| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 38299
|
|
|
|
| |
SVN-Revision: 38269
|
|
|
|
|
|
| |
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 38023
|
|
|
|
|
|
|
|
| |
config reload
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 37856
|
|
|
|
|
|
|
| |
- uses "-j CT --notrack" instead of deprecated "-j NOTRACK"
- fixes support for rule sections with target "NOTRACK"
SVN-Revision: 37777
|
|
|
|
|
|
| |
- handles redirects as port relocations if the dest_ip points to the router itself
SVN-Revision: 37374
|
|
|
|
| |
SVN-Revision: 37371
|
|
|
|
|
|
|
|
| |
with this option enabled it's possible to create empty bridges
Signed-off-by: Luka Perkov <luka@openwrt.org>
SVN-Revision: 37318
|
|
|
|
|
|
| |
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 37316
|
|
|
|
|
|
|
|
|
|
| |
This makes it possible to use swconfig to controll the switch.
This was tested with devices using b43 and bgmac.
This was not tested on devices using tg3.
This does not support the adm switch used in some very old devices.
SVN-Revision: 37304
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 37224
|
|
|
|
|
|
| |
Signed-off-by: John Crispin <blogic@openwrt.org>
SVN-Revision: 37198
|
|
|
|
| |
SVN-Revision: 37171
|
|
|
|
|
|
| |
- uses custom formatting for mac addresses to ensure leading zeroes, required for older iptables mac match parser
SVN-Revision: 37082
|
|
|
|
| |
SVN-Revision: 37051
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 36965
|
|
|
|
|
|
| |
- fixes misprocessing of unknown symbolic protocol names
SVN-Revision: 36963
|
|
|
|
|
|
| |
- fixes calculation of IPv4 netmasks derived from 0.0.0.0/0 CIDRs
SVN-Revision: 36960
|
|
|
|
| |
SVN-Revision: 36952
|
|
|
|
| |
SVN-Revision: 36950
|
|
|
|
|
|
| |
- properly process intermediate "!" options in argument list (fixes negated ipsets)
SVN-Revision: 36935
|
|
|
|
|
|
| |
- fixes handling of reject target for rule sections with specific destination zone
SVN-Revision: 36933
|
|
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 36909
|
|
|
|
| |
SVN-Revision: 36903
|
|
|
|
| |
SVN-Revision: 36884
|
|
|
|
|
|
|
|
| |
works around wifiX references not being freed on network restart.
Signed-off-by: Jonas Gorski <jogo@openwrt.org>
SVN-Revision: 36883
|
|
|
|
|
|
|
|
|
| |
- optimizes chain usage for ingress rules
- adds limit match support for redirect rules
- fixes automatic redirect dest detection on little endian systems
- leaves base chains in place on reload to allow user rules to target e.g. "reject"
SVN-Revision: 36871
|
|
|
|
|
|
| |
solves problem with colliding CONFIG_IPV6 symbols
SVN-Revision: 36868
|
|
|
|
|
|
|
| |
- simplifies using ipsets for rules and redirects, match direction can be specified in-place like option ipset 'setname src dst dst'
- uses zone_name_src_ACTION chains for input rules, this fixes logging with log enabled src zones
SVN-Revision: 36854
|
|
|
|
| |
SVN-Revision: 36840
|
|
|
|
| |
SVN-Revision: 36839
|
|
|
|
|
|
| |
head with compatibility fixes for AA
SVN-Revision: 36838
|
|
|
|
| |
SVN-Revision: 36837
|
|
|
|
|
|
| |
* Fixes wrong chain used for zone forward policy
SVN-Revision: 36830
|
|
|
|
|
|
| |
- Fixes problems with reusing matches or targets from loadable extensions
SVN-Revision: 36826
|
|
|
|
|
|
| |
add_list" coercing the value wrongly
SVN-Revision: 36806
|
|
|
|
|
|
| |
Various bugfixes
SVN-Revision: 36771
|
|
|
|
| |
SVN-Revision: 36748
|
|
|
|
|
|
|
|
|
| |
- allows building without IPv6 support
- uses more robust rules to cope with missing libext.a
- uses better linking strategy to avoid symbol clashes with older iptables
- introduces source compatiblity layer for different libxtables versions
SVN-Revision: 36736
|
|
|
|
|
|
|
|
|
| |
- allows symbolic notation for src_ip, src_dip and dest_ip options, e.g. option src_ip 'lan' to automatically resolve to "192.168.1.0/24"
- automatically infer destination zone for redirects from target ip, this makes 'dest' optional and nat reflection setup more robust
- properly support output rules with dest '*' to hook directly into delegate_output
- fixes crash when processing rules with unresolved targets
SVN-Revision: 36721
|
|
|
|
|
|
| |
- fixes linking issues with some toolchains
SVN-Revision: 36703
|
|
|
|
|
|
|
| |
- Use weak references for instantiating libext*.a matches, makes fw3 independant from the compile time features of iptables
- Do not leak memory when processing rules with unknown targets or matches
SVN-Revision: 36698
|
|
|
|
| |
SVN-Revision: 36692
|
|
|
|
|
|
|
| |
- fix build on Linux < 3.7
- limit zone names to 14 bytes
SVN-Revision: 36691
|
|
|
|
|
|
|
|
| |
- fixes reload when firewall is not running already
- fixes crash when ipsets are supported but undeclared
- fixes handling of per zone user chains on reload
SVN-Revision: 36689
|
|
|
|
|
|
|
| |
- fixes segfault in flush command if ipset support is not available
- fixes internal rule generation if custom chains are enabled
SVN-Revision: 36686
|
|
|
|
| |
SVN-Revision: 36684
|
|
|
|
|
|
|
| |
* use libiptc and libxtables directly to manage ruleset, iptables-restore is unreliable and prone to race conditions
* make ipset integration more reliable
SVN-Revision: 36681
|
|
|
|
|
|
|
|
| |
option to set routing table for protocol routes * Enabled for IPv6 for source-based filtering, disabled for IPv4
Based on a patch by Kristian Evensen. Thank You.
SVN-Revision: 36653
|
|
|
|
|
|
| |
(DS-Lite) * Use source-based routing for IPv6 to allow multi-wan * Various smaller tunnel setup improvements
SVN-Revision: 36627
|