summaryrefslogtreecommitdiffstats
path: root/include/netfilter.mk
Commit message (Collapse)AuthorAgeFilesLines
* netfilter.mk: remove a few obsolete CompareKernelPatchVer callsnbd2011-06-011-17/+5
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27086 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [netfilter] package u32 match and TEE target, patches by Maxim Uvarovjow2011-05-241-0/+8
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26977 3c298f89-4303-0410-b956-a3cf2f4a3e73
* firewall: allow local redirection of portsjow2011-04-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow a redirect like: config redirect option src 'wan' option dest 'lan' option src_dport '22001' option dest_port '22' option proto 'tcp' note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself. This patch makes three changes: (1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers). (2) fixes a bug where the wrong table is used when the "dest_ip" field is absent. (3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted connections. In the above example, ssh -p 22 root@myrouter would fail from the outside, but: ssh -p 22001 root@myrouter would succeed. This is handy if: (1) you want to avoid ssh probes on your router, or (2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but still want to allow firewall access from outside. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26617 3c298f89-4303-0410-b956-a3cf2f4a3e73
* iipt-debug: create bundle of netfilter modules for debugginghauke2011-04-091-0/+5
| | | | | | | | | | | Add a bundle for including commonly useful modules for IPtables debugging and development. For now, it just contains xt_TRACE.ko Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26567 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] add kmod-ipt-ledflorian2011-04-031-0/+3
| | | | | | | | | | | Netfilter LED target triggers blinkenlichten when a network packet hits a rule. LED target requires iptables 1.4.9 or higher Signed-off-by: Łukasz Stelmach <stlman@poczta.fm> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26451 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter.mk: put ipv6 conntrack in the right packagenbd2011-02-271-2/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25750 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: add missing modules for v6 conntrack (patch from #8940)nbd2011-02-261-0/+2
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25731 3c298f89-4303-0410-b956-a3cf2f4a3e73
* move nf_{conntrack,nat}_tftp to ipt-nathelper-extra, most people don't need thisnbd2011-02-261-4/+4
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25722 3c298f89-4303-0410-b956-a3cf2f4a3e73
* kernel: remove imq support, refresh patchesnbd2011-02-211-8/+0
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25641 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [include] netfilter.mk: fix connmark packaging for Kernels >= 2.6.35, thanks ↵jow2010-12-191-1/+2
| | | | | | Daniel Gimpelevich git-svn-id: svn://svn.openwrt.org/openwrt/trunk@24729 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [include] netfilter: workaround a userspace/kernel mismatch on Linux 2.6.35 ↵jow2010-10-181-1/+6
| | | | | | and later git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23521 3c298f89-4303-0410-b956-a3cf2f4a3e73
* finalize r22241 fixesacoul2010-07-171-3/+3
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22242 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [netfilter] package TPROXY target and module infrastructurejow2010-06-221-0/+7
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21883 3c298f89-4303-0410-b956-a3cf2f4a3e73
* include/netfilter.mk fix typo on r21795acoul2010-06-141-2/+2
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21796 3c298f89-4303-0410-b956-a3cf2f4a3e73
* include/netfilter.mk: add 2.6.35 kernel supportacoul2010-06-141-3/+10
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21795 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: extension fixes (partially closes: #7045)nico2010-04-041-1/+4
| | | | | | | | | | * add missing xt_owner (2.6) * enable ipt_quota (2.4), disabled in [8499] is building fine with recent iptables * add missing ipt_nat_tftp (2.4) * add missing nf_nat_amanda (2.6) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20693 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [cosmectic] include/netfilter.mk: move ebtables definitions at the endnico2010-04-041-36/+37
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20690 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [netfilter] properly package xt_comment.ko (#6742)jow2010-02-261-0/+2
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19861 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [generic-2.4] netfilter: add support for raw table and NOTRACK target (#5504)jow2010-02-191-0/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@19721 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] iptables: add comment match to the core packagejow2009-12-081-1/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18706 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [kernel] netfilter: remove IPset leftovers missed from [17844]nico2009-10-111-21/+0
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@18032 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [ipset] Update ipset to version 3.2hauke2009-09-271-0/+3
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17764 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] split ebtables packages and modules into ebtables ipv4/6 and ↵florian2009-07-251-0/+40
| | | | | | watchers (#5001) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@16980 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] fix ip6tables installation against ip6t_HL which has been merged ↵florian2009-07-241-2/+0
| | | | | | in xt_HL since 2.6.29 (#5568) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@16964 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: move iptable_raw, xt_NOTRACK from conntrack-extra to conntracknbd2009-05-141-2/+2
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15854 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [netfilter] ipt_TTL and ipt_ttl moved and were renamed in kernel 2.6.30hauke2009-05-141-2/+8
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15851 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [include] adept netfilter.mk to updated imqjow2009-05-071-0/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15656 3c298f89-4303-0410-b956-a3cf2f4a3e73
* get rid of $Id$ - it has never helped us and it has broken too many patches ;)nbd2009-04-171-1/+0
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15242 3c298f89-4303-0410-b956-a3cf2f4a3e73
* move iptable_raw to the conntrack-extra packagenbd2009-04-091-1/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15175 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [kernel] accomodate netfilter module (xt_recent) name change in 2.6.28, add ↵nico2009-04-061-0/+1
| | | | | | missing kconfig when xt_recent is enabled git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15123 3c298f89-4303-0410-b956-a3cf2f4a3e73
* remove support for ipp2p - it's unmaintained, broken, overmatching and ↵nbd2009-02-211-1/+0
| | | | | | undermatching => not that useful for QoS git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14596 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [kernel] netfilter: remove CHAOS, TARPIT and DELUDE referencesjuhosg2009-02-091-4/+0
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14461 3c298f89-4303-0410-b956-a3cf2f4a3e73
* defrag needs to be loaded before conntrack_ipv4kaloz2008-12-101-1/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13585 3c298f89-4303-0410-b956-a3cf2f4a3e73
* fix conntrack on 2.6.28kaloz2008-12-101-0/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13582 3c298f89-4303-0410-b956-a3cf2f4a3e73
* make the whole iptables/netfiter modular (closes: #3871, #3527)nico2008-09-221-37/+65
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12649 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Package ip6t_limit and ip6t_frag for 2.4 kernels (#3760)florian2008-08-111-0/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12276 3c298f89-4303-0410-b956-a3cf2f4a3e73
* cosmetic change: rename IPT_NAT_DEFAULT & IPT_NAT_EXTRA to IPT_NATHELPER & ↵nico2008-05-081-39/+41
| | | | | | IPT_NATHELPER_EXTRA respectively, to better match package names git-svn-id: svn://svn.openwrt.org/openwrt/trunk@11073 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] kmod-ipt-iprange: fix build error on .25juhosg2008-04-301-0/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@10992 3c298f89-4303-0410-b956-a3cf2f4a3e73
* update iptables to 1.4.0 (2.6 kernels only), refresh kernel patchesjuhosg2008-04-151-0/+4
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@10843 3c298f89-4303-0410-b956-a3cf2f4a3e73
* layer7 filtering module is now xt_layer7 (#3268)florian2008-03-271-0/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@10674 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [kernel] netfilter/ipset cleanupsjuhosg2007-10-121-0/+1
| | | | | | | | | | * rename patches to follow our naming conventions * update ipset patches with revision 7096 of [https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng pom] * add CONFIG_IP_NF_SET_IPTREEMAP to default kernel configs * add ip_set_iptreemap to include/netfilter.mk * update kmod-ipt-ipset module description git-svn-id: svn://svn.openwrt.org/openwrt/trunk@9269 3c298f89-4303-0410-b956-a3cf2f4a3e73
* add TARPIT support to netfilter/iptablesjuhosg2007-10-071-2/+3
| | | | | | | | | * netfilter: add the xt_TARPIT target module required by xt_CHAOS * include/netfilter.mk: reorder, xt_CHAOS depends on xt_TARPIT and xt_DELUDE * iptables: add libipt_TARPIT to the kmod-ipt-extra package, bump release number * original patchset can be found [http://tinyurl.com/2mjk2kx here] git-svn-id: svn://svn.openwrt.org/openwrt/trunk@9178 3c298f89-4303-0410-b956-a3cf2f4a3e73
* add ipv6 conntrack support (closes: #2192)nico2007-09-231-0/+29
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8984 3c298f89-4303-0410-b956-a3cf2f4a3e73
* add missing 2.6 conntrack/nat helpers, add 2.6 conntrack/nat helper for RTSP ↵nico2007-09-221-3/+37
| | | | | | (closes: #2297, thanks to aorlinsk), sync 2.4 / 2.6 kconfigs. git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8955 3c298f89-4303-0410-b956-a3cf2f4a3e73
* cosmetic cleanup before more deep changesnico2007-09-201-51/+83
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8870 3c298f89-4303-0410-b956-a3cf2f4a3e73
* fix typo again (do i need some sleep?)nico2007-09-171-1/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8822 3c298f89-4303-0410-b956-a3cf2f4a3e73
* oops, fix typonico2007-09-161-3/+3
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8816 3c298f89-4303-0410-b956-a3cf2f4a3e73
* revert CONFIG_* symbols set m enforcement introduced in [8591], it can't ↵nico2007-09-161-3/+1
| | | | | | work when symbols from different kernel versions are mixed in KCONFIG git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8798 3c298f89-4303-0410-b956-a3cf2f4a3e73
* prevent include/netfilter.mk from being included multiple timesnico2007-09-151-0/+5
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8781 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Package the statistics module for netfilterflorian2007-09-091-0/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@8716 3c298f89-4303-0410-b956-a3cf2f4a3e73