aboutsummaryrefslogtreecommitdiffstats
path: root/package/firewall/files/lib/core_interface.sh
Commit message (Collapse)AuthorAgeFilesLines
* [package] firewall: rework state variable handling, use uci_toggle_state() ↵Jo-Philipp Wich2011-07-151-17/+24
| | | | | | where applicable and properly handle duplicates in add and del state helpers (#9152, #9710) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27618 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: revert accidential committed changes from r26805Jo-Philipp Wich2011-05-021-39/+11
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26806 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [PATCH] firewall: provide examples of ssh port relocation on firewall and ↵Jo-Philipp Wich2011-05-021-11/+39
| | | | | | | | | | | | | | | | IPsec passthrough Two examples of potentially useful configurations (commented out, of course): (a) map the ssh service running on the firewall to 22001 externally, without modifying the configuration of the daemon itself. this allows port 22 on the WAN side to then be port-forwarded to a LAN-based machine if desired, or if not, simply obscures the port from external attack. (b) allow IPsec/ESP and ISAKMP (UDP-based key exchange) to happen by default. useful for most modern VPN clients you might have on your WAN. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26805 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: prevent excessive uci state data aggregation (#9152)Jo-Philipp Wich2011-04-201-0/+2
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26740 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: prevent duplicate values in interface state varsJo-Philipp Wich2011-03-301-1/+4
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@26382 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: fix rule generation for v4 or v6 only zones (#8955)Jo-Philipp Wich2011-03-011-0/+3
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@25813 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: protect iptables invocations with locks in interface ↵Jo-Philipp Wich2010-09-191-0/+4
| | | | | | ops, it might run concurrently due to hotplug invocations on network restart git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23090 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: deliver remove hotplug events for all active ↵Jo-Philipp Wich2010-09-141-2/+27
| | | | | | zones/networks when restarting the firewall git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23062 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall:Jo-Philipp Wich2010-09-111-27/+6
| | | | | | | | | | - simplify masquerade rule setup - remove various subshell invocations - speedup fw() by not relying on xargs and pipes - rework SNAT support - attach to dest zone, use src_dip/src_dport as snat source git-svn-id: svn://svn.openwrt.org/openwrt/trunk@23024 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall:Jo-Philipp Wich2010-09-041-5/+27
| | | | | | | | - handle NAT reflection in firewall hotplug, solves synchronizing issues on boot - introduce masq_src and masq_dest options to limit zone masq to specific ip ranges, supports multiple subnets and negation git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22888 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall:Jo-Philipp Wich2010-08-311-31/+31
| | | | | | | | | - fix processing of rules with an ip family option - append interface rules at the end of internal zone chains, simplifies injecting user or addon rules - support simple file logging (option log + option log_limit per zone) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22847 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall:Jo-Philipp Wich2010-06-021-10/+23
| | | | | | | | - support alias ifnames different from parent ifname - properly handle multiple subnets per alias (v4+v6) git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21656 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall: Initial alias interface support. This allows to define ↵Jo-Philipp Wich2010-06-011-27/+85
| | | | | | zones covering alias interfaces and associated entries like rules and forwardings. git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21653 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall:Jo-Philipp Wich2010-05-191-15/+18
| | | | | | | | - fix ip6tables rules when icmp_type option is set - add "family" option to zones, forwardings, redirects and rules to selectively apply rules to iptables and/or ip6tables git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21508 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall (#7355)Jo-Philipp Wich2010-05-191-7/+5
| | | | | | | | | | | | | | - partially revert r21486, start firewall on init again - skip iface hotplug events if base fw is not up yet - get ifname and up state with uci_get_state() in iface setup since the values gathered by scan_interfaces() may be outdated when iface coldplugging happens (observed with pptp) - ignore up state when bringing down interfaces because ifdown reverts state vars before dispatching the iface event - bump package revision git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21502 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] firewall:Jo-Philipp Wich2010-05-011-0/+86
- replace uci firewall with a modular dual stack implementation developed by Malte S. Stretz - bump version to 2 git-svn-id: svn://svn.openwrt.org/openwrt/trunk@21286 3c298f89-4303-0410-b956-a3cf2f4a3e73
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-12 01:00:58 +0000