Proxmox/pve-firewall
5
0
Fork 0
mirror of git://git.proxmox.com/git/pve-firewall.git synced 2025-02-01 09:47:24 +03:00
Code Releases Activity
830 Commits 6 Branches 0 Tags
Commit Graph

830 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Wolfgang Bumiller
a42e976370 add DHCPv6 macro 2016-01-26 13:17:38 +01:00
Wolfgang Bumiller
dcafc5fb7b add dhcpv6 support to the dhcp option 2016-01-26 13:17:09 +01:00
Wolfgang Bumiller
6c293b5d0d make LEPRINT* macros safe to use with if/else pairs 2016-01-26 11:03:15 +01:00
Dietmar Maurer
008560d299 set RELEASE=4.1 2016-01-07 16:36:18 +01:00
Dietmar Maurer
ab1b8d3c27 bump version to 2.0-15 2016-01-07 16:34:09 +01:00
Wolfgang Bumiller
a89dfcc6dd use $security_group_name_pattern in iptables_get_chains 
Fixes #859
 2016-01-07 16:32:16 +01:00
Wolfgang Bumiller
a3ded5cd65 fix some regular expressions mixups 
Replacing some (:?...) with (?:...) which makes more sense
here.
 2016-01-07 16:31:15 +01:00
Dietmar Maurer
c9c8d7a3d5 bump version to 2.0-14 2015-11-27 10:53:21 +01:00
Dietmar Maurer
f5c6639b59 pve-firewall.service: WantedBy=multi-user.target 
Instead of network-online.target, which is a very special systemd target
which is not always pulled.
 2015-11-27 10:50:42 +01:00
Dietmar Maurer
4af1868020 fix typo: s/stemd-modules-load.service/systemd-modules-load.service/ 2015-11-24 07:45:55 +01:00
Dietmar Maurer
aa818ae774 bump version to 2.0-13 2015-10-23 13:22:17 +02:00
Wolfgang Bumiller
9bd7a4b3ed allow numeric icmp types 2015-10-23 13:21:20 +02:00
Wolfgang Bumiller
e2f95bb3f4 make clean fix 2015-10-23 12:13:10 +02:00
Dietmar Maurer
8dbebe7daf bump version to 2.0-12 2015-09-24 12:15:41 +02:00
Dietmar Maurer
9b89c14fd8 use service class to generate pod and bash-completion files 2015-09-24 12:13:10 +02:00
Dietmar Maurer
0c32b7fbac convert pve-firewall into a PVE::Service class 2015-09-24 10:40:24 +02:00
Dietmar Maurer
32cbd582e7 add better inline documentation 2015-09-16 11:25:24 +02:00
Dietmar Maurer
47704f4c19 bump version to 2.0-11 2015-09-08 07:54:52 +02:00
Dietmar Maurer
4d3f6f751c iptables_get_chains: fix veth device name 2015-09-08 07:49:10 +02:00
Dietmar Maurer
9eb84dc77a bump version to 2.0-10 2015-08-25 06:48:10 +02:00
Alen Grizonic
5471ff7cde subroutine for cloning vm's firewall config file 2015-08-25 06:47:03 +02:00
Dietmar Maurer
a3d34dacba bump version to 2.0-9 2015-08-19 15:43:15 +02:00
Alen Grizonic
edee90358f firewall remove config file subroutine added 
Signed-off-by: Alen Grizonic <a.grizonic@proxmox.com>
 2015-08-19 15:32:29 +02:00
Dietmar Maurer
2a42a23710 bump version to 2.0-8 2015-08-12 12:02:53 +02:00
Dietmar Maurer
e038c48552 adopt regresion tests for lxc containers 
Removed OpenVZ venet code.
 2015-08-12 11:59:18 +02:00
Alen Grizonic
fdefeeabaf removed firewall code for openVZ 
[PATCH 2/2] changed to [PATCH] with the following fix:

Subroutine verify_rule (re)fixed to correctly check only for "net\d+" interface device names
 2015-08-12 10:52:00 +02:00
Dietmar Maurer
33448a6eeb bump version to 2.0-7 2015-08-10 09:21:35 +02:00
Alen Grizonic
3b4882dc41 added firewall code for lxc 
Signed-off-by: Alen Grizonic <a.grizonic@proxmox.com>
 2015-08-10 09:20:36 +02:00
Dietmar Maurer
19f14465fb bump version to 2.0-6 2015-08-04 11:15:11 +02:00
Alen Grizonic
ff5d050e12 firewall ipversion comparison fix 
Signed-off-by: Alen Grizonic <a.grizonic@proxmox.com>
 2015-08-04 11:14:13 +02:00
Wolfgang Bumiller
5dc356afae local_network: ipv6 support + correctness 
Net::IP->overlaps returns more than just true or false, as
it tests both directions, we need IP_B_IN_A_OVERLAP in our
test.
Removed return on mask eq '0.0.0.0' as this doesn't exist in
the $ipv4_mask_hash_localnet.
 2015-07-28 09:20:33 +02:00
Wolfgang Bumiller
ab03c1a753 fix ipv6 address normalization 
inet_ntop only takes an addres, not a CIDR notation. Since
the normalized address should just be a compressed
lower-case address, Net::IP::ip_compress_address should be
sufficient.

inet_ntop didn't succeed before, the result of which was
that ipsets weren't generated at all for ipv6 address ranges.
 2015-07-28 09:20:01 +02:00
Dietmar Maurer
8feec9fa34 bump version to 2.0-5 2015-07-27 13:21:24 +02:00
Wolfgang Bumiller
b3d75afb1a ipv6 neighbor discovery and solicitation macros 2015-07-23 10:43:38 +02:00
Wolfgang Bumiller
21a18e538b Add ipv6 macros to the macro list 
Additionally there's now a way to specify ipv6-only or
ipv4-only macros.
 2015-07-23 10:41:33 +02:00
Wolfgang Bumiller
593604cccc ip6tables accepts both spellings of the word neighbor 2015-07-23 08:48:58 +02:00
Alen Grizonic
06ba9c44fa firewall - Ceph macro added 
Signed-off-by: Alen Grizonic <a.grizonic@proxmox.com>
 2015-07-22 08:17:46 +02:00
Dietmar Maurer
a0f1d07bcb fix path for DOCDIR 2015-06-27 16:34:40 +02:00
Dietmar Maurer
e02c77aa14 bump version to 2.0-4 2015-06-27 16:26:48 +02:00
Dietmar Maurer
feac0850a1 correctly install manual pages 2015-06-27 16:25:44 +02:00
Dietmar Maurer
76ae3cf31b fix lintian warning command-with-path-in-maintainer-script 2015-06-27 16:24:58 +02:00
Alen Grizonic
c05492d68d firewall instant API call apply 2015-06-26 10:57:09 +02:00
Alen Grizonic
f0184215f9 firewall_module_duplicate 
removed duplicated line of Data::Dumper use

Signed-off-by: Alen Grizonic <a.grizonic@proxmox.com>
 2015-06-26 10:54:50 +02:00
Alen Grizonic
72d055fc4a firewall autodisable 
firewall enable parameter type changed from boolean to integer so it can store
the timestamp of the firewall enable call to avoid an admin remote lockout

Signed-off-by: Alen Grizonic <a.grizonic@proxmox.com>
 2015-06-26 10:54:17 +02:00
Dietmar Maurer
eb4a29021e bump version to 2.0-3 2015-06-01 12:33:27 +02:00
Dietmar Maurer
48108683fe use noawait trigers for pve-api-updates 2015-06-01 12:32:17 +02:00
Dietmar Maurer
56bb2e6953 bump version to 2.0-2 2015-05-05 15:10:42 +02:00
Dietmar Maurer
6ceb98bbb1 trigger pve-api-updates event 2015-05-05 15:09:48 +02:00
Dietmar Maurer
2ba4951d7c allow admins to delete security groups 2015-03-18 06:13:37 +01:00
Dietmar Maurer
afcd29b3c5 always use local_network alias if specified by user 2015-03-16 06:32:42 +01:00