| 2012-03-12 |
Mark Wooding | Extend proper ICMP handling to IPv6. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-12 |
Mark Wooding | bookends.m4: Optimize checking for forwarding IPv6... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-11 |
Mark Wooding | vampire.m4: Extend services to untrusted hosts over... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-11 |
Mark Wooding | Introduce variable for expected input chains. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-11 |
Mark Wooding | local.m4: Fix the `safe' network prefix length. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-11 |
Mark Wooding | local.m4: Define the IPv6 network structure. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-11 |
Mark Wooding | local.m4: Add routes to/from the `safe' network. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-11 |
Mark Wooding | local.m4: The VPN will be available through the colo. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-11 |
Mark Wooding | functions.m4: Correct defaulting of IPv6 host addresses. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-08 |
Mark Wooding | classify.m4: Reject the RFC5737 documentation-only... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-07 |
Mark Wooding | Move per-host filtering to diversion 86 as promised. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-07 |
Mark Wooding | local.m4: Add `unsafe' to ibanez `br-dmz' interface. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-07 |
Mark Wooding | functions: Move NTP server list out of line. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-06 |
Mark Wooding | local.m4: Allow dmz/jump packets on unsafe/colo network... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-06 |
Mark Wooding | radius.m4: Forbid traffic directly to the NAT address. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-06 |
Mark Wooding | radius.m4: Use the correct interface name for NAT. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-06 |
Mark Wooding | local.m4: Fix IGMP acceptance (debris from old interfac... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-05 |
Mark Wooding | functions.m4: Write the netclass ids to the trace output. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-05 |
Mark Wooding | bookends.m4: If debugging, dump the final tables. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-05 |
Mark Wooding | Determine forwarding and reverse-path filtering from... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-05 |
Mark Wooding | Overhaul address classification. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-05 |
Mark Wooding | local.m4: Promote the NTP server configuration to a... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-05 |
Mark Wooding | Renumber the diversions. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-05 |
Mark Wooding | fixup! WIP on emergency: 7a108d1 Makefile: New target... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-05 |
Mark Wooding | Makefile: New target for tracking diversions. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-03-05 |
Mark Wooding | Makefile, base.m4: Inject the target hostname into... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-02-12 |
Mark Wooding | numbers.m4, gibson.m4: Allow gibson to receive IPMI... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-02-12 |
Mark Wooding | bookends.m4: Open up tables we clobbered at exit. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-02-11 |
Mark Wooding | fender: New host, with basic firewall. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-02-11 |
Mark Wooding | numbers.m4, vampire.m4: Serve TFTP to the untrusted... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2012-02-11 |
Mark Wooding | numbers.m4, gibson.m4: Allow gibson public SIP access. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-23 |
Mark Wooding | jem.m4: Add a hook for SAUCE. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-23 |
Mark Wooding | functions.m4: New function for arranging that an ipset... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-23 |
Mark Wooding | functions.m4: Make clearchain tolerant of existing... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-23 |
Mark Wooding | bookends.m4: Much more intelligent initialization. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-23 |
Mark Wooding | jem.m4: Remove SMB for untrusted hosts. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-23 |
Mark Wooding | functions.m4: Rate-limit rejections on error chains. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-17 |
Mark Wooding | bookends.m4: Provide a hook chain for fail2ban. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-15 |
Mark Wooding | radius.m4: Allow IPv6 tunnel from Hurricane Electric... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-15 |
Mark Wooding | functions.m4, numbers.m4: Define protocol number for... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-15 |
Mark Wooding | bookend.m4: Finish off the IPv6 chains. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-13 |
Mark Wooding | hosts: Allow incoming ident requests. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-10 |
Mark Wooding | radius.m4: Take over NAT duties. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-10 |
Mark Wooding | Major network restructuring. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-10 |
Mark Wooding | bookends.m4, config.m4: Allow configuration of reverse... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-10 |
Mark Wooding | functions.m4: Set IPv6 options in setopt and setdevopt. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-10 |
Mark Wooding | bookends.m4: Only disable filtering on bridges if we... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-10 |
Mark Wooding | bookends.m4: Allow responding to broadcast and multicas... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-10 |
Mark Wooding | classify.m4, functions.m4: Multiple interfaces can... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-10 |
Mark Wooding | functions.m4: Allow multiple interfaces to be defined... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-10 |
Mark Wooding | functions.m4, local.m4: Workaround for option parser... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-07-10 |
Mark Wooding | base.m4: Fix LSB init-script ordering. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-06-19 |
Mark Wooding | bookends, classify, local: Fixes for IP multicasting. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-06-19 |
Mark Wooding | local, vampire, ibanez: Centralize definition of NTP... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-06-07 |
Mark Wooding | ibanez, radius: Move NTP service to ibanez. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-06-06 |
Mark Wooding | base.m4: Include an LSB header so that insserv can... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-06-06 |
Mark Wooding | Makefile: Better rule hacking for installation. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-06-06 |
Mark Wooding | prologue.m4: Use iptables-{save,restore} for the molly... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-05-31 |
Mark Wooding | Host changeover. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-05-31 |
Mark Wooding | config.m4: Stupid typo. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-05-31 |
Mark Wooding | base.m4: Fix missing comma in `setconf', which has... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-05-31 |
Mark Wooding | base.m4: On second thoughts, this one is more m4 than... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-05-31 |
Mark Wooding | local.m4: Disable forwarding multicasts until I work... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-05-31 |
Mark Wooding | classify.m4: Dislike multicast addresses as a source... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-05-31 |
Mark Wooding | prologue, Makefile, local.mk: Overhaul installation. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-05-31 |
Mark Wooding | Makefie: Give the main build the silent treatment. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-05-31 |
Mark Wooding | Makefile: Add licence block at the top. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-05-31 |
Mark Wooding | *.m4: Use `sh' mode for editing these. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-05-22 |
Mark Wooding | IPv6 firewall support. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-05-22 |
Mark Wooding | local.mk: Introduce new target for testing. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-05-22 |
Mark Wooding | Whitespace fixing. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-05-20 |
Mark Wooding | vampire: Allow incoming IMAPS and Submission. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-03-07 |
Mark Wooding | Merge branch 'master' of /home/mdw/public-git/firewall |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-03-07 |
Mark Wooding | vampire: Allow outside access to squid. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-03-07 |
Mark Wooding | vampire: Allow SMB from the untrusted network. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-01-17 |
Mark Wooding | metalzone: Allow incoming `submission' connections. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2011-01-17 |
Mark Wooding | Merge branch 'master' of /home/mdw/public-git/firewall |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2010-05-09 |
Mark Wooding | local.m4: Put the default network stanza at the end. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2010-05-09 |
Mark Wooding | local.m4: Note terror's participation in the VPN. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2010-04-27 |
Mark Wooding | Merge branch 'master' of /home/mdw/public-git/firewall |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2010-04-26 |
Mark Wooding | vampire: Allow incoming I2P traffic. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2010-04-24 |
Mark Wooding | metalzone: Open up incoming IMAPS. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2010-04-17 |
Mark Wooding | Merge branch 'master' of /home/mdw/public-git/firewall |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2010-04-17 |
Mark Wooding | vampire.m4: Allow MPD again. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2010-04-17 |
Mark Wooding | Merge branch 'master' of metalzone:public-git/firewall |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2010-04-17 |
Mark Wooding | Add iodine support.. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2010-04-15 |
Mark Wooding | local.mk: Fix spurious failure. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2010-04-15 |
Mark Wooding | functions.m4, local.m4: Handle fragments in a useful... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2010-04-15 |
Mark Wooding | classify.m4: Correct summary line at the top. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2010-04-08 |
Mark Wooding | vampire.m4: Remove the magical DNS DDoS hack. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2010-02-01 |
Mark Wooding | vampire: Open `disorder' port; close `mpd'. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2010-01-28 |
Mark Wooding | vampire: Allow MPD traffic through. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2009-07-23 |
Mark Wooding | vampire.m4: Log messages when rejecting DNS DDOS packets. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2009-06-04 |
Mark Wooding | vampire: Add special hook for DNS badness. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2009-01-13 |
Mark Wooding | vampire: Add accounting rules for Tor on the OUTPUT... |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2009-01-12 |
Mark Wooding | vampire: Move tor ports to a separate rule. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2009-01-12 |
Mark Wooding | vampire: Open up public ports for tor. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2009-01-07 |
Mark Wooding | local.mk: Add install rule. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2009-01-07 |
Mark Wooding | Makefile: Put default rule before local makefile. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| 2009-01-07 |
Mark Wooding | bookends: Prevent packets with destination localhost. |
commit | commitdiff | tree | snapshot (tar.gz zip) |
| next |
~mdw / firewall / shortlog