Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | remove rule type-specific handling of zones and chains | Kaarle Ritvanen | 2012-08-16 | 6 | -49/+74 |
| | |||||
* | do not create helper chains for unused actions | Kaarle Ritvanen | 2012-08-16 | 6 | -55/+70 |
| | | | | only the minimum set of targets is required of the kernel | ||||
* | make module attributes optional | Kaarle Ritvanen | 2012-08-16 | 6 | -11/+3 |
| | |||||
* | fix dns resolving on certain systems | Timo Teräs | 2012-08-08 | 1 | -2/+2 |
| | | | | dig can emit spaces also instead of tabs. | ||||
* | support for TARPIT targetv0.2.3 | Kaarle Ritvanen | 2012-07-20 | 1 | -2/+10 |
| | | | | automatic logging, handling of non-TCP packets, and connection tracking bypass | ||||
* | generalize creation of related rules based on cloning | Kaarle Ritvanen | 2012-07-20 | 1 | -6/+11 |
| | |||||
* | preserve nil values for in and out zone attributes | Kaarle Ritvanen | 2012-07-20 | 1 | -5/+7 |
| | |||||
* | lowercase names for all awall-internal chains | Kaarle Ritvanen | 2012-07-20 | 2 | -5/+9 |
| | |||||
* | dynamically discover classes in ConfigObject.create | Kaarle Ritvanen | 2012-07-20 | 2 | -3/+8 |
| | |||||
* | disallow dnat option with actions other than accept | Kaarle Ritvanen | 2012-07-20 | 1 | -0/+3 |
| | |||||
* | streamlined sanity checking for allowed input/output interface options | Kaarle Ritvanen | 2012-07-20 | 3 | -25/+12 |
| | |||||
* | support for TCPMSS target | Kaarle Ritvanen | 2012-07-19 | 1 | -0/+38 |
| | |||||
* | consistent chain names in level 5 dump | Kaarle Ritvanen | 2012-07-19 | 3 | -13/+15 |
| | |||||
* | show generated rules per configuration object in level 4 dumpv0.2.1 | Kaarle Ritvanen | 2012-07-13 | 1 | -0/+10 |
| | | | | ordered rules shown at level 5 | ||||
* | Config.input renamed to Config.objects | Kaarle Ritvanen | 2012-07-13 | 2 | -7/+7 |
| | |||||
* | dump level 4 prints generated files | Kaarle Ritvanen | 2012-07-13 | 3 | -2/+20 |
| | |||||
* | route tracking for incoming connectionsv0.2.0 | Kaarle Ritvanen | 2012-07-13 | 2 | -2/+41 |
| | |||||
* | support for configuration-dependent default rules | Kaarle Ritvanen | 2012-07-13 | 1 | -2/+6 |
| | |||||
* | support for MARK target | Kaarle Ritvanen | 2012-07-13 | 1 | -0/+27 |
| | |||||
* | base class for rules applicable to forwarded packets only | Kaarle Ritvanen | 2012-07-13 | 3 | -39/+30 |
| | |||||
* | generate intra-zone rules when routing is required | Kaarle Ritvanen | 2012-07-13 | 1 | -9/+12 |
| | |||||
* | util.filter method for filtering lists | Kaarle Ritvanen | 2012-07-13 | 2 | -7/+11 |
| | |||||
* | support for REDIRECT target | Kaarle Ritvanen | 2012-07-12 | 1 | -9/+8 |
| | |||||
* | renamed 'notrack' section to 'no-track' | Kaarle Ritvanen | 2012-07-12 | 1 | -1/+1 |
| | |||||
* | prepend object identifier and file name to error messages | Kaarle Ritvanen | 2012-07-12 | 7 | -56/+71 |
| | |||||
* | support for bypassing connection tracking for inbound packets | Kaarle Ritvanen | 2012-06-28 | 1 | -0/+47 |
| | |||||
* | command for flushing ip[6]tables rules | Kaarle Ritvanen | 2012-06-28 | 1 | -12/+16 |
| | |||||
* | 4 verbosity levels for dump commandv0.1.5 | Kaarle Ritvanen | 2012-06-28 | 1 | -9/+34 |
| | |||||
* | show source policy for each item in dump output | Kaarle Ritvanen | 2012-06-28 | 1 | -5/+19 |
| | |||||
* | loaded policies included in PolicyConfig objects | Kaarle Ritvanen | 2012-06-28 | 1 | -3/+4 |
| | |||||
* | show original variable definitions in dump output | Kaarle Ritvanen | 2012-06-28 | 1 | -35/+25 |
| | | | | | PolicyConfig.variables removed PolicyConfig.eval merged to PolicyConfig.expand | ||||
* | streamlined variable expansion | Kaarle Ritvanen | 2012-06-28 | 1 | -9/+2 |
| | | | | side effects removed | ||||
* | corrected an error in raising an error (NAT rule interfaces) | Kaarle Ritvanen | 2012-06-28 | 1 | -1/+1 |
| | |||||
* | support for ACCEPT rules in NAT chains | Kaarle Ritvanen | 2012-06-28 | 1 | -1/+2 |
| | |||||
* | reset all built-in chains on activation/fallback regardless of translation ↵ | Kaarle Ritvanen | 2012-06-26 | 1 | -4/+22 |
| | | | | results | ||||
* | support for empty zones | Kaarle Ritvanen | 2012-06-26 | 3 | -11/+13 |
| | | | | (set either addr or iface attribute to an empty list) | ||||
* | apply ip[6]tables-restore only if protocol support loaded into kernel | Kaarle Ritvanen | 2012-06-26 | 1 | -10/+29 |
| | |||||
* | pretty output from awall list | Kaarle Ritvanen | 2012-06-26 | 2 | -12/+29 |
| | |||||
* | command for dumping variable and zone definitions | Kaarle Ritvanen | 2012-06-26 | 1 | -0/+8 |
| | |||||
* | new class for configuration loaded from policy files but not yet translated ↵ | Kaarle Ritvanen | 2012-06-26 | 2 | -45/+56 |
| | | | | to iptables rules | ||||
* | masquerading set rule applied after other SNAT rulesv0.1.4 | Kaarle Ritvanen | 2012-06-21 | 1 | -4/+6 |
| | |||||
* | ipset-based masquerading moved to a module of its own | Kaarle Ritvanen | 2012-06-21 | 2 | -5/+17 |
| | |||||
* | set chain policy to ACCEPT in tables other than filter | Kaarle Ritvanen | 2012-06-21 | 1 | -3/+5 |
| | |||||
* | filter out ICMPv4/6 rules per protocol family even when message type not definedv0.1.3 | Kaarle Ritvanen | 2012-06-21 | 1 | -11/+11 |
| | |||||
* | by default, allow all ICMPv6 messages originating from or destined to local host | Kaarle Ritvanen | 2012-06-21 | 1 | -1/+10 |
| | |||||
* | multi-stage processing of default rules | Kaarle Ritvanen | 2012-06-21 | 3 | -21/+30 |
| | |||||
* | accept all loopback traffic | Kaarle Ritvanen | 2012-06-21 | 1 | -0/+9 |
| | |||||
* | OUTPUT chain needs stateful tracking also | Timo Teräs | 2012-06-08 | 1 | -1/+1 |
| | |||||
* | report JSON file name on parse errorv0.1.2 | Kaarle Ritvanen | 2012-05-17 | 1 | -2/+10 |
| | |||||
* | make the family attribute mandatory for ipset objects | Kaarle Ritvanen | 2012-05-03 | 1 | -3/+3 |
| | | | | incidentally, this makes all IP set-referring rules specific to one protocol family |