summaryrefslogtreecommitdiffstats
path: root/include/netfilter.mk
Commit message (Collapse)AuthorAgeFilesLines
* netfilter.mk: add addrtype match to iptables-mod-extra (kmod-ipt-extra)jow2013-01-141-2/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35155 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: xt_NOTRACK is incorporated in xt_CT as of 3.8-rc3florian2013-01-101-1/+1
| | | | | | Signed-off-by: Florian Fainelli <florian@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35087 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [netfilter] fix ipv4 nat on 3.7 by adding missing iptables modulesblogic2012-12-221-1/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34841 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: fix module list for 3.7 kerneljuhosg2012-12-181-6/+11
| | | | | | | Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: Gabor Juhos <juhosg@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34750 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter.mk: extend nf_add macro to take a version dependency expressionjow2012-12-151-19/+16
| | | | | | | | - nf_add now takes an optional 4th argument which specifies a kernel version dependency, e.g. "lt 3.7.0" - remove CompareKernelPatchVer conditionals around nf_add invocations, use version depends instead - fixes xt_LOG.ko packaging with Linux 3.6.0 and later git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34681 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter.mk: fix packaging of xt_LOG.ko, it moved between 3.3.8 and 3.6.xjow2012-12-111-2/+6
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34625 3c298f89-4303-0410-b956-a3cf2f4a3e73
* kernel: fix loading of nf_nat_irchauke2012-11-181-1/+1
| | | | | | | | nf_nat_irc depends on nf_conntrack_irc and it should be defined after that. This fixes a problem introduced in r34247. git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34251 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [generic]: add 3.7-rc6 support (patch 820 still has to be fixed)kaloz2012-11-181-3/+12
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34247 3c298f89-4303-0410-b956-a3cf2f4a3e73
* include/netfilter.mk: remove a few obsolete linesnbd2012-09-231-8/+0
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33518 3c298f89-4303-0410-b956-a3cf2f4a3e73
* kmod-ipt-nathelper-extra: fix missing nf_conntrack_broadcast.konbd2012-06-181-0/+1
| | | | | | | | | | | | | | kmod-ipt-nathelper-extra is missing the package nf_conntrack_broadcast.ko if it is not included into the kmod-ipt-nathelper-extra packge the modules nf_conntrack_snmp and nf_nat_snmp_basic cant get loaded: [ 44.500000] nf_conntrack_snmp: Unknown symbol nf_conntrack_broadcast_help (err 0) [ 44.664000] nf_nat_snmp_basic: Unknown symbol nf_nat_snmp_hook (err 0) Signed-off-by: Peter Wagner <tripolar@gmx.at> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@32434 3c298f89-4303-0410-b956-a3cf2f4a3e73
* include/netfilter.mk: clean up, remove junk for old kernel versionsnbd2012-06-071-70/+9
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@32114 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [netfilter] fix ipt_ttl and ipt_TTL userspace library packagingjow2012-03-121-4/+4
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@30897 3c298f89-4303-0410-b956-a3cf2f4a3e73
* kernel: update module names and add new config symbols for linux 3.3jogo2012-02-021-1/+6
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29985 3c298f89-4303-0410-b956-a3cf2f4a3e73
* add CT target and TTL/HL match+targetjow2012-01-041-0/+4
| | | | | | | | This patch adds the CT target for conntrack (enables manipulation of conntrack events and supercedes NOTRACK) as well as the TTL/HL target and match. git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29645 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [netfilter] remove current RTSP supportjow2012-01-041-4/+0
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29643 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [netfilter] package CT targetjow2011-12-251-0/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29609 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter.mk: remove a few obsolete CompareKernelPatchVer callsnbd2011-06-011-17/+5
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27086 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [netfilter] package u32 match and TEE target, patches by Maxim Uvarovjow2011-05-241-0/+8
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26977 3c298f89-4303-0410-b956-a3cf2f4a3e73
* firewall: allow local redirection of portsjow2011-04-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow a redirect like: config redirect option src 'wan' option dest 'lan' option src_dport '22001' option dest_port '22' option proto 'tcp' note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself. This patch makes three changes: (1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers). (2) fixes a bug where the wrong table is used when the "dest_ip" field is absent. (3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted connections. In the above example, ssh -p 22 root@myrouter would fail from the outside, but: ssh -p 22001 root@myrouter would succeed. This is handy if: (1) you want to avoid ssh probes on your router, or (2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but still want to allow firewall access from outside. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26617 3c298f89-4303-0410-b956-a3cf2f4a3e73
* iipt-debug: create bundle of netfilter modules for debugginghauke2011-04-091-0/+5
| | | | | | | | | | | Add a bundle for including commonly useful modules for IPtables debugging and development. For now, it just contains xt_TRACE.ko Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26567 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] add kmod-ipt-ledflorian2011-04-031-0/+3
| | | | | | | | | | | Netfilter LED target triggers blinkenlichten when a network packet hits a rule. LED target requires iptables 1.4.9 or higher Signed-off-by: Łukasz Stelmach <stlman@poczta.fm> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26451 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter.mk: put ipv6 conntrack in the right packagenbd2011-02-271-2/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25750 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: add missing modules for v6 conntrack (patch from #8940)nbd2011-02-261-0/+2
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25731 3c298f89-4303-0410-b956-a3cf2f4a3e73
* move nf_{conntrack,nat}_tftp to ipt-nathelper-extra, most people don't need thisnbd2011-02-261-4/+4
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25722 3c298f89-4303-0410-b956-a3cf2f4a3e73
* kernel: remove imq support, refresh patchesnbd2011-02-211-8/+0
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25641 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [include] netfilter.mk: fix connmark packaging for Kernels >= 2.6.35, thanks ↵jow2010-12-191-1/+2
| | | | | | Daniel Gimpelevich git-svn-id: svn://svn.openwrt.org/openwrt/trunk@24729 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [include] netfilter: workaround a userspace/kernel mismatch on Linux 2.6.35 ↵jow2010-10-181-1/+6
| | | | | | and later git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23521 3c298f89-4303-0410-b956-a3cf2f4a3e73
* finalize r22241 fixesacoul2010-07-171-3/+3
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22242 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [netfilter] package TPROXY target and module infrastructurejow2010-06-221-0/+7
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21883 3c298f89-4303-0410-b956-a3cf2f4a3e73
* include/netfilter.mk fix typo on r21795acoul2010-06-141-2/+2
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21796 3c298f89-4303-0410-b956-a3cf2f4a3e73
* include/netfilter.mk: add 2.6.35 kernel supportacoul2010-06-141-3/+10
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21795 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: extension fixes (partially closes: #7045)nico2010-04-041-1/+4
| | | | | | | | | | * add missing xt_owner (2.6) * enable ipt_quota (2.4), disabled in [8499] is building fine with recent iptables * add missing ipt_nat_tftp (2.4) * add missing nf_nat_amanda (2.6) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20693 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [cosmectic] include/netfilter.mk: move ebtables definitions at the endnico2010-04-041-36/+37
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20690 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [netfilter] properly package xt_comment.ko (#6742)jow2010-02-261-0/+2
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19861 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [generic-2.4] netfilter: add support for raw table and NOTRACK target (#5504)jow2010-02-191-0/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19721 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] iptables: add comment match to the core packagejow2009-12-081-1/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18706 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [kernel] netfilter: remove IPset leftovers missed from [17844]nico2009-10-111-21/+0
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18032 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [ipset] Update ipset to version 3.2hauke2009-09-271-0/+3
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17764 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] split ebtables packages and modules into ebtables ipv4/6 and ↵florian2009-07-251-0/+40
| | | | | | watchers (#5001) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@16980 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] fix ip6tables installation against ip6t_HL which has been merged ↵florian2009-07-241-2/+0
| | | | | | in xt_HL since 2.6.29 (#5568) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@16964 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: move iptable_raw, xt_NOTRACK from conntrack-extra to conntracknbd2009-05-141-2/+2
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15854 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [netfilter] ipt_TTL and ipt_ttl moved and were renamed in kernel 2.6.30hauke2009-05-141-2/+8
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15851 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [include] adept netfilter.mk to updated imqjow2009-05-071-0/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15656 3c298f89-4303-0410-b956-a3cf2f4a3e73
* get rid of $Id$ - it has never helped us and it has broken too many patches ;)nbd2009-04-171-1/+0
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15242 3c298f89-4303-0410-b956-a3cf2f4a3e73
* move iptable_raw to the conntrack-extra packagenbd2009-04-091-1/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15175 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [kernel] accomodate netfilter module (xt_recent) name change in 2.6.28, add ↵nico2009-04-061-0/+1
| | | | | | missing kconfig when xt_recent is enabled git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15123 3c298f89-4303-0410-b956-a3cf2f4a3e73
* remove support for ipp2p - it's unmaintained, broken, overmatching and ↵nbd2009-02-211-1/+0
| | | | | | undermatching => not that useful for QoS git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14596 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [kernel] netfilter: remove CHAOS, TARPIT and DELUDE referencesjuhosg2009-02-091-4/+0
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14461 3c298f89-4303-0410-b956-a3cf2f4a3e73
* defrag needs to be loaded before conntrack_ipv4kaloz2008-12-101-1/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13585 3c298f89-4303-0410-b956-a3cf2f4a3e73
* fix conntrack on 2.6.28kaloz2008-12-101-0/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13582 3c298f89-4303-0410-b956-a3cf2f4a3e73