be906f6be5
package u32 match and TEE target, patches by Maxim Uvarov
...
SVN-Revision: 26977
14 years ago
a9977eca91
firewall: allow local redirection of ports
...
Allow a redirect like:
config redirect
option src 'wan'
option dest 'lan'
option src_dport '22001'
option dest_port '22'
option proto 'tcp'
note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself.
This patch makes three changes:
(1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers).
(2) fixes a bug where the wrong table is used when the "dest_ip" field is absent.
(3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted
connections.
In the above example,
ssh -p 22 root@myrouter
would fail from the outside, but:
ssh -p 22001 root@myrouter
would succeed. This is handy if:
(1) you want to avoid ssh probes on your router, or
(2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but
still want to allow firewall access from outside.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26617
14 years ago
24c1caef5f
iipt-debug: create bundle of netfilter modules for debugging
...
Add a bundle for including commonly useful modules for IPtables debugging and development.
For now, it just contains xt_TRACE.ko
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26567
14 years ago
5959cd2850
add kmod-ipt-led
...
Netfilter LED target triggers blinkenlichten when a network packet hits
a rule.
LED target requires iptables 1.4.9 or higher
Signed-off-by: Łukasz Stelmach <stlman@poczta.fm>
SVN-Revision: 26451
14 years ago
c864843cbf
netfilter.mk: put ipv6 conntrack in the right package
...
SVN-Revision: 25750
14 years ago
2d14f4e2f8
netfilter: add missing modules for v6 conntrack (patch from #8940 )
...
SVN-Revision: 25731
14 years ago
831e597d7c
move nf_{conntrack,nat}_tftp to ipt-nathelper-extra, most people don't need this
...
SVN-Revision: 25722
14 years ago
9dad83362d
kernel: remove imq support, refresh patches
...
SVN-Revision: 25641
14 years ago
d2d990e41e
netfilter.mk: fix connmark packaging for Kernels >= 2.6.35, thanks Daniel Gimpelevich
...
SVN-Revision: 24729
14 years ago
c32a125607
netfilter: workaround a userspace/kernel mismatch on Linux 2.6.35 and later
...
SVN-Revision: 23521
14 years ago
57d2e57b02
finalize r22241 fixes
...
SVN-Revision: 22242
15 years ago
91468dcf4f
package TPROXY target and module infrastructure
...
SVN-Revision: 21883
15 years ago
b6e28298fe
include/netfilter.mk fix typo on r21795
...
SVN-Revision: 21796
15 years ago
e491939c70
include/netfilter.mk: add 2.6.35 kernel support
...
SVN-Revision: 21795
15 years ago
aa8e2e8685
netfilter: extension fixes (partially closes : #7045 ) * add missing xt_owner (2.6) * enable ipt_quota (2.4), disabled in [8499] is building fine with recent iptables * add missing ipt_nat_tftp (2.4) * add missing nf_nat_amanda (2.6)
...
SVN-Revision: 20693
15 years ago
1b0a9b51c4
include/netfilter.mk: move ebtables definitions at the end
...
SVN-Revision: 20690
15 years ago
42e453a2e3
properly package xt_comment.ko ( #6742 )
...
SVN-Revision: 19861
15 years ago
15c4e22d31
netfilter: add support for raw table and NOTRACK target ( #5504 )
...
SVN-Revision: 19721
15 years ago
e830181f47
iptables: add comment match to the core package
...
SVN-Revision: 18706
15 years ago
72dbf7cdca
netfilter: remove IPset leftovers missed from [17844]
...
SVN-Revision: 18032
15 years ago
e014faf13f
Update ipset to version 3.2
...
SVN-Revision: 17764
15 years ago
0e783dde14
split ebtables packages and modules into ebtables ipv4/6 and watchers ( #5001 )
...
SVN-Revision: 16980
16 years ago
a06b20f5b3
fix ip6tables installation against ip6t_HL which has been merged in xt_HL since 2.6.29 ( #5568 )
...
SVN-Revision: 16964
16 years ago
11b33255ed
netfilter: move iptable_raw, xt_NOTRACK from conntrack-extra to conntrack
...
SVN-Revision: 15854
16 years ago
73cfaa0f2b
ipt_TTL and ipt_ttl moved and were renamed in kernel 2.6.30
...
SVN-Revision: 15851
16 years ago
f3dd32d6fd
adept netfilter.mk to updated imq
...
SVN-Revision: 15656
16 years ago
34939cad39
get rid of $Id$ - it has never helped us and it has broken too many patches ;)
...
SVN-Revision: 15242
16 years ago
e744c3130a
move iptable_raw to the conntrack-extra package
...
SVN-Revision: 15175
16 years ago
3b53bd7ef3
accomodate netfilter module (xt_recent) name change in 2.6.28, add missing kconfig when xt_recent is enabled
...
SVN-Revision: 15123
16 years ago
68d73be80c
remove support for ipp2p - it's unmaintained, broken, overmatching and undermatching => not that useful for QoS
...
SVN-Revision: 14596
16 years ago
e5c9f00637
netfilter: remove CHAOS, TARPIT and DELUDE references
...
SVN-Revision: 14461
16 years ago
24e299f95d
defrag needs to be loaded before conntrack_ipv4
...
SVN-Revision: 13585
16 years ago
a7cac1dc31
fix conntrack on 2.6.28
...
SVN-Revision: 13582
16 years ago
2c8010b2dc
make the whole iptables/netfiter modular ( closes : #3871 , #3527 )
...
SVN-Revision: 12649
16 years ago
5cf0db54c6
Package ip6t_limit and ip6t_frag for 2.4 kernels ( #3760 )
...
SVN-Revision: 12276
16 years ago
a7b3ffc182
cosmetic change: rename IPT_NAT_DEFAULT & IPT_NAT_EXTRA to IPT_NATHELPER & IPT_NATHELPER_EXTRA respectively, to better match package names
...
SVN-Revision: 11073
17 years ago
3c05234962
kmod-ipt-iprange: fix build error on .25
...
SVN-Revision: 10992
17 years ago
d80f43d15f
update iptables to 1.4.0 (2.6 kernels only), refresh kernel patches
...
SVN-Revision: 10843
17 years ago
30f8862033
layer7 filtering module is now xt_layer7 ( #3268 )
...
SVN-Revision: 10674
17 years ago
4e05416c39
netfilter/ipset cleanups * rename patches to follow our naming conventions * update ipset patches with revision 7096 of [ https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng pom] * add CONFIG_IP_NF_SET_IPTREEMAP to default kernel configs * add ip_set_iptreemap to include/netfilter.mk * update kmod-ipt-ipset module description
...
SVN-Revision: 9269
17 years ago
8309e3dff2
add TARPIT support to netfilter/iptables * netfilter: add the xt_TARPIT target module required by xt_CHAOS * include/netfilter.mk: reorder, xt_CHAOS depends on xt_TARPIT and xt_DELUDE * iptables: add libipt_TARPIT to the kmod-ipt-extra package, bump release number * original patchset can be found [ http://tinyurl.com/2mjk2kx here]
...
SVN-Revision: 9178
17 years ago
0bf90f2a0d
add ipv6 conntrack support ( closes : #2192 )
...
SVN-Revision: 8984
17 years ago
fec4d9ee3c
add missing 2.6 conntrack/nat helpers, add 2.6 conntrack/nat helper for RTSP ( closes : #2297 , thanks to aorlinsk), sync 2.4 / 2.6 kconfigs.
...
SVN-Revision: 8955
17 years ago
f5f47e1fbd
cosmetic cleanup before more deep changes
...
SVN-Revision: 8870
17 years ago
f6197eabda
fix typo again (do i need some sleep?)
...
SVN-Revision: 8822
17 years ago
dcf795770c
oops, fix typo
...
SVN-Revision: 8816
17 years ago
892b16a352
revert CONFIG_* symbols set m enforcement introduced in [8591], it can't work when symbols from different kernel versions are mixed in KCONFIG
...
SVN-Revision: 8798
17 years ago
5011d6129c
prevent include/netfilter.mk from being included multiple times
...
SVN-Revision: 8781
17 years ago
6a06ccf9b6
Package the statistics module for netfilter
...
SVN-Revision: 8716
17 years ago
8dc7ced4d4
require all CONFIG_* symbols listed in its KCONFIG to be set to m in order to actually build a kmod package, tweak and fix kernel package definitions.
...
SVN-Revision: 8591
17 years ago
Jo-Philipp Wich