Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | kernel: update module names and add new config symbols for linux 3.3 | Jonas Gorski | 2012-02-02 | 1 | -1/+6 |
| | | | | SVN-Revision: 29985 | ||||
* | add CT target and TTL/HL match+target | Jo-Philipp Wich | 2012-01-04 | 1 | -0/+4 |
| | | | | | | | | This patch adds the CT target for conntrack (enables manipulation of conntrack events and supercedes NOTRACK) as well as the TTL/HL target and match. SVN-Revision: 29645 | ||||
* | remove current RTSP support | Jo-Philipp Wich | 2012-01-04 | 1 | -4/+0 |
| | | | | SVN-Revision: 29643 | ||||
* | package CT target | Jo-Philipp Wich | 2011-12-25 | 1 | -0/+1 |
| | | | | SVN-Revision: 29609 | ||||
* | netfilter.mk: remove a few obsolete CompareKernelPatchVer calls | Felix Fietkau | 2011-06-01 | 1 | -17/+5 |
| | | | | SVN-Revision: 27086 | ||||
* | package u32 match and TEE target, patches by Maxim Uvarov | Jo-Philipp Wich | 2011-05-24 | 1 | -0/+8 |
| | | | | SVN-Revision: 26977 | ||||
* | firewall: allow local redirection of ports | Jo-Philipp Wich | 2011-04-12 | 1 | -2/+2 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow a redirect like: config redirect option src 'wan' option dest 'lan' option src_dport '22001' option dest_port '22' option proto 'tcp' note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself. This patch makes three changes: (1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers). (2) fixes a bug where the wrong table is used when the "dest_ip" field is absent. (3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted connections. In the above example, ssh -p 22 root@myrouter would fail from the outside, but: ssh -p 22001 root@myrouter would succeed. This is handy if: (1) you want to avoid ssh probes on your router, or (2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but still want to allow firewall access from outside. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> SVN-Revision: 26617 | ||||
* | iipt-debug: create bundle of netfilter modules for debugging | Hauke Mehrtens | 2011-04-09 | 1 | -0/+5 |
| | | | | | | | | | | Add a bundle for including commonly useful modules for IPtables debugging and development. For now, it just contains xt_TRACE.ko Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> SVN-Revision: 26567 | ||||
* | add kmod-ipt-led | Florian Fainelli | 2011-04-03 | 1 | -0/+3 |
| | | | | | | | | | | | Netfilter LED target triggers blinkenlichten when a network packet hits a rule. LED target requires iptables 1.4.9 or higher Signed-off-by: Łukasz Stelmach <stlman@poczta.fm> SVN-Revision: 26451 | ||||
* | netfilter.mk: put ipv6 conntrack in the right package | Felix Fietkau | 2011-02-27 | 1 | -2/+1 |
| | | | | SVN-Revision: 25750 | ||||
* | netfilter: add missing modules for v6 conntrack (patch from #8940) | Felix Fietkau | 2011-02-26 | 1 | -0/+2 |
| | | | | SVN-Revision: 25731 | ||||
* | move nf_{conntrack,nat}_tftp to ipt-nathelper-extra, most people don't need this | Felix Fietkau | 2011-02-26 | 1 | -4/+4 |
| | | | | SVN-Revision: 25722 | ||||
* | kernel: remove imq support, refresh patches | Felix Fietkau | 2011-02-21 | 1 | -8/+0 |
| | | | | SVN-Revision: 25641 | ||||
* | netfilter.mk: fix connmark packaging for Kernels >= 2.6.35, thanks Daniel ↵ | Jo-Philipp Wich | 2010-12-19 | 1 | -1/+2 |
| | | | | | | Gimpelevich SVN-Revision: 24729 | ||||
* | netfilter: workaround a userspace/kernel mismatch on Linux 2.6.35 and later | Jo-Philipp Wich | 2010-10-18 | 1 | -1/+6 |
| | | | | SVN-Revision: 23521 | ||||
* | finalize r22241 fixes | Alexandros C. Couloumbis | 2010-07-17 | 1 | -3/+3 |
| | | | | SVN-Revision: 22242 | ||||
* | package TPROXY target and module infrastructure | Jo-Philipp Wich | 2010-06-22 | 1 | -0/+7 |
| | | | | SVN-Revision: 21883 | ||||
* | include/netfilter.mk fix typo on r21795 | Alexandros C. Couloumbis | 2010-06-14 | 1 | -2/+2 |
| | | | | SVN-Revision: 21796 | ||||
* | include/netfilter.mk: add 2.6.35 kernel support | Alexandros C. Couloumbis | 2010-06-14 | 1 | -3/+10 |
| | | | | SVN-Revision: 21795 | ||||
* | netfilter: extension fixes (partially closes: #7045) * add missing xt_owner ↵ | Nicolas Thill | 2010-04-04 | 1 | -1/+4 |
| | | | | | | (2.6) * enable ipt_quota (2.4), disabled in [8499] is building fine with recent iptables * add missing ipt_nat_tftp (2.4) * add missing nf_nat_amanda (2.6) SVN-Revision: 20693 | ||||
* | include/netfilter.mk: move ebtables definitions at the end | Nicolas Thill | 2010-04-04 | 1 | -36/+37 |
| | | | | SVN-Revision: 20690 | ||||
* | properly package xt_comment.ko (#6742) | Jo-Philipp Wich | 2010-02-26 | 1 | -0/+2 |
| | | | | SVN-Revision: 19861 | ||||
* | netfilter: add support for raw table and NOTRACK target (#5504) | Jo-Philipp Wich | 2010-02-19 | 1 | -0/+1 |
| | | | | SVN-Revision: 19721 | ||||
* | iptables: add comment match to the core package | Jo-Philipp Wich | 2009-12-08 | 1 | -1/+1 |
| | | | | SVN-Revision: 18706 | ||||
* | netfilter: remove IPset leftovers missed from [17844] | Nicolas Thill | 2009-10-11 | 1 | -21/+0 |
| | | | | SVN-Revision: 18032 | ||||
* | Update ipset to version 3.2 | Hauke Mehrtens | 2009-09-27 | 1 | -0/+3 |
| | | | | SVN-Revision: 17764 | ||||
* | split ebtables packages and modules into ebtables ipv4/6 and watchers (#5001) | Florian Fainelli | 2009-07-25 | 1 | -0/+40 |
| | | | | SVN-Revision: 16980 | ||||
* | fix ip6tables installation against ip6t_HL which has been merged in xt_HL ↵ | Florian Fainelli | 2009-07-24 | 1 | -2/+0 |
| | | | | | | since 2.6.29 (#5568) SVN-Revision: 16964 | ||||
* | netfilter: move iptable_raw, xt_NOTRACK from conntrack-extra to conntrack | Felix Fietkau | 2009-05-14 | 1 | -2/+2 |
| | | | | SVN-Revision: 15854 | ||||
* | ipt_TTL and ipt_ttl moved and were renamed in kernel 2.6.30 | Hauke Mehrtens | 2009-05-14 | 1 | -2/+8 |
| | | | | SVN-Revision: 15851 | ||||
* | adept netfilter.mk to updated imq | Jo-Philipp Wich | 2009-05-07 | 1 | -0/+1 |
| | | | | SVN-Revision: 15656 | ||||
* | get rid of $Id$ - it has never helped us and it has broken too many patches ;) | Felix Fietkau | 2009-04-17 | 1 | -1/+0 |
| | | | | SVN-Revision: 15242 | ||||
* | move iptable_raw to the conntrack-extra package | Felix Fietkau | 2009-04-09 | 1 | -1/+1 |
| | | | | SVN-Revision: 15175 | ||||
* | accomodate netfilter module (xt_recent) name change in 2.6.28, add missing ↵ | Nicolas Thill | 2009-04-06 | 1 | -0/+1 |
| | | | | | | kconfig when xt_recent is enabled SVN-Revision: 15123 | ||||
* | remove support for ipp2p - it's unmaintained, broken, overmatching and ↵ | Felix Fietkau | 2009-02-21 | 1 | -1/+0 |
| | | | | | | undermatching => not that useful for QoS SVN-Revision: 14596 | ||||
* | netfilter: remove CHAOS, TARPIT and DELUDE references | Gabor Juhos | 2009-02-09 | 1 | -4/+0 |
| | | | | SVN-Revision: 14461 | ||||
* | defrag needs to be loaded before conntrack_ipv4 | Imre Kaloz | 2008-12-10 | 1 | -1/+1 |
| | | | | SVN-Revision: 13585 | ||||
* | fix conntrack on 2.6.28 | Imre Kaloz | 2008-12-10 | 1 | -0/+1 |
| | | | | SVN-Revision: 13582 | ||||
* | make the whole iptables/netfiter modular (closes: #3871, #3527) | Nicolas Thill | 2008-09-22 | 1 | -37/+65 |
| | | | | SVN-Revision: 12649 | ||||
* | Package ip6t_limit and ip6t_frag for 2.4 kernels (#3760) | Florian Fainelli | 2008-08-11 | 1 | -0/+1 |
| | | | | SVN-Revision: 12276 | ||||
* | cosmetic change: rename IPT_NAT_DEFAULT & IPT_NAT_EXTRA to IPT_NATHELPER & ↵ | Nicolas Thill | 2008-05-08 | 1 | -39/+41 |
| | | | | | | IPT_NATHELPER_EXTRA respectively, to better match package names SVN-Revision: 11073 | ||||
* | kmod-ipt-iprange: fix build error on .25 | Gabor Juhos | 2008-04-30 | 1 | -0/+1 |
| | | | | SVN-Revision: 10992 | ||||
* | update iptables to 1.4.0 (2.6 kernels only), refresh kernel patches | Gabor Juhos | 2008-04-15 | 1 | -0/+4 |
| | | | | SVN-Revision: 10843 | ||||
* | layer7 filtering module is now xt_layer7 (#3268) | Florian Fainelli | 2008-03-27 | 1 | -0/+1 |
| | | | | SVN-Revision: 10674 | ||||
* | netfilter/ipset cleanups * rename patches to follow our naming conventions * ↵ | Gabor Juhos | 2007-10-12 | 1 | -0/+1 |
| | | | | | | update ipset patches with revision 7096 of [https://svn.netfilter.org/netfilter/trunk/patch-o-matic-ng pom] * add CONFIG_IP_NF_SET_IPTREEMAP to default kernel configs * add ip_set_iptreemap to include/netfilter.mk * update kmod-ipt-ipset module description SVN-Revision: 9269 | ||||
* | add TARPIT support to netfilter/iptables * netfilter: add the xt_TARPIT ↵ | Gabor Juhos | 2007-10-07 | 1 | -2/+3 |
| | | | | | | target module required by xt_CHAOS * include/netfilter.mk: reorder, xt_CHAOS depends on xt_TARPIT and xt_DELUDE * iptables: add libipt_TARPIT to the kmod-ipt-extra package, bump release number * original patchset can be found [http://tinyurl.com/2mjk2kx here] SVN-Revision: 9178 | ||||
* | add ipv6 conntrack support (closes: #2192) | Nicolas Thill | 2007-09-23 | 1 | -0/+29 |
| | | | | SVN-Revision: 8984 | ||||
* | add missing 2.6 conntrack/nat helpers, add 2.6 conntrack/nat helper for RTSP ↵ | Nicolas Thill | 2007-09-22 | 1 | -3/+37 |
| | | | | | | (closes: #2297, thanks to aorlinsk), sync 2.4 / 2.6 kconfigs. SVN-Revision: 8955 | ||||
* | cosmetic cleanup before more deep changes | Nicolas Thill | 2007-09-20 | 1 | -51/+83 |
| | | | | SVN-Revision: 8870 | ||||
* | fix typo again (do i need some sleep?) | Nicolas Thill | 2007-09-17 | 1 | -1/+1 |
| | | | | SVN-Revision: 8822 |