aboutsummaryrefslogtreecommitdiffstats
path: root/package/firewall
Commit message (Collapse)AuthorAgeFilesLines
* firewall: insert rules at the beginning of chains again while maintaining ↵Jo-Philipp Wich2010-03-021-1/+4
| | | | | | non reversed order, fixes wrong ordering introduced by r18015 SVN-Revision: 19946
* firewall: fix bad number error in fw_redirect() (#6704)Jo-Philipp Wich2010-02-201-3/+3
| | | | SVN-Revision: 19765
* Add destination ip of the wan adapter useful if you have multiple ip addresses.Travis Kemen2010-02-111-0/+2
| | | | SVN-Revision: 19574
* firewall: fix a race condition preventing interfaces from being added to the ↵Jo-Philipp Wich2010-01-192-3/+7
| | | | | | firewall on boot SVN-Revision: 19232
* firewall: fix fallout from r18716 (fixes #6338)Felix Fietkau2009-12-101-1/+3
| | | | SVN-Revision: 18733
* firewall: get rid of recursive shell script inclusion to improve hush ↵Felix Fietkau2009-12-092-37/+46
| | | | | | compatibility SVN-Revision: 18716
* adjust dependencies of firewall and qos-scripts, so that these packages are ↵Felix Fietkau2009-12-091-1/+1
| | | | | | visible even when iptables is not selected SVN-Revision: 18714
* firewall: initialize dest_port with src_dport if omitted in redirect ↵Jo-Philipp Wich2009-12-012-22/+22
| | | | | | sections to narrow down corresponding forward rules to the actual target ports - thanks Niels Boehm! (#6249) SVN-Revision: 18617
* firewall: fix zone defaultsFelix Fietkau2009-10-111-2/+19
| | | | SVN-Revision: 18028
* firewall: do not process rules in reverseFelix Fietkau2009-10-101-1/+1
| | | | SVN-Revision: 18015
* firewall: fix MSS issue affection RELATED new connections (closes: #5173)Nicolas Thill2009-09-273-5/+5
| | | | SVN-Revision: 17762
* firewall: add sanity checks to zone default rules (patch from #5459)Felix Fietkau2009-09-241-3/+3
| | | | SVN-Revision: 17713
* firewall: move the config_get out of the loop, no need to call it multiple timesJo-Philipp Wich2009-09-141-2/+3
| | | | SVN-Revision: 17581
* firewall: properly dispatch delif events if the network has a different name ↵Jo-Philipp Wich2009-09-142-2/+2
| | | | | | then the corresponding zone SVN-Revision: 17580
* bump some revisions and update copyrightsAndy Boyett2009-09-101-2/+2
| | | | SVN-Revision: 17554
* firewall: emit hotplug events for interface add/removeFelix Fietkau2009-08-261-0/+2
| | | | SVN-Revision: 17415
* firewall: allow incoming udp/68 packets in the default configuration (#4108, ↵Jo-Philipp Wich2009-08-132-1/+9
| | | | | | #4781) SVN-Revision: 17238
* firewall: add icmp_type option to specify the icmp type in rule sections, ↵Jo-Philipp Wich2009-08-032-1/+4
| | | | | | bump pkg revision (#5554) SVN-Revision: 17115
* set PKGARCH to all for packages in trunk containing only arch-neutral files ↵Florian Fainelli2009-07-241-0/+1
| | | | | | | | (#5572) Signed-off-by: Malte S. Stretz <mss@apache.org> SVN-Revision: 16966
* fix typo in the uci firewall scriptFlorian Fainelli2009-05-261-1/+1
| | | | SVN-Revision: 16076
* firewall: automatically set up NOTRACK rules to disable connection tracking ↵Felix Fietkau2009-05-141-13/+43
| | | | | | for zones that have no masquerading, no conntrack and no forwarding from/to other zones with masq/conntrack SVN-Revision: 15855
* firewall: actually copy firewall.user to imageJo-Philipp Wich2009-04-191-0/+2
| | | | SVN-Revision: 15286
* firewall: process custom rules after forwardings and redirects, this ↵Jo-Philipp Wich2009-04-192-3/+3
| | | | | | actually allows blocking traffic to certain hosts and other rules SVN-Revision: 15278
* firewall: enable /etc/firewall.user by default and install sample ↵Jo-Philipp Wich2009-04-123-5/+9
| | | | | | firewall.user file SVN-Revision: 15221
* re-enable the mss fix by default for now - see discussion at ↵Felix Fietkau2009-01-311-5/+1
| | | | | | http://lists.openwrt.org/pipermail/openwrt-devel/2009-January/003724.html for more information SVN-Revision: 14293
* firewall: don't clear the mangle table at startup or stop - it doesn't use ↵Felix Fietkau2009-01-201-4/+0
| | | | | | it and clearing it breaks qos SVN-Revision: 14114
* firewall: introduce drop_invalid option to allow disabling the invalid state ↵Jo-Philipp Wich2009-01-161-7/+10
| | | | | | match SVN-Revision: 14061
* firewall: allow multiple interfaces to be part of one zone, fix the sanity ↵Felix Fietkau2009-01-162-39/+52
| | | | | | checks for that SVN-Revision: 14058
* firewall: clear the MSSFIX rulesFelix Fietkau2009-01-021-0/+1
| | | | SVN-Revision: 13826
* Unify portrange-support in firewall rule generator fixes #4404Steven Barth2009-01-011-0/+10
| | | | SVN-Revision: 13791
* disable the MSS fixup hack by default (most ISPs don't require this as a ↵Felix Fietkau2008-12-312-1/+9
| | | | | | workaround for MTU problems, only some do). this should give a nice speedup for routing on standard-compliant ISPs SVN-Revision: 13788
* fixes firewall for trunk, custom chains were never reched, as policies apply ↵John Crispin2008-10-141-3/+3
| | | | | | beforehand SVN-Revision: 12978
* fixes firewall rule generation. forwarding rules were inserted in input ↵John Crispin2008-09-281-3/+6
| | | | | | chains, fixes #4028 SVN-Revision: 12768
* custom chains were never reached on DROP/REJECT policy, fixes #4004 #4029John Crispin2008-09-281-3/+3
| | | | SVN-Revision: 12767
* set default input policy to ACCEPT to bring the firewall behavior closer to ↵Felix Fietkau2008-09-281-1/+1
| | | | | | the one of previous versions SVN-Revision: 12766
* firewall: fix default policies, add a check for duplicate defaults sections ↵Felix Fietkau2008-09-281-18/+34
| | | | | | and make custom chains more generic SVN-Revision: 12765
* firewall changes: - implement a REJECT policy and enable it by default, ↵Nicolas Thill2008-09-242-33/+57
| | | | | | reject packets with approriate response (closes: #3970) - cleanup syn_flood and remove logging SVN-Revision: 12688
* make the whole iptables/netfiter modular (closes: #3871, #3527)Nicolas Thill2008-09-221-1/+1
| | | | SVN-Revision: 12649
* Fixed a typo in the firewall scriptsSteven Barth2008-09-161-1/+1
| | | | SVN-Revision: 12616
* Fixed a typo in firewall scripts, closes #4000Steven Barth2008-09-151-1/+1
| | | | SVN-Revision: 12613
* make uci firewall backwards compatible to the old firewall.userJohn Crispin2008-08-271-2/+9
| | | | SVN-Revision: 12408
* add proto tcpudp to firewallJohn Crispin2008-08-271-38/+51
| | | | SVN-Revision: 12407
* fix device duplication in firewall if the balancing of ifup and ifdown is brokenJohn Crispin2008-08-271-2/+9
| | | | SVN-Revision: 12404
* make sure uci firewall reverts its states when stoppedJohn Crispin2008-08-271-0/+1
| | | | SVN-Revision: 12403
* fixes uci firewall init order, Signed-off-by: Roberto RiggioJohn Crispin2008-08-271-2/+2
| | | | SVN-Revision: 12402
* firewall: Added support for port-ranges as firstPort-lastPort to redirect ↵Steven Barth2008-08-271-0/+17
| | | | | | sections SVN-Revision: 12396
* adds 5 new chains to the uci firewall that can be used to hook custom rulesJohn Crispin2008-08-271-1/+16
| | | | SVN-Revision: 12395
* adds more sanity checks to uci firewallJohn Crispin2008-08-261-0/+4
| | | | SVN-Revision: 12392
* use proto instead of protocol in uci firewallJohn Crispin2008-08-262-6/+6
| | | | SVN-Revision: 12391
* fix some firewall script typos (patch from #3897)Felix Fietkau2008-08-171-2/+3
| | | | SVN-Revision: 12332