Jo-Philipp Wich
37ae268729
firewall: update to git head
...
- fixes calculation of IPv4 netmasks derived from 0.0.0.0/0 CIDRs
SVN-Revision: 36960
12 years ago
Steven Barth
9f1899242c
netifd: IPv6: Fix sorting order in last commit.
...
SVN-Revision: 36952
12 years ago
Steven Barth
213269a8f7
netifd: Satisfy IPv6 assignments ordered by prefix length
...
SVN-Revision: 36950
12 years ago
Jo-Philipp Wich
36d3fafd77
firewall: update to git head
...
- properly process intermediate "!" options in argument list (fixes negated ipsets)
SVN-Revision: 36935
12 years ago
Jo-Philipp Wich
0db38adf1c
firewall: update to git head
...
- fixes handling of reject target for rule sections with specific destination zone
SVN-Revision: 36933
12 years ago
Felix Fietkau
9fb5bf176e
netifd: update to latest version, uses the new uci/blob code from libuci
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 36909
12 years ago
Steven Barth
491deaed2c
netifd: improve reloading behaviour
...
SVN-Revision: 36903
12 years ago
Steven Barth
f995c90329
netifd: Improve IPv6 source-routing policies
...
SVN-Revision: 36884
12 years ago
Jonas Gorski
b9de8ca7f5
netifd: bring wifi down before shutting down
...
works around wifiX references not being freed on network restart.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 36883
12 years ago
Jo-Philipp Wich
e7b15446a8
firewall: udpate to git head ( #13652 , #13654 , #13658 )
...
- optimizes chain usage for ingress rules
- adds limit match support for redirect rules
- fixes automatic redirect dest detection on little endian systems
- leaves base chains in place on reload to allow user rules to target e.g. "reject"
SVN-Revision: 36871
12 years ago
Jo-Philipp Wich
5cf06bd17b
firewall: copy libext*.a from staging dir and drop kernel.mk includes, solves problem with colliding CONFIG_IPV6 symbols
...
SVN-Revision: 36868
12 years ago
Jo-Philipp Wich
ecc95dcba8
firewall: update to git head ( #13652 )
...
- simplifies using ipsets for rules and redirects, match direction can be specified in-place like option ipset 'setname src dst dst'
- uses zone_name_src_ACTION chains for input rules, this fixes logging with log enabled src zones
SVN-Revision: 36854
12 years ago
Jo-Philipp Wich
0a74d9d5c3
firewall3: fix accidentally changed install directive
...
SVN-Revision: 36840
12 years ago
Jo-Philipp Wich
07a3110e88
firewall: fix git source url
...
SVN-Revision: 36839
12 years ago
Jo-Philipp Wich
b721c92221
firewall3: rename to firewall, move into base system menu, update to git head with compatibility fixes for AA
...
SVN-Revision: 36838
12 years ago
Jo-Philipp Wich
0dd6753c09
Drop legacy firewall package
...
SVN-Revision: 36837
12 years ago
Jo-Philipp Wich
6f60308257
firewall3: update to git head ( #13641 )
...
* Fixes wrong chain used for zone forward policy
SVN-Revision: 36830
12 years ago
Jo-Philipp Wich
6eeca5176e
firewall3: update to git head
...
- Fixes problems with reusing matches or targets from loadable extensions
SVN-Revision: 36826
12 years ago
Jo-Philipp Wich
3bb397c997
firewall3: use list notation for default zone network config to avoid "uci add_list" coercing the value wrongly
...
SVN-Revision: 36806
12 years ago
Steven Barth
519f27cd33
netifd: updated IPv6 prefix delegation * Added support for prefix classes * Various bugfixes
...
SVN-Revision: 36771
12 years ago
Steven Barth
439fdd4d65
netifd: fix IPv6-addresses disappearing due to lifetime-overflows
...
SVN-Revision: 36748
12 years ago
Jo-Philipp Wich
63603ee478
firewall3: update to git head
...
- allows building without IPv6 support
- uses more robust rules to cope with missing libext.a
- uses better linking strategy to avoid symbol clashes with older iptables
- introduces source compatiblity layer for different libxtables versions
SVN-Revision: 36736
12 years ago
Jo-Philipp Wich
e4f8c38ed1
firewall3: update to git head
...
- allows symbolic notation for src_ip, src_dip and dest_ip options, e.g. option src_ip 'lan' to automatically resolve to "192.168.1.0/24"
- automatically infer destination zone for redirects from target ip, this makes 'dest' optional and nat reflection setup more robust
- properly support output rules with dest '*' to hook directly into delegate_output
- fixes crash when processing rules with unresolved targets
SVN-Revision: 36721
12 years ago
Jo-Philipp Wich
90887b5fb3
firewall3: update to git head
...
- fixes linking issues with some toolchains
SVN-Revision: 36703
12 years ago
Jo-Philipp Wich
c1ff8cd9bb
firewall3: update to git head
...
- Use weak references for instantiating libext*.a matches, makes fw3 independant from the compile time features of iptables
- Do not leak memory when processing rules with unknown targets or matches
SVN-Revision: 36698
12 years ago
Steven Barth
32c6ffb5a1
firewall3: Remove abandonend include
...
SVN-Revision: 36692
12 years ago
Jo-Philipp Wich
b757ca2259
firewall3: update to git head
...
- fix build on Linux < 3.7
- limit zone names to 14 bytes
SVN-Revision: 36691
12 years ago
Jo-Philipp Wich
c12189b379
firewall3: update to git head
...
- fixes reload when firewall is not running already
- fixes crash when ipsets are supported but undeclared
- fixes handling of per zone user chains on reload
SVN-Revision: 36689
12 years ago
Jo-Philipp Wich
dd83e87ab0
firewall3: update to git head
...
- fixes segfault in flush command if ipset support is not available
- fixes internal rule generation if custom chains are enabled
SVN-Revision: 36686
12 years ago
Jo-Philipp Wich
9b6c31d4cc
firewall3: move libext*.a copying to compile phase
...
SVN-Revision: 36684
12 years ago
Jo-Philipp Wich
e8050c6c35
firewall3: update to git head
...
* use libiptc and libxtables directly to manage ruleset, iptables-restore is unreliable and prone to race conditions
* make ipset integration more reliable
SVN-Revision: 36681
12 years ago
Steven Barth
0f1be4425f
netifd: Unify interface-based routing for IPv4 and IPv6 * Add interface option to set routing table for protocol routes * Enabled for IPv6 for source-based filtering, disabled for IPv4
...
Based on a patch by Kristian Evensen. Thank You.
SVN-Revision: 36653
12 years ago
Steven Barth
5ce135ed87
netifd: Various IPv6 improvements * Add support for IP-in-IPv6 tunnels (DS-Lite) * Use source-based routing for IPv6 to allow multi-wan * Various smaller tunnel setup improvements
...
SVN-Revision: 36627
12 years ago
Steven Barth
ea71678b09
netifd: added support for setting up 6rd from DHCP
...
SVN-Revision: 36626
12 years ago
Steven Barth
973dad61b0
firewall3: Remove obsoleted ULA-border
...
SVN-Revision: 36624
12 years ago
Steven Barth
07d99b62b7
firewall3: add wan6 interface to wan-zone by default
...
SVN-Revision: 36623
12 years ago
Steven Barth
4cb9d9715c
firewall: Remove obsoleted ULA-border rule
...
SVN-Revision: 36622
12 years ago
Jo-Philipp Wich
4bba31b64c
firewall3: update to git head
...
- assume "tcp+udp" if no protcol is specified in rules or redirects (#13422 , #13386 )
- add support for fwmark matches and mark setting targets
SVN-Revision: 36521
12 years ago
Jo-Philipp Wich
f1497ccf4f
netifd: update to git head - disables multicast snooping by default on bridges
...
SVN-Revision: 36463
12 years ago
Felix Fietkau
5062838fa5
netifd: update to the latest version, fixes interface reload issues when removing the ifname option
...
SVN-Revision: 36424
12 years ago
Steven Barth
2c78c1457b
firewall3: Make IPv6 ULA-Border generation dynamic
...
This fixes working behind another router which gives out ULAs.
SVN-Revision: 36416
12 years ago
Steven Barth
17b8c0c7b8
netifd: Improve IPv6-ULA assignment handling
...
SVN-Revision: 36383
12 years ago
Felix Fietkau
099e3d8183
netifd: update to latest version, fixes some device handling crashes
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 36336
12 years ago
Felix Fietkau
88c418bc75
qos-scripts: add queue length and quantum limit, suggested by dtaht
...
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 36294
12 years ago
John Crispin
04dcd12c91
add portmap support to userland
...
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 36284
12 years ago
John Crispin
f13ae9965c
add "swconfig list" support
...
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 36282
12 years ago
Jo-Philipp Wich
f90f025f20
netifd: fix route / route6 regression ( #13303 )
...
SVN-Revision: 36281
12 years ago
Steven Barth
3abc915522
Remove deprecated ip6slaac option * use proto=dhcpv6 with reqprefix=no instead
...
SVN-Revision: 36280
12 years ago
Steven Barth
35d716fbbb
netifd: Bump to latest version * Fix a memory corruption when updating IPv6 prefixes * Fix route sorting order (nbd) * Add support for ip rules (jow) * Implement support for route / route6 table attribute (jow)
...
SVN-Revision: 36196
12 years ago
Steven Barth
0393e52623
netifd: Rewrite IPv6 prefix assignment * Add ip6hint option to specify assigned subprefixes * Add preliminary support for RFC 6603 prefix exclusion
...
SVN-Revision: 36193
12 years ago