summaryrefslogtreecommitdiffstats
path: root/awall
Commit message (Collapse)AuthorAgeFilesLines
* remove rule type-specific handling of zones and chainsKaarle Ritvanen2012-08-166-49/+74
|
* do not create helper chains for unused actionsKaarle Ritvanen2012-08-166-55/+70
| | | | only the minimum set of targets is required of the kernel
* make module attributes optionalKaarle Ritvanen2012-08-166-11/+3
|
* fix dns resolving on certain systemsTimo Teräs2012-08-081-2/+2
| | | | dig can emit spaces also instead of tabs.
* support for TARPIT targetv0.2.3Kaarle Ritvanen2012-07-201-2/+10
| | | | automatic logging, handling of non-TCP packets, and connection tracking bypass
* generalize creation of related rules based on cloningKaarle Ritvanen2012-07-201-6/+11
|
* preserve nil values for in and out zone attributesKaarle Ritvanen2012-07-201-5/+7
|
* lowercase names for all awall-internal chainsKaarle Ritvanen2012-07-202-5/+9
|
* dynamically discover classes in ConfigObject.createKaarle Ritvanen2012-07-202-3/+8
|
* disallow dnat option with actions other than acceptKaarle Ritvanen2012-07-201-0/+3
|
* streamlined sanity checking for allowed input/output interface optionsKaarle Ritvanen2012-07-203-25/+12
|
* support for TCPMSS targetKaarle Ritvanen2012-07-191-0/+38
|
* consistent chain names in level 5 dumpKaarle Ritvanen2012-07-193-13/+15
|
* show generated rules per configuration object in level 4 dumpv0.2.1Kaarle Ritvanen2012-07-131-0/+10
| | | | ordered rules shown at level 5
* Config.input renamed to Config.objectsKaarle Ritvanen2012-07-132-7/+7
|
* dump level 4 prints generated filesKaarle Ritvanen2012-07-133-2/+20
|
* route tracking for incoming connectionsv0.2.0Kaarle Ritvanen2012-07-132-2/+41
|
* support for configuration-dependent default rulesKaarle Ritvanen2012-07-131-2/+6
|
* support for MARK targetKaarle Ritvanen2012-07-131-0/+27
|
* base class for rules applicable to forwarded packets onlyKaarle Ritvanen2012-07-133-39/+30
|
* generate intra-zone rules when routing is requiredKaarle Ritvanen2012-07-131-9/+12
|
* util.filter method for filtering listsKaarle Ritvanen2012-07-132-7/+11
|
* support for REDIRECT targetKaarle Ritvanen2012-07-121-9/+8
|
* renamed 'notrack' section to 'no-track'Kaarle Ritvanen2012-07-121-1/+1
|
* prepend object identifier and file name to error messagesKaarle Ritvanen2012-07-127-56/+71
|
* support for bypassing connection tracking for inbound packetsKaarle Ritvanen2012-06-281-0/+47
|
* command for flushing ip[6]tables rulesKaarle Ritvanen2012-06-281-12/+16
|
* 4 verbosity levels for dump commandv0.1.5Kaarle Ritvanen2012-06-281-9/+34
|
* show source policy for each item in dump outputKaarle Ritvanen2012-06-281-5/+19
|
* loaded policies included in PolicyConfig objectsKaarle Ritvanen2012-06-281-3/+4
|
* show original variable definitions in dump outputKaarle Ritvanen2012-06-281-35/+25
| | | | | PolicyConfig.variables removed PolicyConfig.eval merged to PolicyConfig.expand
* streamlined variable expansionKaarle Ritvanen2012-06-281-9/+2
| | | | side effects removed
* corrected an error in raising an error (NAT rule interfaces)Kaarle Ritvanen2012-06-281-1/+1
|
* support for ACCEPT rules in NAT chainsKaarle Ritvanen2012-06-281-1/+2
|
* reset all built-in chains on activation/fallback regardless of translation ↵Kaarle Ritvanen2012-06-261-4/+22
| | | | results
* support for empty zonesKaarle Ritvanen2012-06-263-11/+13
| | | | (set either addr or iface attribute to an empty list)
* apply ip[6]tables-restore only if protocol support loaded into kernelKaarle Ritvanen2012-06-261-10/+29
|
* pretty output from awall listKaarle Ritvanen2012-06-262-12/+29
|
* command for dumping variable and zone definitionsKaarle Ritvanen2012-06-261-0/+8
|
* new class for configuration loaded from policy files but not yet translated ↵Kaarle Ritvanen2012-06-262-45/+56
| | | | to iptables rules
* masquerading set rule applied after other SNAT rulesv0.1.4Kaarle Ritvanen2012-06-211-4/+6
|
* ipset-based masquerading moved to a module of its ownKaarle Ritvanen2012-06-212-5/+17
|
* set chain policy to ACCEPT in tables other than filterKaarle Ritvanen2012-06-211-3/+5
|
* filter out ICMPv4/6 rules per protocol family even when message type not definedv0.1.3Kaarle Ritvanen2012-06-211-11/+11
|
* by default, allow all ICMPv6 messages originating from or destined to local hostKaarle Ritvanen2012-06-211-1/+10
|
* multi-stage processing of default rulesKaarle Ritvanen2012-06-213-21/+30
|
* accept all loopback trafficKaarle Ritvanen2012-06-211-0/+9
|
* OUTPUT chain needs stateful tracking alsoTimo Teräs2012-06-081-1/+1
|
* report JSON file name on parse errorv0.1.2Kaarle Ritvanen2012-05-171-2/+10
|
* make the family attribute mandatory for ipset objectsKaarle Ritvanen2012-05-031-3/+3
| | | | incidentally, this makes all IP set-referring rules specific to one protocol family
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-26 17:06:32 +0000