summaryrefslogtreecommitdiffstats
path: root/include/netfilter.mk
Commit message (Collapse)AuthorAgeFilesLines
...
* remove current RTSP supportJo-Philipp Wich2012-01-041-4/+0
| | | | SVN-Revision: 29643
* package CT targetJo-Philipp Wich2011-12-251-0/+1
| | | | SVN-Revision: 29609
* netfilter.mk: remove a few obsolete CompareKernelPatchVer callsFelix Fietkau2011-06-011-17/+5
| | | | SVN-Revision: 27086
* package u32 match and TEE target, patches by Maxim UvarovJo-Philipp Wich2011-05-241-0/+8
| | | | SVN-Revision: 26977
* firewall: allow local redirection of portsJo-Philipp Wich2011-04-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow a redirect like: config redirect option src 'wan' option dest 'lan' option src_dport '22001' option dest_port '22' option proto 'tcp' note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself. This patch makes three changes: (1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers). (2) fixes a bug where the wrong table is used when the "dest_ip" field is absent. (3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted connections. In the above example, ssh -p 22 root@myrouter would fail from the outside, but: ssh -p 22001 root@myrouter would succeed. This is handy if: (1) you want to avoid ssh probes on your router, or (2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but still want to allow firewall access from outside. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> SVN-Revision: 26617
* iipt-debug: create bundle of netfilter modules for debuggingHauke Mehrtens2011-04-091-0/+5
| | | | | | | | | | Add a bundle for including commonly useful modules for IPtables debugging and development. For now, it just contains xt_TRACE.ko Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> SVN-Revision: 26567
* add kmod-ipt-ledFlorian Fainelli2011-04-031-0/+3
| | | | | | | | | | | Netfilter LED target triggers blinkenlichten when a network packet hits a rule. LED target requires iptables 1.4.9 or higher Signed-off-by: Łukasz Stelmach <stlman@poczta.fm> SVN-Revision: 26451
* netfilter.mk: put ipv6 conntrack in the right packageFelix Fietkau2011-02-271-2/+1
| | | | SVN-Revision: 25750
* netfilter: add missing modules for v6 conntrack (patch from #8940)Felix Fietkau2011-02-261-0/+2
| | | | SVN-Revision: 25731
* move nf_{conntrack,nat}_tftp to ipt-nathelper-extra, most people don't need thisFelix Fietkau2011-02-261-4/+4
| | | | SVN-Revision: 25722
* kernel: remove imq support, refresh patchesFelix Fietkau2011-02-211-8/+0
| | | | SVN-Revision: 25641
* netfilter.mk: fix connmark packaging for Kernels >= 2.6.35, thanks Daniel ↵Jo-Philipp Wich2010-12-191-1/+2
| | | | | | Gimpelevich SVN-Revision: 24729
* netfilter: workaround a userspace/kernel mismatch on Linux 2.6.35 and laterJo-Philipp Wich2010-10-181-1/+6
| | | | SVN-Revision: 23521
* finalize r22241 fixesAlexandros C. Couloumbis2010-07-171-3/+3
| | | | SVN-Revision: 22242
* package TPROXY target and module infrastructureJo-Philipp Wich2010-06-221-0/+7
| | | | SVN-Revision: 21883
* include/netfilter.mk fix typo on r21795Alexandros C. Couloumbis2010-06-141-2/+2
| | | | SVN-Revision: 21796
* include/netfilter.mk: add 2.6.35 kernel supportAlexandros C. Couloumbis2010-06-141-3/+10
| | | | SVN-Revision: 21795
* netfilter: extension fixes (partially closes: #7045) * add missing xt_owner ↵Nicolas Thill2010-04-041-1/+4
| | | | | | (2.6) * enable ipt_quota (2.4), disabled in [8499] is building fine with recent iptables * add missing ipt_nat_tftp (2.4) * add missing nf_nat_amanda (2.6) SVN-Revision: 20693
* include/netfilter.mk: move ebtables definitions at the endNicolas Thill2010-04-041-36/+37
| | | | SVN-Revision: 20690
* properly package xt_comment.ko (#6742)Jo-Philipp Wich2010-02-261-0/+2
| | | | SVN-Revision: 19861
* netfilter: add support for raw table and NOTRACK target (#5504)Jo-Philipp Wich2010-02-191-0/+1
| | | | SVN-Revision: 19721
* iptables: add comment match to the core packageJo-Philipp Wich2009-12-081-1/+1
| | | | SVN-Revision: 18706
* netfilter: remove IPset leftovers missed from [17844]Nicolas Thill2009-10-111-21/+0
| | | | SVN-Revision: 18032
* Update ipset to version 3.2Hauke Mehrtens2009-09-271-0/+3
| | | | SVN-Revision: 17764
* split ebtables packages and modules into ebtables ipv4/6 and watchers (#5001)Florian Fainelli2009-07-251-0/+40
| | | | SVN-Revision: 16980
* fix ip6tables installation against ip6t_HL which has been merged in xt_HL ↵Florian Fainelli2009-07-241-2/+0
| | | | | | since 2.6.29 (#5568) SVN-Revision: 16964
* netfilter: move iptable_raw, xt_NOTRACK from conntrack-extra to conntrackFelix Fietkau2009-05-141-2/+2
| | | | SVN-Revision: 15854
* ipt_TTL and ipt_ttl moved and were renamed in kernel 2.6.30Hauke Mehrtens2009-05-141-2/+8
| | | | SVN-Revision: 15851
* adept netfilter.mk to updated imqJo-Philipp Wich2009-05-071-0/+1
| | | | SVN-Revision: 15656
* get rid of $Id$ - it has never helped us and it has broken too many patches ;)Felix Fietkau2009-04-171-1/+0
| | | | SVN-Revision: 15242
* move iptable_raw to the conntrack-extra packageFelix Fietkau2009-04-091-1/+1
| | | | SVN-Revision: 15175
* accomodate netfilter module (xt_recent) name change in 2.6.28, add missing ↵Nicolas Thill2009-04-061-0/+1
| | | | | | kconfig when xt_recent is enabled SVN-Revision: 15123
* remove support for ipp2p - it's unmaintained, broken, overmatching and ↵Felix Fietkau2009-02-211-1/+0
| | | | | | undermatching => not that useful for QoS SVN-Revision: 14596
* netfilter: remove CHAOS, TARPIT and DELUDE referencesGabor Juhos2009-02-091-4/+0
| | | | SVN-Revision: 14461
* defrag needs to be loaded before conntrack_ipv4Imre Kaloz2008-12-101-1/+1
| | | | SVN-Revision: 13585
* fix conntrack on 2.6.28Imre Kaloz2008-12-101-0/+1
| | | | SVN-Revision: 13582
* make the whole iptables/netfiter modular (closes: #3871, #3527)Nicolas Thill2008-09-221-37/+65
| | | | SVN-Revision: 12649
* Package ip6t_limit and ip6t_frag for 2.4 kernels (#3760)Florian Fainelli2008-08-111-0/+1
| | | | SVN-Revision: 12276
* cosmetic change: rename IPT_NAT_DEFAULT & IPT_NAT_EXTRA to IPT_NATHELPER & ↵Nicolas Thill2008-05-081-39/+41
| | | | | | IPT_NATHELPER_EXTRA respectively, to better match package names SVN-Revision: 11073
* kmod-ipt-iprange: fix build error on .25Gabor Juhos2008-04-301-0/+1
| | | | SVN-Revision: 10992
* update iptables to 1.4.0 (2.6 kernels only), refresh kernel patchesGabor Juhos2008-04-151-0/+4
| | | | SVN-Revision: 10843
* layer7 filtering module is now xt_layer7 (#3268)Florian Fainelli2008-03-271-0/+1
| | | | SVN-Revision: 10674
* netfilter/ipset cleanups * rename patches to follow our naming conventions * ↵Gabor Juhos2007-10-121-0/+1
| | | | | | update ipset patches with revision 7096 of [https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng pom] * add CONFIG_IP_NF_SET_IPTREEMAP to default kernel configs * add ip_set_iptreemap to include/netfilter.mk * update kmod-ipt-ipset module description SVN-Revision: 9269
* add TARPIT support to netfilter/iptables * netfilter: add the xt_TARPIT ↵Gabor Juhos2007-10-071-2/+3
| | | | | | target module required by xt_CHAOS * include/netfilter.mk: reorder, xt_CHAOS depends on xt_TARPIT and xt_DELUDE * iptables: add libipt_TARPIT to the kmod-ipt-extra package, bump release number * original patchset can be found [http://tinyurl.com/2mjk2kx here] SVN-Revision: 9178
* add ipv6 conntrack support (closes: #2192)Nicolas Thill2007-09-231-0/+29
| | | | SVN-Revision: 8984
* add missing 2.6 conntrack/nat helpers, add 2.6 conntrack/nat helper for RTSP ↵Nicolas Thill2007-09-221-3/+37
| | | | | | (closes: #2297, thanks to aorlinsk), sync 2.4 / 2.6 kconfigs. SVN-Revision: 8955
* cosmetic cleanup before more deep changesNicolas Thill2007-09-201-51/+83
| | | | SVN-Revision: 8870
* fix typo again (do i need some sleep?)Nicolas Thill2007-09-171-1/+1
| | | | SVN-Revision: 8822
* oops, fix typoNicolas Thill2007-09-161-3/+3
| | | | SVN-Revision: 8816
* revert CONFIG_* symbols set m enforcement introduced in [8591], it can't ↵Nicolas Thill2007-09-161-3/+1
| | | | | | work when symbols from different kernel versions are mixed in KCONFIG SVN-Revision: 8798
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 15:45:03 +0000