| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@30694 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
selectively clear them out again
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@28669 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
masq_dest is given but does not resolve to an ip
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@28628 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
conntrack instead of state match (#10038)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@28148 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
masq_src and masq_dest
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27196 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
firewall init immune against exit in the include scripts
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25835 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
| |
- support negations for src_ip, dest_ip, src_dip options in rules and redirects
- add NOTRACK target to rule sections, allows to define fine grained notrack rules
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23141 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
| |
print a notice and discard them
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23080 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
|
| |
- simplify masquerade rule setup
- remove various subshell invocations
- speedup fw() by not relying on xargs and pipes
- rework SNAT support - attach to dest zone, use src_dip/src_dport as snat source
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23024 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
| |
- handle NAT reflection in firewall hotplug, solves synchronizing issues on boot
- introduce masq_src and masq_dest options to limit zone masq to specific ip ranges, supports multiple subnets and negation
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22888 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
|
| |
- fix processing of rules with an ip family option
- append interface rules at the end of internal zone chains, simplifies injecting user or addon rules
- support simple file logging (option log + option log_limit per zone)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22847 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
| |
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22218 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
| |
- notrack support was broken in multiple ways, fix it
- also consider a zone conntracked if any redirect references it (#7196)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22215 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
|
|
|
|
| |
- fix ip6tables rules when icmp_type option is set
- add "family" option to zones, forwardings, redirects and rules to selectively apply rules to iptables and/or ip6tables
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21508 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
|
|
| |
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21503 3c298f89-4303-0410-b956-a3cf2f4a3e73
|
|
- replace uci firewall with a modular dual stack implementation developed by Malte S. Stretz
- bump version to 2
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21286 3c298f89-4303-0410-b956-a3cf2f4a3e73
|