2014-07-21 Dietmar MaurerFirewall/Rules: add permissions
2014-07-21 Dietmar MaurerFirewall/Groups: add permissions
2014-07-21 Dietmar MaurerFirewall/VM: add permissions
2014-07-21 Dietmar MaurerFirewall/Host: add permissions
2014-07-21 Dietmar MaurerFirewall/Cluster: add permissions
2014-06-26 Dietmar Maurergenerate MAC and IP filter rules if firewall is enabled...
2014-06-26 Dietmar Maurerbump version to 1.0-7
2014-06-26 Dietmar Maurerproxy host rule API calls to correct node
2014-06-12 Dietmar Maurerbump version to 1.0-6
2014-06-12 Dietmar Maureradd example for ipfilter ipset
2014-06-12 Dietmar Maureradd regression tests for ipfilter
2014-06-12 Dietmar Maurerfwtester: add more network (net1, net2) to vm100 to...
2014-06-12 Dietmar Maurerimplement negative ipset match
2014-06-12 Dietmar Maureruse separate ipfilter ipset on each interface
2014-06-11 Dietmar Maureradd support for ipfilter ipset
2014-06-04 Dietmar Maurergenerate /etc/pve/firewall directory automatically
2014-06-04 Dietmar Maureravoid errors about undefined values
2014-06-04 Dietmar Maurerbump version to 1.0-5
2014-06-04 Dietmar Maurerremove ipsets when firewall disabled
2014-06-04 Dietmar Maurerreturn empty ruleset if firewall disabled in cluster.fw
2014-06-04 Dietmar Maurerbump version to 1.0-4
2014-06-04 Dietmar Maurerdepend on iptables and ipset
2014-06-04 Dietmar Maurerchange dh_installinit order
2014-06-02 Dietmar Maurerimprove error message
2014-06-02 Dietmar Maurergenerate warnings when we read the configuration file
2014-05-30 Dietmar Maurerpass ipset errors to GUI
2014-05-30 Dietmar Maurerskip non-existent aliases inside ipset configuration
2014-05-30 Dietmar Maurerremove dead code from previous commit
2014-05-30 Dietmar Maurercode cleanup - introcduce new method resolve_alias
2014-05-30 Dietmar Maureranother regression test
2014-05-30 Dietmar Maurercleanup: try to use more consistent method naming
2014-05-30 Dietmar MaurerAPI: add ability to restrict ref list to specified...
2014-05-30 Dietmar MaurerAPI fix: allow aliases in IPSets
2014-05-30 Dietmar Maurerparser: verify group and ipset names
2014-05-28 Dietmar Maurerimplement API to get list of possible refs (aliases...
2014-05-28 Dietmar Maurerintroduce ipset_name_pattern to avoid confusion
2014-05-28 Dietmar Maurerlimit alias/ipset name length to 64 characters
2014-05-28 Dietmar Maureradd test for long ipset names
2014-05-28 Dietmar Maurerfix ipset match - s/src/dst/
2014-05-28 Dietmar Maurerimplement VM ipsets, allow long ipset names
2014-05-28 Dietmar Maureralways pass cluster_conf to load_vmfw_conf
2014-05-27 Dietmar Maurerimplement ipsets for VM/CT
2014-05-27 Dietmar Maurerdo not print trace when debug is not set
2014-05-27 Dietmar Maurerwhite space cleanup
2014-05-27 Dietmar Maurerimplement aliases at VM level
2014-05-27 Dietmar Maureradd test for aliases inside vm firewall configuration
2014-05-27 Dietmar Maurerfwtester.pl: add warnings to trace
2014-05-27 Alexandre Derumieroptimize blacklist : create a PVEFW-blacklist chain
2014-05-26 Dietmar Maurerfix comment
2014-05-26 Dietmar Maurerskip diabled rules and rules with errors early
2014-05-26 Dietmar Maurerruleset_generate_vm_rules: skip rules with errors
2014-05-26 Dietmar Maurerimprove rule verification
2014-05-26 Dietmar Maurerpass $rule_env (cluster/host/vm/ct) to rule parser.
2014-05-23 Dietmar Maurerimprove error handling
2014-05-23 Dietmar Maurerallow to read rule with errors
2014-05-22 Dietmar Maurerclose inotify handle before restart
2014-05-21 Dietmar Maurerimprove rules API
2014-05-21 Dietmar Maurerfix API: property sport/dport requires protocol
2014-05-21 Dietmar Maurerfix test/test-errors3 - protect rule generation with...
2014-05-21 Dietmar Maureradd new test case to show serious bug
2014-05-21 Dietmar Maurerallow igmp traffic
2014-05-21 Dietmar Maureradd another test case
2014-05-21 Dietmar Maurerfix for test case test/test-errors1
2014-05-21 Dietmar Maureradd test case to show serious bug
2014-05-21 Dietmar Maureruse GET instead of POST for command that do not change...
2014-05-21 Dietmar Maureradd new localnet command
2014-05-21 Dietmar Maurerrename cluster_network to local_network, introduce...
2014-05-21 Dietmar Maureradd tests for management ipset
2014-05-21 Dietmar MaurerIntroduce new management ipset
2014-05-21 Dietmar Maurerdo not use ctstate in corosync rule
2014-05-20 Dietmar Maurerstart alias support for VMs
2014-05-20 Dietmar Maurerimprove documentation
2014-05-20 Dietmar Maurerdo not log simulate warnings to syslog
2014-05-20 Dietmar Maureradd simulate command for easy testing
2014-05-20 Dietmar Maurermove test code to FirewallSimulator.pm
2014-05-20 Dietmar Maureradd tests for corosync multicast addrtype rules
2014-05-20 Dietmar Maurerdo not enable VM firewall by default
2014-05-20 Dietmar Maureradd tests for default rules
2014-05-20 Dietmar Maurerfwtester: set cluster network to, host_ip...
2014-05-20 Dietmar Maurerallow tests without cluster.fw and host.fw configuration
2014-05-20 Dietmar Maureralso allow VNC and SPICE traffic inside cluster_network
2014-05-20 Dietmar Maurerdo not use -s for outgoing corosync rules
2014-05-20 Dietmar Maurerimplement setter for cluster_network
2014-05-20 Dietmar Maurerfix regression test for previous commits
2014-05-20 Dietmar Maureruse $accept_action for standard rules
2014-05-20 Dietmar Maureradd standard rules after user rules
2014-05-20 Dietmar Maurerfix corosync rules (restrict to cluster network)
2014-05-20 Dietmar Maurerremove wrong corosync rules using port 9000
2014-05-19 Dietmar Maurerallow API/SSH/SPICE/VNC traffic on local cluster networ...
2014-05-19 Dietmar Maurerremove unused options
2014-05-19 Dietmar Maureradd init function
2014-05-19 Dietmar Maurerdo not restart pvefw-logger with debian triggers
2014-05-19 Dietmar Maureravoid logs by default
2014-05-19 Dietmar Maurerremove unused parameters
2014-05-19 Alexandre Derumierbirectionnal macros cleanups
2014-05-19 Dietmar Maurerchange rule format: use named parameters
2014-05-16 Dietmar Maurerinclude manual page
2014-05-16 Dietmar Maurercleanup firewall service implementation
2014-05-16 Alexandre Derumierbypass PVEFW-VENET-IN|OUT for unfirewalled venet0 ips
2014-05-16 Dietmar Maurerdo not abort if security groups does not exists