| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | firewall: - fix ip6tables rules when icmp_type option is set - add "family" ↵ | Jo-Philipp Wich | 2010-05-19 |
| | | | | | | | option to zones, forwardings, redirects and rules to selectively apply rules to iptables and/or ip6tables SVN-Revision: 21508 | ||
| * | firewall: add commented disable_ipv6 option to default config | Jo-Philipp Wich | 2010-05-19 |
| | | | | | SVN-Revision: 21505 | ||
| * | firewall: implement disable_ipv6 uci option | Jo-Philipp Wich | 2010-05-19 |
| | | | | | SVN-Revision: 21503 | ||
| * | firewall (#7355) - partially revert r21486, start firewall on init again - ↵ | Jo-Philipp Wich | 2010-05-19 |
| | | | | | | | skip iface hotplug events if base fw is not up yet - get ifname and up state with uci_get_state() in iface setup since the values gathered by scan_interfaces() may be outdated when iface coldplugging happens (observed with pptp) - ignore up state when bringing down interfaces because ifdown reverts state vars before dispatching the iface event - bump package revision SVN-Revision: 21502 | ||
| * | firewall: fix a possible deadlock when the firewall config has syntax errors ↵ | Jo-Philipp Wich | 2010-05-18 |
| | | | | | | | during restart SVN-Revision: 21501 | ||
| * | firewall: use uci_get_state() wrapper | Jo-Philipp Wich | 2010-05-17 |
| | | | | | SVN-Revision: 21493 | ||
| * | firewall: properly clear hooks in fw_stop() to prevent extensions from being ↵ | Jo-Philipp Wich | 2010-05-17 |
| | | | | | | | called twice after fw_restart() SVN-Revision: 21488 | ||
| * | firewall: - defer firewall start until the first interface is brought up by ↵ | Jo-Philipp Wich | 2010-05-17 |
| | | | | | | | hotplug, fixes race conditions on slow devices - create a file lock during firewall start and wait for it in hotplug events, prevents race conditions between start and addif - start firewall actions in background from hotplug handler since the firewall itself fires further hotplug events which results in a deadlock if not forked off - get loaded state direcly from the uci binary since updated value is not recognized by config_get after uci_set_state - bump package revision to r2 SVN-Revision: 21486 | ||
| * | firewall: properly unset position for delete command, fixes rule removal in ↵ | Jo-Philipp Wich | 2010-05-05 |
| | | | | | | | ifdown SVN-Revision: 21378 | ||
| * | firewall: fix bug in iface hotplug handler | Jo-Philipp Wich | 2010-05-05 |
| | | | | | SVN-Revision: 21360 | ||
| * | firewall: - replace uci firewall with a modular dual stack implementation ↵ | Jo-Philipp Wich | 2010-05-01 |
| | | | | | | | developed by Malte S. Stretz - bump version to 2 SVN-Revision: 21286 | ||
| * | allow ping | Travis Kemen | 2010-03-18 |
| | | | | | SVN-Revision: 20261 | ||
| * | firewall: insert rules at the beginning of chains again while maintaining ↵ | Jo-Philipp Wich | 2010-03-02 |
| | | | | | | | non reversed order, fixes wrong ordering introduced by r18015 SVN-Revision: 19946 | ||
| * | firewall: fix bad number error in fw_redirect() (#6704) | Jo-Philipp Wich | 2010-02-20 |
| | | | | | SVN-Revision: 19765 | ||
| * | Add destination ip of the wan adapter useful if you have multiple ip addresses. | Travis Kemen | 2010-02-11 |
| | | | | | SVN-Revision: 19574 | ||
| * | firewall: fix a race condition preventing interfaces from being added to the ↵ | Jo-Philipp Wich | 2010-01-19 |
| | | | | | | | firewall on boot SVN-Revision: 19232 | ||
| * | firewall: fix fallout from r18716 (fixes #6338) | Felix Fietkau | 2009-12-10 |
| | | | | | SVN-Revision: 18733 | ||
| * | firewall: get rid of recursive shell script inclusion to improve hush ↵ | Felix Fietkau | 2009-12-09 |
| | | | | | | | compatibility SVN-Revision: 18716 | ||
| * | adjust dependencies of firewall and qos-scripts, so that these packages are ↵ | Felix Fietkau | 2009-12-09 |
| | | | | | | | visible even when iptables is not selected SVN-Revision: 18714 | ||
| * | firewall: initialize dest_port with src_dport if omitted in redirect ↵ | Jo-Philipp Wich | 2009-12-01 |
| | | | | | | | sections to narrow down corresponding forward rules to the actual target ports - thanks Niels Boehm! (#6249) SVN-Revision: 18617 | ||
| * | firewall: fix zone defaults | Felix Fietkau | 2009-10-11 |
| | | | | | SVN-Revision: 18028 | ||
| * | firewall: do not process rules in reverse | Felix Fietkau | 2009-10-10 |
| | | | | | SVN-Revision: 18015 | ||
| * | firewall: fix MSS issue affection RELATED new connections (closes: #5173) | Nicolas Thill | 2009-09-27 |
| | | | | | SVN-Revision: 17762 | ||
| * | firewall: add sanity checks to zone default rules (patch from #5459) | Felix Fietkau | 2009-09-24 |
| | | | | | SVN-Revision: 17713 | ||
| * | firewall: move the config_get out of the loop, no need to call it multiple times | Jo-Philipp Wich | 2009-09-14 |
| | | | | | SVN-Revision: 17581 | ||
| * | firewall: properly dispatch delif events if the network has a different name ↵ | Jo-Philipp Wich | 2009-09-14 |
| | | | | | | | then the corresponding zone SVN-Revision: 17580 | ||
| * | bump some revisions and update copyrights | Andy Boyett | 2009-09-10 |
| | | | | | SVN-Revision: 17554 | ||
| * | firewall: emit hotplug events for interface add/remove | Felix Fietkau | 2009-08-26 |
| | | | | | SVN-Revision: 17415 | ||
| * | firewall: allow incoming udp/68 packets in the default configuration (#4108, ↵ | Jo-Philipp Wich | 2009-08-13 |
| | | | | | | | #4781) SVN-Revision: 17238 | ||
| * | firewall: add icmp_type option to specify the icmp type in rule sections, ↵ | Jo-Philipp Wich | 2009-08-03 |
| | | | | | | | bump pkg revision (#5554) SVN-Revision: 17115 | ||
| * | set PKGARCH to all for packages in trunk containing only arch-neutral files ↵ | Florian Fainelli | 2009-07-24 |
| | | | | | | | | | (#5572) Signed-off-by: Malte S. Stretz <mss@apache.org> SVN-Revision: 16966 | ||
| * | fix typo in the uci firewall script | Florian Fainelli | 2009-05-26 |
| | | | | | SVN-Revision: 16076 | ||
| * | firewall: automatically set up NOTRACK rules to disable connection tracking ↵ | Felix Fietkau | 2009-05-14 |
| | | | | | | | for zones that have no masquerading, no conntrack and no forwarding from/to other zones with masq/conntrack SVN-Revision: 15855 | ||
| * | firewall: actually copy firewall.user to image | Jo-Philipp Wich | 2009-04-19 |
| | | | | | SVN-Revision: 15286 | ||
| * | firewall: process custom rules after forwardings and redirects, this ↵ | Jo-Philipp Wich | 2009-04-19 |
| | | | | | | | actually allows blocking traffic to certain hosts and other rules SVN-Revision: 15278 | ||
| * | firewall: enable /etc/firewall.user by default and install sample ↵ | Jo-Philipp Wich | 2009-04-12 |
| | | | | | | | firewall.user file SVN-Revision: 15221 | ||
| * | re-enable the mss fix by default for now - see discussion at ↵ | Felix Fietkau | 2009-01-31 |
| | | | | | | | http://lists.openwrt.org/pipermail/openwrt-devel/2009-January/003724.html for more information SVN-Revision: 14293 | ||
| * | firewall: don't clear the mangle table at startup or stop - it doesn't use ↵ | Felix Fietkau | 2009-01-20 |
| | | | | | | | it and clearing it breaks qos SVN-Revision: 14114 | ||
| * | firewall: introduce drop_invalid option to allow disabling the invalid state ↵ | Jo-Philipp Wich | 2009-01-16 |
| | | | | | | | match SVN-Revision: 14061 | ||
| * | firewall: allow multiple interfaces to be part of one zone, fix the sanity ↵ | Felix Fietkau | 2009-01-16 |
| | | | | | | | checks for that SVN-Revision: 14058 | ||
| * | firewall: clear the MSSFIX rules | Felix Fietkau | 2009-01-02 |
| | | | | | SVN-Revision: 13826 | ||
| * | Unify portrange-support in firewall rule generator fixes #4404 | Steven Barth | 2009-01-01 |
| | | | | | SVN-Revision: 13791 | ||
| * | disable the MSS fixup hack by default (most ISPs don't require this as a ↵ | Felix Fietkau | 2008-12-31 |
| | | | | | | | workaround for MTU problems, only some do). this should give a nice speedup for routing on standard-compliant ISPs SVN-Revision: 13788 | ||
| * | fixes firewall for trunk, custom chains were never reched, as policies apply ↵ | John Crispin | 2008-10-14 |
| | | | | | | | beforehand SVN-Revision: 12978 | ||
| * | fixes firewall rule generation. forwarding rules were inserted in input ↵ | John Crispin | 2008-09-28 |
| | | | | | | | chains, fixes #4028 SVN-Revision: 12768 | ||
| * | custom chains were never reached on DROP/REJECT policy, fixes #4004 #4029 | John Crispin | 2008-09-28 |
| | | | | | SVN-Revision: 12767 | ||
| * | set default input policy to ACCEPT to bring the firewall behavior closer to ↵ | Felix Fietkau | 2008-09-28 |
| | | | | | | | the one of previous versions SVN-Revision: 12766 | ||
| * | firewall: fix default policies, add a check for duplicate defaults sections ↵ | Felix Fietkau | 2008-09-28 |
| | | | | | | | and make custom chains more generic SVN-Revision: 12765 | ||
| * | firewall changes: - implement a REJECT policy and enable it by default, ↵ | Nicolas Thill | 2008-09-24 |
| | | | | | | | reject packets with approriate response (closes: #3970) - cleanup syn_flood and remove logging SVN-Revision: 12688 | ||
| * | make the whole iptables/netfiter modular (closes: #3871, #3527) | Nicolas Thill | 2008-09-22 |
| | | | | | SVN-Revision: 12649 | ||