pve-firewall.git
2014-03-10 Dietmar Maureravoid use of --physdev-is-bridged whenever possible
2014-03-10 Dietmar Maureruse correct mac for veth containers
2014-03-10 Dietmar Maureradd reminder that we should use ULOG
2014-03-10 Dietmar Maureradd documentation for masqueraded setup
2014-03-07 Dietmar Maurerdo not use multiport for single port range
2014-03-06 Dietmar Maurerifupdown.sh: correctly use ifup instead of ifconfig
2014-03-06 Dietmar Maurerifupdown.sh: improve error handling
2014-03-06 Dietmar Maureradd ifupdown helper to create veth devices plugged...
2014-03-06 Dietmar Maurerupdate documentation
2014-03-06 Dietmar Maurerimplement allow_bridge_route feature
2014-03-06 Dietmar Maureruse perl taint mode
2014-03-06 Dietmar Maurerdo not use perl -w
2014-03-06 Dietmar Maureruse RETURN instead of ACCEPT to allow further processing
2014-03-06 Dietmar Maureronly update nf_conntrack_max if firewall is started
2014-03-05 Dietmar Maurerplug venet0 chains into PVEFW-INPUT and PVEFW-OUTPUT
2014-03-05 Dietmar Maurerplug venet0 chains into PVEFW-FORWARD
2014-03-05 Dietmar Maureradd optimization as last step
2014-03-05 Dietmar Maureruse parse_address_list to validate IP list
2014-03-05 Dietmar Maurergenerate chains for openvz venet
2014-03-05 Dietmar Maureradd veth chain to is_pvefw_chain()
2014-03-05 Dietmar Maurerstart openvz support
2014-03-05 Dietmar Maureruse underscore instead of hyphen for fw options
2014-03-05 Dietmar Maureradd nf_conntrack_max to example config
2014-03-05 Dietmar Maurerimplement nf_conntrack_max option
2014-03-05 Dietmar Maurercleanup - avoid warning about undefined value
2014-03-05 Dietmar Maurercleanups - use better names
2014-03-04 Dietmar Maurerimprove logging
2014-03-04 Dietmar Maurercorrectly init PVEFW-FORWARD chain
2014-03-04 Dietmar Maureradd $bridge-OUT chain to PVEFW-INPUT
2014-03-04 Dietmar Maurerclear mark when entering tapXZY-OUT chain
2014-03-04 Dietmar Maurercorrectly implement policy for host firewall
2014-03-04 Dietmar Maurerfactor out code to produce policy rules
2014-03-04 Dietmar Maurerfix comment
2014-03-04 Dietmar Maurerremove unnecessary rule
2014-03-04 Dietmar Maurers/enablehostfw/enable_host_firewall/
2014-03-04 Dietmar Maurermake sure syncookies are enabled
2014-03-04 Dietmar Maureruse PVE::ProcFSTools::write_proc_entry instead of syste...
2014-03-04 Dietmar Maurercleanup ruleset_generate_rule()
2014-03-04 Dietmar Maurerimprove clean target
2014-03-04 Dietmar Maurerremove stale file
2014-03-03 Dietmar Maurermerge IN/OUT section into RULES section
2014-03-03 Dietmar Maurerassemble debian package
2014-02-28 Dietmar Maurerimplement log_level_in and log_level_out options
2014-02-28 Dietmar Maurerimplement log level options
2014-02-28 Dietmar Maureruse a file to store firewall status persistently.
2014-02-28 Dietmar MaurerignoreZ source/destination port if no protocol specified
2014-02-27 Dietmar Maureruse defined() to check fot undefined value
2014-02-27 Dietmar Maurerimprove multiport rule generator
2014-02-27 Dietmar Maurerfix Ping macro
2014-02-27 Dietmar Maurerimprove example
2014-02-27 Dietmar Maurerallow to disable single rules, and add ability to add...
2014-02-27 Dietmar Maureradd 'dhcp' option (enabled by default)
2014-02-27 Dietmar Maureruse PVEFW-reject instead of REJECT
2014-02-27 Dietmar Maureraccept traffic to unmanaged bridge ports
2014-02-27 Dietmar Maurercorrectly apply macros
2014-02-26 Dietmar Maurerimplement nosmurfs options (enabled by default)
2014-02-26 Dietmar Maurerimplement option 'tcpflags' to log illegal combinations...
2014-02-26 Dietmar Maurermake mac address filtering optional (default enabled)
2014-02-26 Dietmar Maureruse chains from previous commit to reduce logging
2014-02-26 Dietmar Maureradd some useful chains
2014-02-26 Dietmar Maureradd a way to define some default chains
2014-02-26 Dietmar Maurerfix multiport rules and add icmp type names
2014-02-26 Dietmar Maurercleanups
2014-02-26 Dietmar Maureralways use PVEFW-SET-ACCEPT-MARK for OUT chain
2014-02-26 Alexandre Derumierbridge rules : -j ACCEPT for physical interfaces
2014-02-25 Alexandre Derumieruse RETURN instead ACCEPT for tap-out rules
2014-02-25 Dietmar Maurerimplement VM policy option
2014-02-25 Dietmar Maurerimplement 'enable' option
2014-02-25 Dietmar Maurercompile: use verbose output when started from CLI
2014-02-25 Dietmar Maurerrename chain $bridge to $bridge-FW
2014-02-25 Alexandre Derumieroptimize bridge chains
2014-02-25 Alexandre Derumierparse_port_name_number_or_range fix range check
2014-02-21 Dietmar Maurerdo not delete PVEFW-INPUT, PVEFW-OUTPUT and PVEFW-FORWA...
2014-02-21 Dietmar Maurerimplement simple option parser
2014-02-20 Dietmar Maureruse conntrack instead of state
2014-02-20 Dietmar Maurerallow traffic from lo (PVEFW-INPUT)
2014-02-20 Dietmar Maurerdefine more macros (converted most shorewall macros)
2014-02-20 Dietmar Maureruse $rule->{dest} instead of $rule->{destination}
2014-02-20 Dietmar Maurerimplement macros
2014-02-19 Dietmar Maureronly use --mark for OUT chain
2014-02-19 Dietmar Maurerjump to ACCEPT for IN rules
2014-02-19 Dietmar Maurerimprove parser
2014-02-19 Dietmar Maureruse accept mark for security groups
2014-02-19 Dietmar Maurercorrectly remove stale chains
2014-02-18 Dietmar Maurerpass $ruleset instead of $rule
2014-02-18 Dietmar Maurercheck chain name length (max 28 chars)
2014-02-18 Dietmar Maureruse --comment to store SHA1 signature
2014-02-18 Dietmar Maurersplit compile from apply
2014-02-18 Dietmar Maureravoid perl warning
2014-02-18 Dietmar Maurerenable proc/sys/net/bridge/bridge-nf-call-iptables
2014-02-18 Dietmar Maureradd MAC filter
2014-02-18 Dietmar Maurercleanup chain names
2014-02-18 Alexandre Derumiertest if BRIDGEFW-OUT and BRIDGEFW-IN exist
2014-02-17 Dietmar Maurersimplify firewall and use MD5 hash to detect changes
2014-02-17 Dietmar Maurerconsider host-IN/OUT chains in iptables_get_chains
2014-02-17 Dietmar Maurerconsider security group chains in iptables_get_chains
2014-02-14 Dietmar Maurerimplement stop command using new iptables_get_chains
2014-02-14 Dietmar Maurerexperimental code to read existing chains and compute...
2014-02-14 Dietmar Maurerfix iptables-restore - correctly add newline after...
2014-02-14 Dietmar Maurerremove shorewall rule compiler
next