aboutsummaryrefslogtreecommitdiffstats
path: root/include/netfilter.mk
Commit message (Collapse)AuthorAgeFilesLines
* netfilter: add missing symbols and modules for Linux 3.18+Jo-Philipp Wich2015-01-291-1/+7
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44187 3c298f89-4303-0410-b956-a3cf2f4a3e73
* generic: add preliminary 3.19 supportImre Kaloz2015-01-251-0/+2
| | | | | | | | Signed-off-by: Imre Kaloz <kaloz@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@44126 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: handle NFT_MASQ_IPV6Imre Kaloz2015-01-141-0/+1
| | | | | | | | Signed-off-by: Imre Kaloz <kaloz@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43966 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: handle nft_masq and nft_masq_ipv4Imre Kaloz2015-01-121-0/+2
| | | | | | | | Signed-off-by: Imre Kaloz <kaloz@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43950 3c298f89-4303-0410-b956-a3cf2f4a3e73
* kernel: add a patch to make netfilter conntrack cache routing informationFelix Fietkau2014-12-091-0/+1
| | | | | | | | Significantly improves routing / NAT performance Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43587 3c298f89-4303-0410-b956-a3cf2f4a3e73
* keernel: Fixed dependencies in netfilter modules introduced with 3.18 kernelJohn Crispin2014-11-191-0/+3
| | | | | | | | | | Building current trunk with 3.18 kernel fired some errors like 'missed dependancy of module XXX from library kmod_YYY.ko'. These patch fixes 3 of such issues which are critical to have a successful build. Signed-off-by: Alexey N Vinogradov <a.n.vinogradov@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43318 3c298f89-4303-0410-b956-a3cf2f4a3e73
* kernel: 3.18: Fix kmod-ipt-natSteven Barth2014-11-081-0/+2
| | | | | | | | | | | The 3.18 kernel introduced new Kconfig options for the xt_nat and iptable_nat kernel modules, that both belong to the ipt_nat kernel package. Enable this new options. Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43212 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: Enable compiling iptables match clusterFelix Fietkau2014-11-031-0/+7
| | | | | | | | | | | | | | | | | | This patch adds the userspace and kernelspace for - match NETFILTER_XT_MATCH_CLUSTER This match can be used to deploy gateway and back-end load-sharing clusters. - target IP_NF_TARGET_CLUSTERIP This module allows you to configure a simple cluster of nodes that share a certain IP and MAC address without an explicit load balancer in front of them. Connections are statically distributed between the nodes in this cluster. This is used i.e. by strongswan-ha. Signed-off-by: Christian Scheele <cs@embedd.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43174 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: unbreak kmod-ipt-nat for <3.7Steven Barth2014-09-291-0/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42696 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: fix a typo in TTL-match moduleSteven Barth2014-09-181-1/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42611 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: remove redundant CONFIG_IP_NF_IPTABLESSteven Barth2014-09-171-1/+0
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42599 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Reorganize netfilter kernel modules and package nftables kernel supportSteven Barth2014-09-171-40/+75
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42596 3c298f89-4303-0410-b956-a3cf2f4a3e73
* iptables: NFLOG and NFQUEUE targets' full supportSteven Barth2014-08-071-0/+27
| | | | | | | | | | | | | | | | NFLOG and NFQUEUE targets' full support for iptables. Includes all needed kernel modules (Xtables's and Netlink's) and userspace libraries. All added kernel modules can be individually disabled, all other new libraries get their own individual packages. Reported-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch> Reported-by: Rainer Poisel <rainer.poisel@fhstp.ac.at> Reported-by: Derek LaHousse <dlahouss@mtu.edu> Signed-off-by: Guillaume Déflache <guillaume.deflache@ibwag.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42022 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: introduce xt_id matchJo-Philipp Wich2014-08-011-1/+2
| | | | | | | | | This commit implements a new netfilter match "xt_id" which can be used to attach unsigned 32bit IDs to iptables rules. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@41945 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: split off header matching modules not used by the default config ↵Felix Fietkau2014-06-021-7/+9
| | | | | | | | (reduces rootfs size and memory usage) Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@40983 3c298f89-4303-0410-b956-a3cf2f4a3e73
* iptables/netfilter: add connlimit to conntrack-extraSteven Barth2014-03-111-0/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@39878 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Fix IPv6 NAT breaking older kernelsSteven Barth2013-09-031-2/+0
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37891 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: Add IPv6-NAT support for kernel and iptSteven Barth2013-09-011-1/+9
| | | | | | Thanks to Berni, Adam Novak and Sedat Dilek for patches and inspiration git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37866 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: fix typoLuka Perkov2013-08-211-1/+1
| | | | | | Signed-off-by: Luka Perkov <luka@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37821 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: remove use of obsolete compatibility config symbols for mark and ↵Felix Fietkau2013-07-151-8/+4
| | | | | | | | | | connmark fixes duplication of xt_mark and xt_connmark module entries Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37344 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: move time, mark, set matches and MARK, REDIRECT, SET targets into ↵Jo-Philipp Wich2013-05-211-11/+11
| | | | | | base iptables package - drop iptables-mod-ipset git-svn-id: svn://svn.openwrt.org/openwrt/trunk@36683 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: Fix typo in last commitSteven Barth2013-03-071-1/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35899 3c298f89-4303-0410-b956-a3cf2f4a3e73
* iptables: Add missing IPv6 builtin modulesSteven Barth2013-03-071-1/+3
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35898 3c298f89-4303-0410-b956-a3cf2f4a3e73
* package/kernel: xt_NOTRACK has been removed in 3.7-rc1Gabor Juhos2013-02-041-1/+1
| | | | | | Signed-off-by: Gabor Juhos <juhosg@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35475 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter.mk: add addrtype match to iptables-mod-extra (kmod-ipt-extra)Jo-Philipp Wich2013-01-141-2/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35155 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: xt_NOTRACK is incorporated in xt_CT as of 3.8-rc3Florian Fainelli2013-01-101-1/+1
| | | | | | Signed-off-by: Florian Fainelli <florian@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@35087 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [netfilter] fix ipv4 nat on 3.7 by adding missing iptables modulesJohn Crispin2012-12-221-1/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34841 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: fix module list for 3.7 kernelGabor Juhos2012-12-181-6/+11
| | | | | | | Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: Gabor Juhos <juhosg@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34750 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter.mk: extend nf_add macro to take a version dependency expressionJo-Philipp Wich2012-12-151-19/+16
| | | | | | | | - nf_add now takes an optional 4th argument which specifies a kernel version dependency, e.g. "lt 3.7.0" - remove CompareKernelPatchVer conditionals around nf_add invocations, use version depends instead - fixes xt_LOG.ko packaging with Linux 3.6.0 and later git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34681 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter.mk: fix packaging of xt_LOG.ko, it moved between 3.3.8 and 3.6.xJo-Philipp Wich2012-12-111-2/+6
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34625 3c298f89-4303-0410-b956-a3cf2f4a3e73
* kernel: fix loading of nf_nat_ircHauke Mehrtens2012-11-181-1/+1
| | | | | | | | nf_nat_irc depends on nf_conntrack_irc and it should be defined after that. This fixes a problem introduced in r34247. git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34251 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [generic]: add 3.7-rc6 support (patch 820 still has to be fixed)Imre Kaloz2012-11-181-3/+12
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34247 3c298f89-4303-0410-b956-a3cf2f4a3e73
* include/netfilter.mk: remove a few obsolete linesFelix Fietkau2012-09-231-8/+0
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33518 3c298f89-4303-0410-b956-a3cf2f4a3e73
* kmod-ipt-nathelper-extra: fix missing nf_conntrack_broadcast.koFelix Fietkau2012-06-181-0/+1
| | | | | | | | | | | | | | kmod-ipt-nathelper-extra is missing the package nf_conntrack_broadcast.ko if it is not included into the kmod-ipt-nathelper-extra packge the modules nf_conntrack_snmp and nf_nat_snmp_basic cant get loaded: [ 44.500000] nf_conntrack_snmp: Unknown symbol nf_conntrack_broadcast_help (err 0) [ 44.664000] nf_nat_snmp_basic: Unknown symbol nf_nat_snmp_hook (err 0) Signed-off-by: Peter Wagner <tripolar@gmx.at> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@32434 3c298f89-4303-0410-b956-a3cf2f4a3e73
* include/netfilter.mk: clean up, remove junk for old kernel versionsFelix Fietkau2012-06-071-70/+9
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@32114 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [netfilter] fix ipt_ttl and ipt_TTL userspace library packagingJo-Philipp Wich2012-03-121-4/+4
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@30897 3c298f89-4303-0410-b956-a3cf2f4a3e73
* kernel: update module names and add new config symbols for linux 3.3Jonas Gorski2012-02-021-1/+6
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29985 3c298f89-4303-0410-b956-a3cf2f4a3e73
* add CT target and TTL/HL match+targetJo-Philipp Wich2012-01-041-0/+4
| | | | | | | | This patch adds the CT target for conntrack (enables manipulation of conntrack events and supercedes NOTRACK) as well as the TTL/HL target and match. git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29645 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [netfilter] remove current RTSP supportJo-Philipp Wich2012-01-041-4/+0
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29643 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [netfilter] package CT targetJo-Philipp Wich2011-12-251-0/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29609 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter.mk: remove a few obsolete CompareKernelPatchVer callsFelix Fietkau2011-06-011-17/+5
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27086 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [netfilter] package u32 match and TEE target, patches by Maxim UvarovJo-Philipp Wich2011-05-241-0/+8
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26977 3c298f89-4303-0410-b956-a3cf2f4a3e73
* firewall: allow local redirection of portsJo-Philipp Wich2011-04-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow a redirect like: config redirect option src 'wan' option dest 'lan' option src_dport '22001' option dest_port '22' option proto 'tcp' note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself. This patch makes three changes: (1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers). (2) fixes a bug where the wrong table is used when the "dest_ip" field is absent. (3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted connections. In the above example, ssh -p 22 root@myrouter would fail from the outside, but: ssh -p 22001 root@myrouter would succeed. This is handy if: (1) you want to avoid ssh probes on your router, or (2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but still want to allow firewall access from outside. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26617 3c298f89-4303-0410-b956-a3cf2f4a3e73
* iipt-debug: create bundle of netfilter modules for debuggingHauke Mehrtens2011-04-091-0/+5
| | | | | | | | | | | Add a bundle for including commonly useful modules for IPtables debugging and development. For now, it just contains xt_TRACE.ko Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26567 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] add kmod-ipt-ledFlorian Fainelli2011-04-031-0/+3
| | | | | | | | | | | Netfilter LED target triggers blinkenlichten when a network packet hits a rule. LED target requires iptables 1.4.9 or higher Signed-off-by: Łukasz Stelmach <stlman@poczta.fm> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26451 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter.mk: put ipv6 conntrack in the right packageFelix Fietkau2011-02-271-2/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25750 3c298f89-4303-0410-b956-a3cf2f4a3e73
* netfilter: add missing modules for v6 conntrack (patch from #8940)Felix Fietkau2011-02-261-0/+2
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25731 3c298f89-4303-0410-b956-a3cf2f4a3e73
* move nf_{conntrack,nat}_tftp to ipt-nathelper-extra, most people don't need thisFelix Fietkau2011-02-261-4/+4
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25722 3c298f89-4303-0410-b956-a3cf2f4a3e73
* kernel: remove imq support, refresh patchesFelix Fietkau2011-02-211-8/+0
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25641 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [include] netfilter.mk: fix connmark packaging for Kernels >= 2.6.35, thanks ↵Jo-Philipp Wich2010-12-191-1/+2
| | | | | | Daniel Gimpelevich git-svn-id: svn://svn.openwrt.org/openwrt/trunk@24729 3c298f89-4303-0410-b956-a3cf2f4a3e73
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-06 16:47:03 +0000