aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/utils/iptables
Commit message (Collapse)AuthorAgeFilesLines
* iptables: make kmod-ipt-debug part of default ALL buildYousong Zhou2018-01-261-2/+2
| | | | | | | | | The iptables TRACE target is only available in raw table that's why the dependency was moved from iptables-mod-trace into kmod-ipt-debug Fixes FS#1219 Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* iptables: Fix target TRACE issueMartin Wetterwald2018-01-261-0/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | The package kmod-ipt-debug builds the module xt_TRACE, which allows users to use '-j TRACE' as target in the chain PREROUTING of the table raw in iptables. The kernel compilation flag NETFILTER_XT_TARGET_TRACE is also enabled so that this feature which is implemented deep inside the linux IP stack (for example in sk_buff) is compiled. But a strace of iptables -t raw -I PREROUTING -p icmp -j TRACE reveals that an attempt is made to read /usr/lib/iptables/libxt_TRACE.so, which fails as this dynamic library is not present on the system. I created the package iptables-mod-trace which takes care of that, and target TRACE now works! https://dev.openwrt.org/ticket/16694 https://dev.openwrt.org/ticket/19661 Signed-off-by: Martin Wetterwald <martin.wetterwald@corp.ovh.com> [Jo-Philipp Wich: also remove trace extension from builtin extension list and depend on kmod-ipt-raw since its required for rules] Signed-off-by: Jo-Philipp Wich <jo@mein.io> Tested-by: Enrico Mioso <mrkiko.rs@gmail.com>
* Revert "iptables: fix nftables compile issue (FS#711)"Hans Dedecker2018-01-021-20/+0
| | | | | | This reverts commit da126d557c6d1cfe19d3f93481af6e00631d7931 as the iptables patch does not apply cleanly. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* iptables: fix nftables compile issue (FS#711)rektide de la faye2018-01-021-0/+20
| | | | | | | | | | | | | | | | Enabling IPTABLES_NFTABLES resulted in an error during build:# *** No rule to make target '../extensions/libext.a', needed by 'xtables-compat-multi'." Comments from Alexander Lochmann and Fedor Konstantinov in FS#711 provided fixes for this build error, allowing iptables to compile. https://bugs.lede-project.org/index.php?do=details&task_id=711. This commit updates the Makefile.am xtables_compat_multi_LDFLAGS and _LDADD, moving linking of extensions to LDFLAGS. Signed-off-by: rektide de la faye <rektide@voodoowarez.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* netfilter: add iptables-mod-rpfilter packageAlin Nastac2017-12-131-0/+14
| | | | | | | | | | Unlike /proc/sys/net/ipv4/conf/INTF/rp_filter flag, rule iptables -t raw -I PREROUTING -m rpfilter --invert -j DROP prevents conntrack table to become full when a packet flood with randomly selected source IP addresses is received from the lan side. Signed-off-by: Alin Nastac <alin.nastac@gmail.com> (cherry picked from commit d8748e537f11ab5f2b5e2ed25d94baa5ce353984)
* build: use mkhash to replace various quirky md5sum/openssl callsFelix Fietkau2017-01-051-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* treewide: clean up download hashesFelix Fietkau2016-12-161-1/+1
| | | | | | Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* netfilter: drop proprietary xt_id matchJo-Philipp Wich2016-12-141-69/+0
| | | | | | | | The xt_id match was used by the firewall3 package to track its own rules but the approach has been changed to use xt_comment instead now, so we can drop this nonstandard extension. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* iptables: using external kernel tree should not alter patch behaviour.Felix Fietkau2016-02-071-4/+0
| | | | | | | | | iptables is the only exception in the package tree, causing patch behaviour to be inconsistent on this package. Signed-off-by: Rick van der Zwet <rick.vanderzwet@anywi.com> SVN-Revision: 48643
* iptables: improve iptables listing output of xt_id matchJo-Philipp Wich2016-01-242-4/+14
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 48478
* iptables: fix rebuild errors on configuration changesFelix Fietkau2016-01-181-0/+14
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48314
* iptables: reduce binary sizeJo-Philipp Wich2015-05-264-176/+195
| | | | | | | | | | | * drop unused lenient restore patch * instead of statically linking core extensions, build shared libraries for reuse in fw3 * strip outdated match revisions and aliases to trim down library size Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 45758
* iptables: disable unused xml support to save some spaceFelix Fietkau2015-05-061-0/+13
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45617
* iptables: remove obsolete filesFelix Fietkau2015-04-1816-454/+0
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45494
* iptables: remove layer7 leftovers (#19506)Felix Fietkau2015-04-171-6/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45481
* iptables: remove layer7 supportFelix Fietkau2015-04-132-372/+0
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 45424
* iptables: revert r40916John Crispin2015-04-101-1/+1
| | | | | | | | it causes problems with newer iptables when ipv6 is disabled as iptc uncoditionally links ip6tc Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 45350
* netfilter: Enable compiling iptables match clusterFelix Fietkau2014-11-031-0/+42
| | | | | | | | | | | | | | | | | | This patch adds the userspace and kernelspace for - match NETFILTER_XT_MATCH_CLUSTER This match can be used to deploy gateway and back-end load-sharing clusters. - target IP_NF_TARGET_CLUSTERIP This module allows you to configure a simple cluster of nodes that share a certain IP and MAC address without an explicit load balancer in front of them. Connections are statically distributed between the nodes in this cluster. This is used i.e. by strongswan-ha. Signed-off-by: Christian Scheele <cs@embedd.com> SVN-Revision: 43174
* license info - revert r43155John Crispin2014-11-031-3/+0
| | | | | | | | turns out that r43155 adds duplicate info. Signed-off-by: John Crispin <blogic@openwrt.org> SVN-Revision: 43167
* Add more license tags with SPDX identifiersJohn Crispin2014-11-031-0/+3
| | | | | | | | | | | | | | | | | | Note, that licensing stuff is a nightmare: many packages does not clearly state their licenses, and often multiple source files are simply copied together - each with different licensing information in the file headers. I tried hard to ensure, that the license information extracted into the OpenWRT's makefiles fit the "spirit" of the packages, e.g. such small packages which come without a dedicated source archive "inherites" the OpenWRT's own license in my opinion. However, I can not garantee that I always picked the correct information and/or did not miss license information. Signed-off-by: Michael Heimpold <mhei@heimpold.de> SVN-Revision: 43155
* Add a few SPDX tagsSteven Barth2014-11-021-0/+1
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> SVN-Revision: 43151
* iptables: add kmod-ipt-nf* to dependency list of iptables-mod-nf*.Steven Barth2014-08-071-2/+2
| | | | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> SVN-Revision: 42034
* iptables: NFLOG and NFQUEUE targets' full supportSteven Barth2014-08-071-0/+28
| | | | | | | | | | | | | | | | NFLOG and NFQUEUE targets' full support for iptables. Includes all needed kernel modules (Xtables's and Netlink's) and userspace libraries. All added kernel modules can be individually disabled, all other new libraries get their own individual packages. Reported-by: Fabian Hugelshofer <hugelshofer2006@gmx.ch> Reported-by: Rainer Poisel <rainer.poisel@fhstp.ac.at> Reported-by: Derek LaHousse <dlahouss@mtu.edu> Signed-off-by: Guillaume Déflache <guillaume.deflache@ibwag.com> SVN-Revision: 42022
* netfilter: introduce xt_id matchJo-Philipp Wich2014-08-011-0/+59
| | | | | | | | | This commit implements a new netfilter match "xt_id" which can be used to attach unsigned 32bit IDs to iptables rules. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 41945
* iptables: refresh patchesFelix Fietkau2014-07-022-14/+10
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 41479
* iptables: pass --disable-ipv6 is CONFIG_IPV6 is unsetJo-Philipp Wich2014-07-021-1/+2
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 41458
* netfilter: split off header matching modules not used by the default config ↵Felix Fietkau2014-06-021-0/+11
| | | | | | | | (reduces rootfs size and memory usage) Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 40983
* iptables: Makefile: only build ip6tc, if IPv6 is enabledJohn Crispin2014-06-021-1/+1
| | | | | | | | when disabling ipv6, the iptables build breaks without a manul clean or this patch Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com> SVN-Revision: 40916
* iptables: fix issues with the new musl versionFelix Fietkau2014-03-203-40/+22
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 39964
* iptables/netfilter: add connlimit to conntrack-extraSteven Barth2014-03-111-0/+1
| | | | SVN-Revision: 39878
* iptables: bump to 1.4.21Steven Barth2014-03-111-2/+2
| | | | SVN-Revision: 39877
* netfilter: Add IPv6-NAT support for kernel and ipt Thanks to Berni, Adam ↵Steven Barth2013-09-011-0/+12
| | | | | | Novak and Sedat Dilek for patches and inspiration SVN-Revision: 37866
* iptables: Update to 1.4.20Steven Barth2013-09-013-20/+7
| | | | SVN-Revision: 37865
* Bump iptables versionSteven Barth2013-07-151-1/+1
| | | | SVN-Revision: 37329
* iptables: restore reap functionality to recent moduleSteven Barth2013-07-151-0/+13
| | | | | | | | | | | | | | The reap functionality appears to have been accidentally disabled by commit 74ded7257e5da5e309844d386290f24ae91950a6 to iptables.git, see: git://git.netfilter.org/iptables.git and subsequently in iptables 1.4.15 and later. This adds a patch to restore reap functionality for recent_opts_v1. Signed-off-by: Russell Senior <russell@personaltelco.net> SVN-Revision: 37328
* iptables: install libext*.a into staging dirJo-Philipp Wich2013-06-061-0/+4
| | | | SVN-Revision: 36867
* iptables: bump to 1.4.19.1Steven Barth2013-05-294-67/+20
| | | | SVN-Revision: 36760
* netfilter: move time, mark, set matches and MARK, REDIRECT, SET targets into ↵Jo-Philipp Wich2013-05-211-21/+14
| | | | | | base iptables package - drop iptables-mod-ipset SVN-Revision: 36683
* iptables: use -ffunction-sections, -fdata-sections and --gc-sectionsJo-Philipp Wich2013-05-211-2/+6
| | | | SVN-Revision: 36680
* package: fold the IPv6 menu into NetworkFelix Fietkau2013-05-141-1/+1
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 36634
* Fix install of iptables pkg-config files.Jo-Philipp Wich2013-05-021-1/+1
| | | | | | | | | | | libiptc.pc depends on libip[4|6]tc.pc, thus all of those need to be installed. Should fix collectd build and thus #13146; which should make collectd appear in snapshots again. Signed-off-by: Danny Baumann <dannybaumann@web.de> SVN-Revision: 36509
* iptables: don't use --enable-ipv6 if IPv6 is disabledSteven Barth2013-03-251-2/+1
| | | | SVN-Revision: 36125
* iptables: Add missing IPv6 builtin modulesSteven Barth2013-03-071-3/+3
| | | | SVN-Revision: 35898
* iptables: redo update to 1.4.18 with old linking-behaviourSteven Barth2013-03-0612-512/+156
| | | | SVN-Revision: 35896
* Revert "iptables: update to 1.4.18" due to toolchain-issue: binaries cause ↵Steven Barth2013-03-0611-105/+512
| | | | | | segfaults when stripped on ar71xx SVN-Revision: 35894
* iptables: update to 1.4.18Steven Barth2013-03-0511-512/+105
| | | | SVN-Revision: 35892
* iptables: fix bad PKG_RELEASE in previous commitJo-Philipp Wich2013-02-111-1/+1
| | | | SVN-Revision: 35569
* iptables: add --lenient switch to iptables-restore and ip6tables-restore ↵Jo-Philipp Wich2013-02-112-2/+174
| | | | | | that allows to skip erroneous lines SVN-Revision: 35568
* netfilter.mk: add addrtype match to iptables-mod-extra (kmod-ipt-extra)Jo-Philipp Wich2013-01-141-0/+1
| | | | SVN-Revision: 35155
* iptables: fix typo in iptables musl patch after r34313Florian Fainelli2012-11-251-1/+1
| | | | | | | | Thanks to Frank Meerkötter and Szabolcs Nagy for spotting the issue. Signed-off-by: Florian Fainelli <florian@openwrt.org> SVN-Revision: 34326
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-20 10:16:25 +0000