Jo-Philipp Wich
4bba31b64c
firewall3: update to git head
...
- assume "tcp+udp" if no protcol is specified in rules or redirects (#13422 , #13386 )
- add support for fwmark matches and mark setting targets
SVN-Revision: 36521
12 years ago
Jo-Philipp Wich
f1497ccf4f
netifd: update to git head - disables multicast snooping by default on bridges
...
SVN-Revision: 36463
12 years ago
Felix Fietkau
5062838fa5
netifd: update to the latest version, fixes interface reload issues when removing the ifname option
...
SVN-Revision: 36424
12 years ago
Steven Barth
2c78c1457b
firewall3: Make IPv6 ULA-Border generation dynamic
...
This fixes working behind another router which gives out ULAs.
SVN-Revision: 36416
12 years ago
Steven Barth
17b8c0c7b8
netifd: Improve IPv6-ULA assignment handling
...
SVN-Revision: 36383
12 years ago
Felix Fietkau
099e3d8183
netifd: update to latest version, fixes some device handling crashes
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 36336
12 years ago
Felix Fietkau
88c418bc75
qos-scripts: add queue length and quantum limit, suggested by dtaht
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 36294
12 years ago
John Crispin
04dcd12c91
add portmap support to userland
...
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 36284
12 years ago
John Crispin
f13ae9965c
add "swconfig list" support
...
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 36282
12 years ago
Jo-Philipp Wich
f90f025f20
netifd: fix route / route6 regression ( #13303 )
...
SVN-Revision: 36281
12 years ago
Steven Barth
3abc915522
Remove deprecated ip6slaac option * use proto=dhcpv6 with reqprefix=no instead
...
SVN-Revision: 36280
12 years ago
Steven Barth
35d716fbbb
netifd: Bump to latest version * Fix a memory corruption when updating IPv6 prefixes * Fix route sorting order (nbd) * Add support for ip rules (jow) * Implement support for route / route6 table attribute (jow)
...
SVN-Revision: 36196
12 years ago
Steven Barth
0393e52623
netifd: Rewrite IPv6 prefix assignment * Add ip6hint option to specify assigned subprefixes * Add preliminary support for RFC 6603 prefix exclusion
...
SVN-Revision: 36193
12 years ago
Jo-Philipp Wich
6fa1b5346e
firewall3: update to git head
...
* fixes parsing of src/dest '*'
* fixes parsing of proto 'all'
SVN-Revision: 36111
12 years ago
Jo-Philipp Wich
76d1c0a067
firewall3: update to git head
...
* fixes port remapping rules (#13217 )
SVN-Revision: 36100
12 years ago
Steven Barth
261be7b8f3
netifd: Fix adding IPv6 DNS-servers to resolv.conf
...
In some cases IPv6 DNS-servers were not added correctly.
SVN-Revision: 36095
12 years ago
Jo-Philipp Wich
6fbd824e9b
firewall3: update to git head
...
* fixes reload handling of zones and ipsets that are still running but already deleted from the config
SVN-Revision: 36092
12 years ago
Jo-Philipp Wich
03cb7986fc
firewall3: update to git head
...
- support network names in per-zone 'masq_src', 'masq_dest' and 'subnet' options (#13197 )
- do not allow src_mac option for SNAT rules
SVN-Revision: 36090
12 years ago
Jo-Philipp Wich
54f9f47a28
firewall3: update to git head
...
* Introduce "option reload" for includes to specify whether includes should be processed on reload (e.g. when tapping into internal chains)
* Allow "network" and "device" commands while firewall is running (to make them usable in includes)
SVN-Revision: 36009
12 years ago
Jo-Philipp Wich
9faa312dbb
firewall3: update to git head
...
* Adds support for emitting hotplug events when creating and clearing zones (fixes miniupnpd)
* Make NAT reflection direction configurable
* Map init script stop action to flush
* Map init script reload action to reload
* Respect init script disabled state in hotplug handler
SVN-Revision: 35998
12 years ago
Jo-Philipp Wich
8c7ed1cb7b
firewall3: update to git head
...
* Fixes compilation against eglibc
* Fixes tracking logic when selectively restarting IPv4 or IPv6 firewall
* Fixes tracking logic for user chains by differentiating between reloads and restarts
* Introduces per-zone user chains {input,output,forwarding,prerouting,postrouting}_$zone_rule
* Supports legacy "tcpudp" protocol notation again
SVN-Revision: 35969
12 years ago
Jo-Philipp Wich
e259ecad7e
Revert "firewall3: update to git head"
...
This reverts commit 89969fa333c90fdb217b7289272f3427add107de.
SVN-Revision: 35904
12 years ago
Jo-Philipp Wich
50213fc354
firewall3: update to git head
...
- introduce per-zone user chains
- support legacy "tcpudp" protocol notation
SVN-Revision: 35903
12 years ago
Jo-Philipp Wich
d75c632de6
firewall3: add default config and firewall.user
...
SVN-Revision: 35889
12 years ago
Jo-Philipp Wich
89be702bff
firewall3: update to git head, introduces support for "enabled" option
...
SVN-Revision: 35845
12 years ago
Jo-Philipp Wich
557c047f71
firewall3: clear contnrack table on flush, set policies to drop during rule reload
...
SVN-Revision: 35820
12 years ago
Jo-Philipp Wich
92062542e2
firewall: fix logging rule regression ( #12999 )
...
SVN-Revision: 35745
12 years ago
Jo-Philipp Wich
4fb2cd18c1
firewall3: add support for shell script and iptables-restore style includes
...
SVN-Revision: 35744
12 years ago
Steven Barth
a7b262dc0a
netifd: only update resolv.conf.auto if changed This avoids logspam under certain conditions.
...
SVN-Revision: 35743
12 years ago
Jo-Philipp Wich
7d7d88b580
firewall3: update to git head
...
- all uci rules are boxed in custom chains now, so a firewall stop leaves user rules intact
- properly handle selective ipv4 or ipv6 only firewall start/stop/restart actions
- support ip ranges (e.g. option src_ip '!192.168.1.1-192.168.1.100' -> -m iprange ! --src-range 192.168.1.1-192.168.1.100')
- support time options (e.g. option weekdays 'Mon Tue Sat' -> -m time --weekdays 1,2,6')
SVN-Revision: 35738
12 years ago
Jo-Philipp Wich
02b0c62f33
firewall3 - a C implementation of the current firewall scripts
...
SVN-Revision: 35643
12 years ago
Jo-Philipp Wich
e106f25ee7
firewall: various enhancements
...
- reduce mssfix related log spam (#10681 )
- separate src and dest terminal chains (#11453 , #12945 )
- disable per-zone custom chains by default, they're rarely used
Additionally introduce options "device", "subnet", "extra", "extra_src" and "extra_dest"
to allow defining zones not related to uci interfaces, e.g. to match "ppp+" or any tcp
traffic to and from a specific port.
SVN-Revision: 35484
12 years ago
Steven Barth
6a43437908
netifd: Improved IPv6 featureset * Fix reloading of ula-prefixes * Added support for temporary addresses and routes * Added support for offlink addresses * Improved status-output for assigned prefixes
...
SVN-Revision: 35420
12 years ago
Felix Fietkau
65657fb585
netifd: update to latest version
...
fixes DNS servers on reload (#12910 )
fixes ubus object race on reload or down/up (#12612 )
SVN-Revision: 35383
12 years ago
Steven Barth
777f7b30ae
netifd: implement IPv6 prefix deprecation according to RFC 6204
...
SVN-Revision: 35377
12 years ago
Steven Barth
fac1ed35ac
netifd: remove IPv6 forwarding-sysctl workaround
...
SVN-Revision: 35369
12 years ago
Felix Fietkau
6ea9abadeb
netifd: update to latest version, fixes setting addresses/routes on alias interfaces
...
SVN-Revision: 35362
12 years ago
Jo-Philipp Wich
839f3ab0e7
firewall: flush conntrack table after changing interface rules
...
SVN-Revision: 35348
12 years ago
Steven Barth
ec41a6a08c
netifd: IPv6 sysctl, restart IPv6 in static mode to send RS
...
SVN-Revision: 35347
12 years ago
Steven Barth
75b06607db
netifd: add SLAAC ipv6 value for static-proto
...
SVN-Revision: 35346
12 years ago
Felix Fietkau
55eab5ac44
netifd: update to latest version, adds another fix for interface aliases
...
SVN-Revision: 35297
12 years ago
Steven Barth
5859fc7a39
netifd: Fix a segfault when globals.ula_prefix is empty
...
SVN-Revision: 35296
12 years ago
Steven Barth
f129c6786e
netifd: Fix segfaults in IPv6 prefix handling
...
SVN-Revision: 35259
12 years ago
Felix Fietkau
5bc6555e08
netifd: update to latest version, fixes alias support
...
SVN-Revision: 35251
12 years ago
Jo-Philipp Wich
f2766239ea
netifd: add a band-aid fix for the wifi setup vs. netifd init race by increasing the wait time to five seconds
...
SVN-Revision: 35240
12 years ago
Steven Barth
1ecc744583
netifd: @aliases use layer 3 devices instead of main devices Fixes dhcpv6 protocol alias
...
SVN-Revision: 35187
12 years ago
Steven Barth
06890959d1
netifd: Introduce native IPv6 prefix-handling
...
SVN-Revision: 35167
12 years ago
Jo-Philipp Wich
e5548b03e5
netifd: update to git head, adds 64bit counters
...
SVN-Revision: 35140
12 years ago
Steven Barth
b077480a59
firewall: Add ULA site border for IPv6 traffic This prevents private traffic from leaking out to the internet
...
SVN-Revision: 35012
12 years ago
Felix Fietkau
bf34eeaea4
netifd: update to latest version, fixes interface error reporting for shell proto handlers
...
SVN-Revision: 34741
12 years ago