| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
SVN-Revision: 42696
|
|
|
|
| |
SVN-Revision: 42611
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42599
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42596
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NFLOG and NFQUEUE targets' full support for iptables.
Includes all needed kernel modules (Xtables's and Netlink's)
and userspace libraries.
All added kernel modules can be individually disabled,
all other new libraries get their own individual packages.
Reported-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch>
Reported-by: Rainer Poisel <rainer.poisel@fhstp.ac.at>
Reported-by: Derek LaHousse <dlahouss@mtu.edu>
Signed-off-by: Guillaume Déflache <guillaume.deflache@ibwag.com>
SVN-Revision: 42022
|
|
|
|
|
|
|
|
|
| |
This commit implements a new netfilter match "xt_id" which can be used to
attach unsigned 32bit IDs to iptables rules.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41945
|
|
|
|
|
|
|
|
| |
(reduces rootfs size and memory usage)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 40983
|
|
|
|
| |
SVN-Revision: 39878
|
|
|
|
| |
SVN-Revision: 37891
|
|
|
|
|
|
| |
Novak and Sedat Dilek for patches and inspiration
SVN-Revision: 37866
|
|
|
|
|
|
| |
Signed-off-by: Luka Perkov <luka@openwrt.org>
SVN-Revision: 37821
|
|
|
|
|
|
|
|
|
|
| |
connmark
fixes duplication of xt_mark and xt_connmark module entries
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 37344
|
|
|
|
|
|
| |
base iptables package - drop iptables-mod-ipset
SVN-Revision: 36683
|
|
|
|
| |
SVN-Revision: 35899
|
|
|
|
| |
SVN-Revision: 35898
|
|
|
|
|
|
| |
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
SVN-Revision: 35475
|
|
|
|
| |
SVN-Revision: 35155
|
|
|
|
|
|
| |
Signed-off-by: Florian Fainelli <florian@openwrt.org>
SVN-Revision: 35087
|
|
|
|
| |
SVN-Revision: 34841
|
|
|
|
|
|
|
| |
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
SVN-Revision: 34750
|
|
|
|
|
|
|
|
| |
- nf_add now takes an optional 4th argument which specifies a kernel version dependency, e.g. "lt 3.7.0"
- remove CompareKernelPatchVer conditionals around nf_add invocations, use version depends instead
- fixes xt_LOG.ko packaging with Linux 3.6.0 and later
SVN-Revision: 34681
|
|
|
|
| |
SVN-Revision: 34625
|
|
|
|
|
|
|
| |
nf_nat_irc depends on nf_conntrack_irc and it should be defined after that.
This fixes a problem introduced in r34247.
SVN-Revision: 34251
|
|
|
|
| |
SVN-Revision: 34247
|
|
|
|
| |
SVN-Revision: 33518
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
kmod-ipt-nathelper-extra is missing the package nf_conntrack_broadcast.ko
if it is not included into the kmod-ipt-nathelper-extra packge the modules
nf_conntrack_snmp and nf_nat_snmp_basic cant get loaded:
[ 44.500000] nf_conntrack_snmp: Unknown symbol nf_conntrack_broadcast_help (err 0)
[ 44.664000] nf_nat_snmp_basic: Unknown symbol nf_nat_snmp_hook (err 0)
Signed-off-by: Peter Wagner <tripolar@gmx.at>
SVN-Revision: 32434
|
|
|
|
| |
SVN-Revision: 32114
|
|
|
|
| |
SVN-Revision: 30897
|
|
|
|
| |
SVN-Revision: 29985
|
|
|
|
|
|
|
|
| |
This patch adds the CT target for conntrack (enables manipulation of
conntrack events and supercedes NOTRACK) as well as the TTL/HL target and
match.
SVN-Revision: 29645
|
|
|
|
| |
SVN-Revision: 29643
|
|
|
|
| |
SVN-Revision: 29609
|
|
|
|
| |
SVN-Revision: 27086
|
|
|
|
| |
SVN-Revision: 26977
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow a redirect like:
config redirect
option src 'wan'
option dest 'lan'
option src_dport '22001'
option dest_port '22'
option proto 'tcp'
note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself.
This patch makes three changes:
(1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers).
(2) fixes a bug where the wrong table is used when the "dest_ip" field is absent.
(3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted
connections.
In the above example,
ssh -p 22 root@myrouter
would fail from the outside, but:
ssh -p 22001 root@myrouter
would succeed. This is handy if:
(1) you want to avoid ssh probes on your router, or
(2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but
still want to allow firewall access from outside.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26617
|
|
|
|
|
|
|
|
|
|
| |
Add a bundle for including commonly useful modules for IPtables debugging and development.
For now, it just contains xt_TRACE.ko
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26567
|
|
|
|
|
|
|
|
|
|
|
| |
Netfilter LED target triggers blinkenlichten when a network packet hits
a rule.
LED target requires iptables 1.4.9 or higher
Signed-off-by: Łukasz Stelmach <stlman@poczta.fm>
SVN-Revision: 26451
|
|
|
|
| |
SVN-Revision: 25750
|
|
|
|
| |
SVN-Revision: 25731
|
|
|
|
| |
SVN-Revision: 25722
|
|
|
|
| |
SVN-Revision: 25641
|
|
|
|
|
|
| |
Gimpelevich
SVN-Revision: 24729
|
|
|
|
| |
SVN-Revision: 23521
|
|
|
|
| |
SVN-Revision: 22242
|
|
|
|
| |
SVN-Revision: 21883
|
|
|
|
| |
SVN-Revision: 21796
|
|
|
|
| |
SVN-Revision: 21795
|
|
|
|
|
|
| |
(2.6) * enable ipt_quota (2.4), disabled in [8499] is building fine with recent iptables * add missing ipt_nat_tftp (2.4) * add missing nf_nat_amanda (2.6)
SVN-Revision: 20693
|
|
|
|
| |
SVN-Revision: 20690
|
|
|
|
| |
SVN-Revision: 19861
|