Jo-Philipp Wich
ad23dd94b6
firewall: provide examples of ssh port relocation on firewall and IPsec passthrough Two examples of potentially useful configurations (commented out, of course):
...
(a) map the ssh service running on the firewall to 22001 externally, without modifying the configuration of the daemon itself. this allows port 22 on the WAN side to then be port-forwarded to a
LAN-based machine if desired, or if not, simply obscures the port from external attack.
(b) allow IPsec/ESP and ISAKMP (UDP-based key exchange) to happen by default. useful for most modern VPN clients you might have on your WAN.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26805
14 years ago
Jo-Philipp Wich
cc84e0672b
firewall: don't apply default udp/68 rule to ip6tables
...
SVN-Revision: 21509
15 years ago
Jo-Philipp Wich
3875f85110
firewall: add commented disable_ipv6 option to default config
...
SVN-Revision: 21505
15 years ago
Travis Kemen
431808b5bf
allow ping
...
SVN-Revision: 20261
15 years ago
Nicolas Thill
b3d3e5d752
firewall: fix MSS issue affection RELATED new connections ( closes : #5173 )
...
SVN-Revision: 17762
15 years ago
Jo-Philipp Wich
b44b066543
firewall: allow incoming udp/68 packets in the default configuration ( #4108 , #4781 )
...
SVN-Revision: 17238
15 years ago
Jo-Philipp Wich
97100e0248
firewall: enable /etc/firewall.user by default and install sample firewall.user file
...
SVN-Revision: 15221
16 years ago
Felix Fietkau
50be634a3c
re-enable the mss fix by default for now - see discussion at http://lists.openwrt.org/pipermail/openwrt-devel/2009-January/003724.html for more information
...
SVN-Revision: 14293
16 years ago
Felix Fietkau
359ce7f97e
disable the MSS fixup hack by default (most ISPs don't require this as a workaround for MTU problems, only some do). this should give a nice speedup for routing on standard-compliant ISPs
...
SVN-Revision: 13788
16 years ago
Felix Fietkau
aaf31c36f1
set default input policy to ACCEPT to bring the firewall behavior closer to the one of previous versions
...
SVN-Revision: 12766
16 years ago
Nicolas Thill
d7810ed63e
firewall changes: - implement a REJECT policy and enable it by default, reject packets with approriate response ( closes : #3970 ) - cleanup syn_flood and remove logging
...
SVN-Revision: 12688
16 years ago
John Crispin
aa6c019c11
use proto instead of protocol in uci firewall
...
SVN-Revision: 12391
16 years ago
John Crispin
5627667654
uci firewall - make uci firewall default and remove old code - fix up dependencies
...
SVN-Revision: 12284
16 years ago
John Crispin
21bbdc24c3
adds a new uci firewall - iptbales and netfilter packages need to be rewrapped when we switch to this firewall as default - there are some examples in the file /etc/config/firewall - iptables-save/restore are still missing - hotplug takes care of adding/removing netdevs during runtime - misisng features ? wishes ? let me know ...
...
SVN-Revision: 12089
16 years ago