Proxmox/pve-firewall
5
0
Fork 0
mirror of git://git.proxmox.com/git/pve-firewall.git synced 2025-01-24 06:03:55 +03:00
Code Releases Activity
614 Commits 6 Branches 0 Tags
Commit Graph

614 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dietmar Maurer
571e47f9dd make dependency to cman/clvm optional 2014-09-08 13:06:39 +02:00
Dietmar Maurer
03170bbd02 do not start daemons during installation 2014-09-08 12:25:13 +02:00
Dietmar Maurer
05fd3b63be bump version to 1.0-8 2014-09-08 12:17:02 +02:00
Dietmar Maurer
9f6845cfa9 Firewall/IPSet: implement permission 
Facor out common code into PVE/Firewall.
 2014-07-21 10:48:00 +02:00
Dietmar Maurer
7f733a5a9f Firewall/Rules: add permissions 2014-07-21 10:24:09 +02:00
Dietmar Maurer
5c9da37bf6 Firewall/Groups: add permissions 2014-07-21 09:54:42 +02:00
Dietmar Maurer
16c8f5d71c Firewall/VM: add permissions 2014-07-21 09:52:01 +02:00
Dietmar Maurer
60c103df97 Firewall/Host: add permissions 2014-07-21 09:40:34 +02:00
Dietmar Maurer
0ec568419a Firewall/Cluster: add permissions 2014-07-21 09:33:18 +02:00
Dietmar Maurer
a34cfdd0d1 generate MAC and IP filter rules if firewall is enabled on NIC 
Only omit rules if firewall is disabled. Also remove ipfilter for
venet, because that is not required (kernel does that job for us).
 2014-06-26 09:12:23 +02:00
Dietmar Maurer
bea9d5ab11 bump version to 1.0-7 2014-06-26 07:13:16 +02:00
Dietmar Maurer
eadbc1ded3 proxy host rule API calls to correct node 2014-06-26 07:12:06 +02:00
Dietmar Maurer
582275c31f bump version to 1.0-6 2014-06-12 08:37:43 +02:00
Dietmar Maurer
d562837827 add example for ipfilter ipset 2014-06-12 08:36:05 +02:00
Dietmar Maurer
a306a176c4 add regression tests for ipfilter 2014-06-12 08:32:11 +02:00
Dietmar Maurer
66f33d78ed fwtester: add more network (net1, net2) to vm100 to test ipfilter 2014-06-12 08:30:33 +02:00
Dietmar Maurer
b625713bdd implement negative ipset match 
To simulate ipfilter.
 2014-06-12 08:29:32 +02:00
Dietmar Maurer
b692f42c1b use separate ipfilter ipset on each interface 2014-06-12 06:39:31 +02:00
Dietmar Maurer
808d711d1c add support for ipfilter ipset 2014-06-11 09:59:21 +02:00
Dietmar Maurer
210534093a generate /etc/pve/firewall directory automatically 2014-06-04 09:13:43 +02:00
Dietmar Maurer
89ea63c8a9 avoid errors about undefined values 2014-06-04 09:03:53 +02:00
Dietmar Maurer
de0c1e49cd bump version to 1.0-5 2014-06-04 08:50:57 +02:00
Dietmar Maurer
55fad3b788 remove ipsets when firewall disabled 
And improve status output
 2014-06-04 08:40:15 +02:00
Dietmar Maurer
085fd492bf return empty ruleset if firewall disabled in cluster.fw 2014-06-04 07:24:34 +02:00
Dietmar Maurer
64c266f582 bump version to 1.0-4 2014-06-04 06:50:32 +02:00
Dietmar Maurer
6f0b67e91c depend on iptables and ipset 2014-06-04 06:44:57 +02:00
Dietmar Maurer
16bcfa8b77 change dh_installinit order 2014-06-04 06:36:55 +02:00
Dietmar Maurer
9a3061c7e2 improve error message 2014-06-02 13:17:53 +02:00
Dietmar Maurer
c8c534f7a4 generate warnings when we read the configuration file 2014-06-02 13:14:42 +02:00
Dietmar Maurer
d46b1ef6fb pass ipset errors to GUI 2014-05-30 13:06:55 +02:00
Dietmar Maurer
4803b296c5 skip non-existent aliases inside ipset configuration 2014-05-30 12:40:25 +02:00
Dietmar Maurer
af2bc60c6c remove dead code from previous commit 2014-05-30 12:26:40 +02:00
Dietmar Maurer
6c22157652 code cleanup - introcduce new method resolve_alias 2014-05-30 12:24:40 +02:00
Dietmar Maurer
3782185622 another regression test 2014-05-30 11:28:24 +02:00
Dietmar Maurer
e5cd1ee01c cleanup: try to use more consistent method naming 2014-05-30 11:21:30 +02:00
Dietmar Maurer
f2c0865cf3 API: add ability to restrict ref list to specified type 2014-05-30 09:37:49 +02:00
Dietmar Maurer
7c619bbb2c API fix: allow aliases in IPSets 2014-05-30 09:37:27 +02:00
Dietmar Maurer
351052d148 parser: verify group and ipset names 2014-05-30 08:24:03 +02:00
Dietmar Maurer
947d6ea2ed implement API to get list of possible refs (aliases + ipsets) 2014-05-28 13:57:21 +02:00
Dietmar Maurer
4dfe04e604 introduce ipset_name_pattern to avoid confusion 2014-05-28 12:59:17 +02:00
Dietmar Maurer
e2c627332f limit alias/ipset name length to 64 characters 2014-05-28 12:51:06 +02:00
Dietmar Maurer
6af480d46d add test for long ipset names 2014-05-28 10:45:27 +02:00
Dietmar Maurer
ac4580a02e fix ipset match - s/src/dst/ 2014-05-28 10:41:50 +02:00
Dietmar Maurer
708ba7149c implement VM ipsets, allow long ipset names 
If names are to long, We simply use the FNV digest instead of the name.
 2014-05-28 10:31:03 +02:00
Dietmar Maurer
42ec817818 always pass cluster_conf to load_vmfw_conf 2014-05-28 06:47:05 +02:00
Dietmar Maurer
1210ae94fb implement ipsets for VM/CT 2014-05-27 11:38:54 +02:00
Dietmar Maurer
1521df52e4 do not print trace when debug is not set 2014-05-27 11:31:09 +02:00
Dietmar Maurer
bfc488f6ca white space cleanup 2014-05-27 08:03:09 +02:00
Dietmar Maurer
e523d2bb40 implement aliases at VM level 2014-05-27 07:58:32 +02:00
Dietmar Maurer
9b284533ff add test for aliases inside vm firewall configuration 2014-05-27 07:57:16 +02:00