Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix IPv6 NAT breaking older kernels | Steven Barth | 2013-09-03 | 1 | -2/+0 |
| | | | | SVN-Revision: 37891 | ||||
* | netfilter: Add IPv6-NAT support for kernel and ipt Thanks to Berni, Adam ↵ | Steven Barth | 2013-09-01 | 1 | -1/+9 |
| | | | | | | Novak and Sedat Dilek for patches and inspiration SVN-Revision: 37866 | ||||
* | netfilter: fix typo | Luka Perkov | 2013-08-21 | 1 | -1/+1 |
| | | | | | | Signed-off-by: Luka Perkov <luka@openwrt.org> SVN-Revision: 37821 | ||||
* | netfilter: remove use of obsolete compatibility config symbols for mark and ↵ | Felix Fietkau | 2013-07-15 | 1 | -8/+4 |
| | | | | | | | | | | connmark fixes duplication of xt_mark and xt_connmark module entries Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 37344 | ||||
* | netfilter: move time, mark, set matches and MARK, REDIRECT, SET targets into ↵ | Jo-Philipp Wich | 2013-05-21 | 1 | -11/+11 |
| | | | | | | base iptables package - drop iptables-mod-ipset SVN-Revision: 36683 | ||||
* | netfilter: Fix typo in last commit | Steven Barth | 2013-03-07 | 1 | -1/+1 |
| | | | | SVN-Revision: 35899 | ||||
* | iptables: Add missing IPv6 builtin modules | Steven Barth | 2013-03-07 | 1 | -1/+3 |
| | | | | SVN-Revision: 35898 | ||||
* | package/kernel: xt_NOTRACK has been removed in 3.7-rc1 | Gabor Juhos | 2013-02-04 | 1 | -1/+1 |
| | | | | | | Signed-off-by: Gabor Juhos <juhosg@openwrt.org> SVN-Revision: 35475 | ||||
* | netfilter.mk: add addrtype match to iptables-mod-extra (kmod-ipt-extra) | Jo-Philipp Wich | 2013-01-14 | 1 | -2/+1 |
| | | | | SVN-Revision: 35155 | ||||
* | netfilter: xt_NOTRACK is incorporated in xt_CT as of 3.8-rc3 | Florian Fainelli | 2013-01-10 | 1 | -1/+1 |
| | | | | | | Signed-off-by: Florian Fainelli <florian@openwrt.org> SVN-Revision: 35087 | ||||
* | fix ipv4 nat on 3.7 by adding missing iptables modules | John Crispin | 2012-12-22 | 1 | -1/+1 |
| | | | | SVN-Revision: 34841 | ||||
* | netfilter: fix module list for 3.7 kernel | Gabor Juhos | 2012-12-18 | 1 | -6/+11 |
| | | | | | | | Signed-off-by: David Woodhouse <David.Woodhouse@intel.com> Signed-off-by: Gabor Juhos <juhosg@openwrt.org> SVN-Revision: 34750 | ||||
* | netfilter.mk: extend nf_add macro to take a version dependency expression | Jo-Philipp Wich | 2012-12-15 | 1 | -19/+16 |
| | | | | | | | | - nf_add now takes an optional 4th argument which specifies a kernel version dependency, e.g. "lt 3.7.0" - remove CompareKernelPatchVer conditionals around nf_add invocations, use version depends instead - fixes xt_LOG.ko packaging with Linux 3.6.0 and later SVN-Revision: 34681 | ||||
* | netfilter.mk: fix packaging of xt_LOG.ko, it moved between 3.3.8 and 3.6.x | Jo-Philipp Wich | 2012-12-11 | 1 | -2/+6 |
| | | | | SVN-Revision: 34625 | ||||
* | kernel: fix loading of nf_nat_irc | Hauke Mehrtens | 2012-11-18 | 1 | -1/+1 |
| | | | | | | | nf_nat_irc depends on nf_conntrack_irc and it should be defined after that. This fixes a problem introduced in r34247. SVN-Revision: 34251 | ||||
* | add 3.7-rc6 support (patch 820 still has to be fixed) | Imre Kaloz | 2012-11-18 | 1 | -3/+12 |
| | | | | SVN-Revision: 34247 | ||||
* | include/netfilter.mk: remove a few obsolete lines | Felix Fietkau | 2012-09-23 | 1 | -8/+0 |
| | | | | SVN-Revision: 33518 | ||||
* | kmod-ipt-nathelper-extra: fix missing nf_conntrack_broadcast.ko | Felix Fietkau | 2012-06-18 | 1 | -0/+1 |
| | | | | | | | | | | | | | | kmod-ipt-nathelper-extra is missing the package nf_conntrack_broadcast.ko if it is not included into the kmod-ipt-nathelper-extra packge the modules nf_conntrack_snmp and nf_nat_snmp_basic cant get loaded: [ 44.500000] nf_conntrack_snmp: Unknown symbol nf_conntrack_broadcast_help (err 0) [ 44.664000] nf_nat_snmp_basic: Unknown symbol nf_nat_snmp_hook (err 0) Signed-off-by: Peter Wagner <tripolar@gmx.at> SVN-Revision: 32434 | ||||
* | include/netfilter.mk: clean up, remove junk for old kernel versions | Felix Fietkau | 2012-06-07 | 1 | -70/+9 |
| | | | | SVN-Revision: 32114 | ||||
* | fix ipt_ttl and ipt_TTL userspace library packaging | Jo-Philipp Wich | 2012-03-12 | 1 | -4/+4 |
| | | | | SVN-Revision: 30897 | ||||
* | kernel: update module names and add new config symbols for linux 3.3 | Jonas Gorski | 2012-02-02 | 1 | -1/+6 |
| | | | | SVN-Revision: 29985 | ||||
* | add CT target and TTL/HL match+target | Jo-Philipp Wich | 2012-01-04 | 1 | -0/+4 |
| | | | | | | | | This patch adds the CT target for conntrack (enables manipulation of conntrack events and supercedes NOTRACK) as well as the TTL/HL target and match. SVN-Revision: 29645 | ||||
* | remove current RTSP support | Jo-Philipp Wich | 2012-01-04 | 1 | -4/+0 |
| | | | | SVN-Revision: 29643 | ||||
* | package CT target | Jo-Philipp Wich | 2011-12-25 | 1 | -0/+1 |
| | | | | SVN-Revision: 29609 | ||||
* | netfilter.mk: remove a few obsolete CompareKernelPatchVer calls | Felix Fietkau | 2011-06-01 | 1 | -17/+5 |
| | | | | SVN-Revision: 27086 | ||||
* | package u32 match and TEE target, patches by Maxim Uvarov | Jo-Philipp Wich | 2011-05-24 | 1 | -0/+8 |
| | | | | SVN-Revision: 26977 | ||||
* | firewall: allow local redirection of ports | Jo-Philipp Wich | 2011-04-12 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow a redirect like: config redirect option src 'wan' option dest 'lan' option src_dport '22001' option dest_port '22' option proto 'tcp' note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself. This patch makes three changes: (1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers). (2) fixes a bug where the wrong table is used when the "dest_ip" field is absent. (3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted connections. In the above example, ssh -p 22 root@myrouter would fail from the outside, but: ssh -p 22001 root@myrouter would succeed. This is handy if: (1) you want to avoid ssh probes on your router, or (2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but still want to allow firewall access from outside. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> SVN-Revision: 26617 | ||||
* | iipt-debug: create bundle of netfilter modules for debugging | Hauke Mehrtens | 2011-04-09 | 1 | -0/+5 |
| | | | | | | | | | | Add a bundle for including commonly useful modules for IPtables debugging and development. For now, it just contains xt_TRACE.ko Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> SVN-Revision: 26567 | ||||
* | add kmod-ipt-led | Florian Fainelli | 2011-04-03 | 1 | -0/+3 |
| | | | | | | | | | | | Netfilter LED target triggers blinkenlichten when a network packet hits a rule. LED target requires iptables 1.4.9 or higher Signed-off-by: Łukasz Stelmach <stlman@poczta.fm> SVN-Revision: 26451 | ||||
* | netfilter.mk: put ipv6 conntrack in the right package | Felix Fietkau | 2011-02-27 | 1 | -2/+1 |
| | | | | SVN-Revision: 25750 | ||||
* | netfilter: add missing modules for v6 conntrack (patch from #8940) | Felix Fietkau | 2011-02-26 | 1 | -0/+2 |
| | | | | SVN-Revision: 25731 | ||||
* | move nf_{conntrack,nat}_tftp to ipt-nathelper-extra, most people don't need this | Felix Fietkau | 2011-02-26 | 1 | -4/+4 |
| | | | | SVN-Revision: 25722 | ||||
* | kernel: remove imq support, refresh patches | Felix Fietkau | 2011-02-21 | 1 | -8/+0 |
| | | | | SVN-Revision: 25641 | ||||
* | netfilter.mk: fix connmark packaging for Kernels >= 2.6.35, thanks Daniel ↵ | Jo-Philipp Wich | 2010-12-19 | 1 | -1/+2 |
| | | | | | | Gimpelevich SVN-Revision: 24729 | ||||
* | netfilter: workaround a userspace/kernel mismatch on Linux 2.6.35 and later | Jo-Philipp Wich | 2010-10-18 | 1 | -1/+6 |
| | | | | SVN-Revision: 23521 | ||||
* | finalize r22241 fixes | Alexandros C. Couloumbis | 2010-07-17 | 1 | -3/+3 |
| | | | | SVN-Revision: 22242 | ||||
* | package TPROXY target and module infrastructure | Jo-Philipp Wich | 2010-06-22 | 1 | -0/+7 |
| | | | | SVN-Revision: 21883 | ||||
* | include/netfilter.mk fix typo on r21795 | Alexandros C. Couloumbis | 2010-06-14 | 1 | -2/+2 |
| | | | | SVN-Revision: 21796 | ||||
* | include/netfilter.mk: add 2.6.35 kernel support | Alexandros C. Couloumbis | 2010-06-14 | 1 | -3/+10 |
| | | | | SVN-Revision: 21795 | ||||
* | netfilter: extension fixes (partially closes: #7045) * add missing xt_owner ↵ | Nicolas Thill | 2010-04-04 | 1 | -1/+4 |
| | | | | | | (2.6) * enable ipt_quota (2.4), disabled in [8499] is building fine with recent iptables * add missing ipt_nat_tftp (2.4) * add missing nf_nat_amanda (2.6) SVN-Revision: 20693 | ||||
* | include/netfilter.mk: move ebtables definitions at the end | Nicolas Thill | 2010-04-04 | 1 | -36/+37 |
| | | | | SVN-Revision: 20690 | ||||
* | properly package xt_comment.ko (#6742) | Jo-Philipp Wich | 2010-02-26 | 1 | -0/+2 |
| | | | | SVN-Revision: 19861 | ||||
* | netfilter: add support for raw table and NOTRACK target (#5504) | Jo-Philipp Wich | 2010-02-19 | 1 | -0/+1 |
| | | | | SVN-Revision: 19721 | ||||
* | iptables: add comment match to the core package | Jo-Philipp Wich | 2009-12-08 | 1 | -1/+1 |
| | | | | SVN-Revision: 18706 | ||||
* | netfilter: remove IPset leftovers missed from [17844] | Nicolas Thill | 2009-10-11 | 1 | -21/+0 |
| | | | | SVN-Revision: 18032 | ||||
* | Update ipset to version 3.2 | Hauke Mehrtens | 2009-09-27 | 1 | -0/+3 |
| | | | | SVN-Revision: 17764 | ||||
* | split ebtables packages and modules into ebtables ipv4/6 and watchers (#5001) | Florian Fainelli | 2009-07-25 | 1 | -0/+40 |
| | | | | SVN-Revision: 16980 | ||||
* | fix ip6tables installation against ip6t_HL which has been merged in xt_HL ↵ | Florian Fainelli | 2009-07-24 | 1 | -2/+0 |
| | | | | | | since 2.6.29 (#5568) SVN-Revision: 16964 | ||||
* | netfilter: move iptable_raw, xt_NOTRACK from conntrack-extra to conntrack | Felix Fietkau | 2009-05-14 | 1 | -2/+2 |
| | | | | SVN-Revision: 15854 | ||||
* | ipt_TTL and ipt_ttl moved and were renamed in kernel 2.6.30 | Hauke Mehrtens | 2009-05-14 | 1 | -2/+8 |
| | | | | SVN-Revision: 15851 |