[vyatta-svn] Configuration templates and scripts for the firewall subsystem.: Changes to 'master'
Rick Balocca
rbalocca at suva.vyatta.com
Sun Jun 29 18:18:45 PDT 2008
.gitignore | 2
ChangeLog | 1
Makefile.am | 2
debian/autogen.sh | 26 -
debian/changelog | 47 +
scripts/firewall/VyattaIpTablesRule.pm | 55 ++
scripts/firewall/firewall.init.in | 6
scripts/firewall/vyatta-firewall.pl | 240 ++++++----
templates/firewall/broadcast-ping/node.def | 2
templates/firewall/conntrack-table-size/node.def | 36 +
templates/firewall/conntrack-tcp-loose/node.def | 54 ++
templates/firewall/ip-src-route/node.def | 2
templates/firewall/log-martians/node.def | 2
templates/firewall/modify/node.def | 4
templates/firewall/modify/node.tag/description/node.def | 2
templates/firewall/modify/node.tag/rule/node.def | 4
templates/firewall/modify/node.tag/rule/node.tag/action/node.def | 4
templates/firewall/modify/node.tag/rule/node.tag/description/node.def | 2
templates/firewall/modify/node.tag/rule/node.tag/destination/address/node.def | 9
templates/firewall/modify/node.tag/rule/node.tag/destination/node.def | 1
templates/firewall/modify/node.tag/rule/node.tag/destination/port/node.def | 8
templates/firewall/modify/node.tag/rule/node.tag/icmp/code/node.def | 3
templates/firewall/modify/node.tag/rule/node.tag/icmp/node.def | 1
templates/firewall/modify/node.tag/rule/node.tag/icmp/type/node.def | 3
templates/firewall/modify/node.tag/rule/node.tag/log/node.def | 3
templates/firewall/modify/node.tag/rule/node.tag/modify/dscp/node.def | 4
templates/firewall/modify/node.tag/rule/node.tag/modify/mark/node.def | 2
templates/firewall/modify/node.tag/rule/node.tag/modify/node.def | 1
templates/firewall/modify/node.tag/rule/node.tag/protocol/node.def | 8
templates/firewall/modify/node.tag/rule/node.tag/source/address/node.def | 9
templates/firewall/modify/node.tag/rule/node.tag/source/mac-address/node.def | 3
templates/firewall/modify/node.tag/rule/node.tag/source/node.def | 1
templates/firewall/modify/node.tag/rule/node.tag/source/port/node.def | 8
templates/firewall/modify/node.tag/rule/node.tag/state/established/node.def | 3
templates/firewall/modify/node.tag/rule/node.tag/state/invalid/node.def | 3
templates/firewall/modify/node.tag/rule/node.tag/state/new/node.def | 3
templates/firewall/modify/node.tag/rule/node.tag/state/node.def | 1
templates/firewall/modify/node.tag/rule/node.tag/state/related/node.def | 3
templates/firewall/name/node.def | 2
templates/firewall/name/node.tag/description/node.def | 2
templates/firewall/name/node.tag/rule/node.def | 2
templates/firewall/name/node.tag/rule/node.tag/action/node.def | 5
templates/firewall/name/node.tag/rule/node.tag/description/node.def | 2
templates/firewall/name/node.tag/rule/node.tag/destination/address/node.def | 14
templates/firewall/name/node.tag/rule/node.tag/destination/node.def | 2
templates/firewall/name/node.tag/rule/node.tag/destination/port/node.def | 4
templates/firewall/name/node.tag/rule/node.tag/icmp/code/node.def | 2
templates/firewall/name/node.tag/rule/node.tag/icmp/node.def | 2
templates/firewall/name/node.tag/rule/node.tag/icmp/type/node.def | 2
templates/firewall/name/node.tag/rule/node.tag/ipsec/match-ipsec/node.def | 1
templates/firewall/name/node.tag/rule/node.tag/ipsec/match-none/node.def | 1
templates/firewall/name/node.tag/rule/node.tag/ipsec/node.def | 1
templates/firewall/name/node.tag/rule/node.tag/log/node.def | 2
templates/firewall/name/node.tag/rule/node.tag/protocol/node.def | 10
templates/firewall/name/node.tag/rule/node.tag/source/address/node.def | 14
templates/firewall/name/node.tag/rule/node.tag/source/mac-address/node.def | 2
templates/firewall/name/node.tag/rule/node.tag/source/node.def | 2
templates/firewall/name/node.tag/rule/node.tag/source/port/node.def | 4
templates/firewall/name/node.tag/rule/node.tag/state/established/node.def | 2
templates/firewall/name/node.tag/rule/node.tag/state/invalid/node.def | 2
templates/firewall/name/node.tag/rule/node.tag/state/new/node.def | 2
templates/firewall/name/node.tag/rule/node.tag/state/node.def | 2
templates/firewall/name/node.tag/rule/node.tag/state/related/node.def | 2
templates/firewall/receive-redirects/node.def | 2
templates/firewall/send-redirects/node.def | 2
templates/firewall/syn-cookies/node.def | 2
templates/interfaces/adsl/node.tag/pvc/node.tag/classical-ipoa/firewall/in/name/node.def | 18
templates/interfaces/adsl/node.tag/pvc/node.tag/classical-ipoa/firewall/in/node.def | 1
templates/interfaces/adsl/node.tag/pvc/node.tag/classical-ipoa/firewall/local/name/node.def | 18
templates/interfaces/adsl/node.tag/pvc/node.tag/classical-ipoa/firewall/local/node.def | 1
templates/interfaces/adsl/node.tag/pvc/node.tag/classical-ipoa/firewall/node.def | 1
templates/interfaces/adsl/node.tag/pvc/node.tag/classical-ipoa/firewall/out/name/node.def | 18
templates/interfaces/adsl/node.tag/pvc/node.tag/classical-ipoa/firewall/out/node.def | 1
templates/interfaces/adsl/node.tag/pvc/node.tag/pppoa/node.tag/firewall/in/name/node.def | 18
templates/interfaces/adsl/node.tag/pvc/node.tag/pppoa/node.tag/firewall/in/node.def | 1
templates/interfaces/adsl/node.tag/pvc/node.tag/pppoa/node.tag/firewall/local/name/node.def | 18
templates/interfaces/adsl/node.tag/pvc/node.tag/pppoa/node.tag/firewall/local/node.def | 1
templates/interfaces/adsl/node.tag/pvc/node.tag/pppoa/node.tag/firewall/node.def | 1
templates/interfaces/adsl/node.tag/pvc/node.tag/pppoa/node.tag/firewall/out/name/node.def | 18
templates/interfaces/adsl/node.tag/pvc/node.tag/pppoa/node.tag/firewall/out/node.def | 1
templates/interfaces/adsl/node.tag/pvc/node.tag/pppoe/node.tag/firewall/in/name/node.def | 18
templates/interfaces/adsl/node.tag/pvc/node.tag/pppoe/node.tag/firewall/in/node.def | 1
templates/interfaces/adsl/node.tag/pvc/node.tag/pppoe/node.tag/firewall/local/name/node.def | 18
templates/interfaces/adsl/node.tag/pvc/node.tag/pppoe/node.tag/firewall/local/node.def | 1
templates/interfaces/adsl/node.tag/pvc/node.tag/pppoe/node.tag/firewall/node.def | 1
templates/interfaces/adsl/node.tag/pvc/node.tag/pppoe/node.tag/firewall/out/name/node.def | 18
templates/interfaces/adsl/node.tag/pvc/node.tag/pppoe/node.tag/firewall/out/node.def | 1
templates/interfaces/ethernet/node.tag/firewall/in/name/node.def | 2
templates/interfaces/ethernet/node.tag/firewall/in/node.def | 2
templates/interfaces/ethernet/node.tag/firewall/local/name/node.def | 2
templates/interfaces/ethernet/node.tag/firewall/local/node.def | 2
templates/interfaces/ethernet/node.tag/firewall/node.def | 2
templates/interfaces/ethernet/node.tag/firewall/out/name/node.def | 2
templates/interfaces/ethernet/node.tag/firewall/out/node.def | 2
templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/in/name/node.def | 2
templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/in/node.def | 2
templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/local/name/node.def | 2
templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/local/node.def | 2
templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/node.def | 2
templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/out/name/node.def | 2
templates/interfaces/ethernet/node.tag/pppoe/node.tag/firewall/out/node.def | 2
templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/in/name/node.def | 2
templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/in/node.def | 2
templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/local/name/node.def | 2
templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/local/node.def | 2
templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/node.def | 2
templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/out/name/node.def | 2
templates/interfaces/ethernet/node.tag/vif/node.tag/firewall/out/node.def | 2
templates/interfaces/tunnel/node.tag/firewall/in/name/node.def | 2
templates/interfaces/tunnel/node.tag/firewall/in/node.def | 2
templates/interfaces/tunnel/node.tag/firewall/local/name/node.def | 2
templates/interfaces/tunnel/node.tag/firewall/local/node.def | 2
templates/interfaces/tunnel/node.tag/firewall/node.def | 2
templates/interfaces/tunnel/node.tag/firewall/out/name/node.def | 2
templates/interfaces/tunnel/node.tag/firewall/out/node.def | 2
115 files changed, 705 insertions(+), 185 deletions(-)
New commits:
commit 21aa325e88229a1511200ebd426ccfa30262b179
Author: An-Cheng Huang <ancheng at vyatta.com>
Date: Wed Jun 18 19:02:30 2008 -0700
increment firewall config syntax version for hollywood.
commit f47760c1828b0901f517d8f244e15dd887b1729d
Author: Mark O'Brien <mobrien at firebolt.vyatta.com>
Date: Tue Jun 17 09:26:05 2008 -0700
3.1.0
commit 1a830e882a0c5404f900317ba2da28b2e76db326
Author: Stephen Hemminger <stephen.hemminger at vyatta.com>
Date: Sat Jun 7 13:53:15 2008 -0700
Use regular snmpd
Use version rather than package name to get snmpd
Revert "Add vyatta-snmpd"
This reverts commit b5521426168a30da7ffd806703613f85c5fb31e3.
commit ce3b792e020062d4cf17d452cb432d900a13bd64
Author: Bob Gilligan <gilligan at vyatta.com>
Date: Thu Jun 5 17:07:39 2008 -0700
Bugfix: 2120
Added a configuration parameter to set the netfilter conntrack table
size.
commit 72513826f382a2fe4fa188c2477a01925478ac12
Author: Bob Gilligan <gilligan at vyatta.com>
Date: Thu Jun 5 16:20:10 2008 -0700
Bugfix: 2122
Add configuration parameter to set netfilter ip_conntrack_tcp_loose.
commit b5521426168a30da7ffd806703613f85c5fb31e3
Author: rbalocca <rbalocca at vyatta.com>
Date: Thu Jun 5 14:38:00 2008 -0700
Add vyatta-snmpd
commit 72bab48701d9e92d35ab0c7bb06d0a13d2be15ca
Author: An-Cheng Huang <ancheng at vyatta.com>
Date: Wed Jun 4 18:27:53 2008 -0700
rename "mangle" to "modify"
commit 10a8dda601c4b101bf523d49121a2cd7e179f895
Author: rbalocca <rbalocca at vyatta.com>
Date: Tue May 20 11:35:08 2008 -0700
Ignore derived files
commit 667e6987770ef9c072fdc26226820bdd2b8acd48
Author: An-Cheng Huang <ancheng at vyatta.com>
Date: Mon May 19 05:12:44 2008 -0700
allow firewall rule to match inbound IPsec packets.
commit 184b1af2794b5187f33bc6ce14d2d28f84a827a6
Author: An-Cheng Huang <ancheng at vyatta.com>
Date: Tue May 13 17:29:41 2008 -0700
add "inspect" action (maps to QUEUE) so "custom" traffic-filter for IPS
can be defined in "firewall".
commit 648b2b2ac928461c8a83a43e0f455edb96552ddd
Author: An-Cheng Huang <ancheng at vyatta.com>
Date: Fri May 9 18:26:22 2008 -0700
add mangle table support to firewall configuration. initial implementation
allows MARK and DSCP jump targets.
commit bf5ed000329de5cccb9af7a8d46a3c4ef3079486
Author: rbalocca <rbalocca at vyatta.com>
Date: Wed May 7 14:45:01 2008 -0700
Convert to our method of changelog creation
commit 1a99f235fd34d2dcf53032a81acb2d9097c4e9dc
Author: Bob Gilligan <gilligan at vyatta.com>
Date: Wed Apr 30 12:21:35 2008 -0700
Add firewall templates for PPPOA, PPPOE, and classical IP over ATM, on
ADSL interfaces.
commit 5351776c92aba1febae07f6558976be8a4002248
Author: Mohit Mehta <mohit.mehta at vyatta.com>
Date: Wed Apr 9 01:17:42 2008 +0000
Fix Bug 3069 Help strings should be standardized
- help strings standardized for vyatta-cfg-firewall
commit 041c76680a23aa1204cc08d3720d2957f45a9fac
Author: An-Cheng Huang <ancheng at vyatta.com>
Date: Tue Apr 8 16:34:09 2008 -0700
add post-firewall hook for other features
commit 7271fce2882df7a1251608203099fc54862b78d1
Author: An-Cheng Huang <ancheng at vyatta.com>
Date: Tue Apr 8 11:09:31 2008 -0700
fix for bug 3127: look for an exact match to replace/delete.
http://suva.vyatta.com/git/?p=vyatta-cfg-firewall.git;a=commitdiff;h=21aa325e88229a1511200ebd426ccfa30262b179
http://suva.vyatta.com/git/?p=vyatta-cfg-firewall.git;a=commitdiff;h=f47760c1828b0901f517d8f244e15dd887b1729d
http://suva.vyatta.com/git/?p=vyatta-cfg-firewall.git;a=commitdiff;h=1a830e882a0c5404f900317ba2da28b2e76db326
http://suva.vyatta.com/git/?p=vyatta-cfg-firewall.git;a=commitdiff;h=ce3b792e020062d4cf17d452cb432d900a13bd64
http://suva.vyatta.com/git/?p=vyatta-cfg-firewall.git;a=commitdiff;h=72513826f382a2fe4fa188c2477a01925478ac12
http://suva.vyatta.com/git/?p=vyatta-cfg-firewall.git;a=commitdiff;h=b5521426168a30da7ffd806703613f85c5fb31e3
http://suva.vyatta.com/git/?p=vyatta-cfg-firewall.git;a=commitdiff;h=72bab48701d9e92d35ab0c7bb06d0a13d2be15ca
http://suva.vyatta.com/git/?p=vyatta-cfg-firewall.git;a=commitdiff;h=10a8dda601c4b101bf523d49121a2cd7e179f895
http://suva.vyatta.com/git/?p=vyatta-cfg-firewall.git;a=commitdiff;h=667e6987770ef9c072fdc26226820bdd2b8acd48
http://suva.vyatta.com/git/?p=vyatta-cfg-firewall.git;a=commitdiff;h=184b1af2794b5187f33bc6ce14d2d28f84a827a6
http://suva.vyatta.com/git/?p=vyatta-cfg-firewall.git;a=commitdiff;h=648b2b2ac928461c8a83a43e0f455edb96552ddd
http://suva.vyatta.com/git/?p=vyatta-cfg-firewall.git;a=commitdiff;h=bf5ed000329de5cccb9af7a8d46a3c4ef3079486
http://suva.vyatta.com/git/?p=vyatta-cfg-firewall.git;a=commitdiff;h=1a99f235fd34d2dcf53032a81acb2d9097c4e9dc
http://suva.vyatta.com/git/?p=vyatta-cfg-firewall.git;a=commitdiff;h=5351776c92aba1febae07f6558976be8a4002248
http://suva.vyatta.com/git/?p=vyatta-cfg-firewall.git;a=commitdiff;h=041c76680a23aa1204cc08d3720d2957f45a9fac
http://suva.vyatta.com/git/?p=vyatta-cfg-firewall.git;a=commitdiff;h=7271fce2882df7a1251608203099fc54862b78d1
More information about the svn
mailing list