projects
/
pve-firewall.git
/ search
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
first
⋅
prev
⋅
next
Firewall/Host: add permissions
2014-05-15
Dietmar Maurer
add tests for unconfigured firewall (empty files)
commit
|
commitdiff
|
tree
2014-05-15
Dietmar Maurer
add group tests for container
commit
|
commitdiff
|
tree
2014-05-15
Dietmar Maurer
fix security groups for VMs
commit
|
commitdiff
|
tree
2014-05-15
Dietmar Maurer
add security group tests
commit
|
commitdiff
|
tree
2014-05-15
Dietmar Maurer
fwtester: add ability to run tests on several zones
commit
|
commitdiff
|
tree
2014-05-15
Dietmar Maurer
correctly emit group rules for host
commit
|
commitdiff
|
tree
2014-05-15
Dietmar Maurer
fwtester: improve rule_match
commit
|
commitdiff
|
tree
2014-05-15
Dietmar Maurer
correctly use dest instead of source
commit
|
commitdiff
|
tree
2014-05-15
Dietmar Maurer
allow GROUP rule without iface
commit
|
commitdiff
|
tree
2014-05-15
Dietmar Maurer
fwtester: set firewall=1 for test VM interfaces
commit
|
commitdiff
|
tree
2014-05-15
Alexandre Derumier
only add tap rules for interface with firewall=1
commit
|
commitdiff
|
tree
2014-05-15
Dietmar Maurer
fwtester: simplify code with ne bport zone
commit
|
commitdiff
|
tree
2014-05-15
Dietmar Maurer
improve error messages
commit
|
commitdiff
|
tree
2014-05-14
Dietmar Maurer
fwtester: add new zone 'nfwm' to simulate a non-firewalled VM
commit
|
commitdiff
|
tree
2014-05-14
Dietmar Maurer
fwtester: do not count ENTER/LEAVE
commit
|
commitdiff
|
tree
2014-05-14
Dietmar Maurer
add README for fwtester.pl
commit
|
commitdiff
|
tree
2014-05-14
Alexandre Derumier
fix interface in rules for host-in and host-out
commit
|
commitdiff
|
tree
2014-05-14
Dietmar Maurer
add tests for host interface match
commit
|
commitdiff
|
tree
2014-05-14
Dietmar Maurer
fwtester: support dev regex with -i and -o
commit
|
commitdiff
|
tree
2014-05-14
Dietmar Maurer
fwtester: fix emulation - correctly set phydev_in
commit
|
commitdiff
|
tree
2014-05-14
Dietmar Maurer
fwtester: add counters for debugging
commit
|
commitdiff
|
tree
2014-05-14
Dietmar Maurer
fwtester: do not set packet default values
commit
|
commitdiff
|
tree
2014-05-14
Alexandre Derumier
move blacklist inside ruleset_chain_add_input_filters
commit
|
commitdiff
|
tree
2014-05-14
Alexandre Derumier
remove optimize option
commit
|
commitdiff
|
tree
2014-05-14
Dietmar Maurer
fwtester: implement some useful command line option
commit
|
commitdiff
|
tree
2014-05-14
Dietmar Maurer
fwtester: implement new 'outside' zone
commit
|
commitdiff
|
tree
2014-05-14
Dietmar Maurer
fwtester: improve kernel simulation
commit
|
commitdiff
|
tree
2014-05-14
Dietmar Maurer
delete trailing whitespace cleanup
commit
|
commitdiff
|
tree
2014-05-14
Alexandre Derumier
allow multiple spaces in venet0 ip list
commit
|
commitdiff
|
tree
2014-05-14
Alexandre Derumier
rename link+ to fwln+
commit
|
commitdiff
|
tree
2014-05-13
Alexandre Derumier
bugfix : allow multiples venet0 ip in 1 container
commit
|
commitdiff
|
tree
2014-05-13
Alexandre Derumier
insert PVEFW-IPS after vm rules generation v2
commit
|
commitdiff
|
tree
2014-05-13
Dietmar Maurer
add Makefile targets for regression tests
commit
|
commitdiff
|
tree
2014-05-13
Dietmar Maurer
add regression test infrastructure
commit
|
commitdiff
|
tree
2014-05-13
Dietmar Maurer
allow to read config from test directory
commit
|
commitdiff
|
tree
2014-05-13
Dietmar Maurer
use PVEFW-VENET-IN/OUT inside PVEFW-INPUT/OUTPUT chains
Signed-off-by: Dietmar Maurer <
dietmar@proxmox.com
>
commit
|
commitdiff
|
tree
2014-05-13
Dietmar Maurer
move nosmurfs, tcpflags and conntrack established outside...
Signed-off-by: Dietmar Maurer <
dietmar@proxmox.com
>
commit
|
commitdiff
|
tree
2014-05-13
Dietmar Maurer
remove dead code
Signed-off-by: Dietmar Maurer <
dietmar@proxmox.com
>
commit
|
commitdiff
|
tree
2014-05-13
Dietmar Maurer
add PVEFW-VENET-IN && PVEFW-VENET-OUT chains
Signed-off-by: Dietmar Maurer <
dietmar@proxmox.com
>
commit
|
commitdiff
|
tree
2014-05-13
Dietmar Maurer
remove bridge chains
Signed-off-by: Dietmar Maurer <
dietmar@proxmox.com
>
commit
|
commitdiff
|
tree
2014-05-13
Dietmar Maurer
use hex digest to avoid url encoding problems
Signed-off-by: Dietmar Maurer <
dietmar@proxmox.com
>
commit
|
commitdiff
|
tree
2014-05-13
Dietmar Maurer
avoid error about undefined array
Signed-off-by: Dietmar Maurer <
dietmar@proxmox.com
>
commit
|
commitdiff
|
tree
2014-05-06
Dietmar Maurer
set RELEASE to 3.2
commit
|
commitdiff
|
tree
2014-05-06
Dietmar Maurer
remove allow_bridge_route setting
commit
|
commitdiff
|
tree
2014-04-24
Dietmar Maurer
firewall group API: change 'name' to 'group'
commit
|
commitdiff
|
tree
2014-04-23
Alexandre Derumier
add global ipset blacklist
commit
|
commitdiff
|
tree
2014-04-22
Dietmar Maurer
generate_ipset: skip undefined ipsets
commit
|
commitdiff
|
tree
2014-04-22
Dietmar Maurer
rename save_rules to save_ipset
commit
|
commitdiff
|
tree
2014-04-22
Dietmar Maurer
alias API: implement rename
commit
|
commitdiff
|
tree
2014-04-22
Dietmar Maurer
start API for aliases
commit
|
commitdiff
|
tree
2014-04-22
Dietmar Maurer
correctly save aliases
commit
|
commitdiff
|
tree
2014-04-22
Dietmar Maurer
ruleset_generate_vm_rules: use 'warn' instead of 'die'
commit
|
commitdiff
|
tree
2014-04-22
Dietmar Maurer
ruleset_generate_vm_rule: avoid multiple calls to generate_n...
commit
|
commitdiff
|
tree
2014-04-22
Dietmar Maurer
generate_nfqueue: code cleanup
commit
|
commitdiff
|
tree
2014-04-22
Dietmar Maurer
ruleset_generate_rule: update all or nothing
commit
|
commitdiff
|
tree
2014-04-22
Alexandre Derumier
update update_nf_conntrack_max && nf_conntrack_tcp_timeout_e...
commit
|
commitdiff
|
tree
2014-04-22
Dietmar Maurer
code cleanup
commit
|
commitdiff
|
tree
2014-04-22
Alexandre Derumier
iptables_get_chains : allow bridgevlan vmbrXvY
commit
|
commitdiff
|
tree
2014-04-22
Alexandre Derumier
optimize : accept from physical interfaces on bridges
commit
|
commitdiff
|
tree
2014-04-22
Alexandre Derumier
add aliases feature
commit
|
commitdiff
|
tree
2014-04-18
Dietmar Maurer
add README and example to debian package
commit
|
commitdiff
|
tree
2014-04-18
Dietmar Maurer
fix README
commit
|
commitdiff
|
tree
2014-04-18
Dietmar Maurer
only allow tcpflafgs and nosmurfs in host.fw
commit
|
commitdiff
|
tree
2014-04-18
Dietmar Maurer
enable cluster wide rules
commit
|
commitdiff
|
tree
2014-04-18
Dietmar Maurer
add remaining options to VM API
commit
|
commitdiff
|
tree
2014-04-18
Dietmar Maurer
add options and log API for VMs
commit
|
commitdiff
|
tree
2014-04-17
Alexandre Derumier
bugfix : ruleset_generate_cmdstr : use -d for destination
commit
|
commitdiff
|
tree
2014-04-15
Dietmar Maurer
complete options API for host.fw
commit
|
commitdiff
|
tree
2014-04-15
Dietmar Maurer
add API for firewall log
commit
|
commitdiff
|
tree
2014-04-15
Dietmar Maurer
correctly initialize std chains
commit
|
commitdiff
|
tree
2014-04-15
Dietmar Maurer
do not set persistent state if firewall is disabled
commit
|
commitdiff
|
tree
2014-04-15
Dietmar Maurer
disable firewall by default
commit
|
commitdiff
|
tree
2014-04-15
Dietmar Maurer
add init script to start firewall
commit
|
commitdiff
|
tree
2014-04-15
Alexandre Derumier
ips : allow --queue-bypass only for kernel 3.10
commit
|
commitdiff
|
tree
2014-04-15
Dietmar Maurer
stop firewall inside update if firewall is disabled...
commit
|
commitdiff
|
tree
2014-04-14
Dietmar Maurer
implement API for cluster.fw policy_in and policy_out...
commit
|
commitdiff
|
tree
2014-04-14
Dietmar Maurer
move host policy setting to cluster.fw
commit
|
commitdiff
|
tree
2014-04-14
Dietmar Maurer
remove option dhcp for host.fw
commit
|
commitdiff
|
tree
2014-04-14
Alexandre Derumier
add tunnable nf_conntrack_tcp_timeout_established value
commit
|
commitdiff
|
tree
2014-04-11
Dietmar Maurer
copy_xxx_with_digest: do not copy undefined values
commit
|
commitdiff
|
tree
2014-04-11
Dietmar Maurer
improve concurrent update handling
commit
|
commitdiff
|
tree
2014-04-10
Dietmar Maurer
correctly encode section comments as utf8
commit
|
commitdiff
|
tree
2014-04-10
Dietmar Maurer
support comments on ipset sections
commit
|
commitdiff
|
tree
2014-04-10
Dietmar Maurer
rules API: protect against concurrent updates
commit
|
commitdiff
|
tree
2014-04-10
Dietmar Maurer
security group API: protect against concurrent updates
commit
|
commitdiff
|
tree
2014-04-10
Dietmar Maurer
define standard option pve-config-digest
commit
|
commitdiff
|
tree
2014-04-09
Dietmar Maurer
support comments on group sections
commit
|
commitdiff
|
tree
2014-04-09
Dietmar Maurer
correctly save security group rules
commit
|
commitdiff
|
tree
2014-04-09
Dietmar Maurer
complete security group API
commit
|
commitdiff
|
tree
2014-04-09
Dietmar Maurer
define standard option for security group names
commit
|
commitdiff
|
tree
2014-04-09
Dietmar Maurer
correctly verify ipset name
commit
|
commitdiff
|
tree
2014-04-09
Dietmar Maurer
IPSet: implement rename API
commit
|
commitdiff
|
tree
2014-04-09
Dietmar Maurer
add newline to error message
commit
|
commitdiff
|
tree
2014-04-08
Dietmar Maurer
ipset: implement create/delete API
commit
|
commitdiff
|
tree
2014-04-08
Dietmar Maurer
ipset API: add get/update methods
commit
|
commitdiff
|
tree
2014-04-08
Dietmar Maurer
fix ipset ref test in parse_address_list
commit
|
commitdiff
|
tree
2014-04-07
Dietmar Maurer
improve ipset updates
commit
|
commitdiff
|
tree
2014-04-07
Dietmar Maurer
ipset: implement delete API, improve parameter verification
commit
|
commitdiff
|
tree
2014-04-07
Dietmar Maurer
start API for IPSet
commit
|
commitdiff
|
tree
2014-04-07
Dietmar Maurer
ipset: only save ip/network once
commit
|
commitdiff
|
tree
next