Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | firewall: insert rules at the beginning of chains again while maintaining ↵ | Jo-Philipp Wich | 2010-03-02 | 1 | -1/+4 |
| | | | | | | non reversed order, fixes wrong ordering introduced by r18015 SVN-Revision: 19946 | ||||
* | firewall: fix bad number error in fw_redirect() (#6704) | Jo-Philipp Wich | 2010-02-20 | 1 | -3/+3 |
| | | | | SVN-Revision: 19765 | ||||
* | Add destination ip of the wan adapter useful if you have multiple ip addresses. | Travis Kemen | 2010-02-11 | 1 | -0/+2 |
| | | | | SVN-Revision: 19574 | ||||
* | firewall: fix a race condition preventing interfaces from being added to the ↵ | Jo-Philipp Wich | 2010-01-19 | 2 | -3/+7 |
| | | | | | | firewall on boot SVN-Revision: 19232 | ||||
* | firewall: fix fallout from r18716 (fixes #6338) | Felix Fietkau | 2009-12-10 | 1 | -1/+3 |
| | | | | SVN-Revision: 18733 | ||||
* | firewall: get rid of recursive shell script inclusion to improve hush ↵ | Felix Fietkau | 2009-12-09 | 2 | -37/+46 |
| | | | | | | compatibility SVN-Revision: 18716 | ||||
* | adjust dependencies of firewall and qos-scripts, so that these packages are ↵ | Felix Fietkau | 2009-12-09 | 1 | -1/+1 |
| | | | | | | visible even when iptables is not selected SVN-Revision: 18714 | ||||
* | firewall: initialize dest_port with src_dport if omitted in redirect ↵ | Jo-Philipp Wich | 2009-12-01 | 2 | -22/+22 |
| | | | | | | sections to narrow down corresponding forward rules to the actual target ports - thanks Niels Boehm! (#6249) SVN-Revision: 18617 | ||||
* | firewall: fix zone defaults | Felix Fietkau | 2009-10-11 | 1 | -2/+19 |
| | | | | SVN-Revision: 18028 | ||||
* | firewall: do not process rules in reverse | Felix Fietkau | 2009-10-10 | 1 | -1/+1 |
| | | | | SVN-Revision: 18015 | ||||
* | firewall: fix MSS issue affection RELATED new connections (closes: #5173) | Nicolas Thill | 2009-09-27 | 3 | -5/+5 |
| | | | | SVN-Revision: 17762 | ||||
* | firewall: add sanity checks to zone default rules (patch from #5459) | Felix Fietkau | 2009-09-24 | 1 | -3/+3 |
| | | | | SVN-Revision: 17713 | ||||
* | firewall: move the config_get out of the loop, no need to call it multiple times | Jo-Philipp Wich | 2009-09-14 | 1 | -2/+3 |
| | | | | SVN-Revision: 17581 | ||||
* | firewall: properly dispatch delif events if the network has a different name ↵ | Jo-Philipp Wich | 2009-09-14 | 2 | -2/+2 |
| | | | | | | then the corresponding zone SVN-Revision: 17580 | ||||
* | bump some revisions and update copyrights | Andy Boyett | 2009-09-10 | 1 | -2/+2 |
| | | | | SVN-Revision: 17554 | ||||
* | firewall: emit hotplug events for interface add/remove | Felix Fietkau | 2009-08-26 | 1 | -0/+2 |
| | | | | SVN-Revision: 17415 | ||||
* | firewall: allow incoming udp/68 packets in the default configuration (#4108, ↵ | Jo-Philipp Wich | 2009-08-13 | 2 | -1/+9 |
| | | | | | | #4781) SVN-Revision: 17238 | ||||
* | firewall: add icmp_type option to specify the icmp type in rule sections, ↵ | Jo-Philipp Wich | 2009-08-03 | 2 | -1/+4 |
| | | | | | | bump pkg revision (#5554) SVN-Revision: 17115 | ||||
* | set PKGARCH to all for packages in trunk containing only arch-neutral files ↵ | Florian Fainelli | 2009-07-24 | 1 | -0/+1 |
| | | | | | | | | (#5572) Signed-off-by: Malte S. Stretz <mss@apache.org> SVN-Revision: 16966 | ||||
* | fix typo in the uci firewall script | Florian Fainelli | 2009-05-26 | 1 | -1/+1 |
| | | | | SVN-Revision: 16076 | ||||
* | firewall: automatically set up NOTRACK rules to disable connection tracking ↵ | Felix Fietkau | 2009-05-14 | 1 | -13/+43 |
| | | | | | | for zones that have no masquerading, no conntrack and no forwarding from/to other zones with masq/conntrack SVN-Revision: 15855 | ||||
* | firewall: actually copy firewall.user to image | Jo-Philipp Wich | 2009-04-19 | 1 | -0/+2 |
| | | | | SVN-Revision: 15286 | ||||
* | firewall: process custom rules after forwardings and redirects, this ↵ | Jo-Philipp Wich | 2009-04-19 | 2 | -3/+3 |
| | | | | | | actually allows blocking traffic to certain hosts and other rules SVN-Revision: 15278 | ||||
* | firewall: enable /etc/firewall.user by default and install sample ↵ | Jo-Philipp Wich | 2009-04-12 | 3 | -5/+9 |
| | | | | | | firewall.user file SVN-Revision: 15221 | ||||
* | re-enable the mss fix by default for now - see discussion at ↵ | Felix Fietkau | 2009-01-31 | 1 | -5/+1 |
| | | | | | | http://lists.openwrt.org/pipermail/openwrt-devel/2009-January/003724.html for more information SVN-Revision: 14293 | ||||
* | firewall: don't clear the mangle table at startup or stop - it doesn't use ↵ | Felix Fietkau | 2009-01-20 | 1 | -4/+0 |
| | | | | | | it and clearing it breaks qos SVN-Revision: 14114 | ||||
* | firewall: introduce drop_invalid option to allow disabling the invalid state ↵ | Jo-Philipp Wich | 2009-01-16 | 1 | -7/+10 |
| | | | | | | match SVN-Revision: 14061 | ||||
* | firewall: allow multiple interfaces to be part of one zone, fix the sanity ↵ | Felix Fietkau | 2009-01-16 | 2 | -39/+52 |
| | | | | | | checks for that SVN-Revision: 14058 | ||||
* | firewall: clear the MSSFIX rules | Felix Fietkau | 2009-01-02 | 1 | -0/+1 |
| | | | | SVN-Revision: 13826 | ||||
* | Unify portrange-support in firewall rule generator fixes #4404 | Steven Barth | 2009-01-01 | 1 | -0/+10 |
| | | | | SVN-Revision: 13791 | ||||
* | disable the MSS fixup hack by default (most ISPs don't require this as a ↵ | Felix Fietkau | 2008-12-31 | 2 | -1/+9 |
| | | | | | | workaround for MTU problems, only some do). this should give a nice speedup for routing on standard-compliant ISPs SVN-Revision: 13788 | ||||
* | fixes firewall for trunk, custom chains were never reched, as policies apply ↵ | John Crispin | 2008-10-14 | 1 | -3/+3 |
| | | | | | | beforehand SVN-Revision: 12978 | ||||
* | fixes firewall rule generation. forwarding rules were inserted in input ↵ | John Crispin | 2008-09-28 | 1 | -3/+6 |
| | | | | | | chains, fixes #4028 SVN-Revision: 12768 | ||||
* | custom chains were never reached on DROP/REJECT policy, fixes #4004 #4029 | John Crispin | 2008-09-28 | 1 | -3/+3 |
| | | | | SVN-Revision: 12767 | ||||
* | set default input policy to ACCEPT to bring the firewall behavior closer to ↵ | Felix Fietkau | 2008-09-28 | 1 | -1/+1 |
| | | | | | | the one of previous versions SVN-Revision: 12766 | ||||
* | firewall: fix default policies, add a check for duplicate defaults sections ↵ | Felix Fietkau | 2008-09-28 | 1 | -18/+34 |
| | | | | | | and make custom chains more generic SVN-Revision: 12765 | ||||
* | firewall changes: - implement a REJECT policy and enable it by default, ↵ | Nicolas Thill | 2008-09-24 | 2 | -33/+57 |
| | | | | | | reject packets with approriate response (closes: #3970) - cleanup syn_flood and remove logging SVN-Revision: 12688 | ||||
* | make the whole iptables/netfiter modular (closes: #3871, #3527) | Nicolas Thill | 2008-09-22 | 1 | -1/+1 |
| | | | | SVN-Revision: 12649 | ||||
* | Fixed a typo in the firewall scripts | Steven Barth | 2008-09-16 | 1 | -1/+1 |
| | | | | SVN-Revision: 12616 | ||||
* | Fixed a typo in firewall scripts, closes #4000 | Steven Barth | 2008-09-15 | 1 | -1/+1 |
| | | | | SVN-Revision: 12613 | ||||
* | make uci firewall backwards compatible to the old firewall.user | John Crispin | 2008-08-27 | 1 | -2/+9 |
| | | | | SVN-Revision: 12408 | ||||
* | add proto tcpudp to firewall | John Crispin | 2008-08-27 | 1 | -38/+51 |
| | | | | SVN-Revision: 12407 | ||||
* | fix device duplication in firewall if the balancing of ifup and ifdown is broken | John Crispin | 2008-08-27 | 1 | -2/+9 |
| | | | | SVN-Revision: 12404 | ||||
* | make sure uci firewall reverts its states when stopped | John Crispin | 2008-08-27 | 1 | -0/+1 |
| | | | | SVN-Revision: 12403 | ||||
* | fixes uci firewall init order, Signed-off-by: Roberto Riggio | John Crispin | 2008-08-27 | 1 | -2/+2 |
| | | | | SVN-Revision: 12402 | ||||
* | firewall: Added support for port-ranges as firstPort-lastPort to redirect ↵ | Steven Barth | 2008-08-27 | 1 | -0/+17 |
| | | | | | | sections SVN-Revision: 12396 | ||||
* | adds 5 new chains to the uci firewall that can be used to hook custom rules | John Crispin | 2008-08-27 | 1 | -1/+16 |
| | | | | SVN-Revision: 12395 | ||||
* | adds more sanity checks to uci firewall | John Crispin | 2008-08-26 | 1 | -0/+4 |
| | | | | SVN-Revision: 12392 | ||||
* | use proto instead of protocol in uci firewall | John Crispin | 2008-08-26 | 2 | -6/+6 |
| | | | | SVN-Revision: 12391 | ||||
* | fix some firewall script typos (patch from #3897) | Felix Fietkau | 2008-08-17 | 1 | -2/+3 |
| | | | | SVN-Revision: 12332 |