53 Commits (10f41663ff11079a9333c592a0ad494d595ecaeb)

Author SHA1 Message Date
Felix Fietkau 10f627db5c firewall: fix fallout from r18716 (fixes #6338) 15 years ago
Felix Fietkau 74cbcc9ee5 firewall: get rid of recursive shell script inclusion to improve hush compatibility 15 years ago
Felix Fietkau 9e99581621 adjust dependencies of firewall and qos-scripts, so that these packages are visible even when iptables is not selected 15 years ago
Jo-Philipp Wich 6cb040903b firewall: initialize dest_port with src_dport if omitted in redirect sections to narrow down corresponding forward rules to the actual target ports - thanks Niels Boehm! (#6249) 15 years ago
Felix Fietkau 70b6643034 firewall: fix zone defaults 15 years ago
Felix Fietkau 2ecfe91b61 firewall: do not process rules in reverse 15 years ago
Nicolas Thill b3d3e5d752 firewall: fix MSS issue affection RELATED new connections (closes: #5173) 15 years ago
Felix Fietkau e9ec3a6e68 firewall: add sanity checks to zone default rules (patch from #5459) 15 years ago
Jo-Philipp Wich 8df03c85fe firewall: move the config_get out of the loop, no need to call it multiple times 15 years ago
Jo-Philipp Wich 715285dd43 firewall: properly dispatch delif events if the network has a different name then the corresponding zone 15 years ago
Andy Boyett a5f80019ef bump some revisions and update copyrights 15 years ago
Felix Fietkau 590fdc946a firewall: emit hotplug events for interface add/remove 15 years ago
Jo-Philipp Wich b44b066543 firewall: allow incoming udp/68 packets in the default configuration (#4108, #4781) 15 years ago
Jo-Philipp Wich 187e2ba9fc firewall: add icmp_type option to specify the icmp type in rule sections, bump pkg revision (#5554) 16 years ago
Florian Fainelli ffc1fefe2c set PKGARCH to all for packages in trunk containing only arch-neutral files (#5572) 16 years ago
Florian Fainelli 7e2361d46a fix typo in the uci firewall script 16 years ago
Felix Fietkau f81a781e1a firewall: automatically set up NOTRACK rules to disable connection tracking for zones that have no masquerading, no conntrack and no forwarding from/to other zones with masq/conntrack 16 years ago
Jo-Philipp Wich 41c3d515d2 firewall: actually copy firewall.user to image 16 years ago
Jo-Philipp Wich cacb52e19f firewall: process custom rules after forwardings and redirects, this actually allows blocking traffic to certain hosts and other rules 16 years ago
Jo-Philipp Wich 97100e0248 firewall: enable /etc/firewall.user by default and install sample firewall.user file 16 years ago
Felix Fietkau 50be634a3c re-enable the mss fix by default for now - see discussion at http://lists.openwrt.org/pipermail/openwrt-devel/2009-January/003724.html for more information 16 years ago
Felix Fietkau 4fc8f4c5c8 firewall: don't clear the mangle table at startup or stop - it doesn't use it and clearing it breaks qos 16 years ago
Jo-Philipp Wich 83c9ac173d firewall: introduce drop_invalid option to allow disabling the invalid state match 16 years ago
Felix Fietkau 5b58a8db1f firewall: allow multiple interfaces to be part of one zone, fix the sanity checks for that 16 years ago
Felix Fietkau c7ff578b9f firewall: clear the MSSFIX rules 16 years ago
Steven Barth d1049f535a Unify portrange-support in firewall rule generator fixes #4404 16 years ago
Felix Fietkau 359ce7f97e disable the MSS fixup hack by default (most ISPs don't require this as a workaround for MTU problems, only some do). this should give a nice speedup for routing on standard-compliant ISPs 16 years ago
John Crispin 3830b905e3 fixes firewall for trunk, custom chains were never reched, as policies apply beforehand 16 years ago
John Crispin 221f4ad32d fixes firewall rule generation. forwarding rules were inserted in input chains, fixes #4028 16 years ago
John Crispin b56d5cc36f custom chains were never reached on DROP/REJECT policy, fixes #4004 #4029 16 years ago
Felix Fietkau aaf31c36f1 set default input policy to ACCEPT to bring the firewall behavior closer to the one of previous versions 16 years ago
Felix Fietkau 13abdc0af1 firewall: fix default policies, add a check for duplicate defaults sections and make custom chains more generic 16 years ago
Nicolas Thill d7810ed63e firewall changes: - implement a REJECT policy and enable it by default, reject packets with approriate response (closes: #3970) - cleanup syn_flood and remove logging 16 years ago
Nicolas Thill 2c8010b2dc make the whole iptables/netfiter modular (closes: #3871, #3527) 16 years ago
Steven Barth 954c24c5ed Fixed a typo in the firewall scripts 16 years ago
Steven Barth efb4cebbc6 Fixed a typo in firewall scripts, closes #4000 16 years ago
John Crispin 7f6ee846b7 make uci firewall backwards compatible to the old firewall.user 16 years ago
John Crispin 20216aa44d add proto tcpudp to firewall 16 years ago
John Crispin 9eaae4c61d fix device duplication in firewall if the balancing of ifup and ifdown is broken 16 years ago
John Crispin 924d10d611 make sure uci firewall reverts its states when stopped 16 years ago
John Crispin 146b47b60a fixes uci firewall init order, Signed-off-by: Roberto Riggio 16 years ago
Steven Barth 24c318dfe7 firewall: Added support for port-ranges as firstPort-lastPort to redirect sections 16 years ago
John Crispin 517dfd27e5 adds 5 new chains to the uci firewall that can be used to hook custom rules 16 years ago
John Crispin 4d7f694c43 adds more sanity checks to uci firewall 16 years ago
John Crispin aa6c019c11 use proto instead of protocol in uci firewall 16 years ago
Felix Fietkau 8ab217accc fix some firewall script typos (patch from #3897) 16 years ago
Travis Kemen 64a8d6c405 fix typo, proto should be protocol 16 years ago
John Crispin 7681547293 trigger error if dport is used when no proto is defined 16 years ago
John Crispin c9f2df5cea fixes firewall makefile description 16 years ago
John Crispin 5627667654 uci firewall - make uci firewall default and remove old code - fix up dependencies 16 years ago