summaryrefslogtreecommitdiff
path: root/package/firewall
AgeCommit message (Collapse)Author
2010-10-08[package] firewall: insert SNAT and DNAT rules according to the order of the ↵jow
configuration file (#8052) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23318 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-10-05[package] firewall: mark /etc/firewall.user as conffilejow
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23231 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-10-03[package] firewall: also establish forward rules when setting up nat ↵jow
reflection, back out early if reflection is disabled git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23201 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-09-30[package] add maintainer informationjow
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23159 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-09-28[package] firewall: fix chain selection logic, option dest must be ignored ↵jow
for notrack targets git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23143 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-09-28[package] firewall: don't setup nat reflection if negations are usedjow
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23142 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-09-28[package] fireall:jow
- support negations for src_ip, dest_ip, src_dip options in rules and redirects - add NOTRACK target to rule sections, allows to define fine grained notrack rules git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23141 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-09-19[package] firewall: protect iptables invocations with locks in interface ↵jow
ops, it might run concurrently due to hotplug invocations on network restart git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23090 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-09-16[package] firewall: make invalid redirects and duplicate zones non-fatal, ↵jow
print a notice and discard them git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23080 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-09-15[package] firewall: run ifdown hotplug events synchronized, fixes a ↵jow
racecondition on "ifup iface" when ifdown and ifup events are delivered with a small dealy git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23064 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-09-14[package] firewall: deliver remove hotplug events for all active ↵jow
zones/networks when restarting the firewall git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23062 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-09-11[package] firewall:jow
- simplify masquerade rule setup - remove various subshell invocations - speedup fw() by not relying on xargs and pipes - rework SNAT support - attach to dest zone, use src_dip/src_dport as snat source git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23024 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-09-05[package] firewall:jow
- fix possible endless loop when the family option is used for forwardings - only generate forwarding rules in SNAT redirect sections if src_dip is specified git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22938 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-09-05[package] firewall: introduce SNAT support for redirect sectionsjow
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22937 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-09-04[package] firewall: add option to disable NAT reflectionjow
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22908 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-09-04[package] firewall: clean up description (#7875)jow
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22905 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-09-04[package] firewall:jow
- handle NAT reflection in firewall hotplug, solves synchronizing issues on boot - introduce masq_src and masq_dest options to limit zone masq to specific ip ranges, supports multiple subnets and negation git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22888 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-08-31[package] firewall:jow
- fix processing of rules with an ip family option - append interface rules at the end of internal zone chains, simplifies injecting user or addon rules - support simple file logging (option log + option log_limit per zone) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22847 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-07-31[package] firwall: fix nat reflection for zones covering multiple networksjow
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22442 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-07-31[package] firewall: add basic NAT reflection/NAT loopback supportjow
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22441 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-07-16[package] firewall: allow redirecting only destination port (#7197)jow
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22227 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-07-15[package] firewall: fix another notrack related bugjow
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22218 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-07-15[package] firewall:jow
- notrack support was broken in multiple ways, fix it - also consider a zone conntracked if any redirect references it (#7196) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22215 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-06-02[package] firewall:jow
- support alias ifnames different from parent ifname - properly handle multiple subnets per alias (v4+v6) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21656 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-06-01[package] firewall: Initial alias interface support. This allows to define ↵jow
zones covering alias interfaces and associated entries like rules and forwardings. git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21653 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-05-31[package] firewall: change the order of IPv4/IPv6 address detection, fixes ↵jow
mixed notation v6 improperly detected as v4 address git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21642 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-05-30[package] firewall: fix support for netranges in redirect and rule sectionsjow
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21640 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-05-22[package] firewall: count rules per chain and family, fix wrong order of ↵jow
ip6tables rules when ipv4 only or dual family rules are defined git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21533 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-05-19[package] firewall: don't apply default udp/68 rule to ip6tablesjow
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21509 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-05-19[package] firewall:jow
- fix ip6tables rules when icmp_type option is set - add "family" option to zones, forwardings, redirects and rules to selectively apply rules to iptables and/or ip6tables git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21508 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-05-19[package] firewall: add commented disable_ipv6 option to default configjow
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21505 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-05-19[package] firewall: implement disable_ipv6 uci optionjow
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21503 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-05-19[package] firewall (#7355)jow
- partially revert r21486, start firewall on init again - skip iface hotplug events if base fw is not up yet - get ifname and up state with uci_get_state() in iface setup since the values gathered by scan_interfaces() may be outdated when iface coldplugging happens (observed with pptp) - ignore up state when bringing down interfaces because ifdown reverts state vars before dispatching the iface event - bump package revision git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21502 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-05-18[package] firewall: fix a possible deadlock when the firewall config has ↵jow
syntax errors during restart git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21501 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-05-17[package] firewall: use uci_get_state() wrapperjow
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21493 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-05-17[package] firewall: properly clear hooks in fw_stop() to prevent extensions ↵jow
from being called twice after fw_restart() git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21488 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-05-17[package] firewall:jow
- defer firewall start until the first interface is brought up by hotplug, fixes race conditions on slow devices - create a file lock during firewall start and wait for it in hotplug events, prevents race conditions between start and addif - start firewall actions in background from hotplug handler since the firewall itself fires further hotplug events which results in a deadlock if not forked off - get loaded state direcly from the uci binary since updated value is not recognized by config_get after uci_set_state - bump package revision to r2 git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21486 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-05-05[package] firewall: properly unset position for delete command, fixes rule ↵jow
removal in ifdown git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21378 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-05-05[package] firewall: fix bug in iface hotplug handlerjow
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21360 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-05-01[package] firewall:jow
- replace uci firewall with a modular dual stack implementation developed by Malte S. Stretz - bump version to 2 git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21286 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-03-18allow pingthepeople
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20261 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-03-02[package] firewall: insert rules at the beginning of chains again while ↵jow
maintaining non reversed order, fixes wrong ordering introduced by r18015 git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19946 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-02-20[package] firewall: fix bad number error in fw_redirect() (#6704)jow
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19765 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-02-11Add destination ip of the wan adapter useful if you have multiple ip addresses.thepeople
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19574 3c298f89-4303-0410-b956-a3cf2f4a3e73
2010-01-19[package] firewall: fix a race condition preventing interfaces from being ↵jow
added to the firewall on boot git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19232 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-12-10firewall: fix fallout from r18716 (fixes #6338)nbd
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18733 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-12-09firewall: get rid of recursive shell script inclusion to improve hush ↵nbd
compatibility git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18716 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-12-09adjust dependencies of firewall and qos-scripts, so that these packages are ↵nbd
visible even when iptables is not selected git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18714 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-12-01[package] firewall: initialize dest_port with src_dport if omitted in ↵jow
redirect sections to narrow down corresponding forward rules to the actual target ports - thanks Niels Boehm! (#6249) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18617 3c298f89-4303-0410-b956-a3cf2f4a3e73
2009-10-11firewall: fix zone defaultsnbd
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18028 3c298f89-4303-0410-b956-a3cf2f4a3e73
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-22 13:19:41 +0000