| Age | Commit message (Collapse) | Author |
|---|
|
- optimizes chain usage for ingress rules
- adds limit match support for redirect rules
- fixes automatic redirect dest detection on little endian systems
- leaves base chains in place on reload to allow user rules to target e.g. "reject"
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36871 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
solves problem with colliding CONFIG_IPV6 symbols
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36868 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
- simplifies using ipsets for rules and redirects, match direction can be specified in-place like option ipset 'setname src dst dst'
- uses zone_name_src_ACTION chains for input rules, this fixes logging with log enabled src zones
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36854 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36840 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36839 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
head with compatibility fixes for AA
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36838 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36837 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
* Fixes wrong chain used for zone forward policy
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36830 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
- Fixes problems with reusing matches or targets from loadable extensions
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36826 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
add_list" coercing the value wrongly
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36806 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
* Added support for prefix classes
* Various bugfixes
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36771 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36748 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
- allows building without IPv6 support
- uses more robust rules to cope with missing libext.a
- uses better linking strategy to avoid symbol clashes with older iptables
- introduces source compatiblity layer for different libxtables versions
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36736 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
- allows symbolic notation for src_ip, src_dip and dest_ip options, e.g. option src_ip 'lan' to automatically resolve to "192.168.1.0/24"
- automatically infer destination zone for redirects from target ip, this makes 'dest' optional and nat reflection setup more robust
- properly support output rules with dest '*' to hook directly into delegate_output
- fixes crash when processing rules with unresolved targets
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36721 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
- fixes linking issues with some toolchains
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36703 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
- Use weak references for instantiating libext*.a matches, makes fw3 independant from the compile time features of iptables
- Do not leak memory when processing rules with unknown targets or matches
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36698 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36692 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
- fix build on Linux < 3.7
- limit zone names to 14 bytes
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36691 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
- fixes reload when firewall is not running already
- fixes crash when ipsets are supported but undeclared
- fixes handling of per zone user chains on reload
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36689 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
- fixes segfault in flush command if ipset support is not available
- fixes internal rule generation if custom chains are enabled
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36686 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36684 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
* use libiptc and libxtables directly to manage ruleset, iptables-restore is unreliable and prone to race conditions
* make ipset integration more reliable
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36681 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
* Add interface option to set routing table for protocol routes
* Enabled for IPv6 for source-based filtering, disabled for IPv4
Based on a patch by Kristian Evensen. Thank You.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36653 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
* Add support for IP-in-IPv6 tunnels (DS-Lite)
* Use source-based routing for IPv6 to allow multi-wan
* Various smaller tunnel setup improvements
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36627 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36626 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36624 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36623 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36622 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
- assume "tcp+udp" if no protcol is specified in rules or redirects (#13422, #13386)
- add support for fwmark matches and mark setting targets
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36521 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36463 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
removing the ifname option
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36424 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
This fixes working behind another router which gives out ULAs.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36416 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36383 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36336 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36294 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
Signed-off-by: John Crispin <blogic@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36284 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
Signed-off-by: John Crispin <blogic@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36282 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36281 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
* use proto=dhcpv6 with reqprefix=no instead
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36280 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
* Fix a memory corruption when updating IPv6 prefixes
* Fix route sorting order (nbd)
* Add support for ip rules (jow)
* Implement support for route / route6 table attribute (jow)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36196 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
* Add ip6hint option to specify assigned subprefixes
* Add preliminary support for RFC 6603 prefix exclusion
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36193 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
* fixes parsing of src/dest '*'
* fixes parsing of proto 'all'
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36111 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
* fixes port remapping rules (#13217)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36100 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
In some cases IPv6 DNS-servers were not added correctly.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36095 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
* fixes reload handling of zones and ipsets that are still running but already deleted from the config
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36092 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
- support network names in per-zone 'masq_src', 'masq_dest' and 'subnet' options (#13197)
- do not allow src_mac option for SNAT rules
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36090 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
* Introduce "option reload" for includes to specify whether includes should be processed on reload (e.g. when tapping into internal chains)
* Allow "network" and "device" commands while firewall is running (to make them usable in includes)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36009 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
* Adds support for emitting hotplug events when creating and clearing zones (fixes miniupnpd)
* Make NAT reflection direction configurable
* Map init script stop action to flush
* Map init script reload action to reload
* Respect init script disabled state in hotplug handler
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35998 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
* Fixes compilation against eglibc
* Fixes tracking logic when selectively restarting IPv4 or IPv6 firewall
* Fixes tracking logic for user chains by differentiating between reloads and restarts
* Introduces per-zone user chains {input,output,forwarding,prerouting,postrouting}_$zone_rule
* Supports legacy "tcpudp" protocol notation again
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35969 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
This reverts commit 89969fa333c90fdb217b7289272f3427add107de.
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35904 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
