hsist
/
freifunkist-firmware
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
14623 Commits
1 Branch
0 Tags
164 MiB
Tag: Branch: Tree: d3ce5cd3ac
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd3ce5cd3ac'
${ noResults }
Commit Graph

70 Commits (d3ce5cd3ac38dd49f09db23de13fc137399ac768)

Author SHA1 Message Date
Jo-Philipp Wich cc84e0672b firewall: don't apply default udp/68 rule to ip6tables
15 years ago
Jo-Philipp Wich 40ad9defcc firewall: - fix ip6tables rules when icmp_type option is set - add "family" option to zones, forwardings, redirects and rules to selectively apply rules to iptables and/or ip6tables
15 years ago
Jo-Philipp Wich 3875f85110 firewall: add commented disable_ipv6 option to default config
15 years ago
Jo-Philipp Wich 3ffd27f905 firewall: implement disable_ipv6 uci option
15 years ago
Jo-Philipp Wich c6fdffd932 firewall (#7355) - partially revert r21486, start firewall on init again - skip iface hotplug events if base fw is not up yet - get ifname and up state with uci_get_state() in iface setup since the values gathered by scan_interfaces() may be outdated when iface coldplugging happens (observed with pptp) - ignore up state when bringing down interfaces because ifdown reverts state vars before dispatching the iface event - bump package revision
15 years ago
Jo-Philipp Wich 91519d51e9 firewall: fix a possible deadlock when the firewall config has syntax errors during restart
15 years ago
Jo-Philipp Wich 28e92939d1 firewall: use uci_get_state() wrapper
15 years ago
Jo-Philipp Wich 18a79362e9 firewall: properly clear hooks in fw_stop() to prevent extensions from being called twice after fw_restart()
15 years ago
Jo-Philipp Wich de15765a37 firewall: - defer firewall start until the first interface is brought up by hotplug, fixes race conditions on slow devices - create a file lock during firewall start and wait for it in hotplug events, prevents race conditions between start and addif - start firewall actions in background from hotplug handler since the firewall itself fires further hotplug events which results in a deadlock if not forked off - get loaded state direcly from the uci binary since updated value is not recognized by config_get after uci_set_state - bump package revision to r2
15 years ago
Jo-Philipp Wich e796062a4b firewall: properly unset position for delete command, fixes rule removal in ifdown
15 years ago
Jo-Philipp Wich 3c2149a759 firewall: fix bug in iface hotplug handler
15 years ago
Jo-Philipp Wich c284cb51c0 firewall: - replace uci firewall with a modular dual stack implementation developed by Malte S. Stretz - bump version to 2
15 years ago
Travis Kemen 431808b5bf allow ping
15 years ago
Jo-Philipp Wich f96ecd026d firewall: insert rules at the beginning of chains again while maintaining non reversed order, fixes wrong ordering introduced by r18015
15 years ago
Jo-Philipp Wich 25a5fab34c firewall: fix bad number error in fw_redirect() (#6704)
15 years ago
Travis Kemen 9f3a73d9e2 Add destination ip of the wan adapter useful if you have multiple ip addresses.
15 years ago
Jo-Philipp Wich 6eae630652 firewall: fix a race condition preventing interfaces from being added to the firewall on boot
15 years ago
Felix Fietkau 10f627db5c firewall: fix fallout from r18716 (fixes #6338)
15 years ago
Felix Fietkau 74cbcc9ee5 firewall: get rid of recursive shell script inclusion to improve hush compatibility
15 years ago
Felix Fietkau 9e99581621 adjust dependencies of firewall and qos-scripts, so that these packages are visible even when iptables is not selected
15 years ago
Jo-Philipp Wich 6cb040903b firewall: initialize dest_port with src_dport if omitted in redirect sections to narrow down corresponding forward rules to the actual target ports - thanks Niels Boehm! (#6249)
15 years ago
Felix Fietkau 70b6643034 firewall: fix zone defaults
15 years ago
Felix Fietkau 2ecfe91b61 firewall: do not process rules in reverse
15 years ago
Nicolas Thill b3d3e5d752 firewall: fix MSS issue affection RELATED new connections (closes: #5173)
15 years ago
Felix Fietkau e9ec3a6e68 firewall: add sanity checks to zone default rules (patch from #5459)
15 years ago
Jo-Philipp Wich 8df03c85fe firewall: move the config_get out of the loop, no need to call it multiple times
15 years ago
Jo-Philipp Wich 715285dd43 firewall: properly dispatch delif events if the network has a different name then the corresponding zone
15 years ago
Andy Boyett a5f80019ef bump some revisions and update copyrights
15 years ago
Felix Fietkau 590fdc946a firewall: emit hotplug events for interface add/remove
15 years ago
Jo-Philipp Wich b44b066543 firewall: allow incoming udp/68 packets in the default configuration (#4108, #4781)
15 years ago
Jo-Philipp Wich 187e2ba9fc firewall: add icmp_type option to specify the icmp type in rule sections, bump pkg revision (#5554)
15 years ago
Florian Fainelli ffc1fefe2c set PKGARCH to all for packages in trunk containing only arch-neutral files (#5572)
15 years ago
Florian Fainelli 7e2361d46a fix typo in the uci firewall script
16 years ago
Felix Fietkau f81a781e1a firewall: automatically set up NOTRACK rules to disable connection tracking for zones that have no masquerading, no conntrack and no forwarding from/to other zones with masq/conntrack
16 years ago
Jo-Philipp Wich 41c3d515d2 firewall: actually copy firewall.user to image
16 years ago
Jo-Philipp Wich cacb52e19f firewall: process custom rules after forwardings and redirects, this actually allows blocking traffic to certain hosts and other rules
16 years ago
Jo-Philipp Wich 97100e0248 firewall: enable /etc/firewall.user by default and install sample firewall.user file
16 years ago
Felix Fietkau 50be634a3c re-enable the mss fix by default for now - see discussion at http://lists.openwrt.org/pipermail/openwrt-devel/2009-January/003724.html for more information
16 years ago
Felix Fietkau 4fc8f4c5c8 firewall: don't clear the mangle table at startup or stop - it doesn't use it and clearing it breaks qos
16 years ago
Jo-Philipp Wich 83c9ac173d firewall: introduce drop_invalid option to allow disabling the invalid state match
16 years ago
Felix Fietkau 5b58a8db1f firewall: allow multiple interfaces to be part of one zone, fix the sanity checks for that
16 years ago
Felix Fietkau c7ff578b9f firewall: clear the MSSFIX rules
16 years ago
Steven Barth d1049f535a Unify portrange-support in firewall rule generator fixes #4404
16 years ago
Felix Fietkau 359ce7f97e disable the MSS fixup hack by default (most ISPs don't require this as a workaround for MTU problems, only some do). this should give a nice speedup for routing on standard-compliant ISPs
16 years ago
John Crispin 3830b905e3 fixes firewall for trunk, custom chains were never reched, as policies apply beforehand
16 years ago
John Crispin 221f4ad32d fixes firewall rule generation. forwarding rules were inserted in input chains, fixes #4028
16 years ago
John Crispin b56d5cc36f custom chains were never reached on DROP/REJECT policy, fixes #4004 #4029
16 years ago
Felix Fietkau aaf31c36f1 set default input policy to ACCEPT to bring the firewall behavior closer to the one of previous versions
16 years ago
Felix Fietkau 13abdc0af1 firewall: fix default policies, add a check for duplicate defaults sections and make custom chains more generic
16 years ago
Nicolas Thill d7810ed63e firewall changes: - implement a REJECT policy and enable it by default, reject packets with approriate response (closes: #3970) - cleanup syn_flood and remove logging
16 years ago