aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/config/firewall4
Commit message (Collapse)AuthorAgeFilesLines
* firewall4: update to latest Git HEADJo-Philipp Wich2022-01-281-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | 16a1070 fw4.uc: handle zone masq6 option 5f61dbf ruleset: fix chain selection for mark and dscp targets 0bc844b ruleset: properly deal with wildcards in zone device selectors 101988d fw4: fix family comparisons 127dbc0 ruleset: emit AF specific rules for DSCP matches d63cb89 fw4: fix parsing inverted numeric DSCP values 8c8a867 fw4: fix wrong `parse_network()` return value on `parse_subnet()` failure f85bb2d ruleset: consolidate zone matches for raw_prerouting and raw_output chains 5669bc7 fw4: consolidate device grouping logic 94f03e0 ruleset: properly render redirect targets without port fff9779 fw4: fix family selection logic for redirect rules ca88fcd tests: update interface dump mock data e60bb4b ruleset: support non-contiguous address masks 8fec51a fw4: fix potential crashes when parsing invalid redirect sections c08eb44 fw4: fix redirect destination zone resolving 0df6ba0 fw4: fix address selection logic for DNAT reflection rules 60a2518 tests: add test coverage for redirect rules e479eff fw4: add RFC-8622 'Least Effort' (LE) DSCP mark ac8a737 ruleset: remove redundant syn check bd5dc4b tests: run testcases in strict mode 3ee6a5c ruleset: fix undeclared variable access uncovered by strict mode Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: bump to git HEADStijn Tintel2022-01-091-3/+3
| | | | | | | | | | | | 9a509d4 ruleset.uc: consolidate ip and ip6 offload 21f311d ruleset.uc: don't trim newline before comment sign f121383 tests: enable flow offloading in tests 550df40 tests: add test for unknown defaults option 47c5a5b tests: add test for deprecated rule option 69a89d6 tests: add test for unknown rule option 07579df fw4.uc: handle interface zone option Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* firewall4: bump to git HEADStijn Tintel2022-01-061-2/+2
| | | | | | main.uc: fix device gathering Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* firewall4: fix syntax error in dependency specJo-Philipp Wich2022-01-061-1/+1
| | | | | Fixes: ae60af8572 ("firewall4: order DEPENDS alphabetically") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall/firewall4: provide uci-firewallStijn Tintel2022-01-061-1/+1
| | | | | | | | | | | | | | | | Provide uci-firewall via PROVIDES in both firewall and firewall4. This will allow us to change the dependency of luci-app-firewall to uci-firewall, making it possible to use it with either implementation. Move CONFLICTS from firewall4 to firewall, to solve this recursive dependency problem: tmp/.config-package.in:307:error: recursive dependency detected! tmp/.config-package.in:307: symbol PACKAGE_firewall is selected by PACKAGE_firewall4 tmp/.config-package.in:328: symbol PACKAGE_firewall4 depends on PACKAGE_firewall Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: bump to git HEADStijn Tintel2022-01-061-4/+4
| | | | | | | | | | | | | | | | 4ead2a6 treewide: move executables to /sbin 9ebc2f4 fw4.uc: filter duplicates in fw4.set 85b74f3 treewide: support flow offloading be3b4e6 treewide: support hardware flow offloading 38889b7 treewide: support set timeout 31c7550 fw4.uc: do not skip defaults with invalid option 334a127 fw4.uc: introduce DEPRECATED flag 7a0d38f fw4.uc: add _name as deprecated option 5e7ad3b fw4.uc: don't fail on unknown options be5f4e3 fw4.uc: allow use of cidr in ipsets Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: order DEPENDS alphabeticallyStijn Tintel2022-01-061-1/+5
| | | | | | | Add some line breaks while at at, to improve readability. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: drop kmod-ipt-nat from CONFLICTSStijn Tintel2022-01-061-1/+1
| | | | | | | | The limitation of not being able to use iptables and nft nat at the same time exists only in kernels before 4.18. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> Reviewed-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: update to latest Git HEADPaul Spooren2021-11-131-4/+4
| | | | | | | | | eb0a3ee fw4.uc: Do not quote port ranges c5a8e3e tests: adapt test to new ICMP print logic Also start using $(AUTORELEASE) Signed-off-by: Paul Spooren <mail@aparcar.org>
* firewall4: update to latest Git HEADJo-Philipp Wich2021-09-011-3/+3
| | | | | | | cf835ce treewide: convert deprecated syntax c9a3bf5 tests: adapt to latest ucode Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: update to latest Git HEADJo-Philipp Wich2021-04-011-3/+3
| | | | | | | | | | | | | 29fba84 tests: expand testing 6bf82a8 fw4.uc: fix family test functions 25b2c7d fw4.uc: fix parsing boolean "0" values 694d428 rule.uc: fix redundant whitespace in rules without target 7f69fbb ruleset.uc: reduce empty lines in output 8f8e42c fw4.uc: gracefully handle missing defaults section 25287af treewide: remove ucode module preloading 802b685 fw4.uc: remove upvalue caching Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* firewall4: introduce packageJo-Philipp Wich2021-03-191-0/+45
This commit introduces firewall4, an nftables based reimplementation of the UCI iptables firewall. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-18 15:31:18 +0000