aboutsummaryrefslogtreecommitdiffstats
path: root/package/firewall/files/firewall.config
Commit message (Collapse)AuthorAgeFilesLines
* [package] firewall: refine default ICMPv6 rules to better conform with ↵Jo-Philipp Wich2011-06-301-13/+2
| | | | | | RFC4890, do not forward link local ICMP message types, allow parameter problem git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27321 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall:Jo-Philipp Wich2011-06-301-17/+44
| | | | | | | | | | | | | - allow multiple ports, protocols, macs, icmp types per rule - implement "limit" and "limit_burst" options for rules - implement "extra" option to rules and redirects for passing arbritary flags to iptables - implement negations for "src_port", "dest_port", "src_dport", "src_mac", "proto" and "icmp_type" options - allow wildcard (*) "src" and "dest" options in rules to allow specifying "any" source or destination - validate symbolic icmp-type names against the selected iptables binary - properly handle forwarded ICMPv6 traffic in the default configuration git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27317 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: explictely mention network in default configuration, ↵Jo-Philipp Wich2011-05-201-0/+2
| | | | | | makes it less confusing git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26961 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [PATCH] firewall: provide examples of ssh port relocation on firewall and ↵Jo-Philipp Wich2011-05-021-0/+22
| | | | | | | | | | | | | | | | IPsec passthrough Two examples of potentially useful configurations (commented out, of course): (a) map the ssh service running on the firewall to 22001 externally, without modifying the configuration of the daemon itself. this allows port 22 on the WAN side to then be port-forwarded to a LAN-based machine if desired, or if not, simply obscures the port from external attack. (b) allow IPsec/ESP and ISAKMP (UDP-based key exchange) to happen by default. useful for most modern VPN clients you might have on your WAN. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26805 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: don't apply default udp/68 rule to ip6tablesJo-Philipp Wich2010-05-191-0/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21509 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: add commented disable_ipv6 option to default configJo-Philipp Wich2010-05-191-0/+2
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21505 3c298f89-4303-0410-b956-a3cf2f4a3e73
* allow pingTravis Kemen2010-03-181-0/+7
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20261 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: fix MSS issue affection RELATED new connections (closes: ↵Nicolas Thill2009-09-271-1/+1
| | | | | | #5173) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17762 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: allow incoming udp/68 packets in the default ↵Jo-Philipp Wich2009-08-131-0/+8
| | | | | | configuration (#4108, #4781) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17238 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: enable /etc/firewall.user by default and install sample ↵Jo-Philipp Wich2009-04-121-4/+4
| | | | | | firewall.user file git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15221 3c298f89-4303-0410-b956-a3cf2f4a3e73
* re-enable the mss fix by default for now - see discussion at ↵Felix Fietkau2009-01-311-5/+1
| | | | | | http://lists.openwrt.org/pipermail/openwrt-devel/2009-January/003724.html for more information git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14293 3c298f89-4303-0410-b956-a3cf2f4a3e73
* disable the MSS fixup hack by default (most ISPs don't require this as a ↵Felix Fietkau2008-12-311-0/+5
| | | | | | workaround for MTU problems, only some do). this should give a nice speedup for routing on standard-compliant ISPs git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13788 3c298f89-4303-0410-b956-a3cf2f4a3e73
* set default input policy to ACCEPT to bring the firewall behavior closer to ↵Felix Fietkau2008-09-281-1/+1
| | | | | | the one of previous versions git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12766 3c298f89-4303-0410-b956-a3cf2f4a3e73
* firewall changes:Nicolas Thill2008-09-241-5/+5
| | | | | | | | - implement a REJECT policy and enable it by default, reject packets with approriate response (closes: #3970) - cleanup syn_flood and remove logging git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12688 3c298f89-4303-0410-b956-a3cf2f4a3e73
* use proto instead of protocol in uci firewallJohn Crispin2008-08-261-1/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12391 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uci firewallJohn Crispin2008-08-111-0/+80
- make uci firewall default and remove old code - fix up dependencies git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12284 3c298f89-4303-0410-b956-a3cf2f4a3e73
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-08 15:02:39 +0000