aboutsummaryrefslogtreecommitdiffstats
path: root/package/firewall/files/lib/core_interface.sh
Commit message (Collapse)AuthorAgeFilesLines
* packages: sort network related packages into package/network/Felix Fietkau2012-10-101-205/+0
| | | | SVN-Revision: 33688
* firewall: fix fw__uci_state_del() procedure (#11132)Jo-Philipp Wich2012-03-131-2/+2
| | | | SVN-Revision: 30938
* firewall: relocate TCPMSS rules into mangle table, add code to selectively ↵Jo-Philipp Wich2011-10-291-1/+3
| | | | | | clear them out again SVN-Revision: 28669
* firewall: fix serious bug in state var handling (#9746)Jo-Philipp Wich2011-07-201-2/+2
| | | | SVN-Revision: 27711
* firewall: rework state variable handling, use uci_toggle_state() where ↵Jo-Philipp Wich2011-07-151-17/+24
| | | | | | applicable and properly handle duplicates in add and del state helpers (#9152, #9710) SVN-Revision: 27618
* firewall: revert accidential committed changes from r26805Jo-Philipp Wich2011-05-021-39/+11
| | | | SVN-Revision: 26806
* firewall: provide examples of ssh port relocation on firewall and IPsec ↵Jo-Philipp Wich2011-05-021-11/+39
| | | | | | | | | | | | | passthrough Two examples of potentially useful configurations (commented out, of course): (a) map the ssh service running on the firewall to 22001 externally, without modifying the configuration of the daemon itself. this allows port 22 on the WAN side to then be port-forwarded to a LAN-based machine if desired, or if not, simply obscures the port from external attack. (b) allow IPsec/ESP and ISAKMP (UDP-based key exchange) to happen by default. useful for most modern VPN clients you might have on your WAN. Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com> SVN-Revision: 26805
* firewall: prevent excessive uci state data aggregation (#9152)Jo-Philipp Wich2011-04-201-0/+2
| | | | SVN-Revision: 26740
* firewall: prevent duplicate values in interface state varsJo-Philipp Wich2011-03-301-1/+4
| | | | SVN-Revision: 26382
* firewall: fix rule generation for v4 or v6 only zones (#8955)Jo-Philipp Wich2011-03-011-0/+3
| | | | SVN-Revision: 25813
* firewall: protect iptables invocations with locks in interface ops, it might ↵Jo-Philipp Wich2010-09-191-0/+4
| | | | | | run concurrently due to hotplug invocations on network restart SVN-Revision: 23090
* firewall: deliver remove hotplug events for all active zones/networks when ↵Jo-Philipp Wich2010-09-141-2/+27
| | | | | | restarting the firewall SVN-Revision: 23062
* firewall: - simplify masquerade rule setup - remove various subshell ↵Jo-Philipp Wich2010-09-111-27/+6
| | | | | | invocations - speedup fw() by not relying on xargs and pipes - rework SNAT support - attach to dest zone, use src_dip/src_dport as snat source SVN-Revision: 23024
* firewall: - handle NAT reflection in firewall hotplug, solves synchronizing ↵Jo-Philipp Wich2010-09-041-5/+27
| | | | | | issues on boot - introduce masq_src and masq_dest options to limit zone masq to specific ip ranges, supports multiple subnets and negation SVN-Revision: 22888
* firewall: - fix processing of rules with an ip family option - append ↵Jo-Philipp Wich2010-08-311-31/+31
| | | | | | interface rules at the end of internal zone chains, simplifies injecting user or addon rules - support simple file logging (option log + option log_limit per zone) SVN-Revision: 22847
* firewall: - support alias ifnames different from parent ifname - properly ↵Jo-Philipp Wich2010-06-021-10/+23
| | | | | | handle multiple subnets per alias (v4+v6) SVN-Revision: 21656
* firewall: Initial alias interface support. This allows to define zones ↵Jo-Philipp Wich2010-06-011-27/+85
| | | | | | covering alias interfaces and associated entries like rules and forwardings. SVN-Revision: 21653
* firewall: - fix ip6tables rules when icmp_type option is set - add "family" ↵Jo-Philipp Wich2010-05-191-15/+18
| | | | | | option to zones, forwardings, redirects and rules to selectively apply rules to iptables and/or ip6tables SVN-Revision: 21508
* firewall (#7355) - partially revert r21486, start firewall on init again - ↵Jo-Philipp Wich2010-05-191-7/+5
| | | | | | skip iface hotplug events if base fw is not up yet - get ifname and up state with uci_get_state() in iface setup since the values gathered by scan_interfaces() may be outdated when iface coldplugging happens (observed with pptp) - ignore up state when bringing down interfaces because ifdown reverts state vars before dispatching the iface event - bump package revision SVN-Revision: 21502
* firewall: - replace uci firewall with a modular dual stack implementation ↵Jo-Philipp Wich2010-05-011-0/+86
developed by Malte S. Stretz - bump version to 2 SVN-Revision: 21286
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-02 08:37:17 +0000