35 Commits (838c0682f8aa89b10fe77737ab6442f27a1bac64)

Author SHA1 Message Date
Florian Fainelli 7e2361d46a fix typo in the uci firewall script 16 years ago
Felix Fietkau f81a781e1a firewall: automatically set up NOTRACK rules to disable connection tracking for zones that have no masquerading, no conntrack and no forwarding from/to other zones with masq/conntrack 16 years ago
Jo-Philipp Wich cacb52e19f firewall: process custom rules after forwardings and redirects, this actually allows blocking traffic to certain hosts and other rules 16 years ago
Jo-Philipp Wich 97100e0248 firewall: enable /etc/firewall.user by default and install sample firewall.user file 16 years ago
Felix Fietkau 50be634a3c re-enable the mss fix by default for now - see discussion at http://lists.openwrt.org/pipermail/openwrt-devel/2009-January/003724.html for more information 16 years ago
Felix Fietkau 4fc8f4c5c8 firewall: don't clear the mangle table at startup or stop - it doesn't use it and clearing it breaks qos 16 years ago
Jo-Philipp Wich 83c9ac173d firewall: introduce drop_invalid option to allow disabling the invalid state match 16 years ago
Felix Fietkau 5b58a8db1f firewall: allow multiple interfaces to be part of one zone, fix the sanity checks for that 16 years ago
Felix Fietkau c7ff578b9f firewall: clear the MSSFIX rules 16 years ago
Steven Barth d1049f535a Unify portrange-support in firewall rule generator fixes #4404 16 years ago
Felix Fietkau 359ce7f97e disable the MSS fixup hack by default (most ISPs don't require this as a workaround for MTU problems, only some do). this should give a nice speedup for routing on standard-compliant ISPs 16 years ago
John Crispin 3830b905e3 fixes firewall for trunk, custom chains were never reched, as policies apply beforehand 16 years ago
John Crispin 221f4ad32d fixes firewall rule generation. forwarding rules were inserted in input chains, fixes #4028 16 years ago
John Crispin b56d5cc36f custom chains were never reached on DROP/REJECT policy, fixes #4004 #4029 16 years ago
Felix Fietkau aaf31c36f1 set default input policy to ACCEPT to bring the firewall behavior closer to the one of previous versions 16 years ago
Felix Fietkau 13abdc0af1 firewall: fix default policies, add a check for duplicate defaults sections and make custom chains more generic 16 years ago
Nicolas Thill d7810ed63e firewall changes: - implement a REJECT policy and enable it by default, reject packets with approriate response (closes: #3970) - cleanup syn_flood and remove logging 16 years ago
Steven Barth 954c24c5ed Fixed a typo in the firewall scripts 16 years ago
Steven Barth efb4cebbc6 Fixed a typo in firewall scripts, closes #4000 16 years ago
John Crispin 7f6ee846b7 make uci firewall backwards compatible to the old firewall.user 16 years ago
John Crispin 20216aa44d add proto tcpudp to firewall 16 years ago
John Crispin 9eaae4c61d fix device duplication in firewall if the balancing of ifup and ifdown is broken 16 years ago
John Crispin 924d10d611 make sure uci firewall reverts its states when stopped 16 years ago
John Crispin 146b47b60a fixes uci firewall init order, Signed-off-by: Roberto Riggio 16 years ago
Steven Barth 24c318dfe7 firewall: Added support for port-ranges as firstPort-lastPort to redirect sections 16 years ago
John Crispin 517dfd27e5 adds 5 new chains to the uci firewall that can be used to hook custom rules 16 years ago
John Crispin 4d7f694c43 adds more sanity checks to uci firewall 16 years ago
John Crispin aa6c019c11 use proto instead of protocol in uci firewall 16 years ago
Felix Fietkau 8ab217accc fix some firewall script typos (patch from #3897) 16 years ago
Travis Kemen 64a8d6c405 fix typo, proto should be protocol 16 years ago
John Crispin 7681547293 trigger error if dport is used when no proto is defined 16 years ago
John Crispin 5627667654 uci firewall - make uci firewall default and remove old code - fix up dependencies 16 years ago
John Crispin 43e28bf153 uci_firewall - fixes hotplug.d script 16 years ago
John Crispin 0f5cbca010 uci firewall - remove implicit creation of zones, based on network interfaces 16 years ago
John Crispin 21bbdc24c3 adds a new uci firewall - iptbales and netfilter packages need to be rewrapped when we switch to this firewall as default - there are some examples in the file /etc/config/firewall - iptables-save/restore are still missing - hotplug takes care of adding/removing netdevs during runtime - misisng features ? wishes ? let me know ... 17 years ago