summaryrefslogtreecommitdiffstats
path: root/package/firewall/files/firewall.config
Commit message (Collapse)AuthorAgeFilesLines
* [package] firewall: refine default ICMPv6 rules to better conform with ↵jow2011-06-301-13/+2
| | | | | | RFC4890, do not forward link local ICMP message types, allow parameter problem git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27321 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall:jow2011-06-301-17/+44
| | | | | | | | | | | | | - allow multiple ports, protocols, macs, icmp types per rule - implement "limit" and "limit_burst" options for rules - implement "extra" option to rules and redirects for passing arbritary flags to iptables - implement negations for "src_port", "dest_port", "src_dport", "src_mac", "proto" and "icmp_type" options - allow wildcard (*) "src" and "dest" options in rules to allow specifying "any" source or destination - validate symbolic icmp-type names against the selected iptables binary - properly handle forwarded ICMPv6 traffic in the default configuration git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27317 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: explictely mention network in default configuration, ↵jow2011-05-201-0/+2
| | | | | | makes it less confusing git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26961 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [PATCH] firewall: provide examples of ssh port relocation on firewall and ↵jow2011-05-021-0/+22
| | | | | | | | | | | | | | | | IPsec passthrough Two examples of potentially useful configurations (commented out, of course): (a) map the ssh service running on the firewall to 22001 externally, without modifying the configuration of the daemon itself. this allows port 22 on the WAN side to then be port-forwarded to a LAN-based machine if desired, or if not, simply obscures the port from external attack. (b) allow IPsec/ESP and ISAKMP (UDP-based key exchange) to happen by default. useful for most modern VPN clients you might have on your WAN. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26805 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: don't apply default udp/68 rule to ip6tablesjow2010-05-191-0/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21509 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: add commented disable_ipv6 option to default configjow2010-05-191-0/+2
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21505 3c298f89-4303-0410-b956-a3cf2f4a3e73
* allow pingthepeople2010-03-181-0/+7
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20261 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: fix MSS issue affection RELATED new connections (closes: ↵nico2009-09-271-1/+1
| | | | | | #5173) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17762 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: allow incoming udp/68 packets in the default ↵jow2009-08-131-0/+8
| | | | | | configuration (#4108, #4781) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17238 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: enable /etc/firewall.user by default and install sample ↵jow2009-04-121-4/+4
| | | | | | firewall.user file git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15221 3c298f89-4303-0410-b956-a3cf2f4a3e73
* re-enable the mss fix by default for now - see discussion at ↵nbd2009-01-311-5/+1
| | | | | | http://lists.openwrt.org/pipermail/openwrt-devel/2009-January/003724.html for more information git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14293 3c298f89-4303-0410-b956-a3cf2f4a3e73
* disable the MSS fixup hack by default (most ISPs don't require this as a ↵nbd2008-12-311-0/+5
| | | | | | workaround for MTU problems, only some do). this should give a nice speedup for routing on standard-compliant ISPs git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13788 3c298f89-4303-0410-b956-a3cf2f4a3e73
* set default input policy to ACCEPT to bring the firewall behavior closer to ↵nbd2008-09-281-1/+1
| | | | | | the one of previous versions git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12766 3c298f89-4303-0410-b956-a3cf2f4a3e73
* firewall changes:nico2008-09-241-5/+5
| | | | | | | | - implement a REJECT policy and enable it by default, reject packets with approriate response (closes: #3970) - cleanup syn_flood and remove logging git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12688 3c298f89-4303-0410-b956-a3cf2f4a3e73
* use proto instead of protocol in uci firewallblogic2008-08-261-1/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12391 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uci firewallblogic2008-08-111-0/+80
- make uci firewall default and remove old code - fix up dependencies git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12284 3c298f89-4303-0410-b956-a3cf2f4a3e73