| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Signed-off-by: Álvaro Fernández Rojas <noltari@gmail.com>
SVN-Revision: 44598
|
|
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44488
|
|
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 44187
|
|
|
|
|
|
| |
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
SVN-Revision: 44126
|
|
|
|
|
|
| |
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
SVN-Revision: 43966
|
|
|
|
|
|
| |
Signed-off-by: Imre Kaloz <kaloz@openwrt.org>
SVN-Revision: 43950
|
|
|
|
|
|
|
|
| |
Significantly improves routing / NAT performance
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 43587
|
|
|
|
|
|
|
|
|
|
| |
Building current trunk with 3.18 kernel fired some errors like 'missed
dependancy of module XXX from library kmod_YYY.ko'. These patch fixes 3
of such issues which are critical to have a successful build.
Signed-off-by: Alexey N Vinogradov <a.n.vinogradov@gmail.com>
SVN-Revision: 43318
|
|
|
|
|
|
|
|
|
|
|
| |
The 3.18 kernel introduced new Kconfig options for the xt_nat and iptable_nat
kernel modules, that both belong to the ipt_nat kernel package.
Enable this new options.
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
SVN-Revision: 43212
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds the userspace and kernelspace for
- match NETFILTER_XT_MATCH_CLUSTER
This match can be used to deploy gateway and back-end load-sharing clusters.
- target IP_NF_TARGET_CLUSTERIP
This module allows you to configure a simple cluster of nodes
that share a certain IP and MAC address
without an explicit load balancer in front of them.
Connections are statically distributed between the nodes in this cluster.
This is used i.e. by strongswan-ha.
Signed-off-by: Christian Scheele <cs@embedd.com>
SVN-Revision: 43174
|
|
|
|
| |
SVN-Revision: 42696
|
|
|
|
| |
SVN-Revision: 42611
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42599
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 42596
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NFLOG and NFQUEUE targets' full support for iptables.
Includes all needed kernel modules (Xtables's and Netlink's)
and userspace libraries.
All added kernel modules can be individually disabled,
all other new libraries get their own individual packages.
Reported-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch>
Reported-by: Rainer Poisel <rainer.poisel@fhstp.ac.at>
Reported-by: Derek LaHousse <dlahouss@mtu.edu>
Signed-off-by: Guillaume Déflache <guillaume.deflache@ibwag.com>
SVN-Revision: 42022
|
|
|
|
|
|
|
|
|
| |
This commit implements a new netfilter match "xt_id" which can be used to
attach unsigned 32bit IDs to iptables rules.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
SVN-Revision: 41945
|
|
|
|
|
|
|
|
| |
(reduces rootfs size and memory usage)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 40983
|
|
|
|
| |
SVN-Revision: 39878
|
|
|
|
| |
SVN-Revision: 37891
|
|
|
|
|
|
| |
Novak and Sedat Dilek for patches and inspiration
SVN-Revision: 37866
|
|
|
|
|
|
| |
Signed-off-by: Luka Perkov <luka@openwrt.org>
SVN-Revision: 37821
|
|
|
|
|
|
|
|
|
|
| |
connmark
fixes duplication of xt_mark and xt_connmark module entries
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 37344
|
|
|
|
|
|
| |
base iptables package - drop iptables-mod-ipset
SVN-Revision: 36683
|
|
|
|
| |
SVN-Revision: 35899
|
|
|
|
| |
SVN-Revision: 35898
|
|
|
|
|
|
| |
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
SVN-Revision: 35475
|
|
|
|
| |
SVN-Revision: 35155
|
|
|
|
|
|
| |
Signed-off-by: Florian Fainelli <florian@openwrt.org>
SVN-Revision: 35087
|
|
|
|
| |
SVN-Revision: 34841
|
|
|
|
|
|
|
| |
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: Gabor Juhos <juhosg@openwrt.org>
SVN-Revision: 34750
|
|
|
|
|
|
|
|
| |
- nf_add now takes an optional 4th argument which specifies a kernel version dependency, e.g. "lt 3.7.0"
- remove CompareKernelPatchVer conditionals around nf_add invocations, use version depends instead
- fixes xt_LOG.ko packaging with Linux 3.6.0 and later
SVN-Revision: 34681
|
|
|
|
| |
SVN-Revision: 34625
|
|
|
|
|
|
|
| |
nf_nat_irc depends on nf_conntrack_irc and it should be defined after that.
This fixes a problem introduced in r34247.
SVN-Revision: 34251
|
|
|
|
| |
SVN-Revision: 34247
|
|
|
|
| |
SVN-Revision: 33518
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
kmod-ipt-nathelper-extra is missing the package nf_conntrack_broadcast.ko
if it is not included into the kmod-ipt-nathelper-extra packge the modules
nf_conntrack_snmp and nf_nat_snmp_basic cant get loaded:
[ 44.500000] nf_conntrack_snmp: Unknown symbol nf_conntrack_broadcast_help (err 0)
[ 44.664000] nf_nat_snmp_basic: Unknown symbol nf_nat_snmp_hook (err 0)
Signed-off-by: Peter Wagner <tripolar@gmx.at>
SVN-Revision: 32434
|
|
|
|
| |
SVN-Revision: 32114
|
|
|
|
| |
SVN-Revision: 30897
|
|
|
|
| |
SVN-Revision: 29985
|
|
|
|
|
|
|
|
| |
This patch adds the CT target for conntrack (enables manipulation of
conntrack events and supercedes NOTRACK) as well as the TTL/HL target and
match.
SVN-Revision: 29645
|
|
|
|
| |
SVN-Revision: 29643
|
|
|
|
| |
SVN-Revision: 29609
|
|
|
|
| |
SVN-Revision: 27086
|
|
|
|
| |
SVN-Revision: 26977
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow a redirect like:
config redirect
option src 'wan'
option dest 'lan'
option src_dport '22001'
option dest_port '22'
option proto 'tcp'
note the absence of the "dest_ip" field, meaning to terminate the connection on the firewall itself.
This patch makes three changes:
(1) moves the conntrack module into the conntrack package (but not any of the conntrack_* helpers).
(2) fixes a bug where the wrong table is used when the "dest_ip" field is absent.
(3) accepts incoming connections on the destination port on the input_ZONE table, but only for DNATted
connections.
In the above example,
ssh -p 22 root@myrouter
would fail from the outside, but:
ssh -p 22001 root@myrouter
would succeed. This is handy if:
(1) you want to avoid ssh probes on your router, or
(2) you want to redirect incoming connections on port 22 to some machine inside your firewall, but
still want to allow firewall access from outside.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26617
|
|
|
|
|
|
|
|
|
|
| |
Add a bundle for including commonly useful modules for IPtables debugging and development.
For now, it just contains xt_TRACE.ko
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26567
|
|
|
|
|
|
|
|
|
|
|
| |
Netfilter LED target triggers blinkenlichten when a network packet hits
a rule.
LED target requires iptables 1.4.9 or higher
Signed-off-by: Łukasz Stelmach <stlman@poczta.fm>
SVN-Revision: 26451
|
|
|
|
| |
SVN-Revision: 25750
|
|
|
|
| |
SVN-Revision: 25731
|
|
|
|
| |
SVN-Revision: 25722
|