projects
/
pve-firewall.git
/ history
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
first ⋅ prev ⋅
next
only add tap rules for interface with firewall=1
[pve-firewall.git]
/
src
/
PVE
/
2014-05-15
Alexandre Derumier
only add tap rules for interface with firewall=1
tree
|
commitdiff
2014-05-14
Alexandre Derumier
fix interface in rules for host-in and host-out
tree
|
commitdiff
2014-05-14
Alexandre Derumier
move blacklist inside ruleset_chain_add_input_filters
tree
|
commitdiff
2014-05-14
Alexandre Derumier
remove optimize option
tree
|
commitdiff
2014-05-14
Dietmar Maurer
delete trailing whitespace cleanup
tree
|
commitdiff
2014-05-14
Alexandre Derumier
allow multiple spaces in venet0 ip list
tree
|
commitdiff
2014-05-14
Alexandre Derumier
rename link+ to fwln+
tree
|
commitdiff
2014-05-13
Alexandre Derumier
bugfix : allow multiples venet0 ip in 1 container
tree
|
commitdiff
2014-05-13
Alexandre Derumier
insert PVEFW-IPS after vm rules generation v2
tree
|
commitdiff
2014-05-13
Dietmar Maurer
allow to read config from test directory
tree
|
commitdiff
2014-05-13
Dietmar Maurer
use PVEFW-VENET-IN/OUT inside PVEFW-INPUT/OUTPUT chains
tree
|
commitdiff
2014-05-13
Dietmar Maurer
move nosmurfs, tcpflags and conntrack established outsi...
tree
|
commitdiff
2014-05-13
Dietmar Maurer
remove dead code
tree
|
commitdiff
2014-05-13
Dietmar Maurer
add PVEFW-VENET-IN && PVEFW-VENET-OUT chains
tree
|
commitdiff
2014-05-13
Dietmar Maurer
remove bridge chains
tree
|
commitdiff
2014-05-13
Dietmar Maurer
use hex digest to avoid url encoding problems
tree
|
commitdiff
2014-05-13
Dietmar Maurer
avoid error about undefined array
tree
|
commitdiff
2014-05-06
Dietmar Maurer
remove allow_bridge_route setting
tree
|
commitdiff
2014-04-24
Dietmar Maurer
firewall group API: change 'name' to 'group'
tree
|
commitdiff
2014-04-23
Alexandre Derumier
add global ipset blacklist
tree
|
commitdiff
2014-04-22
Dietmar Maurer
generate_ipset: skip undefined ipsets
tree
|
commitdiff
2014-04-22
Dietmar Maurer
rename save_rules to save_ipset
tree
|
commitdiff
2014-04-22
Dietmar Maurer
alias API: implement rename
tree
|
commitdiff
2014-04-22
Dietmar Maurer
start API for aliases
tree
|
commitdiff
2014-04-22
Dietmar Maurer
correctly save aliases
tree
|
commitdiff
2014-04-22
Dietmar Maurer
ruleset_generate_vm_rules: use 'warn' instead of 'die'
tree
|
commitdiff
2014-04-22
Dietmar Maurer
ruleset_generate_vm_rule: avoid multiple calls to gener...
tree
|
commitdiff
2014-04-22
Dietmar Maurer
generate_nfqueue: code cleanup
tree
|
commitdiff
2014-04-22
Dietmar Maurer
ruleset_generate_rule: update all or nothing
tree
|
commitdiff
2014-04-22
Alexandre Derumier
update update_nf_conntrack_max && nf_conntrack_tcp_time...
tree
|
commitdiff
2014-04-22
Dietmar Maurer
code cleanup
tree
|
commitdiff
2014-04-22
Alexandre Derumier
iptables_get_chains : allow bridgevlan vmbrXvY
tree
|
commitdiff
2014-04-22
Alexandre Derumier
optimize : accept from physical interfaces on bridges
tree
|
commitdiff
2014-04-22
Alexandre Derumier
add aliases feature
tree
|
commitdiff
2014-04-18
Dietmar Maurer
only allow tcpflafgs and nosmurfs in host.fw
tree
|
commitdiff
2014-04-18
Dietmar Maurer
enable cluster wide rules
tree
|
commitdiff
2014-04-18
Dietmar Maurer
add remaining options to VM API
tree
|
commitdiff
2014-04-18
Dietmar Maurer
add options and log API for VMs
tree
|
commitdiff
2014-04-17
Alexandre Derumier
bugfix : ruleset_generate_cmdstr : use -d for destination
tree
|
commitdiff
2014-04-15
Dietmar Maurer
complete options API for host.fw
tree
|
commitdiff
2014-04-15
Dietmar Maurer
add API for firewall log
tree
|
commitdiff
2014-04-15
Dietmar Maurer
correctly initialize std chains
tree
|
commitdiff
2014-04-15
Dietmar Maurer
do not set persistent state if firewall is disabled
tree
|
commitdiff
2014-04-15
Dietmar Maurer
disable firewall by default
tree
|
commitdiff
2014-04-15
Alexandre Derumier
ips : allow --queue-bypass only for kernel 3.10
tree
|
commitdiff
2014-04-15
Dietmar Maurer
stop firewall inside update if firewall is disabled...
tree
|
commitdiff
2014-04-14
Dietmar Maurer
implement API for cluster.fw policy_in and policy_out...
tree
|
commitdiff
2014-04-14
Dietmar Maurer
move host policy setting to cluster.fw
tree
|
commitdiff
2014-04-14
Dietmar Maurer
remove option dhcp for host.fw
tree
|
commitdiff
2014-04-14
Alexandre Derumier
add tunnable nf_conntrack_tcp_timeout_established value
tree
|
commitdiff
2014-04-11
Dietmar Maurer
copy_xxx_with_digest: do not copy undefined values
tree
|
commitdiff
2014-04-11
Dietmar Maurer
improve concurrent update handling
tree
|
commitdiff
2014-04-10
Dietmar Maurer
correctly encode section comments as utf8
tree
|
commitdiff
2014-04-10
Dietmar Maurer
support comments on ipset sections
tree
|
commitdiff
2014-04-10
Dietmar Maurer
rules API: protect against concurrent updates
tree
|
commitdiff
2014-04-10
Dietmar Maurer
security group API: protect against concurrent updates
tree
|
commitdiff
2014-04-10
Dietmar Maurer
define standard option pve-config-digest
tree
|
commitdiff
2014-04-09
Dietmar Maurer
support comments on group sections
tree
|
commitdiff
2014-04-09
Dietmar Maurer
correctly save security group rules
tree
|
commitdiff
2014-04-09
Dietmar Maurer
complete security group API
tree
|
commitdiff
2014-04-09
Dietmar Maurer
define standard option for security group names
tree
|
commitdiff
2014-04-09
Dietmar Maurer
correctly verify ipset name
tree
|
commitdiff
2014-04-09
Dietmar Maurer
IPSet: implement rename API
tree
|
commitdiff
2014-04-09
Dietmar Maurer
add newline to error message
tree
|
commitdiff
2014-04-08
Dietmar Maurer
ipset: implement create/delete API
tree
|
commitdiff
2014-04-08
Dietmar Maurer
ipset API: add get/update methods
tree
|
commitdiff
2014-04-08
Dietmar Maurer
fix ipset ref test in parse_address_list
tree
|
commitdiff
2014-04-07
Dietmar Maurer
improve ipset updates
tree
|
commitdiff
2014-04-07
Dietmar Maurer
ipset: implement delete API, improve parameter verification
tree
|
commitdiff
2014-04-07
Dietmar Maurer
start API for IPSet
tree
|
commitdiff
2014-04-07
Dietmar Maurer
ipset: only save ip/network once
tree
|
commitdiff
2014-04-07
Dietmar Maurer
correctly save ipset data
tree
|
commitdiff
2014-04-07
Dietmar Maurer
allow icmp port names
tree
|
commitdiff
2014-04-07
Dietmar Maurer
verify macro parameters when updating a rule using API
tree
|
commitdiff
2014-04-04
Dietmar Maurer
fix port parser
tree
|
commitdiff
2014-04-04
Dietmar Maurer
add macro descriptions (and API to read them)
tree
|
commitdiff
2014-04-03
Dietmar Maurer
implement delete parameter for rule update API
tree
|
commitdiff
2014-04-03
Dietmar Maurer
rule type and action are required parameters
tree
|
commitdiff
2014-04-03
Dietmar Maurer
simplify check for iprange
tree
|
commitdiff
2014-04-03
Dietmar Maurer
parse_address_list: add check for ipset references.
tree
|
commitdiff
2014-04-03
Dietmar Maurer
parse_address_list: only allow one ip range
tree
|
commitdiff
2014-04-03
Dietmar Maurer
ipset: check kernel version
tree
|
commitdiff
2014-04-03
Alexandre Derumier
rename netgroup to ipset
tree
|
commitdiff
2014-04-03
Alexandre Derumier
prefix ipset chains with PVEFW-
tree
|
commitdiff
2014-04-03
Alexandre Derumier
implemented ipset rules in iptables
tree
|
commitdiff
2014-04-02
Dietmar Maurer
really save options
tree
|
commitdiff
2014-04-02
Dietmar Maurer
implement rules API for <vmid>.fw
tree
|
commitdiff
2014-04-02
Dietmar Maurer
implement rules API for host.fw
tree
|
commitdiff
2014-04-02
Dietmar Maurer
implement generic rule API class
tree
|
commitdiff
2014-04-01
Dietmar Maurer
implement option API for cluster.fw
tree
|
commitdiff
2014-04-01
Dietmar Maurer
start cluster wide firewall API
tree
|
commitdiff
2014-04-01
Dietmar Maurer
delete trailing white space from 'ipset save' output.
tree
|
commitdiff
2014-04-01
Dietmar Maurer
avoid multiple calls to ipset_get_chains()
tree
|
commitdiff
2014-04-01
Alexandre Derumier
ipset : use only netgroup
tree
|
commitdiff
2014-03-31
Dietmar Maurer
remove unneccessary iptables code
tree
|
commitdiff
2014-03-31
Dietmar Maurer
avoid calls to iptables_rule_exist()
tree
|
commitdiff
2014-03-31
Dietmar Maurer
new method iptables_chain_digest() to compute digest
tree
|
commitdiff
2014-03-31
Dietmar Maurer
s/rulset/ruleset/
tree
|
commitdiff
2014-03-31
Dietmar Maurer
avoid calls to iptables_rule_exist
tree
|
commitdiff
2014-03-31
Dietmar Maurer
allow options and rules section in cluster.fw
tree
|
commitdiff
next