| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
* Use network.interface dump call instead of individual status calls
to reduce overall netifd lookups and invokes to 1 per fw3 process.
* Allow protocol handlers to assign a firewall zone for an interface
in the data section to allow for dynamic firewall zone assignment.
SVN-Revision: 38504
|
| |
|
|
| |
SVN-Revision: 37171
|
| |
|
|
|
|
| |
head with compatibility fixes for AA
SVN-Revision: 36838
|
| |
|
|
| |
SVN-Revision: 36837
|
| |
|
|
| |
SVN-Revision: 36622
|
| |
|
|
| |
SVN-Revision: 35745
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- reduce mssfix related log spam (#10681)
- separate src and dest terminal chains (#11453, #12945)
- disable per-zone custom chains by default, they're rarely used
Additionally introduce options "device", "subnet", "extra", "extra_src" and "extra_dest"
to allow defining zones not related to uci interfaces, e.g. to match "ppp+" or any tcp
traffic to and from a specific port.
SVN-Revision: 35484
|
| |
|
|
| |
SVN-Revision: 35348
|
| |
|
|
|
|
| |
from leaking out to the internet
SVN-Revision: 35012
|
| |
|
|
| |
SVN-Revision: 34569
|
| |
|
|
|
|
|
|
| |
- use comment match to keep track of per-network rules
- setup reflection for any interface which is part of a masqueraded zone, not just "wan"
- delete per-network reflection rules if network is brought down
SVN-Revision: 34472
|
|
|
SVN-Revision: 33688
|
