aboutsummaryrefslogtreecommitdiffstats
path: root/package/firewall/files/firewall.config
Commit message (Collapse)AuthorAgeFilesLines
* AA: firewall3: rename to firewall, move into base system menu, update to git ↵Jo-Philipp Wich2013-06-041-0/+177
| | | | | | head with compatibility fixes for AA git-svn-id: svn://svn.openwrt.org/openwrt/branches/attitude_adjustment@36842 3c298f89-4303-0410-b956-a3cf2f4a3e73
* AA: Drop legacy firewall packageJo-Philipp Wich2013-06-041-176/+0
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/branches/attitude_adjustment@36841 3c298f89-4303-0410-b956-a3cf2f4a3e73
* AA: backport r36623Steven Barth2013-05-261-1/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/branches/attitude_adjustment@36720 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: allow incoming ICMPv6 router-advertisement and ↵Jo-Philipp Wich2012-06-081-0/+2
| | | | | | neighbor-advertisement, thanks swalker git-svn-id: svn://svn.openwrt.org/openwrt/trunk@32127 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package/firewall] minor change: adjust formatting of firewall.configMirko Vogt2012-04-211-13/+13
| | | | | | | - remove trailing whitespaces (s/\ $//g) - replace spaces with tabs between options and values git-svn-id: svn://svn.openwrt.org/openwrt/trunk@31427 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: allow ICMPv6 type 129 (echo reply) - this fixes basic ↵Jo-Philipp Wich2012-02-251-0/+2
| | | | | | ICMPv6 in case no connection tracking is used git-svn-id: svn://svn.openwrt.org/openwrt/trunk@30727 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall:Jo-Philipp Wich2011-12-201-0/+5
| | | | | | | | | - introduce per-section "option enabled" which defaults to "1" - useful to disable rules or zones without having to delete them - annotate default traffic rules with names - bump version git-svn-id: svn://svn.openwrt.org/openwrt/trunk@29577 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: add DHCPv6 default rule (#10381)Jo-Philipp Wich2011-11-091-0/+12
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@28874 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: further tune ICMPv6 default rules according to RFC4890 ↵Jo-Philipp Wich2011-08-141-0/+16
| | | | | | (#9893) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27979 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: refine default ICMPv6 rules to better conform with ↵Jo-Philipp Wich2011-06-301-13/+2
| | | | | | RFC4890, do not forward link local ICMP message types, allow parameter problem git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27321 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall:Jo-Philipp Wich2011-06-301-17/+44
| | | | | | | | | | | | | - allow multiple ports, protocols, macs, icmp types per rule - implement "limit" and "limit_burst" options for rules - implement "extra" option to rules and redirects for passing arbritary flags to iptables - implement negations for "src_port", "dest_port", "src_dport", "src_mac", "proto" and "icmp_type" options - allow wildcard (*) "src" and "dest" options in rules to allow specifying "any" source or destination - validate symbolic icmp-type names against the selected iptables binary - properly handle forwarded ICMPv6 traffic in the default configuration git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27317 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: explictely mention network in default configuration, ↵Jo-Philipp Wich2011-05-201-0/+2
| | | | | | makes it less confusing git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26961 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [PATCH] firewall: provide examples of ssh port relocation on firewall and ↵Jo-Philipp Wich2011-05-021-0/+22
| | | | | | | | | | | | | | | | IPsec passthrough Two examples of potentially useful configurations (commented out, of course): (a) map the ssh service running on the firewall to 22001 externally, without modifying the configuration of the daemon itself. this allows port 22 on the WAN side to then be port-forwarded to a LAN-based machine if desired, or if not, simply obscures the port from external attack. (b) allow IPsec/ESP and ISAKMP (UDP-based key exchange) to happen by default. useful for most modern VPN clients you might have on your WAN. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26805 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: don't apply default udp/68 rule to ip6tablesJo-Philipp Wich2010-05-191-0/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21509 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: add commented disable_ipv6 option to default configJo-Philipp Wich2010-05-191-0/+2
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21505 3c298f89-4303-0410-b956-a3cf2f4a3e73
* allow pingTravis Kemen2010-03-181-0/+7
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@20261 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: fix MSS issue affection RELATED new connections (closes: ↵Nicolas Thill2009-09-271-1/+1
| | | | | | #5173) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17762 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: allow incoming udp/68 packets in the default ↵Jo-Philipp Wich2009-08-131-0/+8
| | | | | | configuration (#4108, #4781) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@17238 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: enable /etc/firewall.user by default and install sample ↵Jo-Philipp Wich2009-04-121-4/+4
| | | | | | firewall.user file git-svn-id: svn://svn.openwrt.org/openwrt/trunk@15221 3c298f89-4303-0410-b956-a3cf2f4a3e73
* re-enable the mss fix by default for now - see discussion at ↵Felix Fietkau2009-01-311-5/+1
| | | | | | http://lists.openwrt.org/pipermail/openwrt-devel/2009-January/003724.html for more information git-svn-id: svn://svn.openwrt.org/openwrt/trunk@14293 3c298f89-4303-0410-b956-a3cf2f4a3e73
* disable the MSS fixup hack by default (most ISPs don't require this as a ↵Felix Fietkau2008-12-311-0/+5
| | | | | | workaround for MTU problems, only some do). this should give a nice speedup for routing on standard-compliant ISPs git-svn-id: svn://svn.openwrt.org/openwrt/trunk@13788 3c298f89-4303-0410-b956-a3cf2f4a3e73
* set default input policy to ACCEPT to bring the firewall behavior closer to ↵Felix Fietkau2008-09-281-1/+1
| | | | | | the one of previous versions git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12766 3c298f89-4303-0410-b956-a3cf2f4a3e73
* firewall changes:Nicolas Thill2008-09-241-5/+5
| | | | | | | | - implement a REJECT policy and enable it by default, reject packets with approriate response (closes: #3970) - cleanup syn_flood and remove logging git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12688 3c298f89-4303-0410-b956-a3cf2f4a3e73
* use proto instead of protocol in uci firewallJohn Crispin2008-08-261-1/+1
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12391 3c298f89-4303-0410-b956-a3cf2f4a3e73
* uci firewallJohn Crispin2008-08-111-0/+80
- make uci firewall default and remove old code - fix up dependencies git-svn-id: svn://svn.openwrt.org/openwrt/trunk@12284 3c298f89-4303-0410-b956-a3cf2f4a3e73
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 21:21:27 +0000