projects
/
pve-firewall.git
/ search
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
first
⋅
prev
⋅
next
correctly verify ipset name
2014-03-05
Dietmar Maurer
use parse_address_list to validate IP list
commit
|
commitdiff
|
tree
2014-03-05
Dietmar Maurer
generate chains for openvz venet
commit
|
commitdiff
|
tree
2014-03-05
Dietmar Maurer
add veth chain to is_pvefw_chain()
commit
|
commitdiff
|
tree
2014-03-05
Dietmar Maurer
start openvz support
commit
|
commitdiff
|
tree
2014-03-05
Dietmar Maurer
use underscore instead of hyphen for fw options
commit
|
commitdiff
|
tree
2014-03-05
Dietmar Maurer
add nf_conntrack_max to example config
commit
|
commitdiff
|
tree
2014-03-05
Dietmar Maurer
implement nf_conntrack_max option
commit
|
commitdiff
|
tree
2014-03-05
Dietmar Maurer
cleanup - avoid warning about undefined value
commit
|
commitdiff
|
tree
2014-03-05
Dietmar Maurer
cleanups - use better names
commit
|
commitdiff
|
tree
2014-03-04
Dietmar Maurer
improve logging
commit
|
commitdiff
|
tree
2014-03-04
Dietmar Maurer
correctly init PVEFW-FORWARD chain
commit
|
commitdiff
|
tree
2014-03-04
Dietmar Maurer
add $bridge-OUT chain to PVEFW-INPUT
commit
|
commitdiff
|
tree
2014-03-04
Dietmar Maurer
clear mark when entering tapXZY-OUT chain
commit
|
commitdiff
|
tree
2014-03-04
Dietmar Maurer
correctly implement policy for host firewall
commit
|
commitdiff
|
tree
2014-03-04
Dietmar Maurer
factor out code to produce policy rules
commit
|
commitdiff
|
tree
2014-03-04
Dietmar Maurer
fix comment
commit
|
commitdiff
|
tree
2014-03-04
Dietmar Maurer
remove unnecessary rule
commit
|
commitdiff
|
tree
2014-03-04
Dietmar Maurer
s/enablehostfw/enable_host_firewall/
commit
|
commitdiff
|
tree
2014-03-04
Dietmar Maurer
make sure syncookies are enabled
commit
|
commitdiff
|
tree
2014-03-04
Dietmar Maurer
use PVE::ProcFSTools::write_proc_entry instead of system...
commit
|
commitdiff
|
tree
2014-03-04
Dietmar Maurer
cleanup ruleset_generate_rule()
commit
|
commitdiff
|
tree
2014-03-04
Dietmar Maurer
improve clean target
commit
|
commitdiff
|
tree
2014-03-04
Dietmar Maurer
remove stale file
commit
|
commitdiff
|
tree
2014-03-03
Dietmar Maurer
merge IN/OUT section into RULES section
commit
|
commitdiff
|
tree
2014-03-03
Dietmar Maurer
assemble debian package
commit
|
commitdiff
|
tree
2014-02-28
Dietmar Maurer
implement log_level_in and log_level_out options
commit
|
commitdiff
|
tree
2014-02-28
Dietmar Maurer
implement log level options
commit
|
commitdiff
|
tree
2014-02-28
Dietmar Maurer
use a file to store firewall status persistently.
commit
|
commitdiff
|
tree
2014-02-28
Dietmar Maurer
ignoreZ source/destination port if no protocol specified
commit
|
commitdiff
|
tree
2014-02-27
Dietmar Maurer
use defined() to check fot undefined value
commit
|
commitdiff
|
tree
2014-02-27
Dietmar Maurer
improve multiport rule generator
commit
|
commitdiff
|
tree
2014-02-27
Dietmar Maurer
fix Ping macro
commit
|
commitdiff
|
tree
2014-02-27
Dietmar Maurer
improve example
commit
|
commitdiff
|
tree
2014-02-27
Dietmar Maurer
allow to disable single rules, and add ability to add...
commit
|
commitdiff
|
tree
2014-02-27
Dietmar Maurer
add 'dhcp' option (enabled by default)
commit
|
commitdiff
|
tree
2014-02-27
Dietmar Maurer
use PVEFW-reject instead of REJECT
commit
|
commitdiff
|
tree
2014-02-27
Dietmar Maurer
accept traffic to unmanaged bridge ports
commit
|
commitdiff
|
tree
2014-02-27
Dietmar Maurer
correctly apply macros
commit
|
commitdiff
|
tree
2014-02-26
Dietmar Maurer
implement nosmurfs options (enabled by default)
commit
|
commitdiff
|
tree
2014-02-26
Dietmar Maurer
implement option 'tcpflags' to log illegal combinations...
commit
|
commitdiff
|
tree
2014-02-26
Dietmar Maurer
make mac address filtering optional (default enabled)
commit
|
commitdiff
|
tree
2014-02-26
Dietmar Maurer
use chains from previous commit to reduce logging
commit
|
commitdiff
|
tree
2014-02-26
Dietmar Maurer
add some useful chains
commit
|
commitdiff
|
tree
2014-02-26
Dietmar Maurer
add a way to define some default chains
commit
|
commitdiff
|
tree
2014-02-26
Dietmar Maurer
fix multiport rules and add icmp type names
commit
|
commitdiff
|
tree
2014-02-26
Dietmar Maurer
cleanups
commit
|
commitdiff
|
tree
2014-02-26
Dietmar Maurer
always use PVEFW-SET-ACCEPT-MARK for OUT chain
commit
|
commitdiff
|
tree
2014-02-26
Alexandre Derumier
bridge rules : -j ACCEPT for physical interfaces
commit
|
commitdiff
|
tree
2014-02-25
Alexandre Derumier
use RETURN instead ACCEPT for tap-out rules
commit
|
commitdiff
|
tree
2014-02-25
Dietmar Maurer
implement VM policy option
commit
|
commitdiff
|
tree
2014-02-25
Dietmar Maurer
implement 'enable' option
commit
|
commitdiff
|
tree
2014-02-25
Dietmar Maurer
compile: use verbose output when started from CLI
commit
|
commitdiff
|
tree
2014-02-25
Dietmar Maurer
rename chain $bridge to $bridge-FW
commit
|
commitdiff
|
tree
2014-02-25
Alexandre Derumier
optimize bridge chains
commit
|
commitdiff
|
tree
2014-02-25
Alexandre Derumier
parse_port_name_number_or_range fix range check
commit
|
commitdiff
|
tree
2014-02-21
Dietmar Maurer
do not delete PVEFW-INPUT, PVEFW-OUTPUT and PVEFW-FORWARD...
commit
|
commitdiff
|
tree
2014-02-21
Dietmar Maurer
implement simple option parser
commit
|
commitdiff
|
tree
2014-02-20
Dietmar Maurer
use conntrack instead of state
commit
|
commitdiff
|
tree
2014-02-20
Dietmar Maurer
allow traffic from lo (PVEFW-INPUT)
commit
|
commitdiff
|
tree
2014-02-20
Dietmar Maurer
define more macros (converted most shorewall macros)
commit
|
commitdiff
|
tree
2014-02-20
Dietmar Maurer
use $rule->{dest} instead of $rule->{destination}
commit
|
commitdiff
|
tree
2014-02-20
Dietmar Maurer
implement macros
commit
|
commitdiff
|
tree
2014-02-19
Dietmar Maurer
only use --mark for OUT chain
commit
|
commitdiff
|
tree
2014-02-19
Dietmar Maurer
jump to ACCEPT for IN rules
commit
|
commitdiff
|
tree
2014-02-19
Dietmar Maurer
improve parser
commit
|
commitdiff
|
tree
2014-02-19
Dietmar Maurer
use accept mark for security groups
commit
|
commitdiff
|
tree
2014-02-19
Dietmar Maurer
correctly remove stale chains
commit
|
commitdiff
|
tree
2014-02-18
Dietmar Maurer
pass $ruleset instead of $rule
commit
|
commitdiff
|
tree
2014-02-18
Dietmar Maurer
check chain name length (max 28 chars)
commit
|
commitdiff
|
tree
2014-02-18
Dietmar Maurer
use --comment to store SHA1 signature
commit
|
commitdiff
|
tree
2014-02-18
Dietmar Maurer
split compile from apply
commit
|
commitdiff
|
tree
2014-02-18
Dietmar Maurer
avoid perl warning
commit
|
commitdiff
|
tree
2014-02-18
Dietmar Maurer
enable proc/sys/net/bridge/bridge-nf-call-iptables
commit
|
commitdiff
|
tree
2014-02-18
Dietmar Maurer
add MAC filter
commit
|
commitdiff
|
tree
2014-02-18
Dietmar Maurer
cleanup chain names
commit
|
commitdiff
|
tree
2014-02-18
Alexandre Derumier
test if BRIDGEFW-OUT and BRIDGEFW-IN exist
commit
|
commitdiff
|
tree
2014-02-17
Dietmar Maurer
simplify firewall and use MD5 hash to detect changes
commit
|
commitdiff
|
tree
2014-02-17
Dietmar Maurer
consider host-IN/OUT chains in iptables_get_chains
commit
|
commitdiff
|
tree
2014-02-17
Dietmar Maurer
consider security group chains in iptables_get_chains
commit
|
commitdiff
|
tree
2014-02-14
Dietmar Maurer
implement stop command using new iptables_get_chains
commit
|
commitdiff
|
tree
2014-02-14
Dietmar Maurer
experimental code to read existing chains and compute...
commit
|
commitdiff
|
tree
2014-02-14
Dietmar Maurer
fix iptables-restore - correctly add newline after...
commit
|
commitdiff
|
tree
2014-02-14
Dietmar Maurer
remove shorewall rule compiler
commit
|
commitdiff
|
tree
2014-02-13
Dietmar Maurer
use input parameter to feed iptables-restore
commit
|
commitdiff
|
tree
2014-02-13
Dietmar Maurer
implement locking
commit
|
commitdiff
|
tree
2014-02-13
Dietmar Maurer
remove shorewall specific commands
commit
|
commitdiff
|
tree
2014-02-13
Alexandre Derumier
add support for security groups
commit
|
commitdiff
|
tree
2014-02-13
Alexandre Derumier
rename ./pvefw enabletaprules -> ./pvefw enablevmfw
commit
|
commitdiff
|
tree
2014-02-13
Alexandre Derumier
host firewall support
commit
|
commitdiff
|
tree
2014-02-13
Alexandre Derumier
add src and destination range
commit
|
commitdiff
|
tree
2014-02-13
Alexandre Derumier
add support for multiport
commit
|
commitdiff
|
tree
2014-02-13
Alexandre Derumier
basic bridge iptables implementation
commit
|
commitdiff
|
tree
2012-08-21
Michel Loiseleur
Clarify zone names
commit
|
commitdiff
|
tree
2012-08-16
Dietmar Maurer
parse protocols and ports
commit
|
commitdiff
|
tree
2012-08-16
Dietmar Maurer
parse source and destination address lists
commit
|
commitdiff
|
tree
2012-08-14
Dietmar Maurer
implement workaround for inbound rules with source IP
commit
|
commitdiff
|
tree
2012-08-10
Dietmar Maurer
describe the problem
commit
|
commitdiff
|
tree
2012-08-10
Dietmar Maurer
add more docu
commit
|
commitdiff
|
tree
2012-08-10
Dietmar Maurer
improve docu
commit
|
commitdiff
|
tree
2012-08-10
Dietmar Maurer
cleanups
commit
|
commitdiff
|
tree
next