree
|
commitdiff
2014-05-30
Dietmar Maurer
cleanup: try to use more consistent method naming
tree
|
commitdiff
2014-05-30
Dietmar Maurer
API: add ability to restrict ref list to specified...
tree
|
commitdiff
2014-05-30
Dietmar Maurer
API fix: allow aliases in IPSets
tree
|
commitdiff
2014-05-30
Dietmar Maurer
parser: verify group and ipset names
tree
|
commitdiff
2014-05-28
Dietmar Maurer
implement API to get list of possible refs (aliases...
tree
|
commitdiff
2014-05-28
Dietmar Maurer
introduce ipset_name_pattern to avoid confusion
tree
|
commitdiff
2014-05-28
Dietmar Maurer
limit alias/ipset name length to 64 characters
tree
|
commitdiff
2014-05-28
Dietmar Maurer
fix ipset match - s/src/dst/
tree
|
commitdiff
2014-05-28
Dietmar Maurer
implement VM ipsets, allow long ipset names
tree
|
commitdiff
2014-05-28
Dietmar Maurer
always pass cluster_conf to load_vmfw_conf
tree
|
commitdiff
2014-05-27
Dietmar Maurer
implement ipsets for VM/CT
tree
|
commitdiff
2014-05-27
Dietmar Maurer
white space cleanup
tree
|
commitdiff
2014-05-27
Dietmar Maurer
implement aliases at VM level
tree
|
commitdiff
2014-05-27
Dietmar Maurer
fwtester.pl: add warnings to trace
tree
|
commitdiff
2014-05-27
Alexandre Derumier
optimize blacklist : create a PVEFW-blacklist chain
tree
|
commitdiff
2014-05-26
Dietmar Maurer
skip diabled rules and rules with errors early
tree
|
commitdiff
2014-05-26
Dietmar Maurer
ruleset_generate_vm_rules: skip rules with errors
tree
|
commitdiff
2014-05-26
Dietmar Maurer
improve rule verification
tree
|
commitdiff
2014-05-26
Dietmar Maurer
pass $rule_env (cluster/host/vm/ct) to rule parser.
tree
|
commitdiff
2014-05-23
Dietmar Maurer
improve error handling
tree
|
commitdiff
2014-05-23
Dietmar Maurer
allow to read rule with errors
tree
|
commitdiff
2014-05-21
Dietmar Maurer
improve rules API
tree
|
commitdiff
2014-05-21
Dietmar Maurer
fix API: property sport/dport requires protocol
tree
|
commitdiff
2014-05-21
Dietmar Maurer
fix test/test-errors3 - protect rule generation with...
tree
|
commitdiff
2014-05-21
Dietmar Maurer
allow igmp traffic
tree
|
commitdiff
2014-05-21
Dietmar Maurer
fix for test case test/test-errors1
tree
|
commitdiff
2014-05-21
Dietmar Maurer
rename cluster_network to local_network, introduce...
tree
|
commitdiff
2014-05-21
Dietmar Maurer
Introduce new management ipset
tree
|
commitdiff
2014-05-21
Dietmar Maurer
do not use ctstate in corosync rule
tree
|
commitdiff
2014-05-20
Dietmar Maurer
start alias support for VMs
tree
|
commitdiff
2014-05-20
Dietmar Maurer
add simulate command for easy testing
tree
|
commitdiff
2014-05-20
Dietmar Maurer
move test code to FirewallSimulator.pm
tree
|
commitdiff
2014-05-20
Dietmar Maurer
do not enable VM firewall by default
tree
|
commitdiff
2014-05-20
Dietmar Maurer
allow tests without cluster.fw and host.fw configuration
tree
|
commitdiff
2014-05-20
Dietmar Maurer
also allow VNC and SPICE traffic inside cluster_network
tree
|
commitdiff
2014-05-20
Dietmar Maurer
do not use -s for outgoing corosync rules
tree
|
commitdiff
2014-05-20
Dietmar Maurer
implement setter for cluster_network
tree
|
commitdiff
2014-05-20
Dietmar Maurer
fix regression test for previous commits
tree
|
commitdiff
2014-05-20
Dietmar Maurer
use $accept_action for standard rules
tree
|
commitdiff
2014-05-20
Dietmar Maurer
add standard rules after user rules
tree
|
commitdiff
2014-05-20
Dietmar Maurer
fix corosync rules (restrict to cluster network)
tree
|
commitdiff
2014-05-20
Dietmar Maurer
remove wrong corosync rules using port 9000
tree
|
commitdiff
2014-05-19
Dietmar Maurer
allow API/SSH/SPICE/VNC traffic on local cluster networ...
tree
|
commitdiff
2014-05-19
Dietmar Maurer
remove unused options
tree
|
commitdiff
2014-05-19
Dietmar Maurer
add init function
tree
|
commitdiff
2014-05-19
Dietmar Maurer
avoid logs by default
tree
|
commitdiff
2014-05-19
Dietmar Maurer
remove unused parameters
tree
|
commitdiff
2014-05-19
Alexandre Derumier
birectionnal macros cleanups
tree
|
commitdiff
2014-05-19
Dietmar Maurer
change rule format: use named parameters
tree
|
commitdiff
2014-05-16
Dietmar Maurer
cleanup firewall service implementation
tree
|
commitdiff
2014-05-16
Alexandre Derumier
bypass PVEFW-VENET-IN|OUT for unfirewalled venet0 ips
tree
|
commitdiff
2014-05-16
Dietmar Maurer
do not abort if security groups does not exists
tree
|
commitdiff
2014-05-15
Dietmar Maurer
fix security groups for VMs
tree
|
commitdiff
2014-05-15
Dietmar Maurer
correctly emit group rules for host
tree
|
commitdiff
2014-05-15
Dietmar Maurer
correctly use dest instead of source
tree
|
commitdiff
2014-05-15
Dietmar Maurer
allow GROUP rule without iface
tree
|
commitdiff
next