| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
SVN-Revision: 33688
|
|
|
|
| |
SVN-Revision: 30938
|
|
|
|
|
|
| |
clear them out again
SVN-Revision: 28669
|
|
|
|
| |
SVN-Revision: 27711
|
|
|
|
|
|
| |
applicable and properly handle duplicates in add and del state helpers (#9152, #9710)
SVN-Revision: 27618
|
|
|
|
| |
SVN-Revision: 26806
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
passthrough Two examples of potentially useful configurations (commented out, of course):
(a) map the ssh service running on the firewall to 22001 externally, without modifying the configuration of the daemon itself. this allows port 22 on the WAN side to then be port-forwarded to a
LAN-based machine if desired, or if not, simply obscures the port from external attack.
(b) allow IPsec/ESP and ISAKMP (UDP-based key exchange) to happen by default. useful for most modern VPN clients you might have on your WAN.
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
SVN-Revision: 26805
|
|
|
|
| |
SVN-Revision: 26740
|
|
|
|
| |
SVN-Revision: 26382
|
|
|
|
| |
SVN-Revision: 25813
|
|
|
|
|
|
| |
run concurrently due to hotplug invocations on network restart
SVN-Revision: 23090
|
|
|
|
|
|
| |
restarting the firewall
SVN-Revision: 23062
|
|
|
|
|
|
| |
invocations - speedup fw() by not relying on xargs and pipes - rework SNAT support - attach to dest zone, use src_dip/src_dport as snat source
SVN-Revision: 23024
|
|
|
|
|
|
| |
issues on boot - introduce masq_src and masq_dest options to limit zone masq to specific ip ranges, supports multiple subnets and negation
SVN-Revision: 22888
|
|
|
|
|
|
| |
interface rules at the end of internal zone chains, simplifies injecting user or addon rules - support simple file logging (option log + option log_limit per zone)
SVN-Revision: 22847
|
|
|
|
|
|
| |
handle multiple subnets per alias (v4+v6)
SVN-Revision: 21656
|
|
|
|
|
|
| |
covering alias interfaces and associated entries like rules and forwardings.
SVN-Revision: 21653
|
|
|
|
|
|
| |
option to zones, forwardings, redirects and rules to selectively apply rules to iptables and/or ip6tables
SVN-Revision: 21508
|
|
|
|
|
|
| |
skip iface hotplug events if base fw is not up yet - get ifname and up state with uci_get_state() in iface setup since the values gathered by scan_interfaces() may be outdated when iface coldplugging happens (observed with pptp) - ignore up state when bringing down interfaces because ifdown reverts state vars before dispatching the iface event - bump package revision
SVN-Revision: 21502
|
|
developed by Malte S. Stretz - bump version to 2
SVN-Revision: 21286
|