freifunkist-firmware

hsist

Author	SHA1	Message	Date
Jo-Philipp Wich	ad23dd94b6	firewall: provide examples of ssh port relocation on firewall and IPsec passthrough Two examples of potentially useful configurations (commented out, of course): (a) map the ssh service running on the firewall to 22001 externally, without modifying the configuration of the daemon itself. this allows port 22 on the WAN side to then be port-forwarded to a LAN-based machine if desired, or if not, simply obscures the port from external attack. (b) allow IPsec/ESP and ISAKMP (UDP-based key exchange) to happen by default. useful for most modern VPN clients you might have on your WAN. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> SVN-Revision: 26805	14 years ago
Jo-Philipp Wich	cc84e0672b	firewall: don't apply default udp/68 rule to ip6tables SVN-Revision: 21509	15 years ago
Jo-Philipp Wich	3875f85110	firewall: add commented disable_ipv6 option to default config SVN-Revision: 21505	15 years ago
Travis Kemen	431808b5bf	allow ping SVN-Revision: 20261	15 years ago
Nicolas Thill	b3d3e5d752	firewall: fix MSS issue affection RELATED new connections (closes: #5173 ) SVN-Revision: 17762	15 years ago
Jo-Philipp Wich	b44b066543	firewall: allow incoming udp/68 packets in the default configuration (#4108 , #4781 ) SVN-Revision: 17238	15 years ago
Jo-Philipp Wich	97100e0248	firewall: enable /etc/firewall.user by default and install sample firewall.user file SVN-Revision: 15221	16 years ago
Felix Fietkau	50be634a3c	re-enable the mss fix by default for now - see discussion at http://lists.openwrt.org/pipermail/openwrt-devel/2009-January/003724.html for more information SVN-Revision: 14293	16 years ago
Felix Fietkau	359ce7f97e	disable the MSS fixup hack by default (most ISPs don't require this as a workaround for MTU problems, only some do). this should give a nice speedup for routing on standard-compliant ISPs SVN-Revision: 13788	16 years ago
Felix Fietkau	aaf31c36f1	set default input policy to ACCEPT to bring the firewall behavior closer to the one of previous versions SVN-Revision: 12766	16 years ago
Nicolas Thill	d7810ed63e	firewall changes: - implement a REJECT policy and enable it by default, reject packets with approriate response (closes: #3970 ) - cleanup syn_flood and remove logging SVN-Revision: 12688	16 years ago
John Crispin	aa6c019c11	use proto instead of protocol in uci firewall SVN-Revision: 12391	16 years ago
John Crispin	5627667654	uci firewall - make uci firewall default and remove old code - fix up dependencies SVN-Revision: 12284	16 years ago
John Crispin	21bbdc24c3	adds a new uci firewall - iptbales and netfilter packages need to be rewrapped when we switch to this firewall as default - there are some examples in the file /etc/config/firewall - iptables-save/restore are still missing - hotplug takes care of adding/removing netdevs during runtime - misisng features ? wishes ? let me know ... SVN-Revision: 12089	16 years ago

13 Commits (031ea08ef0295b6185b2c70de27e9bf640b21400)